From 271a6c3487a14599023a9106329505597638d793 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Fri, 30 Aug 2019 10:22:43 +0200 Subject: BASELINE: Update Chromium to 77.0.3865.59 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I1e89a5f3b009a9519a6705102ad65c92fe736f21 Reviewed-by: Michael BrĂ¼ning --- chromium/net/BUILD.gn | 331 +- chromium/net/DEPS | 7 +- chromium/net/OWNERS | 1 - chromium/net/android/android_http_util.cc | 2 +- chromium/net/android/cellular_signal_strength.cc | 2 +- chromium/net/android/cert_verify_result_android.cc | 2 +- chromium/net/android/dummy_spnego_authenticator.cc | 2 +- chromium/net/android/dummy_spnego_authenticator.h | 3 + chromium/net/android/gurl_utils.cc | 2 +- .../net/android/http_auth_negotiate_android.cc | 16 +- chromium/net/android/http_auth_negotiate_android.h | 13 +- .../http_auth_negotiate_android_unittest.cc | 9 +- chromium/net/android/keystore.cc | 2 +- .../net/android/network_change_notifier_android.cc | 4 - .../network_change_notifier_delegate_android.cc | 2 +- .../network_change_notifier_factory_android.cc | 6 +- .../network_change_notifier_factory_android.h | 2 +- chromium/net/android/network_library.cc | 2 +- chromium/net/android/traffic_stats.cc | 2 +- .../android/unittest_support/AndroidManifest.xml | 1 - chromium/net/base/address_list.cc | 29 +- chromium/net/base/address_list.h | 12 +- chromium/net/base/cache_type.h | 18 +- chromium/net/base/chunked_upload_data_stream.cc | 3 +- chromium/net/base/chunked_upload_data_stream.h | 2 +- chromium/net/base/elements_upload_data_stream.cc | 3 +- chromium/net/base/elements_upload_data_stream.h | 2 +- chromium/net/base/expiring_cache_unittest.cc | 40 +- chromium/net/base/features.cc | 33 +- chromium/net/base/features.h | 27 +- chromium/net/base/file_stream_unittest.cc | 2 - chromium/net/base/filename_util_internal.cc | 4 +- .../net/base/logging_network_change_observer.cc | 42 +- chromium/net/base/mime_util.cc | 1 + chromium/net/base/mime_util_unittest.cc | 4 +- chromium/net/base/mock_file_stream.cc | 7 +- chromium/net/base/mock_file_stream.h | 2 +- chromium/net/base/mock_network_change_notifier.cc | 31 +- chromium/net/base/mock_network_change_notifier.h | 12 +- chromium/net/base/net_error_list.h | 46 +- .../net_string_util_icu_alternatives_android.cc | 2 +- chromium/net/base/network_change_notifier.cc | 149 +- chromium/net/base/network_change_notifier.h | 31 +- .../net/base/network_change_notifier_factory.h | 4 +- .../net/base/network_change_notifier_fuchsia.cc | 9 +- .../net/base/network_change_notifier_fuchsia.h | 6 +- .../network_change_notifier_fuchsia_unittest.cc | 11 +- chromium/net/base/network_change_notifier_linux.cc | 3 - chromium/net/base/network_change_notifier_linux.h | 3 +- chromium/net/base/network_change_notifier_mac.cc | 23 +- chromium/net/base/network_change_notifier_mac.h | 15 - chromium/net/base/network_change_notifier_posix.cc | 51 +- chromium/net/base/network_change_notifier_posix.h | 13 - .../base/network_change_notifier_posix_unittest.cc | 28 +- chromium/net/base/network_change_notifier_win.cc | 30 +- chromium/net/base/network_change_notifier_win.h | 17 +- .../base/network_change_notifier_win_unittest.cc | 4 +- chromium/net/base/network_interfaces_win.cc | 12 +- chromium/net/base/network_isolation_key.cc | 54 +- chromium/net/base/network_isolation_key.h | 46 +- .../net/base/network_isolation_key_unittest.cc | 157 +- .../net/base/network_notification_thread_mac.cc | 51 + .../net/base/network_notification_thread_mac.h | 20 + chromium/net/base/network_throttle_manager_impl.cc | 4 +- chromium/net/base/port_util.h | 2 +- chromium/net/base/test_completion_callback.cc | 3 +- chromium/net/base/upload_data_stream.cc | 19 +- chromium/net/base/upload_file_element_reader.cc | 6 +- chromium/net/base/upload_file_element_reader.h | 2 +- chromium/net/cert/cert_verify_proc.cc | 18 +- chromium/net/cert/cert_verify_proc_blacklist.inc | 12 + chromium/net/cert/cert_verify_proc_builtin.cc | 37 +- chromium/net/cert/cert_verify_proc_builtin.h | 25 +- chromium/net/cert/cert_verify_proc_ios.cc | 8 +- chromium/net/cert/cert_verify_proc_unittest.cc | 1409 +- chromium/net/cert/cert_verify_proc_win.h | 2 +- chromium/net/cert/crl_set_fuzzer.cc | 32 + .../ct_signed_certificate_timestamp_log_param.cc | 11 +- .../ct_signed_certificate_timestamp_log_param.h | 12 +- chromium/net/cert/internal/crl.cc | 603 + chromium/net/cert/internal/crl.h | 224 + .../internal/crl_getcrlstatusforcert_fuzzer.cc | 28 + .../crl_parse_crl_certificatelist_fuzzer.cc | 22 + .../internal/crl_parse_crl_tbscertlist_fuzzer.cc | 18 + .../crl_parse_issuing_distribution_point_fuzzer.cc | 25 + chromium/net/cert/internal/crl_unittest.cc | 202 + chromium/net/cert/internal/ocsp.h | 18 - chromium/net/cert/internal/path_builder.cc | 22 +- chromium/net/cert/internal/path_builder.h | 11 + .../cert/internal/path_builder_pkits_unittest.cc | 143 +- .../net/cert/internal/path_builder_unittest.cc | 57 +- chromium/net/cert/internal/revocation_checker.cc | 104 +- chromium/net/cert/internal/revocation_checker.h | 35 + chromium/net/cert/internal/system_trust_store.cc | 49 +- .../net/cert/internal/system_trust_store_nss.h | 33 + .../internal/system_trust_store_nss_unittest.cc | 163 + chromium/net/cert/internal/trust_store_mac.cc | 348 +- chromium/net/cert/internal/trust_store_mac.h | 15 +- chromium/net/cert/internal/trust_store_nss.cc | 75 +- chromium/net/cert/internal/trust_store_nss.h | 46 + .../net/cert/internal/trust_store_nss_unittest.cc | 241 +- .../verify_certificate_chain_pkits_unittest.cc | 7 +- .../net/cert/internal/verify_name_match_fuzzer.cc | 10 +- ...verify_name_match_verifynameinsubtree_fuzzer.cc | 10 +- chromium/net/cert/mock_cert_verifier.cc | 4 +- chromium/net/cert/multi_log_ct_verifier.cc | 22 +- .../net/cert/multi_log_ct_verifier_unittest.cc | 22 +- chromium/net/cert/multi_threaded_cert_verifier.cc | 32 +- chromium/net/cert/nss_cert_database.cc | 3 +- chromium/net/cert/nss_cert_database.h | 2 +- chromium/net/cert/test_root_certs.cc | 18 +- chromium/net/cert/test_root_certs.h | 15 +- .../net/cert/trial_comparison_cert_verifier.cc | 13 +- chromium/net/cert/x509_certificate.cc | 29 +- .../net/cert/x509_certificate_net_log_param.cc | 3 +- chromium/net/cert/x509_certificate_net_log_param.h | 6 +- chromium/net/cert/x509_certificate_unittest.cc | 18 +- chromium/net/cert/x509_util_android.cc | 2 +- chromium/net/cert_net/cert_net_fetcher_impl.cc | 10 +- chromium/net/cert_net/nss_ocsp.cc | 4 +- chromium/net/cookies/canonical_cookie.cc | 64 +- chromium/net/cookies/canonical_cookie.h | 19 +- chromium/net/cookies/canonical_cookie_fuzzer.cc | 58 + chromium/net/cookies/canonical_cookie_unittest.cc | 164 +- chromium/net/cookies/cookie_monster.cc | 52 +- chromium/net/cookies/cookie_monster.h | 11 +- .../cookies/cookie_monster_change_dispatcher.cc | 6 +- .../net/cookies/cookie_monster_change_dispatcher.h | 4 +- .../net/cookies/cookie_monster_netlog_params.cc | 14 +- .../net/cookies/cookie_monster_netlog_params.h | 4 +- chromium/net/cookies/cookie_monster_unittest.cc | 153 +- chromium/net/cookies/cookie_util.cc | 11 + chromium/net/cookies/cookie_util.h | 9 + chromium/net/cookies/cookie_util_unittest.cc | 27 + chromium/net/cookies/parse_cookie_line_fuzzer.cc | 75 +- chromium/net/cookies/parsed_cookie.cc | 30 +- chromium/net/cookies/parsed_cookie_unittest.cc | 81 + ...4f90d40903333478e65e0655c432451197e33fa07f2.pem | 151 + ...9c6577c4bcd8d2155b1e4346a4599d6c8b79799d4a1.pem | 150 + ...573a1bf5bbbacd1713b905096f8eb015062bf396c4d.pem | 149 + chromium/net/data/ssl/certificates/README | 4 - .../data/ssl/certificates/unittest.originbound.der | Bin 333 -> 0 bytes .../ssl/certificates/unittest.originbound.key.der | 2 - chromium/net/der/parser.cc | 16 +- chromium/net/der/parser.h | 10 + chromium/net/der/parser_unittest.cc | 86 + chromium/net/disk_cache/backend_unittest.cc | 43 +- chromium/net/disk_cache/blockfile/backend_impl.cc | 11 +- chromium/net/disk_cache/blockfile/backend_impl.h | 2 +- chromium/net/disk_cache/blockfile/entry_impl.cc | 32 +- chromium/net/disk_cache/blockfile/eviction.cc | 2 +- chromium/net/disk_cache/blockfile/eviction.h | 2 +- .../net/disk_cache/blockfile/histogram_macros.h | 3 +- .../disk_cache/blockfile/in_flight_backend_io.cc | 5 +- .../disk_cache/blockfile/in_flight_backend_io.h | 2 +- .../net/disk_cache/blockfile/sparse_control.cc | 27 +- chromium/net/disk_cache/blockfile/stats.cc | 14 - chromium/net/disk_cache/disk_cache_fuzzer.cc | 28 +- chromium/net/disk_cache/disk_cache_fuzzer.proto | 3 +- chromium/net/disk_cache/entry_unittest.cc | 70 + chromium/net/disk_cache/memory/mem_backend_impl.cc | 3 +- chromium/net/disk_cache/memory/mem_backend_impl.h | 2 +- chromium/net/disk_cache/memory/mem_entry_impl.cc | 107 +- chromium/net/disk_cache/net_log_parameters.cc | 127 +- chromium/net/disk_cache/net_log_parameters.h | 88 +- .../net/disk_cache/simple/simple_backend_impl.cc | 78 +- .../net/disk_cache/simple/simple_backend_impl.h | 12 +- .../net/disk_cache/simple/simple_entry_impl.cc | 361 +- chromium/net/disk_cache/simple/simple_entry_impl.h | 36 +- .../disk_cache/simple/simple_histogram_macros.h | 3 +- chromium/net/disk_cache/simple/simple_index.cc | 46 +- chromium/net/disk_cache/simple/simple_index.h | 15 +- chromium/net/disk_cache/simple/simple_index_file.h | 5 +- .../disk_cache/simple/simple_net_log_parameters.cc | 33 +- .../disk_cache/simple/simple_net_log_parameters.h | 30 +- chromium/net/dns/BUILD.gn | 10 +- chromium/net/dns/address_sorter_posix_unittest.cc | 6 +- chromium/net/dns/context_host_resolver_unittest.cc | 42 +- chromium/net/dns/dns_config.cc | 19 +- chromium/net/dns/dns_config.h | 2 + chromium/net/dns/dns_config_service.cc | 9 +- chromium/net/dns/dns_config_service.h | 8 +- chromium/net/dns/dns_config_service_fuchsia.cc | 2 - chromium/net/dns/dns_config_service_posix.cc | 18 +- chromium/net/dns/dns_config_service_posix.h | 4 + .../net/dns/dns_config_service_posix_unittest.cc | 2 +- chromium/net/dns/dns_config_service_unittest.cc | 28 +- chromium/net/dns/dns_query.cc | 91 +- chromium/net/dns/dns_query.h | 24 +- chromium/net/dns/dns_query_unittest.cc | 45 +- chromium/net/dns/dns_response.cc | 14 +- chromium/net/dns/dns_session.cc | 4 +- chromium/net/dns/dns_session_unittest.cc | 6 +- chromium/net/dns/dns_socket_pool_unittest.cc | 4 +- chromium/net/dns/dns_test_util.cc | 36 +- chromium/net/dns/dns_test_util.h | 8 +- chromium/net/dns/dns_transaction.cc | 93 +- chromium/net/dns/dns_transaction.h | 15 +- chromium/net/dns/dns_transaction_unittest.cc | 741 +- chromium/net/dns/fuzzed_host_resolver_util.cc | 37 +- chromium/net/dns/fuzzed_host_resolver_util.h | 4 +- chromium/net/dns/host_cache.cc | 8 +- chromium/net/dns/host_cache.h | 12 +- chromium/net/dns/host_resolver.cc | 3 + chromium/net/dns/host_resolver.h | 6 +- chromium/net/dns/host_resolver_manager.cc | 806 +- chromium/net/dns/host_resolver_manager.h | 94 +- chromium/net/dns/host_resolver_manager_fuzzer.cc | 14 +- chromium/net/dns/host_resolver_manager_unittest.cc | 989 +- chromium/net/dns/host_resolver_mdns_task.cc | 2 +- chromium/net/dns/host_resolver_mdns_task.h | 2 +- chromium/net/dns/host_resolver_proc.cc | 4 +- chromium/net/dns/mdns_client_impl.cc | 3 +- chromium/net/dns/mdns_client_impl.h | 2 +- chromium/net/dns/public/dns_protocol.h | 15 + chromium/net/dns/record_rdata.cc | 18 +- chromium/net/dns/record_rdata.h | 16 +- chromium/net/dns/serial_worker.cc | 3 +- chromium/net/dns/serial_worker.h | 2 +- .../net/dns/system_dns_config_change_notifier.cc | 225 + .../net/dns/system_dns_config_change_notifier.h | 86 + .../system_dns_config_change_notifier_unittest.cc | 327 + chromium/net/dns/test_dns_config_service.cc | 26 + chromium/net/dns/test_dns_config_service.h | 56 + chromium/net/docs/crash-course-in-net-internals.md | 2 +- chromium/net/docs/proxy.md | 289 +- chromium/net/extras/preload_data/decoder.cc | 82 +- chromium/net/extras/preload_data/decoder.h | 34 +- .../sqlite/sqlite_persistent_cookie_store.cc | 52 +- .../sqlite_persistent_cookie_store_unittest.cc | 8 +- .../sqlite_persistent_reporting_and_nel_store.cc | 3 +- .../sqlite_persistent_reporting_and_nel_store.h | 3 +- chromium/net/features.gni | 10 +- chromium/net/filter/brotli_source_stream_fuzzer.cc | 4 +- chromium/net/filter/filter_source_stream.cc | 7 - chromium/net/filter/filter_source_stream.h | 2 - chromium/net/filter/fuzzed_source_stream.cc | 4 +- chromium/net/filter/fuzzed_source_stream.h | 6 +- chromium/net/filter/gzip_source_stream_fuzzer.cc | 4 +- chromium/net/ftp/ftp_ctrl_response_buffer.cc | 9 +- chromium/net/ftp/ftp_network_transaction.cc | 15 +- chromium/net/ftp/ftp_response_info.h | 3 +- chromium/net/http/bidirectional_stream.cc | 67 +- chromium/net/http/bidirectional_stream.h | 2 +- chromium/net/http/bidirectional_stream_unittest.cc | 66 +- chromium/net/http/broken_alternative_services.cc | 2 +- chromium/net/http/broken_alternative_services.h | 2 +- chromium/net/http/http_auth.cc | 24 +- chromium/net/http/http_auth.h | 14 +- chromium/net/http/http_auth_cache.cc | 43 +- chromium/net/http/http_auth_controller.cc | 29 +- chromium/net/http/http_auth_controller_unittest.cc | 36 +- chromium/net/http/http_auth_gssapi_posix.cc | 766 +- chromium/net/http/http_auth_gssapi_posix.h | 165 +- .../net/http/http_auth_gssapi_posix_unittest.cc | 406 +- chromium/net/http/http_auth_handler.cc | 11 +- chromium/net/http/http_auth_handler_factory.cc | 20 +- chromium/net/http/http_auth_handler_factory.h | 6 +- chromium/net/http/http_auth_handler_mock.cc | 3 +- chromium/net/http/http_auth_handler_mock.h | 2 +- chromium/net/http/http_auth_handler_negotiate.cc | 16 +- .../http/http_auth_handler_negotiate_unittest.cc | 50 +- chromium/net/http/http_auth_handler_ntlm.cc | 2 +- chromium/net/http/http_auth_handler_ntlm.h | 12 + .../net/http/http_auth_handler_ntlm_portable.cc | 14 + .../http_auth_handler_ntlm_portable_unittest.cc | 7 + chromium/net/http/http_auth_handler_unittest.cc | 4 +- chromium/net/http/http_auth_sspi_win.cc | 3 +- chromium/net/http/http_auth_sspi_win.h | 3 +- chromium/net/http/http_auth_sspi_win_unittest.cc | 23 +- chromium/net/http/http_cache.cc | 162 +- chromium/net/http/http_cache.h | 40 +- chromium/net/http/http_cache_lookup_manager.cc | 16 +- chromium/net/http/http_cache_lookup_manager.h | 2 +- chromium/net/http/http_cache_transaction.cc | 187 +- chromium/net/http/http_cache_transaction.h | 31 +- chromium/net/http/http_cache_unittest.cc | 417 +- chromium/net/http/http_cache_writers.cc | 2 +- chromium/net/http/http_cache_writers.h | 2 +- chromium/net/http/http_log_util.cc | 22 +- chromium/net/http/http_log_util.h | 14 + chromium/net/http/http_log_util_unittest.cc | 36 +- chromium/net/http/http_negotiate_auth_system.h | 4 +- chromium/net/http/http_network_layer.cc | 8 +- chromium/net/http/http_network_session.cc | 183 +- chromium/net/http/http_network_session.h | 103 +- chromium/net/http/http_network_transaction.cc | 42 +- chromium/net/http/http_network_transaction.h | 4 +- .../net/http/http_network_transaction_unittest.cc | 613 +- chromium/net/http/http_proxy_client_socket.cc | 14 +- .../net/http/http_proxy_client_socket_fuzzer.cc | 4 +- chromium/net/http/http_proxy_connect_job.cc | 7 +- chromium/net/http/http_proxy_connect_job.h | 2 +- .../net/http/http_proxy_connect_job_unittest.cc | 10 +- chromium/net/http/http_request_headers.cc | 8 +- chromium/net/http/http_request_headers.h | 7 +- .../http/http_response_body_drainer_unittest.cc | 5 +- chromium/net/http/http_response_headers.cc | 4 +- chromium/net/http/http_response_headers.h | 4 +- chromium/net/http/http_response_info.cc | 3 + chromium/net/http/http_response_info.h | 1 + chromium/net/http/http_server_properties_impl.cc | 11 +- chromium/net/http/http_server_properties_impl.h | 8 +- .../http/http_server_properties_impl_unittest.cc | 14 +- .../net/http/http_server_properties_manager.cc | 175 +- chromium/net/http/http_server_properties_manager.h | 36 +- .../http_server_properties_manager_unittest.cc | 200 +- chromium/net/http/http_stream_factory.cc | 9 +- chromium/net/http/http_stream_factory_job.cc | 89 +- chromium/net/http/http_stream_factory_job.h | 2 +- .../net/http/http_stream_factory_job_controller.cc | 81 +- .../net/http/http_stream_factory_job_controller.h | 2 +- .../http_stream_factory_job_controller_unittest.cc | 115 +- chromium/net/http/http_stream_factory_unittest.cc | 119 +- chromium/net/http/http_stream_parser.cc | 43 +- chromium/net/http/http_stream_parser.h | 2 +- chromium/net/http/http_stream_parser_fuzzer.cc | 4 +- chromium/net/http/http_stream_parser_unittest.cc | 9 +- chromium/net/http/http_transaction_test_util.cc | 3 +- chromium/net/http/http_transaction_test_util.h | 3 +- chromium/net/http/mock_gssapi_library_posix.cc | 106 +- chromium/net/http/mock_gssapi_library_posix.h | 26 +- chromium/net/http/mock_http_cache.cc | 7 + chromium/net/http/mock_sspi_library_win.h | 2 + chromium/net/http/partial_data.cc | 3 +- chromium/net/http/partial_data.h | 2 +- chromium/net/http/transport_security_persister.cc | 3 +- chromium/net/http/transport_security_persister.h | 2 +- chromium/net/http/transport_security_state.cc | 2 +- .../net/http/transport_security_state_static.json | 12839 +++++++++++++++++-- .../net/http/transport_security_state_unittest.cc | 41 + chromium/net/log/file_net_log_observer.h | 2 - chromium/net/log/file_net_log_observer_unittest.cc | 34 +- chromium/net/log/net_log.cc | 248 +- chromium/net/log/net_log.h | 255 +- chromium/net/log/net_log_capture_mode.cc | 80 +- chromium/net/log/net_log_capture_mode.h | 118 +- chromium/net/log/net_log_capture_mode_unittest.cc | 38 +- chromium/net/log/net_log_entry.cc | 61 +- chromium/net/log/net_log_entry.h | 67 +- chromium/net/log/net_log_event_type_list.h | 171 +- chromium/net/log/net_log_parameters_callback.h | 28 - chromium/net/log/net_log_source.cc | 14 +- chromium/net/log/net_log_source.h | 9 +- chromium/net/log/net_log_unittest.cc | 240 +- chromium/net/log/net_log_util.cc | 23 +- chromium/net/log/net_log_util_unittest.cc | 7 +- chromium/net/log/net_log_values.cc | 99 + chromium/net/log/net_log_values.h | 63 + chromium/net/log/net_log_values_unittest.cc | 123 + chromium/net/log/net_log_with_source.cc | 97 +- chromium/net/log/net_log_with_source.h | 71 +- chromium/net/log/test_net_log.cc | 142 +- chromium/net/log/test_net_log.h | 62 +- chromium/net/log/test_net_log_entry.cc | 84 - chromium/net/log/test_net_log_entry.h | 71 - chromium/net/log/test_net_log_util.cc | 110 +- chromium/net/log/test_net_log_util.h | 47 +- chromium/net/log/trace_net_log_observer.cc | 27 +- chromium/net/log/trace_net_log_observer.h | 2 +- .../net/log/trace_net_log_observer_unittest.cc | 31 +- chromium/net/network_error_logging/OWNERS | 1 + .../network_error_logging_service.cc | 23 +- .../network_error_logging_service.h | 1 + .../network_error_logging_service_unittest.cc | 29 + chromium/net/nqe/event_creator.cc | 17 +- chromium/net/nqe/event_creator_unittest.cc | 12 +- chromium/net/nqe/network_congestion_analyzer.cc | 354 + chromium/net/nqe/network_congestion_analyzer.h | 208 + .../nqe/network_congestion_analyzer_unittest.cc | 254 + chromium/net/nqe/network_quality_estimator.cc | 203 +- chromium/net/nqe/network_quality_estimator.h | 79 +- .../net/nqe/network_quality_estimator_test_util.cc | 50 +- .../net/nqe/network_quality_estimator_test_util.h | 7 + .../net/nqe/network_quality_estimator_unittest.cc | 163 +- chromium/net/nqe/network_quality_store.cc | 2 +- chromium/net/nqe/network_quality_store.h | 2 +- chromium/net/nqe/observation_buffer.cc | 77 + chromium/net/nqe/observation_buffer.h | 39 +- chromium/net/nqe/observation_buffer_unittest.cc | 85 + .../nqe/peer_to_peer_connections_count_observer.h | 29 + chromium/net/nqe/throughput_analyzer.cc | 49 +- chromium/net/nqe/throughput_analyzer.h | 49 +- chromium/net/nqe/throughput_analyzer_unittest.cc | 38 +- chromium/net/ntlm/ntlm_client.h | 2 +- chromium/net/ntlm/ntlm_client_fuzzer.cc | 12 +- .../net/proxy_resolution/dhcp_pac_file_fetcher.h | 6 +- .../proxy_resolution/dhcp_pac_file_fetcher_win.cc | 30 +- .../dhcp_pac_file_fetcher_win_unittest.cc | 4 +- .../multi_threaded_proxy_resolver.cc | 6 +- .../multi_threaded_proxy_resolver_unittest.cc | 13 +- chromium/net/proxy_resolution/pac_file_decider.cc | 21 +- chromium/net/proxy_resolution/pac_file_decider.h | 11 +- .../proxy_resolution/pac_file_decider_unittest.cc | 19 +- .../net/proxy_resolution/pac_file_fetcher_impl.cc | 3 +- .../net/proxy_resolution/pac_file_fetcher_impl.h | 2 +- .../net/proxy_resolution/pac_library_unittest.cc | 4 +- .../proxy_config_service_android.cc | 2 +- .../proxy_config_service_android_unittest.cc | 2 +- chromium/net/proxy_resolution/proxy_info.cc | 7 +- chromium/net/proxy_resolution/proxy_info.h | 7 - chromium/net/proxy_resolution/proxy_list.cc | 4 +- .../proxy_resolution/proxy_resolution_service.cc | 66 +- .../proxy_resolution/proxy_resolution_service.h | 7 +- .../proxy_resolution_service_unittest.cc | 17 +- .../proxy_resolution/proxy_resolver_v8_tracing.cc | 4 +- .../proxy_resolver_v8_tracing_wrapper.cc | 190 - .../proxy_resolver_v8_tracing_wrapper.h | 66 - .../proxy_resolver_v8_tracing_wrapper_unittest.cc | 1088 -- chromium/net/quic/OWNERS | 1 + chromium/net/quic/address_utils.h | 38 + .../net/quic/bidirectional_stream_quic_impl.cc | 36 +- chromium/net/quic/bidirectional_stream_quic_impl.h | 2 +- .../bidirectional_stream_quic_impl_unittest.cc | 625 +- chromium/net/quic/crypto_test_utils_chromium.cc | 2 +- chromium/net/quic/mock_quic_data.cc | 11 +- chromium/net/quic/mock_quic_data.h | 10 +- .../net/quic/platform/impl/quic_bbr2_sender_impl.h | 16 + .../net/quic/platform/impl/quic_chromium_clock.cc | 5 +- chromium/net/quic/platform/impl/quic_flags_impl.cc | 2 +- .../platform/impl/quic_fuzzed_data_provider_impl.h | 4 +- .../net/quic/platform/impl/quic_ip_address_impl.cc | 153 - .../net/quic/platform/impl/quic_ip_address_impl.h | 71 - .../net/quic/platform/impl/quic_map_util_impl.h | 4 +- .../platform/impl/quic_mem_slice_storage_impl.cc | 5 + .../platform/impl/quic_mem_slice_storage_impl.h | 2 + .../quic/platform/impl/quic_socket_address_impl.cc | 15 +- .../quic/platform/impl/quic_socket_address_impl.h | 4 +- .../platform/impl/quic_system_event_loop_impl.h | 4 +- .../quic/platform/impl/quic_test_loopback_impl.cc | 12 +- chromium/net/quic/quic_chromium_alarm_factory.cc | 7 +- chromium/net/quic/quic_chromium_alarm_factory.h | 2 +- chromium/net/quic/quic_chromium_client_session.cc | 262 +- chromium/net/quic/quic_chromium_client_session.h | 26 +- .../net/quic/quic_chromium_client_session_test.cc | 321 +- chromium/net/quic/quic_chromium_client_stream.cc | 30 +- chromium/net/quic/quic_chromium_client_stream.h | 6 +- .../net/quic/quic_chromium_client_stream_test.cc | 12 +- chromium/net/quic/quic_chromium_packet_reader.cc | 10 +- chromium/net/quic/quic_chromium_packet_reader.h | 2 +- chromium/net/quic/quic_chromium_packet_writer.cc | 5 +- chromium/net/quic/quic_chromium_packet_writer.h | 2 +- chromium/net/quic/quic_connection_logger.cc | 259 +- chromium/net/quic/quic_connection_logger.h | 7 +- .../net/quic/quic_connectivity_probing_manager.cc | 44 +- .../net/quic/quic_connectivity_probing_manager.h | 2 +- .../quic/quic_connectivity_probing_manager_test.cc | 135 +- chromium/net/quic/quic_end_to_end_unittest.cc | 2 +- chromium/net/quic/quic_flags_list.h | 265 +- chromium/net/quic/quic_http_stream.cc | 82 +- chromium/net/quic/quic_http_stream.h | 2 +- chromium/net/quic/quic_http_stream_test.cc | 385 +- chromium/net/quic/quic_http_utils.cc | 20 +- chromium/net/quic/quic_http_utils.h | 4 +- chromium/net/quic/quic_http_utils_test.cc | 8 +- .../net/quic/quic_network_transaction_unittest.cc | 3587 +++--- chromium/net/quic/quic_proxy_client_socket.cc | 25 +- chromium/net/quic/quic_proxy_client_socket.h | 2 +- .../net/quic/quic_proxy_client_socket_unittest.cc | 335 +- chromium/net/quic/quic_server_info.h | 2 +- chromium/net/quic/quic_session_key.cc | 34 +- chromium/net/quic/quic_session_key.h | 33 +- chromium/net/quic/quic_stream_factory.cc | 412 +- chromium/net/quic/quic_stream_factory.h | 233 +- chromium/net/quic/quic_stream_factory_fuzzer.cc | 94 +- chromium/net/quic/quic_stream_factory_peer.cc | 4 +- chromium/net/quic/quic_stream_factory_test.cc | 2436 ++-- chromium/net/quic/quic_test_packet_maker.cc | 1159 +- chromium/net/quic/quic_test_packet_maker.h | 163 +- chromium/net/quic/quic_test_packet_printer.cc | 215 + chromium/net/quic/quic_test_packet_printer.h | 31 + .../net/quic/quic_transport_parameters_fuzzer.cc | 7 +- chromium/net/reporting/OWNERS | 1 + .../reporting/mock_persistent_reporting_store.cc | 11 + .../reporting/mock_persistent_reporting_store.h | 6 + .../mock_persistent_reporting_store_unittest.cc | 77 +- chromium/net/reporting/reporting_cache.cc | 5 +- chromium/net/reporting/reporting_cache.h | 14 +- chromium/net/reporting/reporting_cache_impl.cc | 217 +- chromium/net/reporting/reporting_cache_impl.h | 24 +- chromium/net/reporting/reporting_cache_unittest.cc | 391 + chromium/net/reporting/reporting_context.cc | 13 +- chromium/net/reporting/reporting_context.h | 15 +- chromium/net/reporting/reporting_delivery_agent.cc | 14 +- chromium/net/reporting/reporting_endpoint.cc | 9 + chromium/net/reporting/reporting_endpoint.h | 13 +- .../net/reporting/reporting_endpoint_manager.cc | 10 +- .../net/reporting/reporting_garbage_collector.cc | 2 +- chromium/net/reporting/reporting_header_parser.cc | 10 + chromium/net/reporting/reporting_header_parser.h | 1 + .../reporting/reporting_header_parser_unittest.cc | 734 +- chromium/net/reporting/reporting_service.cc | 2 +- chromium/net/server/http_server.cc | 3 +- chromium/net/server/http_server.h | 2 +- chromium/net/server/http_server_fuzzer.cc | 8 +- chromium/net/socket/client_socket_factory.cc | 10 +- chromium/net/socket/client_socket_factory.h | 6 +- chromium/net/socket/client_socket_handle.cc | 4 +- chromium/net/socket/client_socket_pool.cc | 9 +- chromium/net/socket/client_socket_pool.h | 5 +- .../net/socket/client_socket_pool_base_unittest.cc | 46 +- chromium/net/socket/client_socket_pool_manager.cc | 4 +- chromium/net/socket/client_socket_pool_manager.h | 1 + chromium/net/socket/client_socket_pool_unittest.cc | 18 +- chromium/net/socket/connect_job.cc | 11 +- chromium/net/socket/connect_job.h | 13 +- chromium/net/socket/connect_job_unittest.cc | 8 +- .../net/socket/fuzzed_datagram_client_socket.cc | 6 +- .../net/socket/fuzzed_datagram_client_socket.h | 8 +- chromium/net/socket/fuzzed_server_socket.cc | 5 +- chromium/net/socket/fuzzed_server_socket.h | 9 +- chromium/net/socket/fuzzed_socket.cc | 7 +- chromium/net/socket/fuzzed_socket.h | 8 +- chromium/net/socket/fuzzed_socket_factory.cc | 9 +- chromium/net/socket/fuzzed_socket_factory.h | 10 +- chromium/net/socket/socket_bio_adapter.cc | 3 +- chromium/net/socket/socket_bio_adapter.h | 2 +- chromium/net/socket/socket_net_log_params.cc | 49 +- chromium/net/socket/socket_net_log_params.h | 41 +- chromium/net/socket/socket_test_util.cc | 43 +- chromium/net/socket/socket_test_util.h | 34 +- chromium/net/socket/socks5_client_socket.cc | 21 +- chromium/net/socket/socks5_client_socket_fuzzer.cc | 5 +- .../net/socket/socks5_client_socket_unittest.cc | 26 +- chromium/net/socket/socks_client_socket_fuzzer.cc | 4 +- .../net/socket/socks_client_socket_unittest.cc | 31 +- chromium/net/socket/socks_connect_job_unittest.cc | 13 +- chromium/net/socket/ssl_client_socket.cc | 37 +- chromium/net/socket/ssl_client_socket.h | 75 +- chromium/net/socket/ssl_client_socket_impl.cc | 207 +- chromium/net/socket/ssl_client_socket_impl.h | 24 +- chromium/net/socket/ssl_client_socket_unittest.cc | 451 +- chromium/net/socket/ssl_connect_job.cc | 42 +- chromium/net/socket/ssl_connect_job.h | 8 +- chromium/net/socket/ssl_connect_job_unittest.cc | 17 +- chromium/net/socket/ssl_server_socket_impl.cc | 82 +- chromium/net/socket/ssl_server_socket_unittest.cc | 39 +- chromium/net/socket/tcp_client_socket.cc | 11 +- chromium/net/socket/tcp_client_socket.h | 2 +- chromium/net/socket/tcp_client_socket_unittest.cc | 8 +- chromium/net/socket/tcp_socket_posix.cc | 25 +- chromium/net/socket/tcp_socket_win.cc | 41 +- .../net/socket/transport_client_socket_pool.cc | 64 +- chromium/net/socket/transport_client_socket_pool.h | 2 +- .../transport_client_socket_pool_test_util.cc | 11 +- .../transport_client_socket_pool_test_util.h | 5 +- .../transport_client_socket_pool_unittest.cc | 22 +- .../net/socket/transport_client_socket_unittest.cc | 6 +- chromium/net/socket/transport_connect_job.cc | 3 +- chromium/net/socket/transport_connect_job.h | 2 +- .../net/socket/transport_connect_job_unittest.cc | 13 +- chromium/net/socket/udp_net_log_parameters.cc | 44 +- chromium/net/socket/udp_net_log_parameters.h | 33 +- chromium/net/socket/udp_socket_perftest.cc | 5 +- chromium/net/socket/udp_socket_posix.cc | 27 +- chromium/net/socket/udp_socket_posix.h | 2 +- chromium/net/socket/udp_socket_posix_unittest.cc | 39 +- chromium/net/socket/udp_socket_unittest.cc | 10 +- chromium/net/socket/udp_socket_win.cc | 29 +- .../net/socket/websocket_endpoint_lock_manager.cc | 3 +- .../net/socket/websocket_endpoint_lock_manager.h | 2 +- .../websocket_transport_client_socket_pool.cc | 14 +- .../websocket_transport_client_socket_pool.h | 2 +- ...socket_transport_client_socket_pool_unittest.cc | 3 +- .../net/socket/websocket_transport_connect_job.cc | 3 +- .../net/socket/websocket_transport_connect_job.h | 2 +- .../net/spdy/bidirectional_stream_spdy_impl.cc | 3 +- chromium/net/spdy/bidirectional_stream_spdy_impl.h | 2 +- .../bidirectional_stream_spdy_impl_unittest.cc | 2 +- chromium/net/spdy/buffered_spdy_framer.h | 22 +- chromium/net/spdy/header_coalescer.cc | 59 +- chromium/net/spdy/header_coalescer_test.cc | 16 +- .../net/spdy/platform/impl/spdy_containers_impl.h | 7 + chromium/net/spdy/platform/impl/spdy_test_impl.h | 12 + chromium/net/spdy/spdy_http_stream.cc | 9 +- chromium/net/spdy/spdy_http_stream.h | 2 +- chromium/net/spdy/spdy_http_stream_unittest.cc | 4 +- chromium/net/spdy/spdy_log_util.cc | 7 +- chromium/net/spdy/spdy_log_util.h | 2 +- chromium/net/spdy/spdy_log_util_unittest.cc | 28 +- .../net/spdy/spdy_network_transaction_unittest.cc | 46 +- chromium/net/spdy/spdy_proxy_client_socket.cc | 26 +- chromium/net/spdy/spdy_proxy_client_socket.h | 5 +- .../net/spdy/spdy_proxy_client_socket_unittest.cc | 8 +- chromium/net/spdy/spdy_session.cc | 445 +- chromium/net/spdy/spdy_session.h | 6 +- chromium/net/spdy/spdy_session_fuzzer.cc | 16 +- chromium/net/spdy/spdy_session_pool.cc | 19 +- chromium/net/spdy/spdy_session_pool.h | 2 +- chromium/net/spdy/spdy_session_pool_unittest.cc | 6 +- chromium/net/spdy/spdy_session_unittest.cc | 90 +- chromium/net/spdy/spdy_stream.cc | 106 +- chromium/net/spdy/spdy_stream.h | 2 +- chromium/net/spdy/spdy_stream_unittest.cc | 29 +- chromium/net/ssl/client_cert_store_mac_unittest.cc | 4 +- chromium/net/ssl/client_cert_store_nss_unittest.cc | 6 +- chromium/net/ssl/client_cert_store_unittest-inl.h | 8 +- chromium/net/ssl/openssl_ssl_util.cc | 25 +- chromium/net/ssl/openssl_ssl_util.h | 15 +- chromium/net/ssl/ssl_client_session_cache.cc | 14 +- chromium/net/ssl/ssl_client_session_cache.h | 4 - .../net/ssl/ssl_client_session_cache_unittest.cc | 2 +- chromium/net/ssl/ssl_config.cc | 3 +- chromium/net/ssl/ssl_config.h | 18 +- chromium/net/ssl/ssl_handshake_details.h | 29 + .../net/ssl/ssl_platform_key_android_unittest.cc | 2 +- chromium/net/ssl/ssl_platform_key_util.h | 3 +- chromium/net/ssl/ssl_server_config.h | 6 + chromium/net/ssl/test_ssl_private_key.h | 7 +- chromium/net/ssl/threaded_ssl_private_key.cc | 3 +- chromium/net/ssl/threaded_ssl_private_key.h | 5 +- .../net/test/android/javatests/AndroidManifest.xml | 1 - .../android/embedded_test_server_android.cc | 6 +- .../controllable_http_response.cc | 3 +- .../controllable_http_response.h | 2 +- .../test/embedded_test_server/default_handlers.cc | 140 +- .../embedded_test_server/embedded_test_server.cc | 24 +- .../embedded_test_server/embedded_test_server.h | 6 +- .../embedded_test_server_unittest.cc | 25 +- .../test/embedded_test_server/http_connection.cc | 3 +- .../test/embedded_test_server/http_connection.h | 2 +- .../net/test/embedded_test_server/http_request.cc | 9 +- .../embedded_test_server/request_handler_util.cc | 14 +- .../simple_connection_listener.cc | 8 +- .../simple_connection_listener.h | 7 - chromium/net/test/net_test_suite.cc | 2 +- .../remote_test_server_spawner_request.cc | 4 +- chromium/net/test/tcp_socket_proxy.cc | 4 +- .../net/test/test_with_scoped_task_environment.h | 21 +- .../test/url_request/ssl_certificate_error_job.cc | 3 +- .../test/url_request/ssl_certificate_error_job.h | 2 +- .../net/test/url_request/url_request_failed_job.cc | 3 +- .../net/test/url_request/url_request_failed_job.h | 2 +- .../url_request/url_request_hanging_read_job.cc | 4 +- .../url_request/url_request_hanging_read_job.h | 2 +- .../test/url_request/url_request_mock_data_job.cc | 5 +- .../test/url_request/url_request_mock_data_job.h | 2 +- .../test/url_request/url_request_mock_http_job.cc | 3 +- .../test/url_request/url_request_mock_http_job.h | 2 +- .../url_request/url_request_slow_download_job.cc | 4 +- .../url_request/url_request_slow_download_job.h | 2 +- .../net/third_party/quiche/src/CONTRIBUTING.md | 9 +- .../quiche/src/common/simple_linked_hash_map.h | 3 +- .../src/http2/decoder/frame_decoder_state.cc | 1 - .../src/http2/hpack/tools/hpack_block_builder.cc | 16 +- .../src/http2/hpack/varint/hpack_varint_encoder.cc | 54 +- .../src/http2/hpack/varint/hpack_varint_encoder.h | 38 +- .../hpack/varint/hpack_varint_encoder_test.cc | 82 +- .../quiche/src/quic/core/chlo_extractor.cc | 73 +- .../quiche/src/quic/core/chlo_extractor_test.cc | 3 +- .../core/congestion_control/bandwidth_sampler.cc | 5 +- .../core/congestion_control/bandwidth_sampler.h | 3 + .../src/quic/core/congestion_control/bbr2_drain.cc | 64 + .../src/quic/core/congestion_control/bbr2_drain.h | 53 + .../src/quic/core/congestion_control/bbr2_misc.cc | 329 + .../src/quic/core/congestion_control/bbr2_misc.h | 516 + .../quic/core/congestion_control/bbr2_probe_bw.cc | 516 + .../quic/core/congestion_control/bbr2_probe_bw.h | 135 + .../quic/core/congestion_control/bbr2_probe_rtt.cc | 66 + .../quic/core/congestion_control/bbr2_probe_rtt.h | 54 + .../quic/core/congestion_control/bbr2_sender.cc | 410 + .../src/quic/core/congestion_control/bbr2_sender.h | 192 + .../core/congestion_control/bbr2_simulator_test.cc | 1014 ++ .../quic/core/congestion_control/bbr2_startup.cc | 138 + .../quic/core/congestion_control/bbr2_startup.h | 68 + .../src/quic/core/congestion_control/bbr_sender.cc | 56 +- .../src/quic/core/congestion_control/bbr_sender.h | 6 +- .../core/congestion_control/bbr_sender_test.cc | 58 +- .../congestion_control/general_loss_algorithm.cc | 37 +- .../congestion_control/general_loss_algorithm.h | 1 - .../general_loss_algorithm_test.cc | 39 +- .../quic/core/congestion_control/pacing_sender.cc | 22 +- .../quic/core/congestion_control/pacing_sender.h | 3 + .../core/congestion_control/pacing_sender_test.cc | 26 +- .../src/quic/core/congestion_control/rtt_stats.cc | 5 +- .../src/quic/core/congestion_control/rtt_stats.h | 3 + .../congestion_control/send_algorithm_interface.cc | 5 + .../congestion_control/send_algorithm_interface.h | 4 - .../congestion_control/tcp_cubic_sender_bytes.cc | 5 +- .../congestion_control/tcp_cubic_sender_bytes.h | 2 +- .../tcp_cubic_sender_bytes_test.cc | 2 +- .../core/congestion_control/uber_loss_algorithm.cc | 2 - .../congestion_control/uber_loss_algorithm_test.cc | 35 +- .../core/crypto/aes_128_gcm_12_decrypter_test.cc | 12 +- .../core/crypto/aes_128_gcm_12_encrypter_test.cc | 12 +- .../quic/core/crypto/aes_128_gcm_decrypter_test.cc | 12 +- .../quic/core/crypto/aes_128_gcm_encrypter_test.cc | 12 +- .../quic/core/crypto/aes_256_gcm_decrypter_test.cc | 12 +- .../quic/core/crypto/aes_256_gcm_encrypter_test.cc | 12 +- .../crypto/chacha20_poly1305_decrypter_test.cc | 2 +- .../crypto/chacha20_poly1305_encrypter_test.cc | 2 +- .../crypto/chacha20_poly1305_tls_decrypter_test.cc | 2 +- .../crypto/chacha20_poly1305_tls_encrypter_test.cc | 61 +- .../quiche/src/quic/core/crypto/channel_id_test.cc | 2 +- .../quiche/src/quic/core/crypto/crypto_framer.cc | 5 +- .../quiche/src/quic/core/crypto/crypto_handshake.h | 4 - .../quic/core/crypto/crypto_handshake_message.cc | 1 - .../quiche/src/quic/core/crypto/crypto_protocol.h | 8 +- .../src/quic/core/crypto/crypto_server_test.cc | 46 +- .../quiche/src/quic/core/crypto/crypto_utils.cc | 8 +- .../quiche/src/quic/core/crypto/null_decrypter.cc | 7 +- .../quiche/src/quic/core/crypto/null_encrypter.cc | 2 +- .../quic/core/crypto/quic_crypto_client_config.cc | 31 +- .../quic/core/crypto/quic_crypto_client_config.h | 4 +- .../core/crypto/quic_crypto_client_config_test.cc | 53 +- .../quic/core/crypto/quic_crypto_server_config.cc | 52 +- .../quic/core/crypto/quic_crypto_server_config.h | 29 +- .../core/crypto/quic_crypto_server_config_test.cc | 25 +- .../quiche/src/quic/core/crypto/quic_hkdf.h | 2 + .../src/quic/core/crypto/tls_client_connection.cc | 33 + .../src/quic/core/crypto/tls_client_connection.h | 51 + .../quiche/src/quic/core/crypto/tls_connection.cc | 158 + .../quiche/src/quic/core/crypto/tls_connection.h | 116 + .../src/quic/core/crypto/tls_server_connection.cc | 81 + .../src/quic/core/crypto/tls_server_connection.h | 111 + .../src/quic/core/crypto/transport_parameters.cc | 92 +- .../src/quic/core/crypto/transport_parameters.h | 4 + .../quic/core/crypto/transport_parameters_test.cc | 25 +- .../core/frames/quic_connection_close_frame.cc | 30 +- .../quic/core/frames/quic_connection_close_frame.h | 27 +- .../quiche/src/quic/core/frames/quic_frame.cc | 8 + .../quiche/src/quic/core/frames/quic_frame.h | 3 + .../src/quic/core/frames/quic_frames_test.cc | 6 +- .../core/frames/quic_new_connection_id_frame.cc | 11 +- .../core/frames/quic_new_connection_id_frame.h | 4 +- .../src/quic/core/frames/quic_new_token_frame.cc | 6 +- .../quic/core/frames/quic_path_challenge_frame.cc | 16 +- .../quic/core/frames/quic_path_response_frame.cc | 16 +- .../src/quic/core/frames/quic_rst_stream_frame.cc | 1 + .../src/quic/core/frames/quic_rst_stream_frame.h | 1 + .../quiche/src/quic/core/http/end_to_end_test.cc | 326 +- .../quiche/src/quic/core/http/http_constants.h | 32 + .../quiche/src/quic/core/http/http_decoder.cc | 407 +- .../quiche/src/quic/core/http/http_decoder.h | 106 +- .../quiche/src/quic/core/http/http_decoder_test.cc | 811 +- .../quiche/src/quic/core/http/http_encoder.cc | 54 +- .../quiche/src/quic/core/http/http_encoder.h | 6 +- .../quiche/src/quic/core/http/http_encoder_test.cc | 44 +- .../quiche/src/quic/core/http/http_frames.h | 55 +- .../quic/core/http/quic_client_promised_info.cc | 6 +- .../core/http/quic_client_promised_info_test.cc | 11 +- .../core/http/quic_client_push_promise_index.cc | 4 +- .../http/quic_client_push_promise_index_test.cc | 8 +- .../src/quic/core/http/quic_headers_stream_test.cc | 45 +- .../quic/core/http/quic_receive_control_stream.cc | 184 +- .../quic/core/http/quic_receive_control_stream.h | 28 +- .../core/http/quic_receive_control_stream_test.cc | 172 +- .../src/quic/core/http/quic_send_control_stream.cc | 52 +- .../src/quic/core/http/quic_send_control_stream.h | 20 +- .../core/http/quic_send_control_stream_test.cc | 68 +- .../src/quic/core/http/quic_server_session_base.cc | 14 +- .../src/quic/core/http/quic_server_session_base.h | 3 +- .../core/http/quic_server_session_base_test.cc | 53 +- .../src/quic/core/http/quic_spdy_client_session.cc | 10 +- .../src/quic/core/http/quic_spdy_client_session.h | 2 +- .../core/http/quic_spdy_client_session_base.cc | 28 +- .../quic/core/http/quic_spdy_client_session_base.h | 5 + .../core/http/quic_spdy_client_session_test.cc | 155 +- .../src/quic/core/http/quic_spdy_client_stream.cc | 7 +- .../src/quic/core/http/quic_spdy_client_stream.h | 2 +- .../quic/core/http/quic_spdy_client_stream_test.cc | 5 +- .../quic/core/http/quic_spdy_server_stream_base.cc | 4 +- .../quic/core/http/quic_spdy_server_stream_base.h | 2 +- .../core/http/quic_spdy_server_stream_base_test.cc | 4 +- .../quiche/src/quic/core/http/quic_spdy_session.cc | 224 +- .../quiche/src/quic/core/http/quic_spdy_session.h | 87 +- .../src/quic/core/http/quic_spdy_session_test.cc | 359 +- .../quiche/src/quic/core/http/quic_spdy_stream.cc | 459 +- .../quiche/src/quic/core/http/quic_spdy_stream.h | 89 +- .../quic/core/http/quic_spdy_stream_body_buffer.cc | 40 +- .../quic/core/http/quic_spdy_stream_body_buffer.h | 31 +- .../core/http/quic_spdy_stream_body_buffer_test.cc | 149 +- .../src/quic/core/http/quic_spdy_stream_test.cc | 1150 +- .../src/quic/core/http/spdy_server_push_utils.cc | 214 + .../src/quic/core/http/spdy_server_push_utils.h | 43 + .../quic/core/http/spdy_server_push_utils_test.cc | 221 + .../quiche/src/quic/core/http/spdy_utils.cc | 205 +- .../quiche/src/quic/core/http/spdy_utils.h | 24 +- .../quiche/src/quic/core/http/spdy_utils_test.cc | 191 - .../src/quic/core/legacy_quic_stream_id_manager.cc | 21 +- .../core/legacy_quic_stream_id_manager_test.cc | 6 +- .../core/proto/cached_network_parameters_proto.h | 15 + .../quic/core/proto/crypto_server_config_proto.h | 15 + .../quic/core/proto/source_address_token_proto.h | 15 + .../core/qpack/offline/qpack_offline_decoder.cc | 94 +- .../core/qpack/offline/qpack_offline_decoder.h | 24 +- .../quiche/src/quic/core/qpack/qpack_constants.cc | 2 + .../quiche/src/quic/core/qpack/qpack_constants.h | 5 - .../qpack/qpack_decoded_headers_accumulator.cc | 41 +- .../core/qpack/qpack_decoded_headers_accumulator.h | 41 +- .../qpack_decoded_headers_accumulator_test.cc | 73 +- .../quiche/src/quic/core/qpack/qpack_decoder.cc | 4 +- .../quiche/src/quic/core/qpack/qpack_decoder.h | 7 +- .../core/qpack/qpack_decoder_stream_receiver.h | 7 +- .../quic/core/qpack/qpack_decoder_stream_sender.cc | 39 +- .../quic/core/qpack/qpack_decoder_stream_sender.h | 18 +- .../core/qpack/qpack_decoder_stream_sender_test.cc | 38 +- .../src/quic/core/qpack/qpack_decoder_test.cc | 229 +- .../quic/core/qpack/qpack_decoder_test_utils.cc | 15 +- .../src/quic/core/qpack/qpack_decoder_test_utils.h | 29 +- .../quiche/src/quic/core/qpack/qpack_encoder.cc | 86 +- .../quiche/src/quic/core/qpack/qpack_encoder.h | 29 +- .../core/qpack/qpack_encoder_stream_receiver.h | 7 +- .../quic/core/qpack/qpack_encoder_stream_sender.cc | 56 +- .../quic/core/qpack/qpack_encoder_stream_sender.h | 18 +- .../core/qpack/qpack_encoder_stream_sender_test.cc | 36 +- .../src/quic/core/qpack/qpack_encoder_test.cc | 59 +- .../quic/core/qpack/qpack_encoder_test_utils.cc | 23 +- .../src/quic/core/qpack/qpack_encoder_test_utils.h | 24 - .../src/quic/core/qpack/qpack_header_table.cc | 33 +- .../src/quic/core/qpack/qpack_header_table.h | 35 + .../src/quic/core/qpack/qpack_header_table_test.cc | 54 + .../quic/core/qpack/qpack_instruction_decoder.cc | 7 + .../quic/core/qpack/qpack_instruction_encoder.cc | 124 +- .../quic/core/qpack/qpack_instruction_encoder.h | 69 +- .../core/qpack/qpack_instruction_encoder_test.cc | 166 +- .../quic/core/qpack/qpack_progressive_decoder.cc | 161 +- .../quic/core/qpack/qpack_progressive_decoder.h | 29 +- .../core/qpack/qpack_progressive_decoder_test.cc | 124 - .../quic/core/qpack/qpack_progressive_encoder.cc | 138 - .../quic/core/qpack/qpack_progressive_encoder.h | 60 - .../src/quic/core/qpack/qpack_receive_stream.cc | 21 + .../src/quic/core/qpack/qpack_receive_stream.h | 37 + .../quic/core/qpack/qpack_receive_stream_test.cc | 91 + .../quic/core/qpack/qpack_required_insert_count.cc | 70 + .../quic/core/qpack/qpack_required_insert_count.h | 33 + .../core/qpack/qpack_required_insert_count_test.cc | 125 + .../src/quic/core/qpack/qpack_round_trip_test.cc | 36 +- .../src/quic/core/qpack/qpack_send_stream.cc | 39 + .../quiche/src/quic/core/qpack/qpack_send_stream.h | 52 + .../src/quic/core/qpack/qpack_send_stream_test.cc | 111 + .../src/quic/core/qpack/qpack_stream_receiver.h | 24 + .../quic/core/qpack/qpack_stream_sender_delegate.h | 24 + .../quiche/src/quic/core/qpack/qpack_test_utils.h | 11 + .../quiche/src/quic/core/qpack/qpack_utils.h | 23 + .../quic/core/qpack/value_splitting_header_list.cc | 29 +- .../quic/core/qpack/value_splitting_header_list.h | 7 +- .../core/qpack/value_splitting_header_list_test.cc | 92 +- .../quiche/src/quic/core/quic_bandwidth.h | 4 +- .../quiche/src/quic/core/quic_bandwidth_test.cc | 7 + .../src/quic/core/quic_buffered_packet_store.cc | 2 +- .../quic/core/quic_buffered_packet_store_test.cc | 2 +- .../quiche/src/quic/core/quic_config.cc | 12 +- .../quiche/src/quic/core/quic_connection.cc | 1213 +- .../quiche/src/quic/core/quic_connection.h | 225 +- .../quiche/src/quic/core/quic_connection_id.cc | 140 +- .../quiche/src/quic/core/quic_connection_id.h | 39 +- .../src/quic/core/quic_connection_id_test.cc | 64 + .../quiche/src/quic/core/quic_connection_test.cc | 1215 +- .../quiche/src/quic/core/quic_constants.h | 15 +- .../quic/core/quic_control_frame_manager_test.cc | 39 +- .../core/quic_crypto_client_handshaker_test.cc | 71 +- .../quic/core/quic_crypto_client_stream_test.cc | 9 +- .../src/quic/core/quic_crypto_server_handshaker.cc | 20 +- .../src/quic/core/quic_crypto_server_handshaker.h | 12 +- .../src/quic/core/quic_crypto_server_stream.cc | 2 +- .../src/quic/core/quic_crypto_server_stream.h | 2 +- .../quic/core/quic_crypto_server_stream_test.cc | 8 +- .../quiche/src/quic/core/quic_crypto_stream.cc | 20 +- .../src/quic/core/quic_crypto_stream_test.cc | 20 +- .../quiche/src/quic/core/quic_data_reader.cc | 30 +- .../quiche/src/quic/core/quic_data_reader.h | 5 + .../quiche/src/quic/core/quic_data_writer.cc | 5 + .../quiche/src/quic/core/quic_data_writer.h | 3 + .../quiche/src/quic/core/quic_data_writer_test.cc | 49 + .../src/quic/core/quic_default_packet_writer.cc | 6 +- .../quiche/src/quic/core/quic_dispatcher.cc | 806 +- .../quiche/src/quic/core/quic_dispatcher.h | 212 +- .../quiche/src/quic/core/quic_dispatcher_test.cc | 623 +- .../quiche/src/quic/core/quic_error_codes.cc | 3 +- .../quiche/src/quic/core/quic_error_codes.h | 11 +- .../quiche/src/quic/core/quic_flow_controller.cc | 40 +- .../quiche/src/quic/core/quic_flow_controller.h | 4 + .../src/quic/core/quic_flow_controller_test.cc | 10 +- .../quiche/src/quic/core/quic_framer.cc | 530 +- .../third_party/quiche/src/quic/core/quic_framer.h | 75 +- .../quiche/src/quic/core/quic_framer_test.cc | 1151 +- .../quiche/src/quic/core/quic_ietf_framer_test.cc | 112 +- .../quiche/src/quic/core/quic_packet_creator.cc | 120 +- .../quiche/src/quic/core/quic_packet_creator.h | 9 +- .../src/quic/core/quic_packet_creator_test.cc | 131 +- .../quiche/src/quic/core/quic_packet_generator.cc | 199 +- .../quiche/src/quic/core/quic_packet_generator.h | 72 +- .../src/quic/core/quic_packet_generator_test.cc | 375 +- .../quiche/src/quic/core/quic_packet_reader.cc | 5 + .../src/quic/core/quic_packet_writer_wrapper.h | 2 +- .../quiche/src/quic/core/quic_packets.cc | 92 +- .../quiche/src/quic/core/quic_packets.h | 41 + .../quiche/src/quic/core/quic_packets_test.cc | 25 + .../src/quic/core/quic_received_packet_manager.cc | 35 +- .../src/quic/core/quic_received_packet_manager.h | 17 +- .../quic/core/quic_received_packet_manager_test.cc | 98 +- .../src/quic/core/quic_sent_packet_manager.cc | 138 +- .../src/quic/core/quic_sent_packet_manager.h | 96 +- .../src/quic/core/quic_sent_packet_manager_test.cc | 431 +- .../quiche/src/quic/core/quic_session.cc | 476 +- .../quiche/src/quic/core/quic_session.h | 91 +- .../quiche/src/quic/core/quic_session_test.cc | 395 +- .../src/quic/core/quic_socket_address_coder.cc | 6 +- .../quiche/src/quic/core/quic_stream.cc | 61 +- .../third_party/quiche/src/quic/core/quic_stream.h | 16 +- .../quiche/src/quic/core/quic_stream_id_manager.cc | 15 +- .../quiche/src/quic/core/quic_stream_id_manager.h | 5 +- .../src/quic/core/quic_stream_id_manager_test.cc | 10 +- .../quiche/src/quic/core/quic_stream_sequencer.cc | 6 + .../quiche/src/quic/core/quic_stream_sequencer.h | 7 +- .../src/quic/core/quic_stream_sequencer_buffer.cc | 55 +- .../src/quic/core/quic_stream_sequencer_buffer.h | 17 +- .../quic/core/quic_stream_sequencer_buffer_test.cc | 438 +- .../src/quic/core/quic_stream_sequencer_test.cc | 2 +- .../quiche/src/quic/core/quic_stream_test.cc | 197 +- .../third_party/quiche/src/quic/core/quic_tag.cc | 8 +- .../quiche/src/quic/core/quic_tag_test.cc | 4 - .../src/quic/core/quic_time_wait_list_manager.cc | 18 +- .../src/quic/core/quic_time_wait_list_manager.h | 16 +- .../quic/core/quic_time_wait_list_manager_test.cc | 41 +- .../quiche/src/quic/core/quic_trace_visitor.cc | 7 +- .../quiche/src/quic/core/quic_trace_visitor.h | 3 +- .../third_party/quiche/src/quic/core/quic_types.h | 13 +- .../src/quic/core/quic_unacked_packet_map.cc | 39 +- .../quiche/src/quic/core/quic_unacked_packet_map.h | 30 +- .../src/quic/core/quic_unacked_packet_map_test.cc | 61 +- .../third_party/quiche/src/quic/core/quic_utils.cc | 30 +- .../third_party/quiche/src/quic/core/quic_utils.h | 6 + .../quiche/src/quic/core/quic_version_manager.cc | 17 +- .../quiche/src/quic/core/quic_version_manager.h | 10 +- .../src/quic/core/quic_version_manager_test.cc | 27 +- .../quiche/src/quic/core/quic_versions.cc | 137 +- .../quiche/src/quic/core/quic_versions.h | 51 +- .../quiche/src/quic/core/quic_versions_test.cc | 217 +- .../src/quic/core/session_notifier_interface.h | 6 +- .../quiche/src/quic/core/tls_client_handshaker.cc | 39 +- .../quiche/src/quic/core/tls_client_handshaker.h | 34 +- .../quiche/src/quic/core/tls_handshaker.cc | 134 +- .../quiche/src/quic/core/tls_handshaker.h | 60 +- .../quiche/src/quic/core/tls_handshaker_test.cc | 45 +- .../quiche/src/quic/core/tls_server_handshaker.cc | 78 +- .../quiche/src/quic/core/tls_server_handshaker.h | 108 +- .../src/quic/core/uber_quic_stream_id_manager.cc | 10 +- .../src/quic/core/uber_quic_stream_id_manager.h | 4 +- .../quic/core/uber_quic_stream_id_manager_test.cc | 52 +- .../src/quic/core/uber_received_packet_manager.cc | 6 +- .../src/quic/core/uber_received_packet_manager.h | 2 +- .../quic/core/uber_received_packet_manager_test.cc | 12 +- .../quiche/src/quic/platform/api/README.md | 57 +- .../src/quic/platform/api/quic_bbr2_sender.h | 16 + .../src/quic/platform/api/quic_ip_address.cc | 180 +- .../quiche/src/quic/platform/api/quic_ip_address.h | 29 +- .../src/quic/platform/api/quic_ip_address_test.cc | 78 + .../src/quic/platform/api/quic_mem_slice_storage.h | 2 + .../platform/api/quic_mem_slice_storage_test.cc | 20 + .../src/quic/platform/api/quic_socket_address.cc | 111 +- .../src/quic/platform/api/quic_socket_address.h | 20 +- .../quic/platform/api/quic_socket_address_test.cc | 133 + .../src/quic/quartc/counting_packet_filter.h | 2 +- .../src/quic/quartc/quartc_crypto_helpers.cc | 83 +- .../quiche/src/quic/quartc/quartc_dispatcher.cc | 4 +- .../quiche/src/quic/quartc/quartc_dispatcher.h | 5 - .../quiche/src/quic/quartc/quartc_endpoint.cc | 23 +- .../quiche/src/quic/quartc/quartc_endpoint.h | 14 +- .../quiche/src/quic/quartc/quartc_endpoint_test.cc | 24 - .../quiche/src/quic/quartc/quartc_factory.cc | 19 +- .../quiche/src/quic/quartc/quartc_fakes.h | 37 +- .../quiche/src/quic/quartc/quartc_packet_writer.cc | 10 +- .../quiche/src/quic/quartc/quartc_session.cc | 81 +- .../quiche/src/quic/quartc/quartc_session.h | 39 +- .../quiche/src/quic/quartc/quartc_session_test.cc | 103 +- .../quiche/src/quic/quartc/quartc_stream.cc | 12 +- .../quiche/src/quic/quartc/quartc_stream.h | 1 - .../quiche/src/quic/quartc/quartc_stream_test.cc | 33 +- .../src/quic/test_tools/crypto_test_utils.cc | 30 +- .../src/quic/test_tools/crypto_test_utils_test.cc | 22 +- .../src/quic/test_tools/failing_proof_source.cc | 22 +- .../test_tools/mock_quic_time_wait_list_manager.h | 7 + .../quic/test_tools/packet_dropping_test_writer.h | 5 +- .../src/quic/test_tools/quic_connection_peer.cc | 79 +- .../src/quic/test_tools/quic_connection_peer.h | 6 - .../quiche/src/quic/test_tools/quic_framer_peer.cc | 24 + .../quiche/src/quic/test_tools/quic_framer_peer.h | 13 + .../quic/test_tools/quic_packet_creator_peer.cc | 10 +- .../src/quic/test_tools/quic_packet_creator_peer.h | 1 + .../test_tools/quic_server_session_base_peer.h | 11 +- .../src/quic/test_tools/quic_session_peer.cc | 64 +- .../quiche/src/quic/test_tools/quic_session_peer.h | 10 +- .../src/quic/test_tools/quic_spdy_session_peer.cc | 33 +- .../src/quic/test_tools/quic_spdy_session_peer.h | 13 +- .../src/quic/test_tools/quic_spdy_stream_peer.cc | 1 + .../src/quic/test_tools/quic_spdy_stream_peer.h | 2 + .../quiche/src/quic/test_tools/quic_test_client.cc | 47 +- .../quiche/src/quic/test_tools/quic_test_client.h | 10 +- .../quiche/src/quic/test_tools/quic_test_utils.cc | 111 +- .../quiche/src/quic/test_tools/quic_test_utils.h | 72 +- .../src/quic/test_tools/simple_quic_framer.cc | 22 +- .../src/quic/test_tools/simple_session_notifier.cc | 17 +- .../src/quic/test_tools/simple_session_notifier.h | 6 +- .../test_tools/simple_session_notifier_test.cc | 17 +- .../quiche/src/quic/test_tools/simulator/link.h | 10 +- .../src/quic/test_tools/simulator/quic_endpoint.cc | 39 +- .../src/quic/test_tools/simulator/quic_endpoint.h | 40 +- .../test_tools/simulator/quic_endpoint_test.cc | 2 +- .../quiche/src/quic/tools/quic_backend_response.h | 2 +- .../quiche/src/quic/tools/quic_client.h | 1 - .../quiche/src/quic/tools/quic_client_base.cc | 43 +- .../quiche/src/quic/tools/quic_client_base.h | 39 +- .../quiche/src/quic/tools/quic_client_bin.cc | 2 +- .../quic/tools/quic_client_epoll_network_helper.cc | 15 +- .../quic/tools/quic_client_epoll_network_helper.h | 1 - .../src/quic/tools/quic_epoll_client_factory.cc | 11 +- .../src/quic/tools/quic_epoll_client_factory.h | 3 +- .../src/quic/tools/quic_memory_cache_backend.cc | 4 +- .../src/quic/tools/quic_packet_printer_bin.cc | 26 +- .../quiche/src/quic/tools/quic_server.cc | 4 +- .../quiche/src/quic/tools/quic_server.h | 14 +- .../quiche/src/quic/tools/quic_server_test.cc | 4 +- .../quic_simple_crypto_server_stream_helper.cc | 10 +- .../quic_simple_crypto_server_stream_helper.h | 2 +- .../src/quic/tools/quic_simple_server_backend.h | 1 + .../src/quic/tools/quic_simple_server_session.cc | 19 +- .../src/quic/tools/quic_simple_server_session.h | 4 +- .../quic/tools/quic_simple_server_session_test.cc | 147 +- .../src/quic/tools/quic_simple_server_stream.cc | 10 +- .../src/quic/tools/quic_simple_server_stream.h | 2 +- .../quic/tools/quic_simple_server_stream_test.cc | 66 +- .../quiche/src/quic/tools/quic_spdy_client_base.cc | 38 +- .../quiche/src/quic/tools/quic_spdy_client_base.h | 22 +- .../quiche/src/quic/tools/quic_toy_client.cc | 4 +- .../quiche/src/quic/tools/quic_toy_client.h | 8 +- .../src/spdy/core/array_output_buffer_test.cc | 3 +- .../src/spdy/core/hpack/hpack_decoder_adapter.cc | 10 + .../src/spdy/core/hpack/hpack_decoder_adapter.h | 7 + .../spdy/core/hpack/hpack_decoder_adapter_test.cc | 30 +- .../src/spdy/core/hpack/hpack_encoder_test.cc | 3 +- .../quiche/src/spdy/core/hpack/hpack_entry_test.cc | 2 +- .../src/spdy/core/hpack/hpack_header_table_test.cc | 2 +- .../spdy/core/hpack/hpack_huffman_table_test.cc | 3 +- .../spdy/core/hpack/hpack_output_stream_test.cc | 2 +- .../src/spdy/core/hpack/hpack_round_trip_test.cc | 2 +- .../src/spdy/core/hpack/hpack_static_table_test.cc | 2 +- .../src/spdy/core/http2_frame_decoder_adapter.cc | 22 +- .../src/spdy/core/http2_frame_decoder_adapter.h | 6 +- .../src/spdy/core/http2_priority_write_scheduler.h | 773 ++ .../core/http2_priority_write_scheduler_test.cc | 799 ++ .../src/spdy/core/mock_spdy_framer_visitor.h | 2 +- .../src/spdy/core/priority_write_scheduler.h | 6 +- .../src/spdy/core/priority_write_scheduler_test.cc | 7 +- .../src/spdy/core/spdy_alt_svc_wire_format_test.cc | 3 +- .../quiche/src/spdy/core/spdy_deframer_visitor.cc | 9 +- .../quiche/src/spdy/core/spdy_deframer_visitor.h | 35 +- .../src/spdy/core/spdy_deframer_visitor_test.cc | 2 +- .../src/spdy/core/spdy_frame_builder_test.cc | 2 +- .../quiche/src/spdy/core/spdy_frame_reader_test.cc | 2 +- .../quiche/src/spdy/core/spdy_framer.cc | 16 +- .../quiche/src/spdy/core/spdy_framer_test.cc | 7 +- .../quiche/src/spdy/core/spdy_header_block_test.cc | 3 +- .../quiche/src/spdy/core/spdy_intrusive_list.h | 326 + .../src/spdy/core/spdy_intrusive_list_test.cc | 427 + .../quiche/src/spdy/core/spdy_no_op_visitor.cc | 6 +- .../quiche/src/spdy/core/spdy_no_op_visitor.h | 90 +- .../spdy/core/spdy_pinnable_buffer_piece_test.cc | 3 +- .../spdy/core/spdy_prefixed_buffer_reader_test.cc | 3 +- .../quiche/src/spdy/core/spdy_protocol.cc | 8 +- .../quiche/src/spdy/core/spdy_protocol.h | 25 +- .../quiche/src/spdy/core/spdy_protocol_test.cc | 2 +- .../src/spdy/core/spdy_protocol_test_utils.cc | 4 +- .../src/spdy/core/spdy_protocol_test_utils.h | 3 +- .../quiche/src/spdy/core/spdy_simple_arena_test.cc | 2 +- .../quiche/src/spdy/core/spdy_test_utils.cc | 2 +- .../quiche/src/spdy/core/write_scheduler.h | 6 + .../quiche/src/spdy/platform/api/spdy_containers.h | 6 + .../quiche/src/spdy/platform/api/spdy_map_util.h | 19 + .../src/spdy/platform/api/spdy_mem_slice_test.cc | 4 + .../spdy/platform/api/spdy_string_utils_test.cc | 2 +- .../quiche/src/spdy/platform/api/spdy_test.h | 10 + .../uri_template/uri_template_fuzzer.cc | 4 +- chromium/net/tools/cachetool/cachetool.cc | 4 +- .../net/tools/cert_verify_tool/cert_verify_tool.cc | 4 +- chromium/net/tools/crash_cache/crash_cache.cc | 6 +- chromium/net/tools/dump_cache/dump_files.cc | 18 +- chromium/net/tools/gssapi/README.md | 5 + chromium/net/tools/gssapi/gss_import_name.cc | 25 + chromium/net/tools/gssapi/gss_methods.cc | 80 + chromium/net/tools/gssapi/gss_types.h | 67 + .../net/tools/huffman_trie/trie/trie_bit_buffer.cc | 24 + .../net/tools/huffman_trie/trie/trie_bit_buffer.h | 4 + .../net/tools/huffman_trie/trie/trie_writer.cc | 5 +- chromium/net/tools/net_watcher/net_watcher.cc | 8 +- chromium/net/tools/print_certificates.py | 78 +- .../quic_client_message_loop_network_helper.cc | 5 +- .../quic/quic_client_message_loop_network_helper.h | 4 - .../tools/quic/quic_http_proxy_backend_stream.cc | 10 +- .../tools/quic/quic_http_proxy_backend_stream.h | 2 +- chromium/net/tools/quic/quic_simple_client.cc | 3 +- chromium/net/tools/quic/quic_simple_client.h | 2 +- chromium/net/tools/quic/quic_simple_client_bin.cc | 46 +- chromium/net/tools/quic/quic_simple_server.cc | 16 +- chromium/net/tools/quic/quic_simple_server.h | 6 +- chromium/net/tools/quic/quic_simple_server_bin.cc | 4 +- .../tools/quic/quic_simple_server_packet_writer.cc | 5 +- .../tools/quic/quic_simple_server_packet_writer.h | 2 +- chromium/net/tools/quic/quic_simple_server_test.cc | 11 +- .../net/tools/quic/synchronous_host_resolver.cc | 4 +- chromium/net/tools/stress_cache/stress_cache.cc | 6 +- chromium/net/tools/testserver/run_testserver.cc | 4 +- .../transport_security_state_generator/README.md | 5 +- chromium/net/tools/update_ios_bundle_data.py | 1 + .../network_traffic_annotation.h | 8 + chromium/net/url_request/ftp_protocol_handler.cc | 19 +- chromium/net/url_request/ftp_protocol_handler.h | 16 +- .../http_with_dns_over_https_unittest.cc | 42 +- chromium/net/url_request/redirect_info.h | 2 + .../net/url_request/test_url_fetcher_factory.cc | 3 +- .../net/url_request/test_url_fetcher_factory.h | 2 +- chromium/net/url_request/url_fetcher.cc | 2 + chromium/net/url_request/url_fetcher.h | 6 + chromium/net/url_request/url_fetcher_core.cc | 4 +- .../net/url_request/url_fetcher_response_writer.cc | 3 +- .../net/url_request/url_fetcher_response_writer.h | 2 +- chromium/net/url_request/url_request.cc | 75 +- chromium/net/url_request/url_request.h | 33 +- chromium/net/url_request/url_request_context.cc | 5 + chromium/net/url_request/url_request_context.h | 21 + .../net/url_request/url_request_context_builder.cc | 17 +- .../net/url_request/url_request_context_builder.h | 8 - .../net/url_request/url_request_context_storage.cc | 12 + .../net/url_request/url_request_context_storage.h | 7 + .../net/url_request/url_request_data_job_fuzzer.cc | 4 +- chromium/net/url_request/url_request_error_job.cc | 9 +- chromium/net/url_request/url_request_error_job.h | 2 +- .../net/url_request/url_request_file_dir_job.cc | 3 +- .../net/url_request/url_request_file_dir_job.h | 2 +- chromium/net/url_request/url_request_file_job.cc | 3 +- chromium/net/url_request/url_request_file_job.h | 2 +- chromium/net/url_request/url_request_ftp_fuzzer.cc | 9 +- chromium/net/url_request/url_request_ftp_job.cc | 51 +- chromium/net/url_request/url_request_ftp_job.h | 19 +- .../url_request/url_request_ftp_job_unittest.cc | 265 + chromium/net/url_request/url_request_fuzzer.cc | 4 +- chromium/net/url_request/url_request_http_job.cc | 143 +- chromium/net/url_request/url_request_http_job.h | 2 +- .../url_request/url_request_http_job_unittest.cc | 16 +- chromium/net/url_request/url_request_job.cc | 31 +- chromium/net/url_request/url_request_job.h | 6 +- .../url_request/url_request_job_factory_impl.cc | 4 +- .../url_request_job_factory_impl_unittest.cc | 4 +- .../net/url_request/url_request_netlog_params.cc | 25 +- .../net/url_request/url_request_netlog_params.h | 22 +- .../net/url_request/url_request_quic_perftest.cc | 4 +- .../net/url_request/url_request_quic_unittest.cc | 90 +- .../net/url_request/url_request_redirect_job.cc | 15 +- .../net/url_request/url_request_redirect_job.h | 2 +- chromium/net/url_request/url_request_simple_job.cc | 5 +- chromium/net/url_request/url_request_simple_job.h | 2 +- chromium/net/url_request/url_request_test_job.cc | 6 +- chromium/net/url_request/url_request_test_job.h | 2 +- .../net/url_request/url_request_throttler_entry.cc | 17 +- .../url_request/url_request_throttler_manager.cc | 5 +- chromium/net/url_request/url_request_unittest.cc | 438 +- .../websockets/websocket_basic_handshake_stream.cc | 10 +- .../websockets/websocket_basic_handshake_stream.h | 2 +- chromium/net/websockets/websocket_basic_stream.cc | 25 +- chromium/net/websockets/websocket_basic_stream.h | 2 + .../websockets/websocket_basic_stream_adapters.cc | 3 +- .../websockets/websocket_basic_stream_adapters.h | 2 +- .../net/websockets/websocket_basic_stream_test.cc | 3 +- chromium/net/websockets/websocket_channel.cc | 17 +- chromium/net/websockets/websocket_channel.h | 11 +- chromium/net/websockets/websocket_channel_test.cc | 121 +- .../websockets/websocket_deflate_stream_fuzzer.cc | 8 +- chromium/net/websockets/websocket_deflater.h | 2 - .../net/websockets/websocket_end_to_end_test.cc | 4 +- .../net/websockets/websocket_event_interface.h | 5 +- .../websockets/websocket_frame_parser_fuzzer.cc | 4 +- .../websockets/websocket_handshake_stream_base.cc | 6 - .../websockets/websocket_handshake_stream_base.h | 2 - ...ebsocket_handshake_stream_create_helper_test.cc | 4 +- .../websockets/websocket_http2_handshake_stream.cc | 6 +- .../websockets/websocket_http2_handshake_stream.h | 2 +- chromium/net/websockets/websocket_stream.cc | 19 +- chromium/net/websockets/websocket_stream_test.cc | 2 +- 1179 files changed, 57948 insertions(+), 28649 deletions(-) create mode 100644 chromium/net/base/network_notification_thread_mac.cc create mode 100644 chromium/net/base/network_notification_thread_mac.h create mode 100644 chromium/net/cert/crl_set_fuzzer.cc create mode 100644 chromium/net/cert/internal/crl.cc create mode 100644 chromium/net/cert/internal/crl.h create mode 100644 chromium/net/cert/internal/crl_getcrlstatusforcert_fuzzer.cc create mode 100644 chromium/net/cert/internal/crl_parse_crl_certificatelist_fuzzer.cc create mode 100644 chromium/net/cert/internal/crl_parse_crl_tbscertlist_fuzzer.cc create mode 100644 chromium/net/cert/internal/crl_parse_issuing_distribution_point_fuzzer.cc create mode 100644 chromium/net/cert/internal/crl_unittest.cc create mode 100644 chromium/net/cert/internal/system_trust_store_nss.h create mode 100644 chromium/net/cert/internal/system_trust_store_nss_unittest.cc create mode 100644 chromium/net/cookies/canonical_cookie_fuzzer.cc create mode 100644 chromium/net/data/ssl/blacklist/3ae699d94e8febdacb86d4f90d40903333478e65e0655c432451197e33fa07f2.pem create mode 100644 chromium/net/data/ssl/blacklist/a25a19546819d048000ef9c6577c4bcd8d2155b1e4346a4599d6c8b79799d4a1.pem create mode 100644 chromium/net/data/ssl/blacklist/d8888f4a84f74c974dffb573a1bf5bbbacd1713b905096f8eb015062bf396c4d.pem delete mode 100644 chromium/net/data/ssl/certificates/unittest.originbound.der delete mode 100644 chromium/net/data/ssl/certificates/unittest.originbound.key.der create mode 100644 chromium/net/dns/system_dns_config_change_notifier.cc create mode 100644 chromium/net/dns/system_dns_config_change_notifier.h create mode 100644 chromium/net/dns/system_dns_config_change_notifier_unittest.cc create mode 100644 chromium/net/dns/test_dns_config_service.cc create mode 100644 chromium/net/dns/test_dns_config_service.h delete mode 100644 chromium/net/log/net_log_parameters_callback.h create mode 100644 chromium/net/log/net_log_values.cc create mode 100644 chromium/net/log/net_log_values.h create mode 100644 chromium/net/log/net_log_values_unittest.cc delete mode 100644 chromium/net/log/test_net_log_entry.cc delete mode 100644 chromium/net/log/test_net_log_entry.h create mode 100644 chromium/net/network_error_logging/OWNERS create mode 100644 chromium/net/nqe/network_congestion_analyzer.cc create mode 100644 chromium/net/nqe/network_congestion_analyzer.h create mode 100644 chromium/net/nqe/network_congestion_analyzer_unittest.cc create mode 100644 chromium/net/nqe/peer_to_peer_connections_count_observer.h delete mode 100644 chromium/net/proxy_resolution/proxy_resolver_v8_tracing_wrapper.cc delete mode 100644 chromium/net/proxy_resolution/proxy_resolver_v8_tracing_wrapper.h delete mode 100644 chromium/net/proxy_resolution/proxy_resolver_v8_tracing_wrapper_unittest.cc create mode 100644 chromium/net/quic/platform/impl/quic_bbr2_sender_impl.h delete mode 100644 chromium/net/quic/platform/impl/quic_ip_address_impl.cc delete mode 100644 chromium/net/quic/platform/impl/quic_ip_address_impl.h create mode 100644 chromium/net/quic/quic_test_packet_printer.cc create mode 100644 chromium/net/quic/quic_test_packet_printer.h create mode 100644 chromium/net/reporting/OWNERS create mode 100644 chromium/net/spdy/platform/impl/spdy_test_impl.h create mode 100644 chromium/net/ssl/ssl_handshake_details.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_drain.cc create mode 100644 chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_drain.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_misc.cc create mode 100644 chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_misc.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_probe_bw.cc create mode 100644 chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_probe_bw.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_probe_rtt.cc create mode 100644 chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_probe_rtt.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_sender.cc create mode 100644 chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_sender.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_simulator_test.cc create mode 100644 chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_startup.cc create mode 100644 chromium/net/third_party/quiche/src/quic/core/congestion_control/bbr2_startup.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/crypto/tls_client_connection.cc create mode 100644 chromium/net/third_party/quiche/src/quic/core/crypto/tls_client_connection.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/crypto/tls_connection.cc create mode 100644 chromium/net/third_party/quiche/src/quic/core/crypto/tls_connection.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/crypto/tls_server_connection.cc create mode 100644 chromium/net/third_party/quiche/src/quic/core/crypto/tls_server_connection.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/http/http_constants.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/http/spdy_server_push_utils.cc create mode 100644 chromium/net/third_party/quiche/src/quic/core/http/spdy_server_push_utils.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/http/spdy_server_push_utils_test.cc create mode 100644 chromium/net/third_party/quiche/src/quic/core/proto/cached_network_parameters_proto.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/proto/crypto_server_config_proto.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/proto/source_address_token_proto.h delete mode 100644 chromium/net/third_party/quiche/src/quic/core/qpack/qpack_progressive_decoder_test.cc delete mode 100644 chromium/net/third_party/quiche/src/quic/core/qpack/qpack_progressive_encoder.cc delete mode 100644 chromium/net/third_party/quiche/src/quic/core/qpack/qpack_progressive_encoder.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/qpack/qpack_receive_stream.cc create mode 100644 chromium/net/third_party/quiche/src/quic/core/qpack/qpack_receive_stream.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/qpack/qpack_receive_stream_test.cc create mode 100644 chromium/net/third_party/quiche/src/quic/core/qpack/qpack_required_insert_count.cc create mode 100644 chromium/net/third_party/quiche/src/quic/core/qpack/qpack_required_insert_count.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/qpack/qpack_required_insert_count_test.cc create mode 100644 chromium/net/third_party/quiche/src/quic/core/qpack/qpack_send_stream.cc create mode 100644 chromium/net/third_party/quiche/src/quic/core/qpack/qpack_send_stream.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/qpack/qpack_send_stream_test.cc create mode 100644 chromium/net/third_party/quiche/src/quic/core/qpack/qpack_stream_receiver.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/qpack/qpack_stream_sender_delegate.h create mode 100644 chromium/net/third_party/quiche/src/quic/core/qpack/qpack_utils.h create mode 100644 chromium/net/third_party/quiche/src/quic/platform/api/quic_bbr2_sender.h create mode 100644 chromium/net/third_party/quiche/src/quic/platform/api/quic_socket_address_test.cc create mode 100644 chromium/net/third_party/quiche/src/spdy/core/http2_priority_write_scheduler.h create mode 100644 chromium/net/third_party/quiche/src/spdy/core/http2_priority_write_scheduler_test.cc create mode 100644 chromium/net/third_party/quiche/src/spdy/core/spdy_intrusive_list.h create mode 100644 chromium/net/third_party/quiche/src/spdy/core/spdy_intrusive_list_test.cc create mode 100644 chromium/net/third_party/quiche/src/spdy/platform/api/spdy_map_util.h create mode 100644 chromium/net/third_party/quiche/src/spdy/platform/api/spdy_test.h create mode 100644 chromium/net/tools/gssapi/README.md create mode 100644 chromium/net/tools/gssapi/gss_import_name.cc create mode 100644 chromium/net/tools/gssapi/gss_methods.cc create mode 100644 chromium/net/tools/gssapi/gss_types.h create mode 100644 chromium/net/url_request/url_request_ftp_job_unittest.cc (limited to 'chromium/net') diff --git a/chromium/net/BUILD.gn b/chromium/net/BUILD.gn index b3d97f6a0a6..be5b930f97e 100644 --- a/chromium/net/BUILD.gn +++ b/chromium/net/BUILD.gn @@ -7,7 +7,6 @@ import("//build/config/chromecast_build.gni") import("//build/config/compiler/compiler.gni") import("//build/config/crypto.gni") import("//build/config/features.gni") -import("//build/config/ui.gni") import("//net/features.gni") import("//testing/libfuzzer/fuzzer_test.gni") import("//testing/test.gni") @@ -15,10 +14,7 @@ import("//third_party/icu/config.gni") import("//third_party/protobuf/proto_library.gni") import("//tools/grit/grit_rule.gni") import("//url/features.gni") - -if (!is_proto_quic) { - import("//v8/gni/v8.gni") -} +import("//v8/gni/v8.gni") if (is_android) { import("//build/config/android/config.gni") @@ -34,8 +30,8 @@ if (is_android) { # So enable it for x86 only for now. posix_avoid_mmap = is_android && current_cpu != "x86" -use_v8_in_net = !is_ios && !is_proto_quic -enable_built_in_dns = !is_ios && !is_proto_quic +use_v8_in_net = !is_ios +enable_built_in_dns = !is_ios # Unix sockets are not supported on iOS or NaCl. enable_unix_sockets = is_posix && !is_ios && !is_nacl @@ -55,6 +51,18 @@ enable_python_utils = # won't get either. use_remote_test_server = !enable_python_utils && !is_ios +# Whether //net should use an external GSSAPI library for implementing HTTP +# Negotiate authentication. All platforms for which use_kerberos is true should +# have some external implementation since //net doesn't have intrinsic support +# for Kerberos. This implementation is an external GSSAPI library on all +# platforms except on: +# +# Windows : Uses SSPI for Negotiate authentication. +# +# Android : Uses an external authenticator. See +# https://www.chromium.org/developers/design-documents/http-authentication/writing-a-spnego-authenticator-for-chrome-on-android +use_external_gssapi = use_kerberos && !is_android && !is_win + config("net_test_config") { if (use_remote_test_server) { defines = [ "USE_REMOTE_TEST_SERVER" ] @@ -72,15 +80,14 @@ buildflag_header("buildflags") { "ENABLE_WEBSOCKETS=$enable_websockets", "INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST=$include_transport_security_state_preload_list", "USE_KERBEROS=$use_kerberos", + "USE_EXTERNAL_GSSAPI=$use_external_gssapi", "TRIAL_COMPARISON_CERT_VERIFIER_SUPPORTED=$trial_comparison_cert_verifier_supported", + "BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED=$builtin_cert_verifier_feature_supported", ] } config("net_internal_config") { - defines = [ - "DLOPEN_KERBEROS", - "NET_IMPLEMENTATION", - ] + defines = [ "NET_IMPLEMENTATION" ] if (use_kerberos && is_android) { include_dirs = [ "/usr/include/kerberosV" ] @@ -202,6 +209,8 @@ component("net") { "cert/internal/certificate_policies.h", "cert/internal/common_cert_errors.cc", "cert/internal/common_cert_errors.h", + "cert/internal/crl.cc", + "cert/internal/crl.h", "cert/internal/extended_key_usage.cc", "cert/internal/extended_key_usage.h", "cert/internal/general_names.cc", @@ -305,11 +314,12 @@ component("net") { "log/net_log_entry.h", "log/net_log_event_type.h", "log/net_log_event_type_list.h", - "log/net_log_parameters_callback.h", "log/net_log_source.cc", "log/net_log_source.h", "log/net_log_source_type.h", "log/net_log_source_type_list.h", + "log/net_log_values.cc", + "log/net_log_values.h", "log/net_log_with_source.cc", "log/net_log_with_source.h", "socket/client_socket_handle.cc", @@ -352,6 +362,7 @@ component("net") { "ssl/ssl_config_service.cc", "ssl/ssl_config_service.h", "ssl/ssl_connection_status_flags.h", + "ssl/ssl_handshake_details.h", "ssl/ssl_info.cc", "ssl/ssl_info.h", "ssl/ssl_key_logger.h", @@ -491,6 +502,8 @@ component("net") { "base/network_interfaces_win.h", "base/network_isolation_key.cc", "base/network_isolation_key.h", + "base/network_notification_thread_mac.cc", + "base/network_notification_thread_mac.h", "base/platform_mime_util.h", "base/platform_mime_util_linux.cc", "base/platform_mime_util_mac.mm", @@ -559,6 +572,7 @@ component("net") { "cert/ev_root_ca_metadata.h", "cert/internal/system_trust_store.cc", "cert/internal/system_trust_store.h", + "cert/internal/system_trust_store_nss.h", "cert/internal/trust_store_mac.cc", "cert/internal/trust_store_mac.h", "cert/internal/trust_store_nss.cc", @@ -863,6 +877,8 @@ component("net") { "nqe/effective_connection_type_observer.h", "nqe/event_creator.cc", "nqe/event_creator.h", + "nqe/network_congestion_analyzer.cc", + "nqe/network_congestion_analyzer.h", "nqe/network_id.cc", "nqe/network_id.h", "nqe/network_qualities_prefs_manager.cc", @@ -883,6 +899,7 @@ component("net") { "nqe/network_quality_store.h", "nqe/observation_buffer.cc", "nqe/observation_buffer.h", + "nqe/peer_to_peer_connections_count_observer.h", "nqe/rtt_throughput_estimates_observer.h", "nqe/socket_watcher.cc", "nqe/socket_watcher.h", @@ -973,6 +990,7 @@ component("net") { "quic/network_connection.h", "quic/platform/impl/quic_aligned_impl.h", "quic/platform/impl/quic_arraysize_impl.h", + "quic/platform/impl/quic_bbr2_sender_impl.h", "quic/platform/impl/quic_bug_tracker_impl.h", "quic/platform/impl/quic_cert_utils_impl.h", "quic/platform/impl/quic_chromium_clock.cc", @@ -991,8 +1009,6 @@ component("net") { "quic/platform/impl/quic_hostname_utils_impl.cc", "quic/platform/impl/quic_hostname_utils_impl.h", "quic/platform/impl/quic_iovec_impl.h", - "quic/platform/impl/quic_ip_address_impl.cc", - "quic/platform/impl/quic_ip_address_impl.h", "quic/platform/impl/quic_logging_impl.h", "quic/platform/impl/quic_macros_impl.h", "quic/platform/impl/quic_map_util_impl.h", @@ -1200,8 +1216,6 @@ component("net") { "ssl/ssl_platform_key_util.cc", "ssl/ssl_platform_key_util.h", "ssl/ssl_platform_key_win.cc", - "ssl/test_ssl_private_key.cc", - "ssl/test_ssl_private_key.h", "ssl/threaded_ssl_private_key.cc", "ssl/threaded_ssl_private_key.h", "third_party/mozilla_security_manager/nsNSSCertificateDB.cpp", @@ -1414,6 +1428,12 @@ component("net") { "third_party/quiche/src/quic/core/crypto/quic_hkdf.h", "third_party/quiche/src/quic/core/crypto/quic_random.cc", "third_party/quiche/src/quic/core/crypto/quic_random.h", + "third_party/quiche/src/quic/core/crypto/tls_client_connection.cc", + "third_party/quiche/src/quic/core/crypto/tls_client_connection.h", + "third_party/quiche/src/quic/core/crypto/tls_connection.cc", + "third_party/quiche/src/quic/core/crypto/tls_connection.h", + "third_party/quiche/src/quic/core/crypto/tls_server_connection.cc", + "third_party/quiche/src/quic/core/crypto/tls_server_connection.h", "third_party/quiche/src/quic/core/crypto/transport_parameters.cc", "third_party/quiche/src/quic/core/crypto/transport_parameters.h", "third_party/quiche/src/quic/core/frames/quic_ack_frame.cc", @@ -1487,6 +1507,8 @@ component("net") { "third_party/quiche/src/quic/core/http/quic_spdy_stream.h", "third_party/quiche/src/quic/core/http/quic_spdy_stream_body_buffer.cc", "third_party/quiche/src/quic/core/http/quic_spdy_stream_body_buffer.h", + "third_party/quiche/src/quic/core/http/spdy_server_push_utils.cc", + "third_party/quiche/src/quic/core/http/spdy_server_push_utils.h", "third_party/quiche/src/quic/core/http/spdy_utils.cc", "third_party/quiche/src/quic/core/http/spdy_utils.h", "third_party/quiche/src/quic/core/legacy_quic_stream_id_manager.cc", @@ -1516,8 +1538,12 @@ component("net") { "third_party/quiche/src/quic/core/qpack/qpack_instruction_encoder.h", "third_party/quiche/src/quic/core/qpack/qpack_progressive_decoder.cc", "third_party/quiche/src/quic/core/qpack/qpack_progressive_decoder.h", - "third_party/quiche/src/quic/core/qpack/qpack_progressive_encoder.cc", - "third_party/quiche/src/quic/core/qpack/qpack_progressive_encoder.h", + "third_party/quiche/src/quic/core/qpack/qpack_receive_stream.cc", + "third_party/quiche/src/quic/core/qpack/qpack_receive_stream.h", + "third_party/quiche/src/quic/core/qpack/qpack_required_insert_count.cc", + "third_party/quiche/src/quic/core/qpack/qpack_required_insert_count.h", + "third_party/quiche/src/quic/core/qpack/qpack_send_stream.cc", + "third_party/quiche/src/quic/core/qpack/qpack_send_stream.h", "third_party/quiche/src/quic/core/qpack/qpack_static_table.cc", "third_party/quiche/src/quic/core/qpack/qpack_static_table.h", "third_party/quiche/src/quic/core/qpack/value_splitting_header_list.cc", @@ -1637,6 +1663,7 @@ component("net") { "third_party/quiche/src/quic/core/uber_received_packet_manager.h", "third_party/quiche/src/quic/platform/api/quic_aligned.h", "third_party/quiche/src/quic/platform/api/quic_arraysize.h", + "third_party/quiche/src/quic/platform/api/quic_bbr2_sender.h", "third_party/quiche/src/quic/platform/api/quic_bug_tracker.h", "third_party/quiche/src/quic/platform/api/quic_cert_utils.h", "third_party/quiche/src/quic/platform/api/quic_client_stats.h", @@ -1907,7 +1934,7 @@ component("net") { ] } - if (use_kerberos && ((is_posix && !is_android) || is_fuchsia)) { + if (use_external_gssapi) { sources += [ "http/http_auth_gssapi_posix.cc", "http/http_auth_gssapi_posix.h", @@ -1928,6 +1955,7 @@ component("net") { if (!use_nss_certs) { sources -= [ + "cert/internal/system_trust_store_nss.h", "cert/internal/trust_store_nss.cc", "cert/internal/trust_store_nss.h", "cert/known_roots_nss.cc", @@ -2401,29 +2429,27 @@ proto_library("net_quic_proto") { extra_configs = [ "//build/config/compiler:wexit_time_destructors" ] } -if (!is_proto_quic) { - component("extras") { - sources = [ - "extras/sqlite/cookie_crypto_delegate.h", - "extras/sqlite/sqlite_persistent_cookie_store.cc", - "extras/sqlite/sqlite_persistent_cookie_store.h", - "extras/sqlite/sqlite_persistent_store_backend_base.cc", - "extras/sqlite/sqlite_persistent_store_backend_base.h", - ] - defines = [ "IS_NET_EXTRAS_IMPL" ] - configs += [ "//build/config/compiler:wexit_time_destructors" ] - deps = [ - ":net", - "//base", - "//sql:sql", - ] +component("extras") { + sources = [ + "extras/sqlite/cookie_crypto_delegate.h", + "extras/sqlite/sqlite_persistent_cookie_store.cc", + "extras/sqlite/sqlite_persistent_cookie_store.h", + "extras/sqlite/sqlite_persistent_store_backend_base.cc", + "extras/sqlite/sqlite_persistent_store_backend_base.h", + ] + defines = [ "IS_NET_EXTRAS_IMPL" ] + configs += [ "//build/config/compiler:wexit_time_destructors" ] + deps = [ + ":net", + "//base", + "//sql:sql", + ] - if (enable_reporting) { - sources += [ - "extras/sqlite/sqlite_persistent_reporting_and_nel_store.cc", - "extras/sqlite/sqlite_persistent_reporting_and_nel_store.h", - ] - } + if (enable_reporting) { + sources += [ + "extras/sqlite/sqlite_persistent_reporting_and_nel_store.cc", + "extras/sqlite/sqlite_persistent_reporting_and_nel_store.h", + ] } } @@ -2654,8 +2680,6 @@ bundle_data("test_support_bundle_data") { "data/ssl/certificates/treadclimber.sctlist", "data/ssl/certificates/unescaped.pem", "data/ssl/certificates/unittest.key.bin", - "data/ssl/certificates/unittest.originbound.der", - "data/ssl/certificates/unittest.originbound.key.der", "data/ssl/certificates/unittest.selfsigned.der", "data/ssl/certificates/verisign_class3_g5_crosssigned-trusted.keychain", "data/ssl/certificates/verisign_class3_g5_crosssigned.pem", @@ -2729,8 +2753,6 @@ static_library("test_support") { "http/transport_security_state_test_util.h", "log/test_net_log.cc", "log/test_net_log.h", - "log/test_net_log_entry.cc", - "log/test_net_log_entry.h", "log/test_net_log_util.cc", "log/test_net_log_util.h", "nqe/network_quality_estimator_test_util.cc", @@ -2743,6 +2765,8 @@ static_library("test_support") { "proxy_resolution/mock_proxy_resolver.h", "proxy_resolution/proxy_config_service_common_unittest.cc", "proxy_resolution/proxy_config_service_common_unittest.h", + "quic/quic_test_packet_printer.cc", + "quic/quic_test_packet_printer.h", "socket/socket_test_util.cc", "socket/socket_test_util.h", "spdy/spdy_test_util_common.cc", @@ -2751,6 +2775,8 @@ static_library("test_support") { "ssl/client_cert_identity_test_util.h", "ssl/ssl_private_key_test_util.cc", "ssl/ssl_private_key_test_util.h", + "ssl/test_ssl_private_key.cc", + "ssl/test_ssl_private_key.h", "test/cert_test_util.cc", "test/cert_test_util.h", "test/cert_test_util_nss.cc", @@ -2925,8 +2951,6 @@ if (use_v8_in_net) { "proxy_resolution/proxy_resolver_v8.h", "proxy_resolution/proxy_resolver_v8_tracing.cc", "proxy_resolution/proxy_resolver_v8_tracing.h", - "proxy_resolution/proxy_resolver_v8_tracing_wrapper.cc", - "proxy_resolution/proxy_resolver_v8_tracing_wrapper.h", ] defines = [ "NET_IMPLEMENTATION" ] @@ -3072,6 +3096,31 @@ if (!is_ios && !is_android) { } } +if (use_external_gssapi) { + # In order for the tests to be reliable, these two targets cannot depend on a + # valid GSSAPI library. This is easy to achieve on most platforms. But on + # macOS care must be taken to not depend directly or indirectly on + # GSS.framework. This is suprisingly easy to get wrong since + # Security.framework is such a common dependency and it indirectly depends on + # GSS. + shared_library("test_gssapi") { + testonly = true + sources = [ + "tools/gssapi/gss_import_name.cc", + "tools/gssapi/gss_methods.cc", + "tools/gssapi/gss_types.h", + ] + } + + shared_library("test_badgssapi") { + testonly = true + sources = [ + "tools/gssapi/gss_methods.cc", + "tools/gssapi/gss_types.h", + ] + } +} + if (is_linux || is_mac) { executable("cachetool") { testonly = true @@ -3217,7 +3266,6 @@ if (is_android) { "android/java/src/org/chromium/net/ProxyChangeListener.java", "android/java/src/org/chromium/net/X509Util.java", ] - jni_package = "net" } generate_jni("net_test_jni_headers") { sources = [ @@ -3227,7 +3275,6 @@ if (is_android) { "test/android/javatests/src/org/chromium/net/test/DummySpnegoAuthenticator.java", "test/android/javatests/src/org/chromium/net/test/EmbeddedTestServerImpl.java", ] - jni_package = "net/test" } } @@ -3268,10 +3315,14 @@ source_set("spdy_test_tools") { sources = [ "spdy/fuzzing/hpack_fuzz_util.cc", "spdy/fuzzing/hpack_fuzz_util.h", + "spdy/platform/impl/spdy_test_impl.h", + "third_party/quiche/src/spdy/platform/api/spdy_test.h", ] deps = [ ":net", "//base", + "//testing/gmock", + "//testing/gtest", ] } @@ -3683,6 +3734,72 @@ bundle_data("net_unittests_bundle_data") { "data/certificate_policies_unittest/policy_1_2_3_and_1_2_4_with_qualifiers.pem", "data/certificate_policies_unittest/policy_1_2_3_with_custom_qualifier.pem", "data/certificate_policies_unittest/policy_1_2_3_with_qualifier.pem", + "data/crl_unittest/bad_crldp_has_crlissuer.pem", + "data/crl_unittest/bad_fake_critical_crlentryextension.pem", + "data/crl_unittest/bad_fake_critical_extension.pem", + "data/crl_unittest/bad_idp_contains_wrong_uri.pem", + "data/crl_unittest/bad_idp_indirectcrl.pem", + "data/crl_unittest/bad_idp_onlycontainscacerts.pem", + "data/crl_unittest/bad_idp_onlycontainscacerts_no_basic_constraints.pem", + "data/crl_unittest/bad_idp_onlycontainsusercerts.pem", + "data/crl_unittest/bad_idp_uri_and_onlycontainscacerts.pem", + "data/crl_unittest/bad_idp_uri_and_onlycontainsusercerts.pem", + "data/crl_unittest/bad_key_rollover_signature.pem", + "data/crl_unittest/bad_nextupdate_too_old.pem", + "data/crl_unittest/bad_signature.pem", + "data/crl_unittest/bad_thisupdate_in_future.pem", + "data/crl_unittest/bad_thisupdate_too_old.pem", + "data/crl_unittest/bad_wrong_issuer.pem", + "data/crl_unittest/good.pem", + "data/crl_unittest/good_fake_extension.pem", + "data/crl_unittest/good_fake_extension_no_nextupdate.pem", + "data/crl_unittest/good_generalizedtime.pem", + "data/crl_unittest/good_idp_contains_uri.pem", + "data/crl_unittest/good_idp_onlycontainscacerts.pem", + "data/crl_unittest/good_idp_onlycontainsusercerts.pem", + "data/crl_unittest/good_idp_onlycontainsusercerts_no_basic_constraints.pem", + "data/crl_unittest/good_idp_uri_and_onlycontainscacerts.pem", + "data/crl_unittest/good_idp_uri_and_onlycontainsusercerts.pem", + "data/crl_unittest/good_issuer_name_normalization.pem", + "data/crl_unittest/good_issuer_no_keyusage.pem", + "data/crl_unittest/good_key_rollover.pem", + "data/crl_unittest/good_no_crldp.pem", + "data/crl_unittest/good_no_nextupdate.pem", + "data/crl_unittest/good_no_version.pem", + "data/crl_unittest/invalid_garbage_after_crlentryextensions.pem", + "data/crl_unittest/invalid_garbage_after_extensions.pem", + "data/crl_unittest/invalid_garbage_after_nextupdate.pem", + "data/crl_unittest/invalid_garbage_after_revocationdate.pem", + "data/crl_unittest/invalid_garbage_after_revokedcerts.pem", + "data/crl_unittest/invalid_garbage_after_signaturevalue.pem", + "data/crl_unittest/invalid_garbage_after_thisupdate.pem", + "data/crl_unittest/invalid_garbage_crlentry.pem", + "data/crl_unittest/invalid_garbage_issuer_name.pem", + "data/crl_unittest/invalid_garbage_revocationdate.pem", + "data/crl_unittest/invalid_garbage_revoked_serial_number.pem", + "data/crl_unittest/invalid_garbage_signaturealgorithm.pem", + "data/crl_unittest/invalid_garbage_signaturevalue.pem", + "data/crl_unittest/invalid_garbage_tbs_signature_algorithm.pem", + "data/crl_unittest/invalid_garbage_tbscertlist.pem", + "data/crl_unittest/invalid_garbage_thisupdate.pem", + "data/crl_unittest/invalid_garbage_version.pem", + "data/crl_unittest/invalid_idp_dpname_choice_extra_data.pem", + "data/crl_unittest/invalid_idp_empty_sequence.pem", + "data/crl_unittest/invalid_idp_onlycontains_user_and_ca_certs.pem", + "data/crl_unittest/invalid_idp_onlycontainsusercerts_v1_leaf.pem", + "data/crl_unittest/invalid_issuer_keyusage_no_crlsign.pem", + "data/crl_unittest/invalid_key_rollover_issuer_keyusage_no_crlsign.pem", + "data/crl_unittest/invalid_mismatched_signature_algorithm.pem", + "data/crl_unittest/invalid_revoked_empty_sequence.pem", + "data/crl_unittest/invalid_v1_explicit.pem", + "data/crl_unittest/invalid_v1_with_crlentryextension.pem", + "data/crl_unittest/invalid_v1_with_extension.pem", + "data/crl_unittest/invalid_v3.pem", + "data/crl_unittest/revoked.pem", + "data/crl_unittest/revoked_fake_crlentryextension.pem", + "data/crl_unittest/revoked_generalized_revocationdate.pem", + "data/crl_unittest/revoked_key_rollover.pem", + "data/crl_unittest/revoked_no_nextupdate.pem", "data/embedded_test_server/mock-headers-without-crlf.html", "data/embedded_test_server/mock-headers-without-crlf.html.mock-http-headers", "data/filter_unittests/google.br", @@ -4963,6 +5080,7 @@ test("net_unittests") { "cert/internal/cert_issuer_source_static_unittest.cc", "cert/internal/cert_issuer_source_sync_unittest.h", "cert/internal/certificate_policies_unittest.cc", + "cert/internal/crl_unittest.cc", "cert/internal/extended_key_usage_unittest.cc", "cert/internal/general_names_unittest.cc", "cert/internal/name_constraints_unittest.cc", @@ -4979,6 +5097,7 @@ test("net_unittests") { "cert/internal/revocation_util_unittest.cc", "cert/internal/signature_algorithm_unittest.cc", "cert/internal/simple_path_builder_delegate_unittest.cc", + "cert/internal/system_trust_store_nss_unittest.cc", "cert/internal/test_helpers.cc", "cert/internal/test_helpers.h", "cert/internal/trust_store_collection_unittest.cc", @@ -5106,9 +5225,11 @@ test("net_unittests") { "log/net_log_capture_mode_unittest.cc", "log/net_log_unittest.cc", "log/net_log_util_unittest.cc", + "log/net_log_values_unittest.cc", "log/trace_net_log_observer_unittest.cc", "nqe/effective_connection_type_unittest.cc", "nqe/event_creator_unittest.cc", + "nqe/network_congestion_analyzer_unittest.cc", "nqe/network_id_unittest.cc", "nqe/network_qualities_prefs_manager_unittest.cc", "nqe/network_quality_estimator_params_unittest.cc", @@ -5140,7 +5261,6 @@ test("net_unittests") { "proxy_resolution/proxy_list_unittest.cc", "proxy_resolution/proxy_resolution_service_unittest.cc", "proxy_resolution/proxy_resolver_v8_tracing_unittest.cc", - "proxy_resolution/proxy_resolver_v8_tracing_wrapper_unittest.cc", "proxy_resolution/proxy_resolver_v8_unittest.cc", "proxy_resolution/proxy_server_unittest.cc", "quic/bidirectional_stream_quic_impl_unittest.cc", @@ -5373,6 +5493,7 @@ test("net_unittests") { "third_party/quiche/src/quic/core/http/quic_spdy_session_test.cc", "third_party/quiche/src/quic/core/http/quic_spdy_stream_body_buffer_test.cc", "third_party/quiche/src/quic/core/http/quic_spdy_stream_test.cc", + "third_party/quiche/src/quic/core/http/spdy_server_push_utils_test.cc", "third_party/quiche/src/quic/core/http/spdy_utils_test.cc", "third_party/quiche/src/quic/core/legacy_quic_stream_id_manager_test.cc", "third_party/quiche/src/quic/core/packet_number_indexed_queue_test.cc", @@ -5386,8 +5507,10 @@ test("net_unittests") { "third_party/quiche/src/quic/core/qpack/qpack_header_table_test.cc", "third_party/quiche/src/quic/core/qpack/qpack_instruction_decoder_test.cc", "third_party/quiche/src/quic/core/qpack/qpack_instruction_encoder_test.cc", - "third_party/quiche/src/quic/core/qpack/qpack_progressive_decoder_test.cc", + "third_party/quiche/src/quic/core/qpack/qpack_receive_stream_test.cc", + "third_party/quiche/src/quic/core/qpack/qpack_required_insert_count_test.cc", "third_party/quiche/src/quic/core/qpack/qpack_round_trip_test.cc", + "third_party/quiche/src/quic/core/qpack/qpack_send_stream_test.cc", "third_party/quiche/src/quic/core/qpack/qpack_static_table_test.cc", "third_party/quiche/src/quic/core/qpack/value_splitting_header_list_test.cc", "third_party/quiche/src/quic/core/quic_alarm_test.cc", @@ -5511,6 +5634,7 @@ test("net_unittests") { "url_request/url_request_file_dir_job_unittest.cc", "url_request/url_request_file_job_unittest.cc", "url_request/url_request_filter_unittest.cc", + "url_request/url_request_ftp_job_unittest.cc", "url_request/url_request_http_job_unittest.cc", "url_request/url_request_job_factory_impl_unittest.cc", "url_request/url_request_job_unittest.cc", @@ -5578,13 +5702,16 @@ test("net_unittests") { defines = [] deps = [ + ":extras", ":net", + ":preload_decoder", ":quic_test_tools", ":quiche_test_tools", ":simple_quic_tools", ":spdy_test_tools", ":test_support", "//base", + "//base:i18n", "//base/third_party/dynamic_annotations", "//crypto", "//crypto:platform", @@ -5594,6 +5721,8 @@ test("net_unittests") { "//net/dns/public:tests", "//net/http:transport_security_state_unittest_data", "//net/http:transport_security_state_unittest_data_default", + "//net/tools/huffman_trie:huffman_trie_generator_sources", + "//sql", "//testing/gmock", "//testing/gtest", "//third_party/protobuf:protobuf_lite", @@ -5631,20 +5760,10 @@ test("net_unittests") { ] } - if (!is_proto_quic) { - deps += [ - ":extras", - "//base:i18n", - "//sql", + if (enable_reporting) { + sources += [ + "extras/sqlite/sqlite_persistent_reporting_and_nel_store_unittest.cc", ] - - if (enable_reporting) { - sources += [ - "extras/sqlite/sqlite_persistent_reporting_and_nel_store_unittest.cc", - ] - } - } else { - sources -= [ "extras/sqlite/sqlite_persistent_cookie_store_unittest.cc" ] } data = [] @@ -5714,7 +5833,7 @@ test("net_unittests") { sources -= [ "proxy_resolution/proxy_config_service_linux_unittest.cc" ] } - if (!is_proto_quic && v8_use_external_startup_data) { + if (v8_use_external_startup_data) { deps += [ "//gin" ] } @@ -5744,6 +5863,7 @@ test("net_unittests") { if (!use_nss_certs) { sources -= [ + "cert/internal/system_trust_store_nss_unittest.cc", "cert/internal/trust_store_nss_unittest.cc", "cert/nss_cert_database_unittest.cc", "cert/x509_util_nss_unittest.cc", @@ -5758,15 +5878,18 @@ test("net_unittests") { } } - # These are excluded on Android, because the actual Kerberos support, which - # these test, is in a separate app on Android. - if (use_kerberos && ((is_posix && !is_android) || is_fuchsia)) { + if (use_external_gssapi) { sources += [ "http/http_auth_gssapi_posix_unittest.cc", "http/mock_gssapi_library_posix.cc", "http/mock_gssapi_library_posix.h", ] + data_deps += [ + ":test_gssapi", + ":test_badgssapi", + ] } + if (!use_kerberos) { sources -= [ "http/http_auth_handler_negotiate_unittest.cc" ] } @@ -5824,6 +5947,7 @@ test("net_unittests") { "ftp/ftp_directory_listing_parser_windows_unittest.cc", "ftp/ftp_network_transaction_unittest.cc", "ftp/ftp_util_unittest.cc", + "url_request/url_request_ftp_job_unittest.cc", ] } @@ -5836,7 +5960,6 @@ test("net_unittests") { } else { sources -= [ "proxy_resolution/proxy_resolver_v8_tracing_unittest.cc", - "proxy_resolution/proxy_resolver_v8_tracing_wrapper_unittest.cc", "proxy_resolution/proxy_resolver_v8_unittest.cc", ] } @@ -5981,7 +6104,7 @@ test("net_unittests") { } # !is_android && !is_win && !is_mac -if (!is_ios && !is_proto_quic) { +if (!is_ios) { # TODO(crbug.com/594965): this should be converted to "app" template and # enabled on iOS too. test("net_perftests") { @@ -6222,6 +6345,50 @@ fuzzer_test("net_cert_verify_name_in_subtree_fuzzer") { ] } +fuzzer_test("net_cert_crl_parse_crl_certificatelist_fuzzer") { + sources = [ + "cert/internal/crl_parse_crl_certificatelist_fuzzer.cc", + ] + seed_corpus = "data/fuzzer_data/crl_parse_crl_certificatelist_fuzzer" + deps = [ + "//base", + "//net", + ] +} + +fuzzer_test("net_cert_crl_parse_crl_tbscertlist_fuzzer") { + sources = [ + "cert/internal/crl_parse_crl_tbscertlist_fuzzer.cc", + ] + seed_corpus = "data/fuzzer_data/crl_parse_crl_tbscertlist_fuzzer" + deps = [ + "//base", + "//net", + ] +} + +fuzzer_test("net_cert_crl_parse_issuing_distribution_point_fuzzer") { + sources = [ + "cert/internal/crl_parse_issuing_distribution_point_fuzzer.cc", + ] + seed_corpus = "data/fuzzer_data/crl_parse_issuing_distribution_point_fuzzer" + deps = [ + "//base", + "//net", + ] +} + +fuzzer_test("net_cert_crl_getcrlstatusforcert_fuzzer") { + sources = [ + "cert/internal/crl_getcrlstatusforcert_fuzzer.cc", + ] + seed_corpus = "data/fuzzer_data/crl_getcrlstatusforcert_fuzzer" + deps = [ + "//base", + "//net", + ] +} + fuzzer_test("net_cert_ocsp_parse_ocsp_cert_id_fuzzer") { sources = [ "cert/internal/ocsp_parse_ocsp_cert_id_fuzzer.cc", @@ -6276,6 +6443,17 @@ fuzzer_test("net_cert_parse_certificate_fuzzer") { ] } +fuzzer_test("net_canonical_cookie_fuzzer") { + sources = [ + "cookies/canonical_cookie_fuzzer.cc", + ] + deps = [ + ":net_fuzzer_test_support", + "//net", + ] + seed_corpus = "data/fuzzer_data/net_canonical_cookie_fuzzer/" +} + fuzzer_test("net_parse_cookie_line_fuzzer") { sources = [ "cookies/parse_cookie_line_fuzzer.cc", @@ -6342,6 +6520,19 @@ fuzzer_test("net_gzip_source_stream_fuzzer") { ] } +fuzzer_test("net_crl_set_fuzzer") { + sources = [ + "cert/crl_set_fuzzer.cc", + ] + deps = [ + ":net_fuzzer_test_support", + ":test_support", + "//base", + "//net", + ] + seed_corpus = "data/fuzzer_data/net_crl_set_fuzzer/" +} + if (!disable_ftp_support) { fuzzer_test("net_ftp_ctrl_response_fuzzer") { sources = [ diff --git a/chromium/net/DEPS b/chromium/net/DEPS index df77e036579..5b608efb487 100644 --- a/chromium/net/DEPS +++ b/chromium/net/DEPS @@ -1,8 +1,8 @@ include_rules = [ "+crypto", "+gin", - "+jni", "+mojo/public", + "+net/net_jni_headers", "+third_party/apple_apsl", "+third_party/boringssl/src/include", "+third_party/nss", @@ -69,9 +69,10 @@ specific_include_rules = { "+base/i18n", ], - # Needed for fuzz targets written using libprotobuf-mutator library. + # Dependencies specific for fuzz targets and other fuzzing-related code. ".*fuzz.*": [ - "+third_party/libprotobuf-mutator", + "+third_party/libFuzzer/src/utils", # This contains FuzzedDataProvider. + "+third_party/libprotobuf-mutator", # This is needed for LPM-based fuzzers. ] } diff --git a/chromium/net/OWNERS b/chromium/net/OWNERS index 08065b9bea3..b2ff564f4f2 100644 --- a/chromium/net/OWNERS +++ b/chromium/net/OWNERS @@ -6,7 +6,6 @@ ericorth@chromium.org eroman@chromium.org jkarlin@chromium.org mattm@chromium.org -mef@chromium.org mmenke@chromium.org morlovich@chromium.org nharper@chromium.org diff --git a/chromium/net/android/android_http_util.cc b/chromium/net/android/android_http_util.cc index fa4f64f1902..83f8831548f 100644 --- a/chromium/net/android/android_http_util.cc +++ b/chromium/net/android/android_http_util.cc @@ -3,8 +3,8 @@ // found in the LICENSE file. #include "base/android/jni_string.h" -#include "jni/HttpUtil_jni.h" #include "net/http/http_util.h" +#include "net/net_jni_headers/HttpUtil_jni.h" #include "url/gurl.h" using base::android::JavaParamRef; diff --git a/chromium/net/android/cellular_signal_strength.cc b/chromium/net/android/cellular_signal_strength.cc index 32424618651..35254402a9e 100644 --- a/chromium/net/android/cellular_signal_strength.cc +++ b/chromium/net/android/cellular_signal_strength.cc @@ -4,7 +4,7 @@ #include "net/android/cellular_signal_strength.h" -#include "jni/AndroidCellularSignalStrength_jni.h" +#include "net/net_jni_headers/AndroidCellularSignalStrength_jni.h" namespace net { diff --git a/chromium/net/android/cert_verify_result_android.cc b/chromium/net/android/cert_verify_result_android.cc index eff90d8beca..39655b60571 100644 --- a/chromium/net/android/cert_verify_result_android.cc +++ b/chromium/net/android/cert_verify_result_android.cc @@ -6,7 +6,7 @@ #include "base/android/jni_android.h" #include "base/android/jni_array.h" -#include "jni/AndroidCertVerifyResult_jni.h" +#include "net/net_jni_headers/AndroidCertVerifyResult_jni.h" using base::android::AttachCurrentThread; using base::android::JavaArrayOfByteArrayToStringVector; diff --git a/chromium/net/android/dummy_spnego_authenticator.cc b/chromium/net/android/dummy_spnego_authenticator.cc index b251f6f1bb3..7ff2ca11cc5 100644 --- a/chromium/net/android/dummy_spnego_authenticator.cc +++ b/chromium/net/android/dummy_spnego_authenticator.cc @@ -6,7 +6,7 @@ #include "base/android/jni_string.h" #include "base/base64.h" #include "base/stl_util.h" -#include "net/test/jni/DummySpnegoAuthenticator_jni.h" +#include "net/net_test_jni_headers/DummySpnegoAuthenticator_jni.h" #include "testing/gtest/include/gtest/gtest.h" using base::android::JavaParamRef; diff --git a/chromium/net/android/dummy_spnego_authenticator.h b/chromium/net/android/dummy_spnego_authenticator.h index 5525c62e34d..ae51b0226d5 100644 --- a/chromium/net/android/dummy_spnego_authenticator.h +++ b/chromium/net/android/dummy_spnego_authenticator.h @@ -137,6 +137,9 @@ class DummySpnegoAuthenticator { }; } // namespace android + +using MockAuthLibrary = android::DummySpnegoAuthenticator; + } // namespace net #endif // NET_ANDROID_DUMMY_SPNEGO_AUTHENTICATOR_H_ diff --git a/chromium/net/android/gurl_utils.cc b/chromium/net/android/gurl_utils.cc index 68d65b3c5d3..764324ba4e8 100644 --- a/chromium/net/android/gurl_utils.cc +++ b/chromium/net/android/gurl_utils.cc @@ -3,7 +3,7 @@ // found in the LICENSE file. #include "base/android/jni_string.h" -#include "jni/GURLUtils_jni.h" +#include "net/net_jni_headers/GURLUtils_jni.h" #include "url/gurl.h" using base::android::JavaParamRef; diff --git a/chromium/net/android/http_auth_negotiate_android.cc b/chromium/net/android/http_auth_negotiate_android.cc index e83f94baa6f..4beca169464 100644 --- a/chromium/net/android/http_auth_negotiate_android.cc +++ b/chromium/net/android/http_auth_negotiate_android.cc @@ -11,12 +11,13 @@ #include "base/location.h" #include "base/single_thread_task_runner.h" #include "base/threading/thread_task_runner_handle.h" -#include "jni/HttpNegotiateAuthenticator_jni.h" #include "net/base/auth.h" #include "net/base/net_errors.h" #include "net/http/http_auth_challenge_tokenizer.h" #include "net/http/http_auth_multi_round_parse.h" #include "net/http/http_auth_preferences.h" +#include "net/log/net_log_with_source.h" +#include "net/net_jni_headers/HttpNegotiateAuthenticator_jni.h" using base::android::AttachCurrentThread; using base::android::ConvertUTF8ToJavaString; @@ -69,7 +70,7 @@ HttpAuthNegotiateAndroid::HttpAuthNegotiateAndroid( HttpAuthNegotiateAndroid::~HttpAuthNegotiateAndroid() { } -bool HttpAuthNegotiateAndroid::Init() { +bool HttpAuthNegotiateAndroid::Init(const NetLogWithSource& net_log) { return true; } @@ -92,11 +93,22 @@ HttpAuth::AuthorizationResult HttpAuthNegotiateAndroid::ParseChallenge( &decoded_auth_token); } +int HttpAuthNegotiateAndroid::GenerateAuthTokenAndroid( + const AuthCredentials* credentials, + const std::string& spn, + const std::string& channel_bindings, + std::string* auth_token, + net::CompletionOnceCallback callback) { + return GenerateAuthToken(credentials, spn, channel_bindings, auth_token, + NetLogWithSource(), std::move(callback)); +} + int HttpAuthNegotiateAndroid::GenerateAuthToken( const AuthCredentials* credentials, const std::string& spn, const std::string& channel_bindings, std::string* auth_token, + const NetLogWithSource& net_log, net::CompletionOnceCallback callback) { if (GetAuthAndroidNegotiateAccountType().empty()) { // This can happen if there is a policy change, removing the account type, diff --git a/chromium/net/android/http_auth_negotiate_android.h b/chromium/net/android/http_auth_negotiate_android.h index 2bd89fc4d03..78e29a1bdc2 100644 --- a/chromium/net/android/http_auth_negotiate_android.h +++ b/chromium/net/android/http_auth_negotiate_android.h @@ -74,7 +74,7 @@ class NET_EXPORT_PRIVATE HttpAuthNegotiateAndroid ~HttpAuthNegotiateAndroid() override; // HttpNegotiateAuthSystem implementation: - bool Init() override; + bool Init(const NetLogWithSource& net_log) override; bool NeedsIdentity() const override; bool AllowsExplicitCredentials() const override; HttpAuth::AuthorizationResult ParseChallenge( @@ -83,9 +83,20 @@ class NET_EXPORT_PRIVATE HttpAuthNegotiateAndroid const std::string& spn, const std::string& channel_bindings, std::string* auth_token, + const NetLogWithSource& net_log, CompletionOnceCallback callback) override; void SetDelegation(HttpAuth::DelegationType delegation_type) override; + // Unlike the platform agnostic GenerateAuthToken(), the Android specific + // version doesn't require a NetLogWithSource. The call is made across service + // boundaries, so currently the goings-on within the GenerateAuthToken() + // handler is outside the scope of the NetLog. + int GenerateAuthTokenAndroid(const AuthCredentials* credentials, + const std::string& spn, + const std::string& channel_bindings, + std::string* auth_token, + CompletionOnceCallback callback); + bool can_delegate() const { return can_delegate_; } void set_can_delegate(bool can_delegate) { can_delegate_ = can_delegate; } diff --git a/chromium/net/android/http_auth_negotiate_android_unittest.cc b/chromium/net/android/http_auth_negotiate_android_unittest.cc index 154084bf740..e88265d0f4d 100644 --- a/chromium/net/android/http_auth_negotiate_android_unittest.cc +++ b/chromium/net/android/http_auth_negotiate_android_unittest.cc @@ -11,6 +11,7 @@ #include "net/base/test_completion_callback.h" #include "net/http/http_auth_challenge_tokenizer.h" #include "net/http/mock_allow_http_auth_preferences.h" +#include "net/log/net_log_with_source.h" #include "testing/gtest/include/gtest/gtest.h" namespace net { @@ -32,12 +33,12 @@ TEST(HttpAuthNegotiateAndroidTest, GenerateAuthToken) { prefs.set_auth_android_negotiate_account_type( "org.chromium.test.DummySpnegoAuthenticator"); HttpAuthNegotiateAndroid auth(&prefs); - EXPECT_TRUE(auth.Init()); + EXPECT_TRUE(auth.Init(NetLogWithSource())); TestCompletionCallback callback; - EXPECT_EQ(OK, callback.GetResult( - auth.GenerateAuthToken(nullptr, "Dummy", std::string(), - &auth_token, callback.callback()))); + EXPECT_EQ(OK, callback.GetResult(auth.GenerateAuthToken( + nullptr, "Dummy", std::string(), &auth_token, + NetLogWithSource(), callback.callback()))); EXPECT_EQ("Negotiate DummyToken", auth_token); diff --git a/chromium/net/android/keystore.cc b/chromium/net/android/keystore.cc index ce0aa7920d3..a3e577f3a02 100644 --- a/chromium/net/android/keystore.cc +++ b/chromium/net/android/keystore.cc @@ -10,7 +10,7 @@ #include "base/android/jni_array.h" #include "base/android/jni_string.h" #include "base/logging.h" -#include "jni/AndroidKeyStore_jni.h" +#include "net/net_jni_headers/AndroidKeyStore_jni.h" using base::android::AttachCurrentThread; using base::android::ConvertJavaStringToUTF8; diff --git a/chromium/net/android/network_change_notifier_android.cc b/chromium/net/android/network_change_notifier_android.cc index bccdad11b93..db6cb73c559 100644 --- a/chromium/net/android/network_change_notifier_android.cc +++ b/chromium/net/android/network_change_notifier_android.cc @@ -72,7 +72,6 @@ #include "base/task/task_traits.h" #include "base/threading/thread.h" #include "net/base/address_tracker_linux.h" -#include "net/dns/dns_config_service_posix.h" namespace net { @@ -100,8 +99,6 @@ class NetworkChangeNotifierAndroid::BlockingThreadObjects { void Init() { address_tracker_.Init(); - dns_config_service_.WatchConfig( - base::Bind(&NetworkChangeNotifier::SetDnsConfig)); } static void NotifyNetworkChangeNotifierObservers() { @@ -110,7 +107,6 @@ class NetworkChangeNotifierAndroid::BlockingThreadObjects { } private: - internal::DnsConfigServicePosix dns_config_service_; // Used to detect tunnel state changes. internal::AddressTrackerLinux address_tracker_; diff --git a/chromium/net/android/network_change_notifier_delegate_android.cc b/chromium/net/android/network_change_notifier_delegate_android.cc index a659534549b..b5fbd2f0389 100644 --- a/chromium/net/android/network_change_notifier_delegate_android.cc +++ b/chromium/net/android/network_change_notifier_delegate_android.cc @@ -6,8 +6,8 @@ #include "base/android/jni_array.h" #include "base/logging.h" -#include "jni/NetworkChangeNotifier_jni.h" #include "net/android/network_change_notifier_android.h" +#include "net/net_jni_headers/NetworkChangeNotifier_jni.h" using base::android::JavaParamRef; using base::android::JavaRef; diff --git a/chromium/net/android/network_change_notifier_factory_android.cc b/chromium/net/android/network_change_notifier_factory_android.cc index 64b9ca2a215..71269a83785 100644 --- a/chromium/net/android/network_change_notifier_factory_android.cc +++ b/chromium/net/android/network_change_notifier_factory_android.cc @@ -4,6 +4,7 @@ #include "net/android/network_change_notifier_factory_android.h" +#include "base/memory/ptr_util.h" #include "net/android/network_change_notifier_android.h" #include "net/android/network_change_notifier_delegate_android.h" @@ -13,8 +14,9 @@ NetworkChangeNotifierFactoryAndroid::NetworkChangeNotifierFactoryAndroid() {} NetworkChangeNotifierFactoryAndroid::~NetworkChangeNotifierFactoryAndroid() {} -NetworkChangeNotifier* NetworkChangeNotifierFactoryAndroid::CreateInstance() { - return new NetworkChangeNotifierAndroid(&delegate_); +std::unique_ptr +NetworkChangeNotifierFactoryAndroid::CreateInstance() { + return base::WrapUnique(new NetworkChangeNotifierAndroid(&delegate_)); } } // namespace net diff --git a/chromium/net/android/network_change_notifier_factory_android.h b/chromium/net/android/network_change_notifier_factory_android.h index 17eb11bc525..db982e86c10 100644 --- a/chromium/net/android/network_change_notifier_factory_android.h +++ b/chromium/net/android/network_change_notifier_factory_android.h @@ -29,7 +29,7 @@ class NET_EXPORT NetworkChangeNotifierFactoryAndroid : ~NetworkChangeNotifierFactoryAndroid() override; // NetworkChangeNotifierFactory: - NetworkChangeNotifier* CreateInstance() override; + std::unique_ptr CreateInstance() override; private: // Delegate passed to the instances created by this class. diff --git a/chromium/net/android/network_library.cc b/chromium/net/android/network_library.cc index 41665c43481..6ed1e80958c 100644 --- a/chromium/net/android/network_library.cc +++ b/chromium/net/android/network_library.cc @@ -9,8 +9,8 @@ #include "base/android/jni_string.h" #include "base/android/scoped_java_ref.h" #include "base/logging.h" -#include "jni/AndroidNetworkLibrary_jni.h" #include "net/dns/public/dns_protocol.h" +#include "net/net_jni_headers/AndroidNetworkLibrary_jni.h" using base::android::AttachCurrentThread; using base::android::ConvertJavaStringToUTF8; diff --git a/chromium/net/android/traffic_stats.cc b/chromium/net/android/traffic_stats.cc index e690974e154..48cdcd25751 100644 --- a/chromium/net/android/traffic_stats.cc +++ b/chromium/net/android/traffic_stats.cc @@ -4,7 +4,7 @@ #include "net/android/traffic_stats.h" -#include "jni/AndroidTrafficStats_jni.h" +#include "net/net_jni_headers/AndroidTrafficStats_jni.h" namespace net { diff --git a/chromium/net/android/unittest_support/AndroidManifest.xml b/chromium/net/android/unittest_support/AndroidManifest.xml index e9175e9fb48..7f34abc3629 100644 --- a/chromium/net/android/unittest_support/AndroidManifest.xml +++ b/chromium/net/android/unittest_support/AndroidManifest.xml @@ -10,7 +10,6 @@ found in the LICENSE file. android:versionCode="1" android:versionName="1.0"> - diff --git a/chromium/net/base/address_list.cc b/chromium/net/base/address_list.cc index 20a6d3d4cc0..94eea32bf5d 100644 --- a/chromium/net/base/address_list.cc +++ b/chromium/net/base/address_list.cc @@ -15,23 +15,6 @@ namespace net { -namespace { - -base::Value NetLogAddressListCallback(const AddressList* address_list, - NetLogCaptureMode capture_mode) { - base::Value dict(base::Value::Type::DICTIONARY); - base::Value list(base::Value::Type::LIST); - - for (const auto& ip_endpoint : *address_list) - list.GetList().emplace_back(ip_endpoint.ToString()); - - dict.SetKey("address_list", std::move(list)); - dict.SetStringKey("canonical_name", address_list->canonical_name()); - return dict; -} - -} // namespace - AddressList::AddressList() = default; AddressList::AddressList(const AddressList&) = default; @@ -91,8 +74,16 @@ void AddressList::SetDefaultCanonicalName() { set_canonical_name(front().ToStringWithoutPort()); } -NetLogParametersCallback AddressList::CreateNetLogCallback() const { - return base::Bind(&NetLogAddressListCallback, this); +base::Value AddressList::NetLogParams() const { + base::Value dict(base::Value::Type::DICTIONARY); + base::Value list(base::Value::Type::LIST); + + for (const auto& ip_endpoint : *this) + list.GetList().emplace_back(ip_endpoint.ToString()); + + dict.SetKey("address_list", std::move(list)); + dict.SetStringKey("canonical_name", canonical_name()); + return dict; } } // namespace net diff --git a/chromium/net/base/address_list.h b/chromium/net/base/address_list.h index 9b4a6741856..1baf593701d 100644 --- a/chromium/net/base/address_list.h +++ b/chromium/net/base/address_list.h @@ -13,10 +13,13 @@ #include "base/compiler_specific.h" #include "net/base/ip_endpoint.h" #include "net/base/net_export.h" -#include "net/log/net_log_parameters_callback.h" struct addrinfo; +namespace base { +class Value; +} + namespace net { class IPAddress; @@ -52,10 +55,9 @@ class NET_EXPORT AddressList { // Sets canonical name to the literal of the first IP address on the list. void SetDefaultCanonicalName(); - // Creates a callback for use with the NetLog that returns a Value - // representation of the address list. The callback must be destroyed before - // |this| is. - NetLogParametersCallback CreateNetLogCallback() const; + // Creates a value representation of the address list, appropriate for + // inclusion in a NetLog. + base::Value NetLogParams() const; using iterator = std::vector::iterator; using const_iterator = std::vector::const_iterator; diff --git a/chromium/net/base/cache_type.h b/chromium/net/base/cache_type.h index 23995948c69..f7eb3a140f2 100644 --- a/chromium/net/base/cache_type.h +++ b/chromium/net/base/cache_type.h @@ -9,14 +9,16 @@ namespace net { // The types of caches that can be created. enum CacheType { - DISK_CACHE, // Disk is used as the backing storage. - MEMORY_CACHE, // Data is stored only in memory. - MEDIA_CACHE, // Optimized to handle media files. - APP_CACHE, // Backing store for an AppCache. - SHADER_CACHE, // Backing store for the GL shader cache. - PNACL_CACHE, // Backing store the PNaCl translation cache - GENERATED_CODE_CACHE, // Backing store for data (like code for JavaScript) - // generated by renderer. + DISK_CACHE, // Disk is used as the backing storage. + MEMORY_CACHE, // Data is stored only in memory. + MEDIA_CACHE, // Optimized to handle media files. + APP_CACHE, // Backing store for an AppCache. + SHADER_CACHE, // Backing store for the GL shader cache. + PNACL_CACHE, // Backing store the PNaCl translation cache + GENERATED_BYTE_CODE_CACHE, // Backing store for renderer generated data like + // bytecode for JavaScript. + GENERATED_NATIVE_CODE_CACHE, // Backing store for renderer generated data + // like native code for WebAssembly. }; // The types of disk cache backend, only used at backend instantiation. diff --git a/chromium/net/base/chunked_upload_data_stream.cc b/chromium/net/base/chunked_upload_data_stream.cc index f7e2a66f473..f4db7d73a60 100644 --- a/chromium/net/base/chunked_upload_data_stream.cc +++ b/chromium/net/base/chunked_upload_data_stream.cc @@ -31,8 +31,7 @@ ChunkedUploadDataStream::ChunkedUploadDataStream(int64_t identifier) read_index_(0), read_offset_(0), all_data_appended_(false), - read_buffer_len_(0), - weak_factory_(this) {} + read_buffer_len_(0) {} ChunkedUploadDataStream::~ChunkedUploadDataStream() = default; diff --git a/chromium/net/base/chunked_upload_data_stream.h b/chromium/net/base/chunked_upload_data_stream.h index 65da00deae0..50f644f94bf 100644 --- a/chromium/net/base/chunked_upload_data_stream.h +++ b/chromium/net/base/chunked_upload_data_stream.h @@ -98,7 +98,7 @@ class NET_EXPORT ChunkedUploadDataStream : public UploadDataStream { scoped_refptr read_buffer_; int read_buffer_len_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(ChunkedUploadDataStream); }; diff --git a/chromium/net/base/elements_upload_data_stream.cc b/chromium/net/base/elements_upload_data_stream.cc index 9465b746162..5cc6590811f 100644 --- a/chromium/net/base/elements_upload_data_stream.cc +++ b/chromium/net/base/elements_upload_data_stream.cc @@ -19,8 +19,7 @@ ElementsUploadDataStream::ElementsUploadDataStream( : UploadDataStream(false, identifier), element_readers_(std::move(element_readers)), element_index_(0), - read_error_(OK), - weak_ptr_factory_(this) {} + read_error_(OK) {} ElementsUploadDataStream::~ElementsUploadDataStream() = default; diff --git a/chromium/net/base/elements_upload_data_stream.h b/chromium/net/base/elements_upload_data_stream.h index 4ad404897fe..ba8f9457e7c 100644 --- a/chromium/net/base/elements_upload_data_stream.h +++ b/chromium/net/base/elements_upload_data_stream.h @@ -80,7 +80,7 @@ class NET_EXPORT ElementsUploadDataStream : public UploadDataStream { // Set to actual error if read fails, otherwise set to net::OK. int read_error_; - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(ElementsUploadDataStream); }; diff --git a/chromium/net/base/expiring_cache_unittest.cc b/chromium/net/base/expiring_cache_unittest.cc index f1414f90656..1f3c5d38073 100644 --- a/chromium/net/base/expiring_cache_unittest.cc +++ b/chromium/net/base/expiring_cache_unittest.cc @@ -119,16 +119,16 @@ TEST(ExpiringCacheTest, Compact) { } EXPECT_EQ(10U, cache.size()); - EXPECT_TRUE(base::ContainsKey(cache.entries_, "valid0")); - EXPECT_TRUE(base::ContainsKey(cache.entries_, "valid1")); - EXPECT_TRUE(base::ContainsKey(cache.entries_, "valid2")); - EXPECT_TRUE(base::ContainsKey(cache.entries_, "valid3")); - EXPECT_TRUE(base::ContainsKey(cache.entries_, "valid4")); - EXPECT_TRUE(base::ContainsKey(cache.entries_, "expired0")); - EXPECT_TRUE(base::ContainsKey(cache.entries_, "expired1")); - EXPECT_TRUE(base::ContainsKey(cache.entries_, "expired2")); - EXPECT_TRUE(base::ContainsKey(cache.entries_, "negative0")); - EXPECT_TRUE(base::ContainsKey(cache.entries_, "negative1")); + EXPECT_TRUE(base::Contains(cache.entries_, "valid0")); + EXPECT_TRUE(base::Contains(cache.entries_, "valid1")); + EXPECT_TRUE(base::Contains(cache.entries_, "valid2")); + EXPECT_TRUE(base::Contains(cache.entries_, "valid3")); + EXPECT_TRUE(base::Contains(cache.entries_, "valid4")); + EXPECT_TRUE(base::Contains(cache.entries_, "expired0")); + EXPECT_TRUE(base::Contains(cache.entries_, "expired1")); + EXPECT_TRUE(base::Contains(cache.entries_, "expired2")); + EXPECT_TRUE(base::Contains(cache.entries_, "negative0")); + EXPECT_TRUE(base::Contains(cache.entries_, "negative1")); // Shrink the new max constraints bound and compact. The "negative" and // "expired" entries should be dropped. @@ -136,16 +136,16 @@ TEST(ExpiringCacheTest, Compact) { cache.Compact(now); EXPECT_EQ(5U, cache.size()); - EXPECT_TRUE(base::ContainsKey(cache.entries_, "valid0")); - EXPECT_TRUE(base::ContainsKey(cache.entries_, "valid1")); - EXPECT_TRUE(base::ContainsKey(cache.entries_, "valid2")); - EXPECT_TRUE(base::ContainsKey(cache.entries_, "valid3")); - EXPECT_TRUE(base::ContainsKey(cache.entries_, "valid4")); - EXPECT_FALSE(base::ContainsKey(cache.entries_, "expired0")); - EXPECT_FALSE(base::ContainsKey(cache.entries_, "expired1")); - EXPECT_FALSE(base::ContainsKey(cache.entries_, "expired2")); - EXPECT_FALSE(base::ContainsKey(cache.entries_, "negative0")); - EXPECT_FALSE(base::ContainsKey(cache.entries_, "negative1")); + EXPECT_TRUE(base::Contains(cache.entries_, "valid0")); + EXPECT_TRUE(base::Contains(cache.entries_, "valid1")); + EXPECT_TRUE(base::Contains(cache.entries_, "valid2")); + EXPECT_TRUE(base::Contains(cache.entries_, "valid3")); + EXPECT_TRUE(base::Contains(cache.entries_, "valid4")); + EXPECT_FALSE(base::Contains(cache.entries_, "expired0")); + EXPECT_FALSE(base::Contains(cache.entries_, "expired1")); + EXPECT_FALSE(base::Contains(cache.entries_, "expired2")); + EXPECT_FALSE(base::Contains(cache.entries_, "negative0")); + EXPECT_FALSE(base::Contains(cache.entries_, "negative1")); // Shrink further -- this time the compact will start dropping valid entries // to make space. diff --git a/chromium/net/base/features.cc b/chromium/net/base/features.cc index ae53c907147..6bc86e560f0 100644 --- a/chromium/net/base/features.cc +++ b/chromium/net/base/features.cc @@ -7,28 +7,14 @@ namespace net { namespace features { -// Toggles the `Accept-Language` HTTP request header, which -// https://github.com/WICG/lang-client-hint proposes that we deprecate. const base::Feature kAcceptLanguageHeader{"AcceptLanguageHeader", base::FEATURE_ENABLED_BY_DEFAULT}; const base::Feature kCapRefererHeaderLength = { - "CapRefererHeaderLength", base::FEATURE_DISABLED_BY_DEFAULT}; + "CapRefererHeaderLength", base::FEATURE_ENABLED_BY_DEFAULT}; const base::FeatureParam kMaxRefererHeaderLength = { &kCapRefererHeaderLength, "MaxRefererHeaderLength", 4096}; -// Uses a site isolated code cache that is keyed on the resource url and the -// origin lock of the renderer that is requesting the resource. The requests -// to site-isolated code cache are handled by the content/GeneratedCodeCache -// When this flag is enabled, the metadata field of the HttpCache is unused. -const base::Feature kIsolatedCodeCache = {"IsolatedCodeCache", - base::FEATURE_ENABLED_BY_DEFAULT}; - -// Enables the additional TLS 1.3 server-random-based downgrade protection -// described in https://tools.ietf.org/html/rfc8446#section-4.1.3 -// -// This is a MUST-level requirement of TLS 1.3, but has compatibility issues -// with some buggy non-compliant TLS-terminating proxies. const base::Feature kEnforceTLS13Downgrade{"EnforceTLS13Downgrade", base::FEATURE_ENABLED_BY_DEFAULT}; @@ -38,13 +24,17 @@ const base::Feature kEnableTLS13EarlyData{"EnableTLS13EarlyData", const base::Feature kNetworkQualityEstimator{"NetworkQualityEstimator", base::FEATURE_DISABLED_BY_DEFAULT}; -const base::Feature kSplitCacheByTopFrameOrigin{ - "SplitCacheByTopFrameOrigin", base::FEATURE_DISABLED_BY_DEFAULT}; +const base::Feature kSplitCacheByNetworkIsolationKey{ + "SplitCacheByNetworkIsolationKey", base::FEATURE_DISABLED_BY_DEFAULT}; const base::Feature kPartitionConnectionsByNetworkIsolationKey{ "PartitionConnectionsByNetworkIsolationKey", base::FEATURE_DISABLED_BY_DEFAULT}; +const base::Feature kPartitionSSLSessionsByNetworkIsolationKey{ + "PartitionSSLSessionsByNetworkIsolationKey", + base::FEATURE_DISABLED_BY_DEFAULT}; + const base::Feature kTLS13KeyUpdate{"TLS13KeyUpdate", base::FEATURE_DISABLED_BY_DEFAULT}; @@ -60,5 +50,14 @@ const base::Feature kSameSiteByDefaultCookies{ const base::Feature kCookiesWithoutSameSiteMustBeSecure{ "CookiesWithoutSameSiteMustBeSecure", base::FEATURE_DISABLED_BY_DEFAULT}; +#if BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED) +const base::Feature kCertVerifierBuiltinFeature{ + "CertVerifierBuiltin", base::FEATURE_DISABLED_BY_DEFAULT}; +#endif + +const base::Feature kAppendFrameOriginToNetworkIsolationKey{ + "AppendFrameOriginToNetworkIsolationKey", + base::FEATURE_DISABLED_BY_DEFAULT}; + } // namespace features } // namespace net diff --git a/chromium/net/base/features.h b/chromium/net/base/features.h index 00856023cc4..3e2bd969f1a 100644 --- a/chromium/net/base/features.h +++ b/chromium/net/base/features.h @@ -8,6 +8,7 @@ #include "base/feature_list.h" #include "base/metrics/field_trial_params.h" #include "net/base/net_export.h" +#include "net/net_buildflags.h" namespace net { namespace features { @@ -21,12 +22,6 @@ NET_EXPORT extern const base::Feature kAcceptLanguageHeader; NET_EXPORT extern const base::Feature kCapRefererHeaderLength; NET_EXPORT extern const base::FeatureParam kMaxRefererHeaderLength; -// Uses a site isolated code cache that is keyed on the resource url and the -// origin lock of the renderer that is requesting the resource. The requests -// to site-isolated code cache are handled by the content/GeneratedCodeCache -// When this flag is enabled, the metadata field of the HttpCache is unused. -NET_EXPORT extern const base::Feature kIsolatedCodeCache; - // Enables the additional TLS 1.3 server-random-based downgrade protection // described in https://tools.ietf.org/html/rfc8446#section-4.1.3 // @@ -41,14 +36,23 @@ NET_EXPORT extern const base::Feature kEnableTLS13EarlyData; // quality estimator (NQE). NET_EXPORT extern const base::Feature kNetworkQualityEstimator; -// Splits cache entries by the request's top frame's origin if one is available. -NET_EXPORT extern const base::Feature kSplitCacheByTopFrameOrigin; +// Splits cache entries by the request's network isolation key if one is +// available. +NET_EXPORT extern const base::Feature kSplitCacheByNetworkIsolationKey; // Partitions connections based on the NetworkIsolationKey associated with a // request. NET_EXPORT extern const base::Feature kPartitionConnectionsByNetworkIsolationKey; +// Partitions TLS sessions and QUIC server configs based on the +// NetworkIsolationKey associated with a request. +// +// This feature requires kPartitionConnectionsByNetworkIsolationKey to be +// enabled to work. +NET_EXPORT extern const base::Feature + kPartitionSSLSessionsByNetworkIsolationKey; + // Enables sending TLS 1.3 Key Update messages on TLS 1.3 connections in order // to ensure that this corner of the spec is exercised. This is currently // disabled by default because we discovered incompatibilities with some @@ -74,6 +78,13 @@ NET_EXPORT extern const base::Feature kSameSiteByDefaultCookies; // SameSiteByDefaultCookies is also enabled. NET_EXPORT extern const base::Feature kCookiesWithoutSameSiteMustBeSecure; +#if BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED) +// When enabled, use the builtin cert verifier instead of the platform verifier. +NET_EXPORT extern const base::Feature kCertVerifierBuiltinFeature; +#endif + +NET_EXPORT extern const base::Feature kAppendFrameOriginToNetworkIsolationKey; + } // namespace features } // namespace net diff --git a/chromium/net/base/file_stream_unittest.cc b/chromium/net/base/file_stream_unittest.cc index e9cf586e671..34caefaa6ff 100644 --- a/chromium/net/base/file_stream_unittest.cc +++ b/chromium/net/base/file_stream_unittest.cc @@ -537,7 +537,6 @@ class TestWriteReadCompletionCallback { base::MakeRefCounted(4); rv = stream_->Read(buf.get(), buf->size(), callback.callback()); if (rv == ERR_IO_PENDING) { - base::MessageLoopCurrent::ScopedNestableTaskAllower allow; rv = callback.WaitForResult(); } EXPECT_LE(0, rv); @@ -574,7 +573,6 @@ class TestWriteReadCompletionCallback { EXPECT_THAT(stream_->Seek(0, callback64.callback()), IsError(ERR_IO_PENDING)); { - base::MessageLoopCurrent::ScopedNestableTaskAllower allow; EXPECT_LE(0, callback64.WaitForResult()); } } diff --git a/chromium/net/base/filename_util_internal.cc b/chromium/net/base/filename_util_internal.cc index 46dc33aaaf8..b8ce2e01b35 100644 --- a/chromium/net/base/filename_util_internal.cc +++ b/chromium/net/base/filename_util_internal.cc @@ -55,7 +55,7 @@ base::FilePath::StringType GetCorrectedExtensionUnsafe( // "foo.jpg" to "foo.jpeg". std::vector all_mime_extensions; GetExtensionsForMimeType(mime_type, &all_mime_extensions); - if (base::ContainsValue(all_mime_extensions, extension)) + if (base::Contains(all_mime_extensions, extension)) return extension; // Get the "final" extension. In most cases, this is the same as the @@ -69,7 +69,7 @@ base::FilePath::StringType GetCorrectedExtensionUnsafe( // If there's a double extension, and the second extension is in the // list of valid extensions for the given type, keep the double extension. // This avoids renaming things like "foo.tar.gz" to "foo.gz". - if (base::ContainsValue(all_mime_extensions, final_extension)) + if (base::Contains(all_mime_extensions, final_extension)) return extension; return preferred_mime_extension; } diff --git a/chromium/net/base/logging_network_change_observer.cc b/chromium/net/base/logging_network_change_observer.cc index 5ca13b70189..e408f526c0f 100644 --- a/chromium/net/base/logging_network_change_observer.cc +++ b/chromium/net/base/logging_network_change_observer.cc @@ -38,9 +38,8 @@ int HumanReadableNetworkHandle(NetworkChangeNotifier::NetworkHandle network) { // Return a dictionary of values that provide information about a // network-specific change. This also includes relevant current state // like the default network, and the types of active networks. -base::Value NetworkSpecificNetLogCallback( - NetworkChangeNotifier::NetworkHandle network, - NetLogCaptureMode capture_mode) { +base::Value NetworkSpecificNetLogParams( + NetworkChangeNotifier::NetworkHandle network) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetIntKey("changed_network_handle", HumanReadableNetworkHandle(network)); dict.SetStringKey( @@ -62,6 +61,16 @@ base::Value NetworkSpecificNetLogCallback( return dict; } +void NetLogNetworkSpecific(NetLog* net_log, + NetLogEventType type, + NetworkChangeNotifier::NetworkHandle network) { + if (!net_log) + return; + + net_log->AddGlobalEntry(type, + [&] { return NetworkSpecificNetLogParams(network); }); +} + } // namespace LoggingNetworkChangeObserver::LoggingNetworkChangeObserver(NetLog* net_log) @@ -95,9 +104,9 @@ void LoggingNetworkChangeObserver::OnConnectionTypeChanged( VLOG(1) << "Observed a change to network connectivity state " << type_as_string; - net_log_->AddGlobalEntry( - NetLogEventType::NETWORK_CONNECTIVITY_CHANGED, - NetLog::StringCallback("new_connection_type", &type_as_string)); + net_log_->AddGlobalEntryWithStringParams( + NetLogEventType::NETWORK_CONNECTIVITY_CHANGED, "new_connection_type", + type_as_string); } void LoggingNetworkChangeObserver::OnNetworkChanged( @@ -107,41 +116,40 @@ void LoggingNetworkChangeObserver::OnNetworkChanged( VLOG(1) << "Observed a network change to state " << type_as_string; - net_log_->AddGlobalEntry( - NetLogEventType::NETWORK_CHANGED, - NetLog::StringCallback("new_connection_type", &type_as_string)); + net_log_->AddGlobalEntryWithStringParams( + NetLogEventType::NETWORK_CHANGED, "new_connection_type", type_as_string); } void LoggingNetworkChangeObserver::OnNetworkConnected( NetworkChangeNotifier::NetworkHandle network) { VLOG(1) << "Observed network " << network << " connect"; - net_log_->AddGlobalEntry(NetLogEventType::SPECIFIC_NETWORK_CONNECTED, - base::Bind(&NetworkSpecificNetLogCallback, network)); + NetLogNetworkSpecific(net_log_, NetLogEventType::SPECIFIC_NETWORK_CONNECTED, + network); } void LoggingNetworkChangeObserver::OnNetworkDisconnected( NetworkChangeNotifier::NetworkHandle network) { VLOG(1) << "Observed network " << network << " disconnect"; - net_log_->AddGlobalEntry(NetLogEventType::SPECIFIC_NETWORK_DISCONNECTED, - base::Bind(&NetworkSpecificNetLogCallback, network)); + NetLogNetworkSpecific( + net_log_, NetLogEventType::SPECIFIC_NETWORK_DISCONNECTED, network); } void LoggingNetworkChangeObserver::OnNetworkSoonToDisconnect( NetworkChangeNotifier::NetworkHandle network) { VLOG(1) << "Observed network " << network << " soon to disconnect"; - net_log_->AddGlobalEntry(NetLogEventType::SPECIFIC_NETWORK_SOON_TO_DISCONNECT, - base::Bind(&NetworkSpecificNetLogCallback, network)); + NetLogNetworkSpecific( + net_log_, NetLogEventType::SPECIFIC_NETWORK_SOON_TO_DISCONNECT, network); } void LoggingNetworkChangeObserver::OnNetworkMadeDefault( NetworkChangeNotifier::NetworkHandle network) { VLOG(1) << "Observed network " << network << " made the default network"; - net_log_->AddGlobalEntry(NetLogEventType::SPECIFIC_NETWORK_MADE_DEFAULT, - base::Bind(&NetworkSpecificNetLogCallback, network)); + NetLogNetworkSpecific( + net_log_, NetLogEventType::SPECIFIC_NETWORK_MADE_DEFAULT, network); } } // namespace net diff --git a/chromium/net/base/mime_util.cc b/chromium/net/base/mime_util.cc index a2ff77a7895..09a10df7910 100644 --- a/chromium/net/base/mime_util.cc +++ b/chromium/net/base/mime_util.cc @@ -194,6 +194,7 @@ static const MimeInfo kSecondaryMappings[] = { {"application/x-mpegurl", "m3u8"}, {"application/x-shockwave-flash", "swf,swl"}, {"application/x-tar", "tar"}, + {"application/x-x509-ca-cert", "cer,crt"}, {"application/zip", "zip"}, {"audio/mpeg", "mp3"}, // This is the platform mapping on recent versions of Windows 10. diff --git a/chromium/net/base/mime_util_unittest.cc b/chromium/net/base/mime_util_unittest.cc index 49ce6342a6b..ade41926fd6 100644 --- a/chromium/net/base/mime_util_unittest.cc +++ b/chromium/net/base/mime_util_unittest.cc @@ -37,6 +37,8 @@ TEST(MimeUtilTest, ExtensionTest) { // These are test cases for testing platform mime types on Chrome OS. {FILE_PATH_LITERAL("epub"), "application/epub+zip", true}, {FILE_PATH_LITERAL("apk"), "application/vnd.android.package-archive", true}, + {FILE_PATH_LITERAL("cer"), "application/x-x509-ca-cert", true}, + {FILE_PATH_LITERAL("crt"), "application/x-x509-ca-cert", true}, {FILE_PATH_LITERAL("zip"), "application/zip", true}, {FILE_PATH_LITERAL("ics"), "text/calendar", true}, #endif @@ -328,7 +330,7 @@ TEST(MimeUtilTest, TestGetExtensionsForMimeType) { test.contained_result, test.contained_result + strlen(test.contained_result)); - bool found = base::ContainsValue(extensions, contained_result); + bool found = base::Contains(extensions, contained_result); ASSERT_TRUE(found) << "Must find at least the contained result within " << test.mime_type; diff --git a/chromium/net/base/mock_file_stream.cc b/chromium/net/base/mock_file_stream.cc index 4cff945228c..64104ee200b 100644 --- a/chromium/net/base/mock_file_stream.cc +++ b/chromium/net/base/mock_file_stream.cc @@ -20,9 +20,7 @@ MockFileStream::MockFileStream( : FileStream(task_runner), forced_error_(OK), async_error_(false), - throttled_(false), - weak_factory_(this) { -} + throttled_(false) {} MockFileStream::MockFileStream( base::File file, @@ -30,8 +28,7 @@ MockFileStream::MockFileStream( : FileStream(std::move(file), task_runner), forced_error_(OK), async_error_(false), - throttled_(false), - weak_factory_(this) {} + throttled_(false) {} MockFileStream::~MockFileStream() = default; diff --git a/chromium/net/base/mock_file_stream.h b/chromium/net/base/mock_file_stream.h index 9f1eb98b94a..fba7843256c 100644 --- a/chromium/net/base/mock_file_stream.h +++ b/chromium/net/base/mock_file_stream.h @@ -98,7 +98,7 @@ class MockFileStream : public FileStream { base::OnceClosure throttled_task_; base::FilePath path_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; }; } // namespace testing diff --git a/chromium/net/base/mock_network_change_notifier.cc b/chromium/net/base/mock_network_change_notifier.cc index 65e3f96be43..872f5cf4949 100644 --- a/chromium/net/base/mock_network_change_notifier.cc +++ b/chromium/net/base/mock_network_change_notifier.cc @@ -4,15 +4,28 @@ #include "net/base/mock_network_change_notifier.h" +#include + +#include "base/memory/ptr_util.h" #include "base/run_loop.h" +#include "net/dns/dns_config_service.h" +#include "net/dns/system_dns_config_change_notifier.h" namespace net { namespace test { -MockNetworkChangeNotifier::MockNetworkChangeNotifier() - : force_network_handles_supported_(false), - connection_type_(CONNECTION_UNKNOWN) {} -MockNetworkChangeNotifier::~MockNetworkChangeNotifier() = default; +// static +std::unique_ptr MockNetworkChangeNotifier::Create() { + // Use an empty noop SystemDnsConfigChangeNotifier to disable actual system + // DNS configuration notifications. + return base::WrapUnique(new MockNetworkChangeNotifier( + std::make_unique( + nullptr /* task_runner */, nullptr /* dns_config_service */))); +} + +MockNetworkChangeNotifier::~MockNetworkChangeNotifier() { + StopSystemDnsConfigNotifier(); +} MockNetworkChangeNotifier::ConnectionType MockNetworkChangeNotifier::GetCurrentConnectionType() const { @@ -72,10 +85,18 @@ void MockNetworkChangeNotifier::NotifyNetworkConnected( base::RunLoop().RunUntilIdle(); } +MockNetworkChangeNotifier::MockNetworkChangeNotifier( + std::unique_ptr dns_config_notifier) + : NetworkChangeNotifier(NetworkChangeCalculatorParams(), + dns_config_notifier.get()), + force_network_handles_supported_(false), + connection_type_(CONNECTION_UNKNOWN), + dns_config_notifier_(std::move(dns_config_notifier)) {} + ScopedMockNetworkChangeNotifier::ScopedMockNetworkChangeNotifier() : disable_network_change_notifier_for_tests_( new NetworkChangeNotifier::DisableForTest()), - mock_network_change_notifier_(new MockNetworkChangeNotifier()) {} + mock_network_change_notifier_(MockNetworkChangeNotifier::Create()) {} ScopedMockNetworkChangeNotifier::~ScopedMockNetworkChangeNotifier() = default; diff --git a/chromium/net/base/mock_network_change_notifier.h b/chromium/net/base/mock_network_change_notifier.h index e8d4269dd8c..c047536ea65 100644 --- a/chromium/net/base/mock_network_change_notifier.h +++ b/chromium/net/base/mock_network_change_notifier.h @@ -5,14 +5,19 @@ #ifndef NET_BASE_MOCK_NETWORK_CHANGE_NOTIFIER_H_ #define NET_BASE_MOCK_NETWORK_CHANGE_NOTIFIER_H_ +#include + #include "net/base/network_change_notifier.h" namespace net { + +class SystemDnsConfigChangeNotifier; + namespace test { class MockNetworkChangeNotifier : public NetworkChangeNotifier { public: - MockNetworkChangeNotifier(); + static std::unique_ptr Create(); ~MockNetworkChangeNotifier() override; ConnectionType GetCurrentConnectionType() const override; @@ -47,9 +52,14 @@ class MockNetworkChangeNotifier : public NetworkChangeNotifier { void NotifyNetworkConnected(NetworkChangeNotifier::NetworkHandle network); private: + // Create using MockNetworkChangeNotifier::Create(). + MockNetworkChangeNotifier( + std::unique_ptr dns_config_notifier); + bool force_network_handles_supported_; ConnectionType connection_type_; NetworkChangeNotifier::NetworkList connected_networks_; + std::unique_ptr dns_config_notifier_; }; // Class to replace existing NetworkChangeNotifier singleton with a diff --git a/chromium/net/base/net_error_list.h b/chromium/net/base/net_error_list.h index 9614b3d857d..6fc8c5ea1d2 100644 --- a/chromium/net/base/net_error_list.h +++ b/chromium/net/base/net_error_list.h @@ -309,9 +309,7 @@ NET_ERROR(SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, -150) // Server request for client certificate did not contain any types we support. NET_ERROR(CLIENT_AUTH_CERT_TYPE_UNSUPPORTED, -151) -// Server requested one type of cert, then requested a different type while the -// first was still being generated. -NET_ERROR(ORIGIN_BOUND_CERT_GENERATION_TYPE_MISMATCH, -152) +// Error -152 was removed (ORIGIN_BOUND_CERT_GENERATION_TYPE_MISMATCH) // An SSL peer sent us a fatal decrypt_error alert. This typically occurs when // a peer could not correctly verify a signature (in CertificateVerify or @@ -627,8 +625,8 @@ NET_ERROR(UNRECOGNIZED_FTP_DIRECTORY_LISTING_FORMAT, -334) // There are no supported proxies in the provided list. NET_ERROR(NO_SUPPORTED_PROXIES, -336) -// There is a SPDY protocol error. -NET_ERROR(SPDY_PROTOCOL_ERROR, -337) +// There is an HTTP/2 protocol error. +NET_ERROR(HTTP2_PROTOCOL_ERROR, -337) // Credentials could not be established during HTTP Authentication. NET_ERROR(INVALID_AUTH_CREDENTIALS, -338) @@ -659,9 +657,9 @@ NET_ERROR(RESPONSE_BODY_TOO_BIG_TO_DRAIN, -345) // The HTTP response contained multiple distinct Content-Length headers. NET_ERROR(RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH, -346) -// SPDY Headers have been received, but not all of them - status or version +// HTTP/2 headers have been received, but not all of them - status or version // headers are missing, so we're expecting additional frames to complete them. -NET_ERROR(INCOMPLETE_SPDY_HEADERS, -347) +NET_ERROR(INCOMPLETE_HTTP2_HEADERS, -347) // No PAC URL configuration could be retrieved from DHCP. This can indicate // either a failure to retrieve the DHCP configuration, or that there was no @@ -679,10 +677,10 @@ NET_ERROR(RESPONSE_HEADERS_MULTIPLE_LOCATION, -350) // stream id corresponding to the request indicating that this request has not // been processed yet, or a RST_STREAM frame with error code REFUSED_STREAM. // Client MAY retry (on a different connection). See RFC7540 Section 8.1.4. -NET_ERROR(SPDY_SERVER_REFUSED_STREAM, -351) +NET_ERROR(HTTP2_SERVER_REFUSED_STREAM, -351) -// SPDY server didn't respond to the PING message. -NET_ERROR(SPDY_PING_FAILED, -352) +// HTTP/2 server didn't respond to the PING message. +NET_ERROR(HTTP2_PING_FAILED, -352) // Obsolete. Kept here to avoid reuse, as the old error can still appear on // histograms. @@ -710,17 +708,17 @@ NET_ERROR(QUIC_HANDSHAKE_FAILED, -358) // histograms. // NET_ERROR(REQUEST_FOR_SECURE_RESOURCE_OVER_INSECURE_QUIC, -359) -// Transport security is inadequate for the SPDY version. -NET_ERROR(SPDY_INADEQUATE_TRANSPORT_SECURITY, -360) +// Transport security is inadequate for the HTTP/2 version. +NET_ERROR(HTTP2_INADEQUATE_TRANSPORT_SECURITY, -360) -// The peer violated SPDY flow control. -NET_ERROR(SPDY_FLOW_CONTROL_ERROR, -361) +// The peer violated HTTP/2 flow control. +NET_ERROR(HTTP2_FLOW_CONTROL_ERROR, -361) -// The peer sent an improperly sized SPDY frame. -NET_ERROR(SPDY_FRAME_SIZE_ERROR, -362) +// The peer sent an improperly sized HTTP/2 frame. +NET_ERROR(HTTP2_FRAME_SIZE_ERROR, -362) -// Decoding or encoding of compressed SPDY headers failed. -NET_ERROR(SPDY_COMPRESSION_ERROR, -363) +// Decoding or encoding of compressed HTTP/2 headers failed. +NET_ERROR(HTTP2_COMPRESSION_ERROR, -363) // Proxy Auth Requested without a valid Client Socket Handle. NET_ERROR(PROXY_AUTH_REQUESTED_WITH_NO_CONNECTION, -364) @@ -749,14 +747,14 @@ NET_ERROR(CONTENT_DECODING_INIT_FAILED, -371) // Received HTTP/2 RST_STREAM frame with NO_ERROR error code. This error should // be handled internally by HTTP/2 code, and should not make it above the // SpdyStream layer. -NET_ERROR(SPDY_RST_STREAM_NO_ERROR_RECEIVED, -372) +NET_ERROR(HTTP2_RST_STREAM_NO_ERROR_RECEIVED, -372) // The pushed stream claimed by the request is no longer available. -NET_ERROR(SPDY_PUSHED_STREAM_NOT_AVAILABLE, -373) +NET_ERROR(HTTP2_PUSHED_STREAM_NOT_AVAILABLE, -373) // A pushed stream was claimed and later reset by the server. When this happens, // the request should be retried. -NET_ERROR(SPDY_CLAIMED_PUSHED_STREAM_RESET_BY_SERVER, -374) +NET_ERROR(HTTP2_CLAIMED_PUSHED_STREAM_RESET_BY_SERVER, -374) // An HTTP transaction was retried too many times due for authentication or // invalid certificates. This may be due to a bug in the net stack that would @@ -765,14 +763,14 @@ NET_ERROR(SPDY_CLAIMED_PUSHED_STREAM_RESET_BY_SERVER, -374) NET_ERROR(TOO_MANY_RETRIES, -375) // Received an HTTP/2 frame on a closed stream. -NET_ERROR(SPDY_STREAM_CLOSED, -376) +NET_ERROR(HTTP2_STREAM_CLOSED, -376) // Client is refusing an HTTP/2 stream. -NET_ERROR(SPDY_CLIENT_REFUSED_STREAM, -377) +NET_ERROR(HTTP2_CLIENT_REFUSED_STREAM, -377) // A pushed HTTP/2 stream was claimed by a request based on matching URL and // request headers, but the pushed response headers do not match the request. -NET_ERROR(SPDY_PUSHED_RESPONSE_DOES_NOT_MATCH, -378) +NET_ERROR(HTTP2_PUSHED_RESPONSE_DOES_NOT_MATCH, -378) // The cache does not have the requested entry. NET_ERROR(CACHE_MISS, -400) diff --git a/chromium/net/base/net_string_util_icu_alternatives_android.cc b/chromium/net/base/net_string_util_icu_alternatives_android.cc index 222312e18f5..fad7f451270 100644 --- a/chromium/net/base/net_string_util_icu_alternatives_android.cc +++ b/chromium/net/base/net_string_util_icu_alternatives_android.cc @@ -6,8 +6,8 @@ #include "base/android/jni_string.h" #include "base/strings/string16.h" #include "base/strings/string_piece.h" -#include "jni/NetStringUtil_jni.h" #include "net/base/net_string_util.h" +#include "net/net_jni_headers/NetStringUtil_jni.h" using base::android::ScopedJavaLocalRef; diff --git a/chromium/net/base/network_change_notifier.cc b/chromium/net/base/network_change_notifier.cc index 48fb8504ff5..dd6a55f1b57 100644 --- a/chromium/net/base/network_change_notifier.cc +++ b/chromium/net/base/network_change_notifier.cc @@ -5,10 +5,15 @@ #include "net/base/network_change_notifier.h" #include +#include #include +#include #include "base/macros.h" #include "base/memory/ref_counted.h" +#include "base/no_destructor.h" +#include "base/optional.h" +#include "base/sequence_checker.h" #include "base/stl_util.h" #include "base/strings/string_util.h" #include "base/synchronization/lock.h" @@ -19,6 +24,8 @@ #include "net/base/network_interfaces.h" #include "net/base/url_util.h" #include "net/dns/dns_config.h" +#include "net/dns/dns_config_service.h" +#include "net/dns/system_dns_config_change_notifier.h" #include "net/url_request/url_request.h" #include "url/gurl.h" @@ -49,22 +56,27 @@ NetworkChangeNotifierFactory* g_network_change_notifier_factory = nullptr; class MockNetworkChangeNotifier : public NetworkChangeNotifier { public: + MockNetworkChangeNotifier( + std::unique_ptr dns_config_notifier) + : NetworkChangeNotifier(NetworkChangeCalculatorParams(), + dns_config_notifier.get()), + dns_config_notifier_(std::move(dns_config_notifier)) {} + + ~MockNetworkChangeNotifier() override { StopSystemDnsConfigNotifier(); } + ConnectionType GetCurrentConnectionType() const override { return CONNECTION_UNKNOWN; } -}; -} // namespace - -// static -bool NetworkChangeNotifier::test_notifications_only_ = false; -// static -const NetworkChangeNotifier::NetworkHandle - NetworkChangeNotifier::kInvalidNetworkHandle = -1; + private: + std::unique_ptr dns_config_notifier_; +}; // NetworkState is thread safe. -class NetworkChangeNotifier::NetworkState - : public base::RefCountedThreadSafe { +// +// TODO(crbug.com/971411): Remove once HostResolverManager converted to directly +// use SystemDnsConfigChangeNotifier. +class NetworkState : public base::RefCountedThreadSafe { public: NetworkState() = default; @@ -95,6 +107,14 @@ class NetworkChangeNotifier::NetworkState bool set_ = false; }; +} // namespace + +// static +bool NetworkChangeNotifier::test_notifications_only_ = false; +// static +const NetworkChangeNotifier::NetworkHandle + NetworkChangeNotifier::kInvalidNetworkHandle = -1; + NetworkChangeNotifier::NetworkChangeCalculatorParams:: NetworkChangeCalculatorParams() = default; @@ -177,6 +197,43 @@ class NetworkChangeNotifier::NetworkChangeCalculator DISALLOW_COPY_AND_ASSIGN(NetworkChangeCalculator); }; +class NetworkChangeNotifier::SystemDnsConfigObserver + : public SystemDnsConfigChangeNotifier::Observer { + public: + virtual ~SystemDnsConfigObserver() = default; + + void OnSystemDnsConfigChanged(base::Optional config) override { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + + bool was_set = network_state_->SetDnsConfig(config.value_or(DnsConfig())); + DCHECK_EQ(initial_config_received_, was_set); + + if (initial_config_received_) { + NotifyObserversOfDNSChange(); + } else { + initial_config_received_ = true; + NotifyObserversOfInitialDNSConfigRead(); + } + } + + scoped_refptr network_state() { return network_state_; } + + void ClearDnsConfigForTesting() { + initial_config_received_ = false; + network_state_->ClearDnsConfigForTesting(); + } + + private: + bool initial_config_received_ = false; + + // TODO(crbug.com/971411): Remove once HostResolverManager converted to + // directly use SystemDnsConfigChangeNotifier. + scoped_refptr network_state_ = + base::MakeRefCounted(); + + SEQUENCE_CHECKER(sequence_checker_); +}; + void NetworkChangeNotifier::ClearGlobalPointer() { if (!cleared_global_pointer_) { cleared_global_pointer_ = true; @@ -188,6 +245,7 @@ void NetworkChangeNotifier::ClearGlobalPointer() { NetworkChangeNotifier::~NetworkChangeNotifier() { network_change_calculator_.reset(); ClearGlobalPointer(); + StopSystemDnsConfigNotifier(); } // static @@ -203,13 +261,13 @@ void NetworkChangeNotifier::SetFactory( } // static -NetworkChangeNotifier* NetworkChangeNotifier::Create() { +std::unique_ptr NetworkChangeNotifier::Create() { if (g_network_change_notifier_factory) return g_network_change_notifier_factory->CreateInstance(); #if defined(OS_WIN) - NetworkChangeNotifierWin* network_change_notifier = - new NetworkChangeNotifierWin(); + std::unique_ptr network_change_notifier = + std::make_unique(); network_change_notifier->WatchForAddressChange(); return network_change_notifier; #elif defined(OS_ANDROID) @@ -217,13 +275,16 @@ NetworkChangeNotifier* NetworkChangeNotifier::Create() { CHECK(false); return NULL; #elif defined(OS_CHROMEOS) - return new NetworkChangeNotifierPosix(CONNECTION_NONE, SUBTYPE_NONE); + return std::make_unique(CONNECTION_NONE, + SUBTYPE_NONE); #elif defined(OS_LINUX) - return new NetworkChangeNotifierLinux(std::unordered_set()); + return std::make_unique( + std::unordered_set()); #elif defined(OS_MACOSX) - return new NetworkChangeNotifierMac(); + return std::make_unique(); #elif defined(OS_FUCHSIA) - return new NetworkChangeNotifierFuchsia(0 /* required_features */); + return std::make_unique( + 0 /* required_features */); #else NOTIMPLEMENTED(); return NULL; @@ -383,8 +444,8 @@ void NetworkChangeNotifier::GetDnsConfig(DnsConfig* config) { if (!g_network_change_notifier) { *config = DnsConfig(); } else { - scoped_refptr network_state = - g_network_change_notifier->network_state_; + scoped_refptr network_state = + g_network_change_notifier->system_dns_config_observer_->network_state(); network_state->GetDnsConfig(config); } } @@ -491,8 +552,12 @@ NetworkChangeNotifier::ConnectionTypeFromInterfaceList( } // static -NetworkChangeNotifier* NetworkChangeNotifier::CreateMock() { - return new MockNetworkChangeNotifier(); +std::unique_ptr NetworkChangeNotifier::CreateMock() { + // Use an empty noop SystemDnsConfigChangeNotifier to disable actual system + // DNS configuration notifications. + return std::make_unique( + std::make_unique( + nullptr /* task_runner */, nullptr /* dns_config_service */)); } NetworkChangeNotifier::IPAddressObserver::IPAddressObserver() = default; @@ -664,7 +729,8 @@ void NetworkChangeNotifier::SetTestNotificationsOnly(bool test_only) { NetworkChangeNotifier::NetworkChangeNotifier( const NetworkChangeCalculatorParams& params - /*= NetworkChangeCalculatorParams()*/) + /*= NetworkChangeCalculatorParams()*/, + SystemDnsConfigChangeNotifier* system_dns_config_notifier /*= nullptr */) : ip_address_observer_list_( new base::ObserverListThreadSafe( base::ObserverListPolicy::EXISTING_ONLY)), @@ -682,11 +748,19 @@ NetworkChangeNotifier::NetworkChangeNotifier( base::ObserverListPolicy::EXISTING_ONLY)), network_observer_list_(new base::ObserverListThreadSafe( base::ObserverListPolicy::EXISTING_ONLY)), - network_state_(new NetworkState()), + system_dns_config_notifier_(system_dns_config_notifier), + system_dns_config_observer_(std::make_unique()), network_change_calculator_(new NetworkChangeCalculator(params)) { + if (!system_dns_config_notifier_) { + static base::NoDestructor singleton{}; + system_dns_config_notifier_ = singleton.get(); + } + DCHECK(!g_network_change_notifier); g_network_change_notifier = this; network_change_calculator_->Init(); + + system_dns_config_notifier_->AddObserver(system_dns_config_observer_.get()); } #if defined(OS_LINUX) @@ -799,24 +873,29 @@ void NetworkChangeNotifier::NotifyObserversOfSpecificNetworkChange( } // static -void NetworkChangeNotifier::SetDnsConfig(const DnsConfig& config) { - if (!g_network_change_notifier) - return; - scoped_refptr network_state = - g_network_change_notifier->network_state_; - if (network_state->SetDnsConfig(config)) { - NotifyObserversOfDNSChange(); - } else { - NotifyObserversOfInitialDNSConfigRead(); +void NetworkChangeNotifier::SetDnsConfigForTesting(const DnsConfig& config) { + if (g_network_change_notifier) { + g_network_change_notifier->system_dns_config_observer_ + ->OnSystemDnsConfigChanged(config); } } +// static void NetworkChangeNotifier::ClearDnsConfigForTesting() { if (!g_network_change_notifier) return; - scoped_refptr network_state = - g_network_change_notifier->network_state_; - network_state->ClearDnsConfigForTesting(); + g_network_change_notifier->system_dns_config_observer_ + ->ClearDnsConfigForTesting(); +} + +void NetworkChangeNotifier::StopSystemDnsConfigNotifier() { + if (!system_dns_config_notifier_) + return; + + system_dns_config_notifier_->RemoveObserver( + system_dns_config_observer_.get()); + system_dns_config_observer_ = nullptr; + system_dns_config_notifier_ = nullptr; } void NetworkChangeNotifier::NotifyObserversOfIPAddressChangeImpl() { diff --git a/chromium/net/base/network_change_notifier.h b/chromium/net/base/network_change_notifier.h index 9cf4f6f240b..e6d06cf0dcd 100644 --- a/chromium/net/base/network_change_notifier.h +++ b/chromium/net/base/network_change_notifier.h @@ -21,6 +21,7 @@ namespace net { struct DnsConfig; class NetworkChangeNotifierFactory; struct NetworkInterface; +class SystemDnsConfigChangeNotifier; typedef std::vector NetworkInterfaceList; #if defined(OS_LINUX) @@ -293,7 +294,7 @@ class NET_EXPORT NetworkChangeNotifier { // monitored), but if you do create it, you must do so before any other // threads try to access the API below, and it must outlive all other threads // which might try to use it. - static NetworkChangeNotifier* Create(); + static std::unique_ptr Create(); // Returns whether the process-wide, platform-specific NetworkChangeNotifier // has been created. @@ -369,6 +370,9 @@ class NET_EXPORT NetworkChangeNotifier { // Retrieve the last read DnsConfig. This could be expensive if the system has // a large HOSTS file. + // + // TODO(crbug.com/971411): Remove once HostResolverManager converted to + // directly use SystemDnsConfigChangeNotifier. static void GetDnsConfig(DnsConfig* config); #if defined(OS_LINUX) @@ -402,7 +406,7 @@ class NET_EXPORT NetworkChangeNotifier { // Like Create(), but for use in tests. The mock object doesn't monitor any // events, it merely rebroadcasts notifications when requested. - static NetworkChangeNotifier* CreateMock(); + static std::unique_ptr CreateMock(); // Registers |observer| to receive notifications of network changes. The // thread on which this is called is the thread on which |observer| will be @@ -509,9 +513,12 @@ class NET_EXPORT NetworkChangeNotifier { base::TimeDelta connection_type_online_delay_; }; - explicit NetworkChangeNotifier( + // If |system_dns_config_notifier| is null (the default), a shared singleton + // will be used that will be leaked on shutdown. + NetworkChangeNotifier( const NetworkChangeCalculatorParams& params = - NetworkChangeCalculatorParams()); + NetworkChangeCalculatorParams(), + SystemDnsConfigChangeNotifier* system_dns_config_notifier = nullptr); #if defined(OS_LINUX) // Returns the AddressTrackerLinux if present. @@ -550,7 +557,7 @@ class NET_EXPORT NetworkChangeNotifier { // Stores |config| in NetworkState and notifies observers. The first // notification will be OnInitialDNSConfigRead, and after that OnDNSChanged. - static void SetDnsConfig(const DnsConfig& config); + static void SetDnsConfigForTesting(const DnsConfig& config); // Clears previous DnsConfig, if any, to simulate the first one being set. static void ClearDnsConfigForTesting(); @@ -559,6 +566,14 @@ class NET_EXPORT NetworkChangeNotifier { // have the same type, return it, otherwise return CONNECTION_UNKNOWN. static ConnectionType ConnectionTypeFromInterfaces(); + SystemDnsConfigChangeNotifier* system_dns_config_notifier() { + DCHECK(system_dns_config_notifier_); + return system_dns_config_notifier_; + } + // Unregisters and clears |system_dns_config_notifier_|. Useful if a subclass + // owns the notifier and is destroying it before |this|'s destructor is called + void StopSystemDnsConfigNotifier(); + // Clears the global NetworkChangeNotifier pointer. This should be called // as early as possible in the destructor to prevent races. void ClearGlobalPointer(); @@ -569,8 +584,8 @@ class NET_EXPORT NetworkChangeNotifier { friend class NetworkChangeNotifierLinuxTest; friend class NetworkChangeNotifierWinTest; - class NetworkState; class NetworkChangeCalculator; + class SystemDnsConfigObserver; void NotifyObserversOfIPAddressChangeImpl(); void NotifyObserversOfConnectionTypeChangeImpl(ConnectionType type); @@ -595,8 +610,8 @@ class NET_EXPORT NetworkChangeNotifier { const scoped_refptr> network_observer_list_; - // The current network state. Hosts DnsConfig, exposed via GetDnsConfig. - scoped_refptr network_state_; + SystemDnsConfigChangeNotifier* system_dns_config_notifier_; + std::unique_ptr system_dns_config_observer_; // Computes NetworkChange signal from IPAddress and ConnectionType signals. std::unique_ptr network_change_calculator_; diff --git a/chromium/net/base/network_change_notifier_factory.h b/chromium/net/base/network_change_notifier_factory.h index 88cc15ab44d..203e9972528 100644 --- a/chromium/net/base/network_change_notifier_factory.h +++ b/chromium/net/base/network_change_notifier_factory.h @@ -5,6 +5,8 @@ #ifndef NET_BASE_NETWORK_CHANGE_NOTIFIER_FACTORY_H_ #define NET_BASE_NETWORK_CHANGE_NOTIFIER_FACTORY_H_ +#include + #include "net/base/net_export.h" namespace net { @@ -16,7 +18,7 @@ class NET_EXPORT NetworkChangeNotifierFactory { public: NetworkChangeNotifierFactory() {} virtual ~NetworkChangeNotifierFactory() {} - virtual NetworkChangeNotifier* CreateInstance() = 0; + virtual std::unique_ptr CreateInstance() = 0; }; } // namespace net diff --git a/chromium/net/base/network_change_notifier_fuchsia.cc b/chromium/net/base/network_change_notifier_fuchsia.cc index f3d48538629..ddeae7d0e3a 100644 --- a/chromium/net/base/network_change_notifier_fuchsia.cc +++ b/chromium/net/base/network_change_notifier_fuchsia.cc @@ -28,14 +28,18 @@ NetworkChangeNotifierFuchsia::NetworkChangeNotifierFuchsia( NetworkChangeNotifierFuchsia::NetworkChangeNotifierFuchsia( fuchsia::netstack::NetstackPtr netstack, - uint32_t required_features) - : required_features_(required_features) { + uint32_t required_features, + SystemDnsConfigChangeNotifier* system_dns_config_notifier) + : NetworkChangeNotifier(NetworkChangeCalculatorParams(), + system_dns_config_notifier), + required_features_(required_features) { DCHECK(netstack); // Temporarily re-wrap our Netstack channel so we can query the interfaces // and routing table synchronously to populate the initial state. fuchsia::netstack::NetstackSyncPtr sync_netstack; sync_netstack.Bind(netstack.Unbind()); + DCHECK(sync_netstack); // Manually fetch the interfaces and routes. std::vector interfaces; @@ -48,6 +52,7 @@ NetworkChangeNotifierFuchsia::NetworkChangeNotifierFuchsia( // Re-wrap Netstack back into an asynchronous pointer. netstack_.Bind(sync_netstack.Unbind()); + DCHECK(netstack_); netstack_.set_error_handler([](zx_status_t status) { // TODO(https://crbug.com/901092): Unit tests that use NetworkService are // crashing because NetworkService does not clean up properly, and the diff --git a/chromium/net/base/network_change_notifier_fuchsia.h b/chromium/net/base/network_change_notifier_fuchsia.h index acee7d48f14..7fddead7682 100644 --- a/chromium/net/base/network_change_notifier_fuchsia.h +++ b/chromium/net/base/network_change_notifier_fuchsia.h @@ -36,8 +36,10 @@ class NET_EXPORT_PRIVATE NetworkChangeNotifierFuchsia // For testing purposes. Receives a |netstack| pointer for easy mocking. // Interfaces can be filtered out by passing in |required_features|, which is // defined in fuchsia::hardware::ethernet. - NetworkChangeNotifierFuchsia(fuchsia::netstack::NetstackPtr netstack, - uint32_t required_features); + NetworkChangeNotifierFuchsia( + fuchsia::netstack::NetstackPtr netstack, + uint32_t required_features, + SystemDnsConfigChangeNotifier* system_dns_config_notifier = nullptr); // Forwards the network interface list along with the result of // GetRouteTable() to OnRouteTableReceived(). diff --git a/chromium/net/base/network_change_notifier_fuchsia_unittest.cc b/chromium/net/base/network_change_notifier_fuchsia_unittest.cc index b301f08d878..cd339bf8d10 100644 --- a/chromium/net/base/network_change_notifier_fuchsia_unittest.cc +++ b/chromium/net/base/network_change_notifier_fuchsia_unittest.cc @@ -16,6 +16,8 @@ #include "base/threading/sequence_bound.h" #include "base/threading/thread.h" #include "net/base/ip_address.h" +#include "net/dns/dns_config_service.h" +#include "net/dns/system_dns_config_change_notifier.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" @@ -234,8 +236,12 @@ class NetworkChangeNotifierFuchsiaTest : public testing::Test { // notifier queries it. netstack_.Synchronize(); - notifier_.reset(new NetworkChangeNotifierFuchsia(std::move(netstack_ptr_), - required_features)); + // Use a noop DNS notifier. + dns_config_notifier_ = std::make_unique( + nullptr /* task_runner */, nullptr /* dns_config_service */); + notifier_.reset(new NetworkChangeNotifierFuchsia( + std::move(netstack_ptr_), required_features, + dns_config_notifier_.get())); NetworkChangeNotifier::AddConnectionTypeObserver(&observer_); NetworkChangeNotifier::AddIPAddressObserver(&ip_observer_); @@ -260,6 +266,7 @@ class NetworkChangeNotifierFuchsiaTest : public testing::Test { // Allows us to allocate our own NetworkChangeNotifier for unit testing. NetworkChangeNotifier::DisableForTest disable_for_test_; + std::unique_ptr dns_config_notifier_; std::unique_ptr notifier_; testing::InSequence seq_; diff --git a/chromium/net/base/network_change_notifier_linux.cc b/chromium/net/base/network_change_notifier_linux.cc index 682395d63da..6dc7d2c6ba9 100644 --- a/chromium/net/base/network_change_notifier_linux.cc +++ b/chromium/net/base/network_change_notifier_linux.cc @@ -40,7 +40,6 @@ class NetworkChangeNotifierLinux::BlockingThreadObjects { private: void OnIPAddressChanged(); void OnLinkChanged(); - internal::DnsConfigServicePosix dns_config_service_; // Used to detect online/offline state and IP address changes. internal::AddressTrackerLinux address_tracker_; NetworkChangeNotifier::ConnectionType last_type_; @@ -64,8 +63,6 @@ NetworkChangeNotifierLinux::BlockingThreadObjects::BlockingThreadObjects( void NetworkChangeNotifierLinux::BlockingThreadObjects::Init() { address_tracker_.Init(); last_type_ = GetCurrentConnectionType(); - dns_config_service_.WatchConfig( - base::Bind(&NetworkChangeNotifier::SetDnsConfig)); } void NetworkChangeNotifierLinux::BlockingThreadObjects::OnIPAddressChanged() { diff --git a/chromium/net/base/network_change_notifier_linux.h b/chromium/net/base/network_change_notifier_linux.h index fa14f307587..8c4c3255924 100644 --- a/chromium/net/base/network_change_notifier_linux.h +++ b/chromium/net/base/network_change_notifier_linux.h @@ -33,10 +33,11 @@ class NET_EXPORT_PRIVATE NetworkChangeNotifierLinux explicit NetworkChangeNotifierLinux( const std::unordered_set& ignored_interfaces); + ~NetworkChangeNotifierLinux() override; + private: class BlockingThreadObjects; - ~NetworkChangeNotifierLinux() override; static NetworkChangeCalculatorParams NetworkChangeCalculatorParamsLinux(); // NetworkChangeNotifier: diff --git a/chromium/net/base/network_change_notifier_mac.cc b/chromium/net/base/network_change_notifier_mac.cc index 76ad20fd8c1..c082e84822e 100644 --- a/chromium/net/base/network_change_notifier_mac.cc +++ b/chromium/net/base/network_change_notifier_mac.cc @@ -28,28 +28,7 @@ NetworkChangeNotifierMac::NetworkChangeNotifierMac() connection_type_(CONNECTION_UNKNOWN), connection_type_initialized_(false), initial_connection_type_cv_(&connection_type_lock_), - forwarder_(this) -#if !defined(OS_IOS) - , - dns_config_service_runner_( - base::CreateSequencedTaskRunnerWithTraits({base::MayBlock()})), - dns_config_service_( - DnsConfigService::CreateSystemService().release(), - // Ensure DnsConfigService lives on |dns_config_service_runner_| - // to prevent races where NetworkChangeNotifierPosix outlives - // ScopedTaskEnvironment. https://crbug.com/938126 - base::OnTaskRunnerDeleter(dns_config_service_runner_)) { - // DnsConfigService on iOS doesn't watch the config so its result can become - // inaccurate at any time. Disable it to prevent promulgation of inaccurate - // DnsConfigs. - dns_config_service_runner_->PostTask( - FROM_HERE, base::BindOnce(&DnsConfigService::WatchConfig, - base::Unretained(dns_config_service_.get()), - base::BindRepeating( - &NetworkChangeNotifier::SetDnsConfig))); -#else -{ -#endif // defined(OS_IOS) + forwarder_(this) { // Must be initialized after the rest of this object, as it may call back into // SetInitialConnectionType(). config_watcher_ = std::make_unique(&forwarder_); diff --git a/chromium/net/base/network_change_notifier_mac.h b/chromium/net/base/network_change_notifier_mac.h index 4037534350d..516264d27d5 100644 --- a/chromium/net/base/network_change_notifier_mac.h +++ b/chromium/net/base/network_change_notifier_mac.h @@ -19,15 +19,8 @@ #include "net/base/network_change_notifier.h" #include "net/base/network_config_watcher_mac.h" -namespace base { -class SequencedTaskRunner; -struct OnTaskRunnerDeleter; -} // namespace base - namespace net { -class DnsConfigService; - class NetworkChangeNotifierMac: public NetworkChangeNotifier { public: NetworkChangeNotifierMac(); @@ -83,14 +76,6 @@ class NetworkChangeNotifierMac: public NetworkChangeNotifier { Forwarder forwarder_; std::unique_ptr config_watcher_; -#if !defined(OS_IOS) - // |dns_config_service_| will live on this runner. - scoped_refptr dns_config_service_runner_; - // DnsConfigService that lives on |dns_config_service_runner_|. - std::unique_ptr - dns_config_service_; -#endif - DISALLOW_COPY_AND_ASSIGN(NetworkChangeNotifierMac); }; diff --git a/chromium/net/base/network_change_notifier_posix.cc b/chromium/net/base/network_change_notifier_posix.cc index adb09dc4cd5..c5aa68d40ac 100644 --- a/chromium/net/base/network_change_notifier_posix.cc +++ b/chromium/net/base/network_change_notifier_posix.cc @@ -3,14 +3,15 @@ // found in the LICENSE file. #include +#include #include "base/bind.h" -#include "base/sequenced_task_runner.h" #include "base/task/post_task.h" #include "base/task/task_traits.h" #include "build/build_config.h" #include "net/base/network_change_notifier_posix.h" #include "net/dns/dns_config_service_posix.h" +#include "net/dns/system_dns_config_change_notifier.h" #if defined(OS_ANDROID) #include "net/android/network_change_notifier_android.h" @@ -18,65 +19,21 @@ namespace net { -// DNS config services on Chrome OS and Android are signalled by the network -// state handler rather than relying on watching files in /etc. -class NetworkChangeNotifierPosix::DnsConfigService - : public net::internal::DnsConfigServicePosix { - public: - DnsConfigService() = default; - ~DnsConfigService() override = default; - - // net::internal::DnsConfigService() overrides. - bool StartWatching() override { - CreateReaders(); - // DNS config changes are handled and notified by the network - // state handlers. - return true; - } - - void OnNetworkChange() { - InvalidateConfig(); - InvalidateHosts(); - ReadNow(); - } -}; - NetworkChangeNotifierPosix::NetworkChangeNotifierPosix( NetworkChangeNotifier::ConnectionType initial_connection_type, NetworkChangeNotifier::ConnectionSubtype initial_connection_subtype) : NetworkChangeNotifier(NetworkChangeCalculatorParamsPosix()), - dns_config_service_runner_( - base::CreateSequencedTaskRunnerWithTraits({base::MayBlock()})), - dns_config_service_( - new DnsConfigService(), - // Ensure DnsConfigService lives on |dns_config_service_runner_| - // to prevent races where NetworkChangeNotifierPosix outlives - // ScopedTaskEnvironment. https://crbug.com/938126 - base::OnTaskRunnerDeleter(dns_config_service_runner_)), connection_type_(initial_connection_type), max_bandwidth_mbps_( NetworkChangeNotifier::GetMaxBandwidthMbpsForConnectionSubtype( - initial_connection_subtype)) { - dns_config_service_runner_->PostTask( - FROM_HERE, - base::BindOnce( - &NetworkChangeNotifierPosix::DnsConfigService::WatchConfig, - base::Unretained(dns_config_service_.get()), - base::BindRepeating(&NetworkChangeNotifier::SetDnsConfig))); - OnDNSChanged(); -} + initial_connection_subtype)) {} NetworkChangeNotifierPosix::~NetworkChangeNotifierPosix() { ClearGlobalPointer(); } void NetworkChangeNotifierPosix::OnDNSChanged() { - DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); - dns_config_service_runner_->PostTask( - FROM_HERE, - base::BindOnce( - &NetworkChangeNotifierPosix::DnsConfigService::OnNetworkChange, - base::Unretained(dns_config_service_.get()))); + system_dns_config_notifier()->RefreshConfig(); } void NetworkChangeNotifierPosix::OnIPAddressChanged() { diff --git a/chromium/net/base/network_change_notifier_posix.h b/chromium/net/base/network_change_notifier_posix.h index eefd15f2c58..76171243881 100644 --- a/chromium/net/base/network_change_notifier_posix.h +++ b/chromium/net/base/network_change_notifier_posix.h @@ -18,11 +18,6 @@ #include "net/base/net_export.h" #include "net/base/network_change_notifier.h" -namespace base { -class SequencedTaskRunner; -struct OnTaskRunnerDeleter; -} // namespace base - namespace net { // A NetworkChangeNotifier that needs to be told about network changes by some @@ -57,14 +52,6 @@ class NET_EXPORT NetworkChangeNotifierPosix : public NetworkChangeNotifier { private: friend class NetworkChangeNotifierPosixTest; - class DnsConfigService; - - // |dns_config_service_| will live on this runner. - scoped_refptr dns_config_service_runner_; - // DnsConfigService that lives on |dns_config_service_runner_|. - std::unique_ptr - dns_config_service_; - // Calculates parameters used for network change notifier online/offline // signals. static NetworkChangeNotifier::NetworkChangeCalculatorParams diff --git a/chromium/net/base/network_change_notifier_posix_unittest.cc b/chromium/net/base/network_change_notifier_posix_unittest.cc index c540877f651..682fb2e00d0 100644 --- a/chromium/net/base/network_change_notifier_posix_unittest.cc +++ b/chromium/net/base/network_change_notifier_posix_unittest.cc @@ -4,8 +4,12 @@ #include "net/base/network_change_notifier_posix.h" +#include + #include "base/test/scoped_task_environment.h" #include "net/base/network_change_notifier.h" +#include "net/dns/system_dns_config_change_notifier.h" +#include "net/dns/test_dns_config_service.h" #include "testing/gmock/include/gmock/gmock.h" namespace net { @@ -14,21 +18,28 @@ class NetworkChangeNotifierPosixTest : public testing::Test { public: NetworkChangeNotifierPosixTest() : scoped_task_environment_( - base::test::ScopedTaskEnvironment::MainThreadType::MOCK_TIME), + base::test::ScopedTaskEnvironment::TimeSource::MOCK_TIME), notifier_(new NetworkChangeNotifierPosix( NetworkChangeNotifier::CONNECTION_UNKNOWN, - NetworkChangeNotifier::SUBTYPE_UNKNOWN)) {} + NetworkChangeNotifier::SUBTYPE_UNKNOWN)) { + auto dns_config_service = std::make_unique(); + dns_config_service_ = dns_config_service.get(); + notifier_->system_dns_config_notifier()->SetDnsConfigServiceForTesting( + std::move(dns_config_service)); + } void FastForwardUntilIdle() { scoped_task_environment_.FastForwardUntilNoTasksRemain(); } NetworkChangeNotifierPosix* notifier() { return notifier_.get(); } + TestDnsConfigService* dns_config_service() { return dns_config_service_; } private: base::test::ScopedTaskEnvironment scoped_task_environment_; net::NetworkChangeNotifier::DisableForTest mock_notifier_disabler_; std::unique_ptr notifier_; + TestDnsConfigService* dns_config_service_; }; class MockIPAddressObserver : public NetworkChangeNotifier::IPAddressObserver { @@ -86,4 +97,17 @@ TEST_F(NetworkChangeNotifierPosixTest, OnMaxBandwidthChanged) { NetworkChangeNotifier::RemoveMaxBandwidthObserver(&observer); } +TEST_F(NetworkChangeNotifierPosixTest, OnDNSChanged) { + DnsConfig expected_config; + expected_config.nameservers = {IPEndPoint(IPAddress(1, 2, 3, 4), 233)}; + dns_config_service()->SetConfigForRefresh(expected_config); + + notifier()->OnDNSChanged(); + FastForwardUntilIdle(); + + DnsConfig actual_config; + NetworkChangeNotifier::GetDnsConfig(&actual_config); + EXPECT_EQ(expected_config, actual_config); +} + } // namespace net diff --git a/chromium/net/base/network_change_notifier_win.cc b/chromium/net/base/network_change_notifier_win.cc index 44336d60c12..e39014bd214 100644 --- a/chromium/net/base/network_change_notifier_win.cc +++ b/chromium/net/base/network_change_notifier_win.cc @@ -7,6 +7,8 @@ #include #include +#include + #include "base/bind.h" #include "base/location.h" #include "base/logging.h" @@ -22,7 +24,6 @@ #include "base/time/time.h" #include "net/base/winsock_init.h" #include "net/base/winsock_util.h" -#include "net/dns/dns_config_service.h" namespace net { @@ -37,14 +38,8 @@ NetworkChangeNotifierWin::NetworkChangeNotifierWin() : NetworkChangeNotifier(NetworkChangeCalculatorParamsWin()), is_watching_(false), sequential_failures_(0), - dns_config_service_runner_( + blocking_task_runner_( base::CreateSequencedTaskRunnerWithTraits({base::MayBlock()})), - dns_config_service_( - DnsConfigService::CreateSystemService().release(), - // Ensure DnsConfigService lives on |dns_config_service_runner_| - // to prevent races where NetworkChangeNotifierWin outlives - // ScopedTaskEnvironment. https://crbug.com/938126 - base::OnTaskRunnerDeleter(dns_config_service_runner_)), last_computed_connection_type_(RecomputeCurrentConnectionType()), last_announced_offline_(last_computed_connection_type_ == CONNECTION_NONE), @@ -194,12 +189,12 @@ NetworkChangeNotifierWin::RecomputeCurrentConnectionType() const { : NetworkChangeNotifier::CONNECTION_NONE; } -void NetworkChangeNotifierWin::RecomputeCurrentConnectionTypeOnDnsSequence( +void NetworkChangeNotifierWin::RecomputeCurrentConnectionTypeOnBlockingSequence( base::OnceCallback reply_callback) const { // Unretained is safe in this call because this object owns the thread and the // thread is stopped in this object's destructor. base::PostTaskAndReplyWithResult( - dns_config_service_runner_.get(), FROM_HERE, + blocking_task_runner_.get(), FROM_HERE, base::BindOnce(&NetworkChangeNotifierWin::RecomputeCurrentConnectionType, base::Unretained(this)), std::move(reply_callback)); @@ -225,7 +220,7 @@ void NetworkChangeNotifierWin::OnObjectSignaled(HANDLE object) { // Start watching for the next address change. WatchForAddressChange(); - RecomputeCurrentConnectionTypeOnDnsSequence(base::BindOnce( + RecomputeCurrentConnectionTypeOnBlockingSequence(base::BindOnce( &NetworkChangeNotifierWin::NotifyObservers, weak_factory_.GetWeakPtr())); } @@ -277,7 +272,7 @@ void NetworkChangeNotifierWin::WatchForAddressChange() { // network change event, since network changes were not being observed in // that interval. if (sequential_failures_ > 0) { - RecomputeCurrentConnectionTypeOnDnsSequence( + RecomputeCurrentConnectionTypeOnBlockingSequence( base::Bind(&NetworkChangeNotifierWin::NotifyObservers, weak_factory_.GetWeakPtr())); } @@ -294,15 +289,6 @@ void NetworkChangeNotifierWin::WatchForAddressChange() { bool NetworkChangeNotifierWin::WatchForAddressChangeInternal() { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); - if (!posted_watch_config_) { - posted_watch_config_ = true; - dns_config_service_runner_->PostTask( - FROM_HERE, base::BindOnce(&DnsConfigService::WatchConfig, - base::Unretained(dns_config_service_.get()), - base::BindRepeating( - &NetworkChangeNotifier::SetDnsConfig))); - } - ResetEventIfSignaled(addr_overlapped_.hEvent); HANDLE handle = nullptr; DWORD ret = NotifyAddrChange(&handle, &addr_overlapped_); @@ -314,7 +300,7 @@ bool NetworkChangeNotifierWin::WatchForAddressChangeInternal() { } void NetworkChangeNotifierWin::NotifyParentOfConnectionTypeChange() { - RecomputeCurrentConnectionTypeOnDnsSequence(base::BindOnce( + RecomputeCurrentConnectionTypeOnBlockingSequence(base::BindOnce( &NetworkChangeNotifierWin::NotifyParentOfConnectionTypeChangeImpl, weak_factory_.GetWeakPtr())); } diff --git a/chromium/net/base/network_change_notifier_win.h b/chromium/net/base/network_change_notifier_win.h index e7a00b9cd71..ca8a28e51df 100644 --- a/chromium/net/base/network_change_notifier_win.h +++ b/chromium/net/base/network_change_notifier_win.h @@ -22,13 +22,10 @@ namespace base { class SequencedTaskRunner; -struct OnTaskRunnerDeleter; } // namespace base namespace net { -class DnsConfigService; - // NetworkChangeNotifierWin uses a SequenceChecker, as all its internal // notification code must be called on the sequence it is created and destroyed // on. All the NetworkChangeNotifier methods it implements are threadsafe. @@ -37,6 +34,7 @@ class NET_EXPORT_PRIVATE NetworkChangeNotifierWin public base::win::ObjectWatcher::Delegate { public: NetworkChangeNotifierWin(); + ~NetworkChangeNotifierWin() override; // Begins listening for a single subsequent address change. If it fails to // start watching, it retries on a timer. Must be called only once, on the @@ -48,8 +46,6 @@ class NET_EXPORT_PRIVATE NetworkChangeNotifierWin void WatchForAddressChange(); protected: - ~NetworkChangeNotifierWin() override; - // For unit tests only. bool is_watching() { return is_watching_; } void set_is_watching(bool is_watching) { is_watching_ = is_watching; } @@ -71,7 +67,7 @@ class NET_EXPORT_PRIVATE NetworkChangeNotifierWin // Calls RecomputeCurrentConnectionTypeImpl on the DNS sequence and runs // |reply_callback| with the type on the calling sequence. - virtual void RecomputeCurrentConnectionTypeOnDnsSequence( + virtual void RecomputeCurrentConnectionTypeOnBlockingSequence( base::OnceCallback reply_callback) const; void SetCurrentConnectionType(ConnectionType connection_type); @@ -109,11 +105,7 @@ class NET_EXPORT_PRIVATE NetworkChangeNotifierWin // Number of times WatchForAddressChange has failed in a row. int sequential_failures_; - // |dns_config_service_| will live on this runner. - scoped_refptr dns_config_service_runner_; - // DnsConfigService that lives on |dns_config_service_runner_|. - std::unique_ptr - dns_config_service_; + scoped_refptr blocking_task_runner_; mutable base::Lock last_computed_connection_type_lock_; ConnectionType last_computed_connection_type_; @@ -124,9 +116,6 @@ class NET_EXPORT_PRIVATE NetworkChangeNotifierWin // Number of times polled to check if still offline. int offline_polls_; - // Keeps track of whether DnsConfigService::WatchConfig() has been called. - bool posted_watch_config_ = false; - SEQUENCE_CHECKER(sequence_checker_); // Used for calling WatchForAddressChange again on failure. diff --git a/chromium/net/base/network_change_notifier_win_unittest.cc b/chromium/net/base/network_change_notifier_win_unittest.cc index 0d512053c2d..1f2d4bd5fdd 100644 --- a/chromium/net/base/network_change_notifier_win_unittest.cc +++ b/chromium/net/base/network_change_notifier_win_unittest.cc @@ -4,6 +4,8 @@ #include "net/base/network_change_notifier_win.h" +#include + #include "base/bind.h" #include "base/macros.h" #include "base/run_loop.h" @@ -43,7 +45,7 @@ class TestNetworkChangeNotifierWin : public NetworkChangeNotifierWin { } // From NetworkChangeNotifierWin. - void RecomputeCurrentConnectionTypeOnDnsSequence( + void RecomputeCurrentConnectionTypeOnBlockingSequence( base::OnceCallback reply_callback) const override { base::ThreadTaskRunnerHandle::Get()->PostTask( FROM_HERE, base::BindOnce(std::move(reply_callback), diff --git a/chromium/net/base/network_interfaces_win.cc b/chromium/net/base/network_interfaces_win.cc index 6c3dde17188..c8b9fe09be3 100644 --- a/chromium/net/base/network_interfaces_win.cc +++ b/chromium/net/base/network_interfaces_win.cc @@ -15,6 +15,7 @@ #include "base/strings/sys_string_conversions.h" #include "base/strings/utf_string_conversions.h" #include "base/threading/scoped_blocking_call.h" +#include "base/threading/scoped_thread_priority.h" #include "base/win/scoped_handle.h" #include "net/base/escape.h" #include "net/base/ip_endpoint.h" @@ -103,11 +104,12 @@ WlanApi& WlanApi::GetInstance() { } WlanApi::WlanApi() : initialized(false) { - // Use an absolute path to load the DLL to avoid DLL preloading attacks. - static const wchar_t* const kDLL = L"%WINDIR%\\system32\\wlanapi.dll"; - wchar_t path[MAX_PATH] = {0}; - ExpandEnvironmentStrings(kDLL, path, base::size(path)); - module = ::LoadLibraryEx(path, nullptr, LOAD_WITH_ALTERED_SEARCH_PATH); + // Mitigate the issues caused by loading DLLs on a background thread + // (http://crbug/973868). + base::ScopedThreadMayLoadLibraryOnBackgroundThread priority_boost(FROM_HERE); + + HMODULE module = + ::LoadLibraryEx(L"wlanapi.dll", nullptr, LOAD_LIBRARY_SEARCH_SYSTEM32); if (!module) return; diff --git a/chromium/net/base/network_isolation_key.cc b/chromium/net/base/network_isolation_key.cc index 183c87f5260..646d615c666 100644 --- a/chromium/net/base/network_isolation_key.cc +++ b/chromium/net/base/network_isolation_key.cc @@ -3,14 +3,32 @@ // found in the LICENSE file. #include "net/base/network_isolation_key.h" +#include "base/feature_list.h" +#include "net/base/features.h" namespace net { -NetworkIsolationKey::NetworkIsolationKey( - const base::Optional& top_frame_origin) - : top_frame_origin_(top_frame_origin) {} +namespace { + +std::string GetOriginDebugString(const base::Optional& origin) { + return origin ? origin->GetDebugString() : "null"; +} -NetworkIsolationKey::NetworkIsolationKey() = default; +} // namespace + +NetworkIsolationKey::NetworkIsolationKey(const url::Origin& top_frame_origin, + const url::Origin& frame_origin) + : use_frame_origin_(base::FeatureList::IsEnabled( + net::features::kAppendFrameOriginToNetworkIsolationKey)), + top_frame_origin_(top_frame_origin) { + if (use_frame_origin_) { + frame_origin_ = frame_origin; + } +} + +NetworkIsolationKey::NetworkIsolationKey() + : use_frame_origin_(base::FeatureList::IsEnabled( + net::features::kAppendFrameOriginToNetworkIsolationKey)) {} NetworkIsolationKey::NetworkIsolationKey( const NetworkIsolationKey& network_isolation_key) = default; @@ -24,25 +42,37 @@ NetworkIsolationKey& NetworkIsolationKey::operator=( NetworkIsolationKey&& network_isolation_key) = default; std::string NetworkIsolationKey::ToString() const { - if (top_frame_origin_ && !top_frame_origin_->opaque()) - return top_frame_origin_->Serialize(); - return std::string(); + if (IsTransient()) + return ""; + + return top_frame_origin_->Serialize() + + (use_frame_origin_ ? " " + frame_origin_->Serialize() : ""); } std::string NetworkIsolationKey::ToDebugString() const { - if (!top_frame_origin_) - return "null"; - return top_frame_origin_->GetDebugString(); + // The space-separated serialization of |top_frame_origin_| and + // |frame_origin_|. + std::string return_string = GetOriginDebugString(top_frame_origin_); + if (use_frame_origin_) { + return_string += " " + GetOriginDebugString(frame_origin_); + } + return return_string; } bool NetworkIsolationKey::IsFullyPopulated() const { - return top_frame_origin_.has_value(); + return top_frame_origin_.has_value() && + (!use_frame_origin_ || frame_origin_.has_value()); } bool NetworkIsolationKey::IsTransient() const { if (!IsFullyPopulated()) return true; - return top_frame_origin_->opaque(); + return top_frame_origin_->opaque() || + (use_frame_origin_ && frame_origin_->opaque()); +} + +bool NetworkIsolationKey::IsEmpty() const { + return !top_frame_origin_.has_value(); } } // namespace net diff --git a/chromium/net/base/network_isolation_key.h b/chromium/net/base/network_isolation_key.h index ced5858a40c..82bfba04cfc 100644 --- a/chromium/net/base/network_isolation_key.h +++ b/chromium/net/base/network_isolation_key.h @@ -18,7 +18,10 @@ namespace net { // the context on which they were made. class NET_EXPORT NetworkIsolationKey { public: - NetworkIsolationKey(const base::Optional& top_frame_origin); + // Full constructor. When a request is initiated by the top frame, it must + // also populate the |frame_origin| parameter when calling this constructor. + explicit NetworkIsolationKey(const url::Origin& top_frame_origin, + const url::Origin& frame_origin); // Construct an empty key. NetworkIsolationKey(); @@ -31,18 +34,27 @@ class NET_EXPORT NetworkIsolationKey { const NetworkIsolationKey& network_isolation_key); NetworkIsolationKey& operator=(NetworkIsolationKey&& network_isolation_key); + // Compare keys for equality, true if all enabled fields are equal. bool operator==(const NetworkIsolationKey& other) const { - return top_frame_origin_ == other.top_frame_origin_; + return top_frame_origin_ == other.top_frame_origin_ && + frame_origin_ == other.frame_origin_; } - bool operator<(const NetworkIsolationKey& other) const { - return top_frame_origin_ < other.top_frame_origin_; + // Compare keys for inequality, true if any enabled field varies. + bool operator!=(const NetworkIsolationKey& other) const { + return (top_frame_origin_ != other.top_frame_origin_) || + (frame_origin_ != other.frame_origin_); } - // TODO(shivanisha): Use feature flags in the below methods to determine which - // parts of the key are being used based on the enabled experiment. + // Provide an ordering for keys based on all enabled fields. + bool operator<(const NetworkIsolationKey& other) const { + return top_frame_origin_ < other.top_frame_origin_ || + (top_frame_origin_ == other.top_frame_origin_ && + frame_origin_ < other.frame_origin_); + } - // Returns the string representation of the key. + // Returns the string representation of the key, which is the string + // representation of each piece of the key separated by spaces. std::string ToString() const; // Returns string for debugging. Difference from ToString() is that transient @@ -56,11 +68,27 @@ class NET_EXPORT NetworkIsolationKey { // to persist state to disk related to it (e.g., disk cache). bool IsTransient() const; + // APIs for serialization to and from the mojo structure. + const base::Optional& GetTopFrameOrigin() const { + return top_frame_origin_; + } + + const base::Optional& GetFrameOrigin() const { + return frame_origin_; + } + + // Returns true if all parts of the key are empty. + bool IsEmpty() const; + private: - // The origin of the top frame of the request (if applicable). + // Whether or not to use the |frame_origin_| as part of the key. + bool use_frame_origin_; + + // The origin of the top frame of the page making the request. base::Optional top_frame_origin_; - // TODO(crbug.com/950069): Also add initiator origin to the key. + // The origin of the frame that initiates the request. + base::Optional frame_origin_; }; } // namespace net diff --git a/chromium/net/base/network_isolation_key_unittest.cc b/chromium/net/base/network_isolation_key_unittest.cc index 74549a84e7f..c3b52dc724d 100644 --- a/chromium/net/base/network_isolation_key_unittest.cc +++ b/chromium/net/base/network_isolation_key_unittest.cc @@ -5,6 +5,8 @@ #include "net/base/network_isolation_key.h" #include "base/stl_util.h" +#include "base/test/scoped_feature_list.h" +#include "net/base/features.h" #include "testing/gtest/include/gtest/gtest.h" #include "url/gurl.h" #include "url/origin.h" @@ -21,7 +23,7 @@ TEST(NetworkIsolationKeyTest, EmptyKey) { TEST(NetworkIsolationKeyTest, NonEmptyKey) { url::Origin origin = url::Origin::Create(GURL("http://a.test/")); - NetworkIsolationKey key(origin); + NetworkIsolationKey key(origin, origin); EXPECT_TRUE(key.IsFullyPopulated()); EXPECT_EQ(origin.Serialize(), key.ToString()); EXPECT_FALSE(key.IsTransient()); @@ -31,16 +33,16 @@ TEST(NetworkIsolationKeyTest, NonEmptyKey) { TEST(NetworkIsolationKeyTest, OpaqueOriginKey) { url::Origin origin_data = url::Origin::Create(GURL("data:text/html,Hello World")); - NetworkIsolationKey key(origin_data); + NetworkIsolationKey key(origin_data, origin_data); EXPECT_TRUE(key.IsFullyPopulated()); EXPECT_EQ(std::string(), key.ToString()); EXPECT_TRUE(key.IsTransient()); // Create another opaque origin, and make sure it has a different debug // string. - EXPECT_NE( - key.ToDebugString(), - NetworkIsolationKey(origin_data.DeriveNewOpaqueOrigin()).ToDebugString()); + const auto kOriginNew = origin_data.DeriveNewOpaqueOrigin(); + EXPECT_NE(key.ToDebugString(), + NetworkIsolationKey(kOriginNew, kOriginNew).ToDebugString()); } TEST(NetworkIsolationKeyTest, Operators) { @@ -50,11 +52,16 @@ TEST(NetworkIsolationKeyTest, Operators) { // Unique origins are still sorted by scheme, so data is before file, and // file before http. NetworkIsolationKey( + url::Origin::Create(GURL("data:text/html,Hello World")), url::Origin::Create(GURL("data:text/html,Hello World"))), - NetworkIsolationKey(url::Origin::Create(GURL("file:///foo"))), - NetworkIsolationKey(url::Origin::Create(GURL("http://a.test/"))), - NetworkIsolationKey(url::Origin::Create(GURL("http://b.test/"))), - NetworkIsolationKey(url::Origin::Create(GURL("https://a.test/"))), + NetworkIsolationKey(url::Origin::Create(GURL("file:///foo")), + url::Origin::Create(GURL("file:///foo"))), + NetworkIsolationKey(url::Origin::Create(GURL("http://a.test/")), + url::Origin::Create(GURL("http://a.test/"))), + NetworkIsolationKey(url::Origin::Create(GURL("http://b.test/")), + url::Origin::Create(GURL("http://b.test/"))), + NetworkIsolationKey(url::Origin::Create(GURL("https://a.test/")), + url::Origin::Create(GURL("https://a.test/"))), }; for (size_t first = 0; first < base::size(kKeys); ++first) { @@ -84,10 +91,12 @@ TEST(NetworkIsolationKeyTest, Operators) { } TEST(NetworkIsolationKeyTest, UniqueOriginOperators) { - NetworkIsolationKey key1( - url::Origin::Create(GURL("data:text/html,Hello World"))); - NetworkIsolationKey key2( - url::Origin::Create(GURL("data:text/html,Hello World"))); + const auto kOrigin1 = + url::Origin::Create(GURL("data:text/html,Hello World")); + const auto kOrigin2 = + url::Origin::Create(GURL("data:text/html,Hello World")); + NetworkIsolationKey key1(kOrigin1, kOrigin1); + NetworkIsolationKey key2(kOrigin2, kOrigin2); EXPECT_TRUE(key1 == key1); EXPECT_TRUE(key2 == key2); @@ -104,4 +113,126 @@ TEST(NetworkIsolationKeyTest, UniqueOriginOperators) { EXPECT_TRUE(!(key1 < key2) || !(key2 < key1)); } +TEST(NetworkIsolationKeyTest, WithFrameOrigin) { + const auto kOriginA = url::Origin::Create(GURL("http://a.test")); + const auto kOriginB = url::Origin::Create(GURL("http://b.test")); + NetworkIsolationKey key1(kOriginB, kOriginB); + NetworkIsolationKey key2(kOriginB, kOriginA); + EXPECT_TRUE(key2.IsFullyPopulated()); + EXPECT_FALSE(key2.IsTransient()); + EXPECT_EQ("http://b.test", key2.ToString()); + EXPECT_EQ("http://b.test", key2.ToDebugString()); + + EXPECT_TRUE(key1 == key2); + EXPECT_FALSE(key1 != key2); + EXPECT_FALSE(key1 < key2); + EXPECT_FALSE(key2 < key1); +} + +TEST(NetworkIsolationKeyTest, OpaqueOriginKeyWithFrameOrigin) { + url::Origin origin_data = + url::Origin::Create(GURL("data:text/html,Hello World")); + + NetworkIsolationKey key1(url::Origin::Create(GURL("http://a.test")), + origin_data); + EXPECT_TRUE(key1.IsFullyPopulated()); + EXPECT_FALSE(key1.IsTransient()); + EXPECT_EQ("http://a.test", key1.ToString()); + EXPECT_EQ("http://a.test", key1.ToDebugString()); + + NetworkIsolationKey key2(origin_data, + url::Origin::Create(GURL("http://a.test"))); + EXPECT_TRUE(key2.IsFullyPopulated()); + EXPECT_TRUE(key2.IsTransient()); + EXPECT_EQ("", key2.ToString()); + EXPECT_EQ(origin_data.GetDebugString(), key2.ToDebugString()); + EXPECT_NE(origin_data.DeriveNewOpaqueOrigin().GetDebugString(), + key2.ToDebugString()); +} + +class NetworkIsolationKeyWithFrameOriginTest : public testing::Test { + public: + NetworkIsolationKeyWithFrameOriginTest() { + feature_list_.InitAndEnableFeature( + net::features::kAppendFrameOriginToNetworkIsolationKey); + } + + private: + base::test::ScopedFeatureList feature_list_; +}; + +TEST_F(NetworkIsolationKeyWithFrameOriginTest, WithFrameOrigin) { + NetworkIsolationKey key(url::Origin::Create(GURL("http://b.test")), + url::Origin::Create(GURL("http://a.test/"))); + EXPECT_TRUE(key.IsFullyPopulated()); + EXPECT_FALSE(key.IsTransient()); + EXPECT_EQ("http://b.test http://a.test", key.ToString()); + EXPECT_EQ("http://b.test http://a.test", key.ToDebugString()); + + EXPECT_TRUE(key == key); + EXPECT_FALSE(key != key); + EXPECT_FALSE(key < key); +} + +TEST_F(NetworkIsolationKeyWithFrameOriginTest, OpaqueOriginKey) { + url::Origin origin_data = + url::Origin::Create(GURL("data:text/html,Hello World")); + + NetworkIsolationKey key1(url::Origin::Create(GURL("http://a.test")), + origin_data); + EXPECT_TRUE(key1.IsFullyPopulated()); + EXPECT_TRUE(key1.IsTransient()); + EXPECT_EQ("", key1.ToString()); + EXPECT_EQ("http://a.test " + origin_data.GetDebugString(), + key1.ToDebugString()); + EXPECT_NE( + "http://a.test " + origin_data.DeriveNewOpaqueOrigin().GetDebugString(), + key1.ToDebugString()); + + NetworkIsolationKey key2(origin_data, + url::Origin::Create(GURL("http://a.test"))); + EXPECT_TRUE(key2.IsFullyPopulated()); + EXPECT_TRUE(key2.IsTransient()); + EXPECT_EQ("", key2.ToString()); + EXPECT_EQ(origin_data.GetDebugString() + " http://a.test", + key2.ToDebugString()); + EXPECT_NE( + origin_data.DeriveNewOpaqueOrigin().GetDebugString() + " http://a.test", + key2.ToDebugString()); +} + +TEST_F(NetworkIsolationKeyWithFrameOriginTest, OpaqueOriginKeyBoth) { + url::Origin origin_data_1 = + url::Origin::Create(GURL("data:text/html,Hello World")); + url::Origin origin_data_2 = + url::Origin::Create(GURL("data:text/html,Hello Universe")); + url::Origin origin_data_3 = + url::Origin::Create(GURL("data:text/html,Hello Cosmos")); + + NetworkIsolationKey key1(origin_data_1, origin_data_2); + NetworkIsolationKey key2(origin_data_1, origin_data_2); + NetworkIsolationKey key3(origin_data_1, origin_data_3); + + // All the keys should be fully populated and transient. + EXPECT_TRUE(key1.IsFullyPopulated()); + EXPECT_TRUE(key2.IsFullyPopulated()); + EXPECT_TRUE(key3.IsFullyPopulated()); + EXPECT_TRUE(key1.IsTransient()); + EXPECT_TRUE(key2.IsTransient()); + EXPECT_TRUE(key3.IsTransient()); + + // Test the equality/comparisons of the various keys + EXPECT_TRUE(key1 == key2); + EXPECT_FALSE(key1 == key3); + EXPECT_FALSE(key1 < key2 || key2 < key1); + EXPECT_TRUE(key1 < key3 || key3 < key1); + + // Test the ToString and ToDebugString + EXPECT_EQ(key1.ToDebugString(), key2.ToDebugString()); + EXPECT_NE(key1.ToDebugString(), key3.ToDebugString()); + EXPECT_EQ("", key1.ToString()); + EXPECT_EQ("", key2.ToString()); + EXPECT_EQ("", key3.ToString()); +} + } // namespace net diff --git a/chromium/net/base/network_notification_thread_mac.cc b/chromium/net/base/network_notification_thread_mac.cc new file mode 100644 index 00000000000..436b99b6ca4 --- /dev/null +++ b/chromium/net/base/network_notification_thread_mac.cc @@ -0,0 +1,51 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/base/network_notification_thread_mac.h" + +#include "base/no_destructor.h" +#include "base/threading/thread.h" + +namespace net { + +namespace { + +class NotificationThreadMac { + public: + scoped_refptr task_runner() const { + return task_runner_; + } + + private: + friend base::NoDestructor; + + NotificationThreadMac() : thread_("NetworkNotificationThreadMac") { + base::Thread::Options options; + options.message_loop_type = base::MessageLoop::TYPE_UI; + options.joinable = false; + thread_.StartWithOptions(options); + task_runner_ = thread_.task_runner(); + thread_.DetachFromSequence(); + } + + ~NotificationThreadMac() = delete; + + // The |thread_| object is not thread-safe. This should not be accessed + // outside the constructor. + base::Thread thread_; + + // Saved TaskRunner handle that can be accessed from any thread. + scoped_refptr task_runner_; + + DISALLOW_COPY_AND_ASSIGN(NotificationThreadMac); +}; + +} // namespace + +scoped_refptr GetNetworkNotificationThreadMac() { + static base::NoDestructor notification_thread; + return notification_thread->task_runner(); +} + +} // namespace net diff --git a/chromium/net/base/network_notification_thread_mac.h b/chromium/net/base/network_notification_thread_mac.h new file mode 100644 index 00000000000..8ced7568203 --- /dev/null +++ b/chromium/net/base/network_notification_thread_mac.h @@ -0,0 +1,20 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_BASE_NETWORK_NOTIFICATION_THREAD_MAC_H_ +#define NET_BASE_NETWORK_NOTIFICATION_THREAD_MAC_H_ + +#include "base/single_thread_task_runner.h" + +namespace net { + +// Returns a TaskRunner that runs on a TYPE_UI thread, for macOS notification +// APIs that require a CFRunLoop. The thread is not joined on shutdown (like +// TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN), so any users of this thread +// must take care not to access invalid objects during shutdown. +scoped_refptr GetNetworkNotificationThreadMac(); + +} // namespace net + +#endif // NET_BASE_NETWORK_NOTIFICATION_THREAD_MAC_H_ diff --git a/chromium/net/base/network_throttle_manager_impl.cc b/chromium/net/base/network_throttle_manager_impl.cc index d5043bcf390..0c0e7ec5450 100644 --- a/chromium/net/base/network_throttle_manager_impl.cc +++ b/chromium/net/base/network_throttle_manager_impl.cc @@ -240,8 +240,8 @@ void NetworkThrottleManagerImpl::OnThrottleDestroyed(ThrottleImpl* throttle) { break; } - DCHECK(!base::ContainsValue(blocked_throttles_, throttle)); - DCHECK(!base::ContainsValue(outstanding_throttles_, throttle)); + DCHECK(!base::Contains(blocked_throttles_, throttle)); + DCHECK(!base::Contains(outstanding_throttles_, throttle)); // Unblock the throttles if there's some chance there's a throttle to // unblock. diff --git a/chromium/net/base/port_util.h b/chromium/net/base/port_util.h index 72d4b394ed6..b64b137be98 100644 --- a/chromium/net/base/port_util.h +++ b/chromium/net/base/port_util.h @@ -21,7 +21,7 @@ NET_EXPORT bool IsPortValid(int port); // Returns true if the port is in the range [0, 1023]. These ports are // registered by IANA and typically need root access to listen on. -bool IsWellKnownPort(int port); +NET_EXPORT bool IsWellKnownPort(int port); // Checks if the port is allowed for the specified scheme. Ports set as allowed // with SetExplicitlyAllowedPorts() or by using ScopedPortException() will be diff --git a/chromium/net/base/test_completion_callback.cc b/chromium/net/base/test_completion_callback.cc index 3cd8957c685..7f88f799168 100644 --- a/chromium/net/base/test_completion_callback.cc +++ b/chromium/net/base/test_completion_callback.cc @@ -23,7 +23,8 @@ void TestCompletionCallbackBaseInternal::DidSetResult() { void TestCompletionCallbackBaseInternal::WaitForResult() { DCHECK(!run_loop_); if (!have_result_) { - run_loop_.reset(new base::RunLoop()); + run_loop_ = std::make_unique( + base::RunLoop::Type::kNestableTasksAllowed); run_loop_->Run(); run_loop_.reset(); DCHECK(have_result_); diff --git a/chromium/net/base/upload_data_stream.cc b/chromium/net/base/upload_data_stream.cc index 6804a1e794f..ed6c705d6ed 100644 --- a/chromium/net/base/upload_data_stream.cc +++ b/chromium/net/base/upload_data_stream.cc @@ -4,7 +4,6 @@ #include "net/base/upload_data_stream.h" -#include "base/bind.h" #include "base/logging.h" #include "base/values.h" #include "net/base/io_buffer.h" @@ -15,10 +14,9 @@ namespace net { namespace { -base::Value NetLogInitEndInfoCallback(int result, - int total_size, - bool is_chunked, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogInitEndInfoParams(int result, + int total_size, + bool is_chunked) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetIntKey("net_error", result); @@ -27,8 +25,7 @@ base::Value NetLogInitEndInfoCallback(int result, return dict; } -base::Value NetLogReadInfoCallback(int current_position, - NetLogCaptureMode /* capture_mode */) { +base::Value CreateReadInfoParams(int current_position) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetIntKey("current_position", current_position); @@ -76,7 +73,7 @@ int UploadDataStream::Read(IOBuffer* buf, DCHECK_GT(buf_len, 0); net_log_.BeginEvent(NetLogEventType::UPLOAD_DATA_STREAM_READ, - base::Bind(&NetLogReadInfoCallback, current_position_)); + [&] { return CreateReadInfoParams(current_position_); }); int result = 0; if (!is_eof_) @@ -156,9 +153,9 @@ void UploadDataStream::OnInitCompleted(int result) { is_eof_ = true; } - net_log_.EndEvent( - NetLogEventType::UPLOAD_DATA_STREAM_INIT, - base::Bind(&NetLogInitEndInfoCallback, result, total_size_, is_chunked_)); + net_log_.EndEvent(NetLogEventType::UPLOAD_DATA_STREAM_INIT, [&] { + return NetLogInitEndInfoParams(result, total_size_, is_chunked_); + }); if (!callback_.is_null()) std::move(callback_).Run(result); diff --git a/chromium/net/base/upload_file_element_reader.cc b/chromium/net/base/upload_file_element_reader.cc index adf4e74551c..b393600077a 100644 --- a/chromium/net/base/upload_file_element_reader.cc +++ b/chromium/net/base/upload_file_element_reader.cc @@ -38,8 +38,7 @@ UploadFileElementReader::UploadFileElementReader( content_length_(0), bytes_remaining_(0), next_state_(State::IDLE), - init_called_while_operation_pending_(false), - weak_ptr_factory_(this) { + init_called_while_operation_pending_(false) { DCHECK(file.IsValid()); DCHECK(task_runner_.get()); file_stream_ = std::make_unique(std::move(file), task_runner); @@ -59,8 +58,7 @@ UploadFileElementReader::UploadFileElementReader( content_length_(0), bytes_remaining_(0), next_state_(State::IDLE), - init_called_while_operation_pending_(false), - weak_ptr_factory_(this) { + init_called_while_operation_pending_(false) { DCHECK(task_runner_.get()); } diff --git a/chromium/net/base/upload_file_element_reader.h b/chromium/net/base/upload_file_element_reader.h index 190bbc4b8f1..706137af85e 100644 --- a/chromium/net/base/upload_file_element_reader.h +++ b/chromium/net/base/upload_file_element_reader.h @@ -129,7 +129,7 @@ class NET_EXPORT UploadFileElementReader : public UploadElementReader { // True if Init() was called while an async operation was in progress. bool init_called_while_operation_pending_; - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(UploadFileElementReader); }; diff --git a/chromium/net/cert/cert_verify_proc.cc b/chromium/net/cert/cert_verify_proc.cc index 1fb2c2c5db9..906b843e3a9 100644 --- a/chromium/net/cert/cert_verify_proc.cc +++ b/chromium/net/cert/cert_verify_proc.cc @@ -19,6 +19,7 @@ #include "base/time/time.h" #include "build/build_config.h" #include "crypto/sha2.h" +#include "net/base/features.h" #include "net/base/net_errors.h" #include "net/base/registry_controlled_domains/registry_controlled_domain.h" #include "net/base/url_util.h" @@ -30,6 +31,7 @@ #include "net/cert/crl_set.h" #include "net/cert/internal/ocsp.h" #include "net/cert/internal/parse_certificate.h" +#include "net/cert/internal/revocation_checker.h" #include "net/cert/internal/signature_algorithm.h" #include "net/cert/known_roots.h" #include "net/cert/ocsp_revocation_status.h" @@ -37,9 +39,14 @@ #include "net/cert/x509_certificate.h" #include "net/cert/x509_util.h" #include "net/der/encode_values.h" +#include "net/net_buildflags.h" #include "third_party/boringssl/src/include/openssl/pool.h" #include "url/url_canon.h" +#if BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED) +#include "net/cert/cert_verify_proc_builtin.h" +#endif + #if defined(USE_NSS_CERTS) #include "net/cert/cert_verify_proc_nss.h" #elif defined(OS_ANDROID) @@ -243,7 +250,7 @@ void BestEffortCheckOCSP(const std::string& raw_response, verify_result->revocation_status = CheckOCSP(raw_response, cert_der, issuer_der, base::Time::Now(), - kMaxOCSPLeafUpdateAge, &verify_result->response_status); + kMaxRevocationLeafUpdateAge, &verify_result->response_status); } // Records histograms indicating whether the certificate |cert|, which @@ -453,6 +460,12 @@ WARN_UNUSED_RESULT bool InspectSignatureAlgorithmsInChain( // static scoped_refptr CertVerifyProc::CreateDefault( scoped_refptr cert_net_fetcher) { +#if BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED) + if (base::FeatureList::IsEnabled(features::kCertVerifierBuiltinFeature)) { + return CreateCertVerifyProcBuiltin(std::move(cert_net_fetcher), + /*system_trust_store_provider=*/nullptr); + } +#endif #if defined(USE_NSS_CERTS) return new CertVerifyProcNSS(); #elif defined(OS_ANDROID) @@ -464,7 +477,8 @@ scoped_refptr CertVerifyProc::CreateDefault( #elif defined(OS_WIN) return new CertVerifyProcWin(); #elif defined(OS_FUCHSIA) - return CreateCertVerifyProcBuiltin(std::move(cert_net_fetcher)); + return CreateCertVerifyProcBuiltin(std::move(cert_net_fetcher), + /*system_trust_store_provider=*/nullptr); #else #error Unsupported platform #endif diff --git a/chromium/net/cert/cert_verify_proc_blacklist.inc b/chromium/net/cert/cert_verify_proc_blacklist.inc index 4014d81025f..e5be854ce3a 100644 --- a/chromium/net/cert/cert_verify_proc_blacklist.inc +++ b/chromium/net/cert/cert_verify_proc_blacklist.inc @@ -117,6 +117,10 @@ static constexpr uint8_t {0x71, 0x65, 0xe9, 0x91, 0xad, 0xe7, 0x91, 0x6d, 0x86, 0xb4, 0x66, 0xab, 0xeb, 0xb6, 0xe4, 0x57, 0xca, 0x93, 0x1c, 0x80, 0x4e, 0x58, 0xce, 0x1f, 0xba, 0xba, 0xe5, 0x09, 0x15, 0x6f, 0xfb, 0x43}, + // 3ae699d94e8febdacb86d4f90d40903333478e65e0655c432451197e33fa07f2.pem + {0x78, 0x1a, 0x4c, 0xf2, 0xe9, 0x24, 0x52, 0xf3, 0xee, 0x01, 0xd0, + 0xc3, 0x81, 0xa4, 0x21, 0x4f, 0x39, 0x04, 0x16, 0x5c, 0x39, 0x0a, + 0xdb, 0xd6, 0x1f, 0xcd, 0x11, 0x24, 0x4e, 0x09, 0xb2, 0xdc}, // 8b45da1c06f791eb0cabf26be588f5fb23165c2e614bf885562d0dce50b29b02.pem {0x7a, 0xed, 0xdd, 0xf3, 0x6b, 0x18, 0xf8, 0xac, 0xb7, 0x37, 0x9f, 0xe1, 0xce, 0x18, 0x32, 0x12, 0xb2, 0x35, 0x0d, 0x07, 0x88, 0xab, @@ -203,6 +207,10 @@ static constexpr uint8_t {0xb4, 0xd5, 0xc9, 0x20, 0x41, 0x5e, 0xd0, 0xcc, 0x4f, 0x5d, 0xbc, 0x7f, 0x54, 0x26, 0x36, 0x76, 0x2e, 0x80, 0xda, 0x66, 0x25, 0xf3, 0x3f, 0x2b, 0x6a, 0xd6, 0xdb, 0x68, 0xbd, 0xba, 0xb2, 0x9a}, + // d8888f4a84f74c974dffb573a1bf5bbbacd1713b905096f8eb015062bf396c4d.pem + {0xc0, 0xed, 0x20, 0x53, 0x46, 0xbb, 0xbd, 0xe0, 0x6e, 0xb5, 0x60, + 0xf5, 0xce, 0xe0, 0x2a, 0x36, 0x34, 0xe2, 0x47, 0x4a, 0x7e, 0x76, + 0xcf, 0x8f, 0xbe, 0xf5, 0x63, 0xbb, 0x11, 0x7d, 0xd0, 0xe3}, // 372447c43185c38edd2ce0e9c853f9ac1576ddd1704c2f54d96076c089cb4227.pem {0xc1, 0x73, 0xf0, 0x62, 0x64, 0x56, 0xca, 0x85, 0x4f, 0xf2, 0xa7, 0xf0, 0xb1, 0x33, 0xa7, 0xcf, 0x4d, 0x02, 0x11, 0xe5, 0x52, 0xf2, @@ -299,4 +307,8 @@ static constexpr uint8_t {0xfa, 0x00, 0xbe, 0xc7, 0x3d, 0xd9, 0x97, 0x95, 0xdf, 0x11, 0x62, 0xc7, 0x89, 0x98, 0x70, 0x04, 0xc2, 0x6c, 0xbf, 0x90, 0xaf, 0x4d, 0xb4, 0x42, 0xf6, 0x62, 0x20, 0xde, 0x41, 0x35, 0x4a, 0xc9}, + // a25a19546819d048000ef9c6577c4bcd8d2155b1e4346a4599d6c8b79799d4a1.pem + {0xfc, 0xd7, 0x6c, 0xca, 0x23, 0x47, 0xe5, 0xcd, 0x5b, 0x39, 0x34, + 0x7f, 0x51, 0xcf, 0x43, 0x65, 0x4b, 0x69, 0xa2, 0xbf, 0xc9, 0x07, + 0x36, 0x70, 0xa6, 0xbe, 0x47, 0xd8, 0x70, 0x1e, 0x6e, 0x0e}, }; diff --git a/chromium/net/cert/cert_verify_proc_builtin.cc b/chromium/net/cert/cert_verify_proc_builtin.cc index 60706a5cb4b..b5ef8e73f3c 100644 --- a/chromium/net/cert/cert_verify_proc_builtin.cc +++ b/chromium/net/cert/cert_verify_proc_builtin.cc @@ -36,6 +36,13 @@ namespace net { namespace { +// Very conservative iteration count limit. +// TODO(https://crbug.com/634470): Make this smaller. +constexpr uint32_t kPathBuilderIterationLimit = 25000; + +constexpr base::TimeDelta kMaxVerificationTime = + base::TimeDelta::FromSeconds(60); + DEFINE_CERT_ERROR_ID(kPathLacksEVPolicy, "Path does not have an EV policy"); RevocationPolicy NoRevocationChecking() { @@ -258,7 +265,9 @@ class PathBuilderDelegateImpl : public SimplePathBuilderDelegate { class CertVerifyProcBuiltin : public CertVerifyProc { public: - explicit CertVerifyProcBuiltin(scoped_refptr net_fetcher); + CertVerifyProcBuiltin( + scoped_refptr net_fetcher, + std::unique_ptr system_trust_store_provider); bool SupportsAdditionalTrustAnchors() const override; @@ -276,11 +285,14 @@ class CertVerifyProcBuiltin : public CertVerifyProc { CertVerifyResult* verify_result) override; scoped_refptr net_fetcher_; + std::unique_ptr system_trust_store_provider_; }; CertVerifyProcBuiltin::CertVerifyProcBuiltin( - scoped_refptr net_fetcher) - : net_fetcher_(std::move(net_fetcher)) {} + scoped_refptr net_fetcher, + std::unique_ptr system_trust_store_provider) + : net_fetcher_(std::move(net_fetcher)), + system_trust_store_provider_(std::move(system_trust_store_provider)) {} CertVerifyProcBuiltin::~CertVerifyProcBuiltin() = default; @@ -413,6 +425,7 @@ void TryBuildPath(const scoped_refptr& target, CertIssuerSourceStatic* intermediates, SystemTrustStore* ssl_trust_store, base::Time verification_time, + base::TimeTicks deadline, VerificationType verification_type, SimplePathBuilderDelegate::DigestPolicy digest_policy, int flags, @@ -465,6 +478,9 @@ void TryBuildPath(const scoped_refptr& target, LOG(ERROR) << "No net_fetcher for performing AIA chasing."; } + path_builder.SetIterationLimit(kPathBuilderIterationLimit); + path_builder.SetDeadline(deadline); + path_builder.Run(); } @@ -573,6 +589,7 @@ int CertVerifyProcBuiltin::VerifyInternal( // VerifyInternal() is expected to carry out verifications using the current // time stamp. base::Time verification_time = base::Time::Now(); + base::TimeTicks deadline = base::TimeTicks::Now() + kMaxVerificationTime; // Parse the target certificate. scoped_refptr target = @@ -589,7 +606,9 @@ int CertVerifyProcBuiltin::VerifyInternal( // Parse the additional trust anchors and setup trust store. std::unique_ptr ssl_trust_store = - CreateSslSystemTrustStore(); + system_trust_store_provider_ + ? system_trust_store_provider_->CreateSystemTrustStore() + : CreateSslSystemTrustStore(); for (const auto& x509_cert : additional_trust_anchors) { scoped_refptr cert = @@ -634,12 +653,12 @@ int CertVerifyProcBuiltin::VerifyInternal( // Run the attempt through the path builder. TryBuildPath(target, &intermediates, ssl_trust_store.get(), - verification_time, cur_attempt.verification_type, + verification_time, deadline, cur_attempt.verification_type, cur_attempt.digest_policy, flags, ocsp_response, crl_set, net_fetcher_.get(), ev_metadata, &result, &checked_revocation_for_some_path); - if (result.HasValidPath()) + if (result.HasValidPath() || result.exceeded_deadline) break; // If this path building attempt (may have) failed due to the chain using a @@ -676,8 +695,10 @@ int CertVerifyProcBuiltin::VerifyInternal( } // namespace scoped_refptr CreateCertVerifyProcBuiltin( - scoped_refptr net_fetcher) { - return base::MakeRefCounted(std::move(net_fetcher)); + scoped_refptr net_fetcher, + std::unique_ptr system_trust_store_provider) { + return base::MakeRefCounted( + std::move(net_fetcher), std::move(system_trust_store_provider)); } } // namespace net diff --git a/chromium/net/cert/cert_verify_proc_builtin.h b/chromium/net/cert/cert_verify_proc_builtin.h index 97b774118a0..da2ddac8c8b 100644 --- a/chromium/net/cert/cert_verify_proc_builtin.h +++ b/chromium/net/cert/cert_verify_proc_builtin.h @@ -5,6 +5,8 @@ #ifndef NET_CERT_CERT_VERIFY_PROC_BUILTIN_H_ #define NET_CERT_CERT_VERIFY_PROC_BUILTIN_H_ +#include + #include "base/memory/ref_counted.h" #include "net/base/net_export.h" @@ -12,12 +14,33 @@ namespace net { class CertNetFetcher; class CertVerifyProc; +class SystemTrustStore; + +// Will be used to create the system trust store. Implementations must be +// thread-safe - CreateSystemTrustStore may be invoked concurrently on worker +// threads. +class NET_EXPORT SystemTrustStoreProvider { + public: + virtual ~SystemTrustStoreProvider() {} + + // Create and return a SystemTrustStore to be used during certificate + // verification. + // This function may be invoked concurrently on worker threads and must be + // thread-safe. However, the returned SystemTrustStore will only be used on + // a single thread. + virtual std::unique_ptr CreateSystemTrustStore() = 0; +}; // TODO(crbug.com/649017): This is not how other cert_verify_proc_*.h are // implemented -- they expose the type in the header. Use a consistent style // here too. +// If |system_trust_store_provider| is null, the default SystemTrustStore will +// be created. +// If |system_trust_store_provider| is non-null, it will be used to create the +// SystemTrustStore instance for certificate verification. NET_EXPORT scoped_refptr CreateCertVerifyProcBuiltin( - scoped_refptr net_fetcher); + scoped_refptr net_fetcher, + std::unique_ptr system_trust_store_provider); } // namespace net diff --git a/chromium/net/cert/cert_verify_proc_ios.cc b/chromium/net/cert/cert_verify_proc_ios.cc index 1ff9410e7b6..d8045b95682 100644 --- a/chromium/net/cert/cert_verify_proc_ios.cc +++ b/chromium/net/cert/cert_verify_proc_ios.cc @@ -7,6 +7,7 @@ #include #include "base/logging.h" +#include "base/mac/foundation_util.h" #include "base/mac/scoped_cftyperef.h" #include "crypto/sha2.h" #include "net/base/net_errors.h" @@ -162,12 +163,6 @@ void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) { HashValue sha256(HASH_VALUE_SHA256); CC_SHA256(spki_bytes.data(), spki_bytes.size(), sha256.data()); verify_result->public_key_hashes.push_back(sha256); - - // Ignore the signature algorithm for the trust anchor. - if ((verify_result->cert_status & CERT_STATUS_AUTHORITY_INVALID) == 0 && - i == count - 1) { - continue; - } } if (!verified_cert) { NOTREACHED(); @@ -262,6 +257,7 @@ CertStatus CertVerifyProcIOS::GetCertFailureStatusFromTrust(SecTrustRef trust) { } else if (CFEqual(error, root_certificate_error)) { reason |= CERT_STATUS_AUTHORITY_INVALID; } else { + LOG(ERROR) << "Unrecognized error: " << error; reason |= CERT_STATUS_INVALID; } } diff --git a/chromium/net/cert/cert_verify_proc_unittest.cc b/chromium/net/cert/cert_verify_proc_unittest.cc index 484db21a4ca..64dd41625b1 100644 --- a/chromium/net/cert/cert_verify_proc_unittest.cc +++ b/chromium/net/cert/cert_verify_proc_unittest.cc @@ -40,6 +40,7 @@ #include "net/cert/x509_certificate.h" #include "net/cert/x509_util.h" #include "net/cert_net/cert_net_fetcher_impl.h" +#include "net/der/encode_values.h" #include "net/der/input.h" #include "net/der/parser.h" #include "net/proxy_resolution/proxy_config.h" @@ -59,19 +60,20 @@ #include "third_party/boringssl/src/include/openssl/mem.h" #if defined(USE_NSS_CERTS) +#include "net/cert/cert_verify_proc_nss.h" #include "net/cert_net/nss_ocsp.h" -#endif - -#if defined(OS_ANDROID) +#elif defined(OS_ANDROID) #include "base/android/build_info.h" -#endif - -#if defined(OS_MACOSX) && !defined(OS_IOS) +#include "net/cert/cert_verify_proc_android.h" +#elif defined(OS_IOS) +#include "base/ios/ios_util.h" +#include "net/cert/cert_verify_proc_ios.h" +#elif defined(OS_MACOSX) #include "base/mac/mac_util.h" -#endif - -#if defined(OS_WIN) +#include "net/cert/cert_verify_proc_mac.h" +#elif defined(OS_WIN) #include "base/win/windows_version.h" +#include "net/cert/cert_verify_proc_win.h" #endif // TODO(crbug.com/649017): Add tests that only certificates with @@ -148,27 +150,6 @@ enum CertVerifyProcType { CERT_VERIFY_PROC_BUILTIN, }; -// Returns the CertVerifyProcType corresponding to what -// CertVerifyProc::CreateDefault() returns. This needs to be kept in sync with -// CreateDefault(). -CertVerifyProcType GetDefaultCertVerifyProcType() { -#if defined(USE_NSS_CERTS) - return CERT_VERIFY_PROC_NSS; -#elif defined(OS_ANDROID) - return CERT_VERIFY_PROC_ANDROID; -#elif defined(OS_IOS) - return CERT_VERIFY_PROC_IOS; -#elif defined(OS_MACOSX) - return CERT_VERIFY_PROC_MAC; -#elif defined(OS_WIN) - return CERT_VERIFY_PROC_WIN; -#elif defined(OS_FUCHSIA) - return CERT_VERIFY_PROC_BUILTIN; -#else -// Will fail to compile. -#endif -} - // Whether the test is running within the iphone simulator. const bool kTargetIsIphoneSimulator = #if TARGET_IPHONE_SIMULATOR @@ -177,6 +158,15 @@ const bool kTargetIsIphoneSimulator = false; #endif +// Wrapper for base::mac::IsAtLeastOS10_12() to avoid littering ifdefs. +bool IsMacAtLeastOS10_12() { +#if defined(OS_MACOSX) && !defined(OS_IOS) + return base::mac::IsAtLeastOS10_12(); +#else + return false; +#endif +} + // Returns a textual description of the CertVerifyProc implementation // that is being tested, used to give better names to parameterized // tests. @@ -200,19 +190,57 @@ std::string VerifyProcTypeToName( return nullptr; } -// The set of all CertVerifyProcTypes that tests should be -// parameterized on. -const std::vector kAllCertVerifiers = { - GetDefaultCertVerifyProcType() +scoped_refptr CreateCertVerifyProc( + CertVerifyProcType type, + scoped_refptr cert_net_fetcher) { + switch (type) { +#if defined(USE_NSS_CERTS) + case CERT_VERIFY_PROC_NSS: + return new CertVerifyProcNSS(); +#elif defined(OS_ANDROID) + case CERT_VERIFY_PROC_ANDROID: + return new CertVerifyProcAndroid(std::move(cert_net_fetcher)); +#elif defined(OS_IOS) + case CERT_VERIFY_PROC_IOS: + return new CertVerifyProcIOS(); +#elif defined(OS_MACOSX) + case CERT_VERIFY_PROC_MAC: + return new CertVerifyProcMac(); +#elif defined(OS_WIN) + case CERT_VERIFY_PROC_WIN: + return new CertVerifyProcWin(); +#endif + case CERT_VERIFY_PROC_BUILTIN: + return CreateCertVerifyProcBuiltin( + std::move(cert_net_fetcher), + nullptr /* system_trust_store_provider */); + default: + return nullptr; + } +} -// TODO(crbug.com/649017): Enable this everywhere. Right now this is -// gated on having CertVerifyProcBuiltin understand the roots added +// The set of all CertVerifyProcTypes that tests should be parameterized on. +// This needs to be kept in sync with CertVerifyProc::CreateDefault(). +// TODO(crbug.com/649017): Enable CERT_VERIFY_PROC_BUILTIN everywhere. Right +// now this is gated on having CertVerifyProcBuiltin understand the roots added // via TestRootCerts. -#if defined(USE_NSS_CERTS) || (defined(OS_MACOSX) && !defined(OS_IOS)) - , +const std::vector kAllCertVerifiers = { +#if defined(USE_NSS_CERTS) + CERT_VERIFY_PROC_NSS, CERT_VERIFY_PROC_BUILTIN +#elif defined(OS_ANDROID) + CERT_VERIFY_PROC_ANDROID +#elif defined(OS_IOS) + CERT_VERIFY_PROC_IOS +#elif defined(OS_MACOSX) + CERT_VERIFY_PROC_MAC, CERT_VERIFY_PROC_BUILTIN +#elif defined(OS_WIN) + CERT_VERIFY_PROC_WIN +#elif defined(OS_FUCHSIA) CERT_VERIFY_PROC_BUILTIN +#else +#error Unsupported platform #endif -}; +}; // namespace // Returns true if a test root added through ScopedTestRoot can verify // successfully as a target certificate with chain of length 1 on the given @@ -224,6 +252,18 @@ bool ScopedTestRootCanTrustTargetCert(CertVerifyProcType verify_proc_type) { verify_proc_type == CERT_VERIFY_PROC_ANDROID; } +// Returns true if a non-self-signed CA certificate added through +// ScopedTestRoot can verify successfully as the root of a chain by the given +// CertVerifyProcType. +bool ScopedTestRootCanTrustIntermediateCert( + CertVerifyProcType verify_proc_type) { + return verify_proc_type == CERT_VERIFY_PROC_MAC || + verify_proc_type == CERT_VERIFY_PROC_IOS || + verify_proc_type == CERT_VERIFY_PROC_NSS || + verify_proc_type == CERT_VERIFY_PROC_BUILTIN || + verify_proc_type == CERT_VERIFY_PROC_ANDROID; +} + // TODO(crbug.com/649017): This is not parameterized by the CertVerifyProc // because the CertVerifyProc::Verify() does this unconditionally based on the // platform. @@ -238,6 +278,16 @@ bool AreSHA1IntermediatesAllowed() { #endif } +// Helper to make creating an X509Certificate chain less verbose. +scoped_refptr CreateX509CertificateWithIntermediate( + bssl::UniquePtr cert_buffer, + bssl::UniquePtr intermediate_buffer) { + std::vector> intermediates; + intermediates.push_back(std::move(intermediate_buffer)); + return X509Certificate::CreateFromBuffer(std::move(cert_buffer), + std::move(intermediates)); +} + std::string MakeRandomHexString(size_t num_bytes) { std::vector rand_bytes; rand_bytes.resize(num_bytes); @@ -246,6 +296,81 @@ std::string MakeRandomHexString(size_t num_bytes) { return base::HexEncode(&rand_bytes[0], rand_bytes.size()); } +std::string Sha256WithRSAEncryption() { + const uint8_t kSha256WithRSAEncryption[] = {0x30, 0x0D, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x0b, 0x05, 0x00}; + return std::string(std::begin(kSha256WithRSAEncryption), + std::end(kSha256WithRSAEncryption)); +} + +std::string Sha1WithRSAEncryption() { + const uint8_t kSha1WithRSAEncryption[] = {0x30, 0x0D, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x05, 0x05, 0x00}; + return std::string(std::begin(kSha1WithRSAEncryption), + std::end(kSha1WithRSAEncryption)); +} + +std::string Md5WithRSAEncryption() { + const uint8_t kMd5WithRSAEncryption[] = {0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x04, 0x05, 0x00}; + return std::string(std::begin(kMd5WithRSAEncryption), + std::end(kMd5WithRSAEncryption)); +} + +// Adds bytes (specified as a StringPiece) to the given CBB. +// The argument ordering follows the boringssl CBB_* api style. +bool CBBAddBytes(CBB* cbb, base::StringPiece bytes) { + return CBB_add_bytes(cbb, reinterpret_cast(bytes.data()), + bytes.size()); +} + +// Adds bytes (from fixed size array) to the given CBB. +// The argument ordering follows the boringssl CBB_* api style. +template +bool CBBAddBytes(CBB* cbb, const uint8_t (&data)[N]) { + return CBB_add_bytes(cbb, data, N); +} + +// Adds a RFC 5280 Time value to the given CBB. +// The argument ordering follows the boringssl CBB_* api style. +bool CBBAddTime(CBB* cbb, const base::Time& time) { + der::GeneralizedTime generalized_time; + if (!der::EncodeTimeAsGeneralizedTime(time, &generalized_time)) + return false; + CBB time_cbb; + if (generalized_time.year < 2050) { + uint8_t out[der::kUTCTimeLength]; + if (!der::EncodeUTCTime(generalized_time, out) || + !CBB_add_asn1(cbb, &time_cbb, CBS_ASN1_UTCTIME) || + !CBBAddBytes(&time_cbb, out) || !CBB_flush(cbb)) + return false; + } else { + uint8_t out[der::kGeneralizedTimeLength]; + if (!der::EncodeGeneralizedTime(generalized_time, out) || + !CBB_add_asn1(cbb, &time_cbb, CBS_ASN1_GENERALIZEDTIME) || + !CBBAddBytes(&time_cbb, out) || !CBB_flush(cbb)) + return false; + } + return true; +} + +// Finalizes the CBB to a std::string. +std::string FinishCBB(CBB* cbb) { + size_t cbb_len; + uint8_t* cbb_bytes; + + if (!CBB_finish(cbb, &cbb_bytes, &cbb_len)) { + ADD_FAILURE() << "CBB_finish() failed"; + return std::string(); + } + + bssl::UniquePtr delete_bytes(cbb_bytes); + return std::string(reinterpret_cast(cbb_bytes), cbb_len); +} + // CertBuilder is a helper class to dynamically create a test certificate. // // CertBuilder is initialized using an existing certificate, from which it @@ -279,6 +404,13 @@ class CertBuilder { Invalidate(); } + // Removes an extension (if present). + void EraseExtension(const der::Input& oid) { + extensions_.erase(oid.AsString()); + + Invalidate(); + } + // Sets an AIA extension with a single caIssuers access method. void SetCaIssuersUrl(const GURL& url) { std::string url_spec = url.spec(); @@ -297,15 +429,49 @@ class CertBuilder { ASSERT_TRUE(CBB_add_asn1(cbb.get(), &aia, CBS_ASN1_SEQUENCE)); ASSERT_TRUE(CBB_add_asn1(&aia, &ca_issuer, CBS_ASN1_SEQUENCE)); ASSERT_TRUE(CBB_add_asn1(&ca_issuer, &access_method, CBS_ASN1_OBJECT)); - ASSERT_TRUE( - AddBytesToCBB(&access_method, AdCaIssuersOid().AsStringPiece())); + ASSERT_TRUE(CBBAddBytes(&access_method, AdCaIssuersOid().AsStringPiece())); ASSERT_TRUE(CBB_add_asn1(&ca_issuer, &access_location, CBS_ASN1_CONTEXT_SPECIFIC | 6)); - ASSERT_TRUE(AddBytesToCBB(&access_location, url_spec)); + ASSERT_TRUE(CBBAddBytes(&access_location, url_spec)); SetExtension(AuthorityInfoAccessOid(), FinishCBB(cbb.get())); } + void SetCrlDistributionPointUrl(const GURL& url) { + std::string url_spec = url.spec(); + + bssl::ScopedCBB cbb; + ASSERT_TRUE(CBB_init(cbb.get(), url_spec.size())); + CBB dps, dp, dp_name, dp_fullname, dp_url; + + // CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint + ASSERT_TRUE(CBB_add_asn1(cbb.get(), &dps, CBS_ASN1_SEQUENCE)); + + // DistributionPoint ::= SEQUENCE { + // distributionPoint [0] DistributionPointName OPTIONAL, + // reasons [1] ReasonFlags OPTIONAL, + // cRLIssuer [2] GeneralNames OPTIONAL } + ASSERT_TRUE(CBB_add_asn1(&dps, &dp, CBS_ASN1_SEQUENCE)); + ASSERT_TRUE(CBB_add_asn1( + &dp, &dp_name, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)); + + // DistributionPointName ::= CHOICE { + // fullName [0] GeneralNames, + // nameRelativeToCRLIssuer [1] RelativeDistinguishedName } + ASSERT_TRUE( + CBB_add_asn1(&dp_name, &dp_fullname, + CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)); + + // GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName + // GeneralName ::= CHOICE { + // uniformResourceIdentifier [6] IA5String, + ASSERT_TRUE( + CBB_add_asn1(&dp_fullname, &dp_url, CBS_ASN1_CONTEXT_SPECIFIC | 6)); + ASSERT_TRUE(CBBAddBytes(&dp_url, url_spec)); + + SetExtension(CrlDistributionPointsOid(), FinishCBB(cbb.get())); + } + // Sets the SAN for the certificate to a single dNSName. void SetSubjectAltName(const std::string& dns_name) { // From RFC 5280: @@ -325,7 +491,7 @@ class CertBuilder { ASSERT_TRUE(CBB_add_asn1(cbb.get(), &general_names, CBS_ASN1_SEQUENCE)); ASSERT_TRUE(CBB_add_asn1(&general_names, &general_name, CBS_ASN1_CONTEXT_SPECIFIC | 2)); - ASSERT_TRUE(AddBytesToCBB(&general_name, dns_name)); + ASSERT_TRUE(CBBAddBytes(&general_name, dns_name)); SetExtension(SubjectAltNameOid(), FinishCBB(cbb.get())); } @@ -335,20 +501,12 @@ class CertBuilder { void SetSignatureAlgorithmRsaPkca1(DigestAlgorithm digest) { switch (digest) { case DigestAlgorithm::Sha256: { - const uint8_t kSha256WithRSAEncryption[] = { - 0x30, 0x0D, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00}; - SetSignatureAlgorithm(std::string(std::begin(kSha256WithRSAEncryption), - std::end(kSha256WithRSAEncryption))); + SetSignatureAlgorithm(Sha256WithRSAEncryption()); break; } case DigestAlgorithm::Sha1: { - const uint8_t kSha1WithRSAEncryption[] = {0x30, 0x0D, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x05, 0x05, 0x00}; - SetSignatureAlgorithm(std::string(std::begin(kSha1WithRSAEncryption), - std::end(kSha1WithRSAEncryption))); + SetSignatureAlgorithm(Sha1WithRSAEncryption()); break; } @@ -385,6 +543,13 @@ class CertBuilder { return subject_tlv_; } + // Returns the serial number for the generated certificate. + uint64_t GetSerialNumber() { + if (!serial_number_) + serial_number_ = base::RandUint64(); + return serial_number_; + } + // Returns the (RSA) key for the generated certificate. EVP_PKEY* GetKey() { if (!key_) @@ -415,26 +580,6 @@ class CertBuilder { key_ = bssl::UpRef(private_key->key()); } - // Adds bytes (specified as a StringPiece) to the given CBB. - static bool AddBytesToCBB(CBB* cbb, base::StringPiece bytes) { - return CBB_add_bytes(cbb, reinterpret_cast(bytes.data()), - bytes.size()); - } - - // Finalizes the CBB to a std::string. - static std::string FinishCBB(CBB* cbb) { - size_t cbb_len; - uint8_t* cbb_bytes; - - if (!CBB_finish(cbb, &cbb_bytes, &cbb_len)) { - ADD_FAILURE() << "CBB_finish() failed"; - return std::string(); - } - - bssl::UniquePtr delete_bytes(cbb_bytes); - return std::string(reinterpret_cast(cbb_bytes), cbb_len); - } - // Generates a random subject for the certificate, comprised of just a CN. void GenerateSubject() { ASSERT_TRUE(subject_tlv_.empty()); @@ -453,20 +598,13 @@ class CertBuilder { ASSERT_TRUE(CBB_add_asn1(&rdns, &rdn, CBS_ASN1_SET)); ASSERT_TRUE(CBB_add_asn1(&rdn, &attr, CBS_ASN1_SEQUENCE)); ASSERT_TRUE(CBB_add_asn1(&attr, &type, CBS_ASN1_OBJECT)); - ASSERT_TRUE(CBB_add_bytes(&type, kCommonName, sizeof(kCommonName))); + ASSERT_TRUE(CBBAddBytes(&type, kCommonName)); ASSERT_TRUE(CBB_add_asn1(&attr, &value, CBS_ASN1_UTF8STRING)); - ASSERT_TRUE(AddBytesToCBB(&value, common_name)); + ASSERT_TRUE(CBBAddBytes(&value, common_name)); subject_tlv_ = FinishCBB(cbb.get()); } - // Returns the serial number for the generated certificate. - uint64_t GetSerialNumber() { - if (!serial_number_) - serial_number_ = base::RandUint64(); - return serial_number_; - } - // Parses |cert| and copies the following properties: // * All extensions (dropping any duplicates) // * Signature algorithm (from Certificate) @@ -564,9 +702,9 @@ class CertBuilder { ASSERT_TRUE(CBB_add_asn1_uint64(&version, 2)); ASSERT_TRUE(CBB_add_asn1_uint64(&tbs_cert, GetSerialNumber())); ASSERT_TRUE(AddSignatureAlgorithm(&tbs_cert)); - ASSERT_TRUE(AddBytesToCBB(&tbs_cert, issuer_->GetSubject())); - ASSERT_TRUE(AddBytesToCBB(&tbs_cert, validity_tlv_)); - ASSERT_TRUE(AddBytesToCBB(&tbs_cert, GetSubject())); + ASSERT_TRUE(CBBAddBytes(&tbs_cert, issuer_->GetSubject())); + ASSERT_TRUE(CBBAddBytes(&tbs_cert, validity_tlv_)); + ASSERT_TRUE(CBBAddBytes(&tbs_cert, GetSubject())); ASSERT_TRUE(EVP_marshal_public_key(&tbs_cert, GetKey())); // Serialize all the extensions. @@ -590,14 +728,14 @@ class CertBuilder { ASSERT_TRUE( CBB_add_asn1(&extensions, &extension_seq, CBS_ASN1_SEQUENCE)); ASSERT_TRUE(CBB_add_asn1(&extension_seq, &oid, CBS_ASN1_OBJECT)); - ASSERT_TRUE(AddBytesToCBB(&oid, extension_it.first)); + ASSERT_TRUE(CBBAddBytes(&oid, extension_it.first)); if (extension_it.second.critical) { ASSERT_TRUE(CBB_add_asn1_bool(&extension_seq, true)); } ASSERT_TRUE( CBB_add_asn1(&extension_seq, &extn_value, CBS_ASN1_OCTETSTRING)); - ASSERT_TRUE(AddBytesToCBB(&extn_value, extension_it.second.value)); + ASSERT_TRUE(CBBAddBytes(&extn_value, extension_it.second.value)); ASSERT_TRUE(CBB_flush(&extensions)); } } @@ -606,7 +744,7 @@ class CertBuilder { } bool AddSignatureAlgorithm(CBB* cbb) { - return AddBytesToCBB(cbb, signature_algorithm_tlv_); + return CBBAddBytes(cbb, signature_algorithm_tlv_); } void GenerateCertificate() { @@ -649,7 +787,7 @@ class CertBuilder { ASSERT_TRUE(CBB_init(cbb.get(), tbs_cert.size())); ASSERT_TRUE(CBB_add_asn1(cbb.get(), &cert, CBS_ASN1_SEQUENCE)); - ASSERT_TRUE(AddBytesToCBB(&cert, tbs_cert)); + ASSERT_TRUE(CBBAddBytes(&cert, tbs_cert)); ASSERT_TRUE(AddSignatureAlgorithm(&cert)); ASSERT_TRUE(CBB_add_asn1(&cert, &signature, CBS_ASN1_BITSTRING)); ASSERT_TRUE(CBB_add_u8(&signature, 0 /* no unused bits */)); @@ -701,13 +839,8 @@ class CertVerifyProcInternalTest // fetching by calling SetUpWithCertNetFetcher instead of SetUp. void SetUpWithCertNetFetcher(scoped_refptr cert_net_fetcher) { CertVerifyProcType type = verify_proc_type(); - if (type == CERT_VERIFY_PROC_BUILTIN) { - verify_proc_ = CreateCertVerifyProcBuiltin(std::move(cert_net_fetcher)); - } else if (type == GetDefaultCertVerifyProcType()) { - verify_proc_ = CertVerifyProc::CreateDefault(std::move(cert_net_fetcher)); - } else { - ADD_FAILURE() << "Unhandled CertVerifyProcType"; - } + verify_proc_ = CreateCertVerifyProc(type, std::move(cert_net_fetcher)); + ASSERT_TRUE(verify_proc_); } int Verify(X509Certificate* cert, @@ -741,7 +874,14 @@ class CertVerifyProcInternalTest } bool WeakKeysAreInvalid() const { -#if defined(OS_MACOSX) && !defined(OS_IOS) +#if defined(OS_IOS) + // Starting with iOS 13, certs with weak keys are treated as (recoverable) + // invalid certificate errors. + if (verify_proc_type() == CERT_VERIFY_PROC_IOS && + base::ios::IsRunningOnIOS13OrLater()) { + return true; + } +#elif defined(OS_MACOSX) // Starting with Mac OS 10.12, certs with weak keys are treated as // (recoverable) invalid certificate errors. if (verify_proc_type() == CERT_VERIFY_PROC_MAC && @@ -773,6 +913,19 @@ class CertVerifyProcInternalTest verify_proc_type() == CERT_VERIFY_PROC_BUILTIN; } + bool SupportsSoftFailRevChecking() const { + return verify_proc_type() == CERT_VERIFY_PROC_NSS || + verify_proc_type() == CERT_VERIFY_PROC_WIN || + verify_proc_type() == CERT_VERIFY_PROC_MAC || + verify_proc_type() == CERT_VERIFY_PROC_BUILTIN; + } + + bool SupportsRevCheckingRequiredLocalAnchors() const { + return verify_proc_type() == CERT_VERIFY_PROC_NSS || + verify_proc_type() == CERT_VERIFY_PROC_WIN || + verify_proc_type() == CERT_VERIFY_PROC_BUILTIN; + } + CertVerifyProc* verify_proc() const { return verify_proc_.get(); } private: @@ -899,6 +1052,99 @@ TEST_P(CertVerifyProcInternalTest, EXPECT_FALSE(verify_result.cert_status & CERT_STATUS_IS_EV); } +// Target cert has an EV policy, and has a valid path to the EV root, but the +// intermediate has been trusted directly. Should stop building the path at the +// intermediate and verify OK but not with STATUS_IS_EV. +// See https://crbug.com/979801 +TEST_P(CertVerifyProcInternalTest, TrustedIntermediateCertWithEVPolicy) { + if (!SupportsEV()) { + LOG(INFO) << "Skipping test as EV verification is not yet supported"; + return; + } + if (!ScopedTestRootCanTrustIntermediateCert(verify_proc_type())) { + LOG(INFO) << "Skipping test as intermediate cert cannot be trusted"; + return; + } + + CertificateList orig_certs = CreateCertificateListFromFile( + GetTestCertsDirectory(), "explicit-policy-chain.pem", + X509Certificate::FORMAT_AUTO); + ASSERT_EQ(3U, orig_certs.size()); + + for (bool trust_the_intermediate : {false, true}) { + // Need to build unique certs for each try otherwise caching can break + // things. + CertBuilder root(orig_certs[2]->cert_buffer(), nullptr); + CertBuilder intermediate(orig_certs[1]->cert_buffer(), &root); + CertBuilder leaf(orig_certs[0]->cert_buffer(), &intermediate); + + // The policy that "explicit-policy-chain.pem" target certificate asserts. + static const char kEVTestCertPolicy[] = "1.2.3.4"; + // Consider the root of the test chain a valid EV root for the test policy. + ScopedTestEVPolicy scoped_test_ev_policy( + EVRootCAMetadata::GetInstance(), + X509Certificate::CalculateFingerprint256(root.GetCertBuffer()), + kEVTestCertPolicy); + + // CRLSet which covers the leaf. + base::StringPiece intermediate_spki; + ASSERT_TRUE(asn1::ExtractSPKIFromDERCert( + x509_util::CryptoBufferAsStringPiece(intermediate.GetCertBuffer()), + &intermediate_spki)); + SHA256HashValue intermediate_spki_hash; + crypto::SHA256HashString(intermediate_spki, &intermediate_spki_hash, + sizeof(SHA256HashValue)); + scoped_refptr crl_set = + CRLSet::ForTesting(false, &intermediate_spki_hash, "", "", {}); + + std::vector> intermediates; + intermediates.push_back(bssl::UpRef(intermediate.GetCertBuffer())); + scoped_refptr cert = X509Certificate::CreateFromBuffer( + bssl::UpRef(leaf.GetCertBuffer()), std::move(intermediates)); + ASSERT_TRUE(cert.get()); + + scoped_refptr intermediate_cert = + X509Certificate::CreateFromBuffer( + bssl::UpRef(intermediate.GetCertBuffer()), {}); + ASSERT_TRUE(intermediate_cert.get()); + + scoped_refptr root_cert = + X509Certificate::CreateFromBuffer(bssl::UpRef(root.GetCertBuffer()), + {}); + ASSERT_TRUE(root_cert.get()); + + if (!trust_the_intermediate) { + // First trust just the root. This verifies that the test setup is + // actually correct. + ScopedTestRoot scoped_test_root({root_cert}); + CertVerifyResult verify_result; + int flags = 0; + int error = Verify(cert.get(), "policy_test.example", flags, + crl_set.get(), CertificateList(), &verify_result); + EXPECT_THAT(error, IsOk()); + ASSERT_TRUE(verify_result.verified_cert); + // Verified chain should include the intermediate and the root. + EXPECT_EQ(2U, verify_result.verified_cert->intermediate_buffers().size()); + // Should be EV. + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_IS_EV); + } else { + // Now try with trusting both the intermediate and the root. + ScopedTestRoot scoped_test_root({intermediate_cert, root_cert}); + CertVerifyResult verify_result; + int flags = 0; + int error = Verify(cert.get(), "policy_test.example", flags, + crl_set.get(), CertificateList(), &verify_result); + EXPECT_THAT(error, IsOk()); + ASSERT_TRUE(verify_result.verified_cert); + // Verified chain should only go to the trusted intermediate, not the + // root. + EXPECT_EQ(1U, verify_result.verified_cert->intermediate_buffers().size()); + // Should not be EV. + EXPECT_FALSE(verify_result.cert_status & CERT_STATUS_IS_EV); + } + } +} + // TODO(crbug.com/605457): the test expectation was incorrect on some // configurations, so disable the test until it is fixed (better to have // a bug to track a failing test than a false sense of security due to @@ -1071,6 +1317,22 @@ TEST_P(CertVerifyProcInternalTest, RejectExpiredCert) { EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_DATE_INVALID); } +static int GetMinimumRsaDsaKeySize() { +#if defined(OS_IOS) + // Beginning with iOS 13, the minimum key size for RSA/DSA algorithms is + // 2048 bits. See https://support.apple.com/en-us/HT210176 + if (base::ios::IsRunningOnIOS13OrLater()) + return 2048; +#elif defined(OS_MACOSX) + // Beginning with macOS 10.15, the minimum key size for RSA/DSA algorithms + // is 2048 bits. See https://support.apple.com/en-us/HT210176 + if (base::mac::IsAtLeastOS10_15()) + return 2048; +#endif + + return 1024; +} + // Currently, only RSA and DSA keys are checked for weakness, and our example // weak size is 768. These could change in the future. // @@ -1078,11 +1340,15 @@ TEST_P(CertVerifyProcInternalTest, RejectExpiredCert) { // algorithms and which are weak will pass this test. static bool IsWeakKeyType(const std::string& key_type) { size_t pos = key_type.find("-"); - std::string size = key_type.substr(0, pos); + std::string size_str = key_type.substr(0, pos); std::string type = key_type.substr(pos + 1); + int size = 0; + + if (!base::StringToInt(size_str, &size)) + return false; if (type == "rsa" || type == "dsa") - return size == "768"; + return size < GetMinimumRsaDsaKeySize(); return false; } @@ -1138,10 +1404,15 @@ TEST_P(CertVerifyProcInternalTest, RejectWeakKeys) { if (IsWeakKeyType(*ee_type) || IsWeakKeyType(*signer_type)) { EXPECT_NE(OK, error); - EXPECT_EQ(CERT_STATUS_WEAK_KEY, - verify_result.cert_status & CERT_STATUS_WEAK_KEY); - EXPECT_EQ(WeakKeysAreInvalid() ? CERT_STATUS_INVALID : 0, - verify_result.cert_status & CERT_STATUS_INVALID); + if (WeakKeysAreInvalid()) { + EXPECT_EQ(CERT_STATUS_INVALID, + verify_result.cert_status & CERT_STATUS_INVALID); + + } else { + EXPECT_EQ(CERT_STATUS_WEAK_KEY, + verify_result.cert_status & CERT_STATUS_WEAK_KEY); + EXPECT_EQ(0u, verify_result.cert_status & CERT_STATUS_INVALID); + } } else { EXPECT_THAT(error, IsOk()); EXPECT_EQ(0U, verify_result.cert_status & CERT_STATUS_WEAK_KEY); @@ -1833,12 +2104,12 @@ TEST_P(CertVerifyProcInternalTest, Sha1IntermediateUsesServerGatedCrypto) { if (AreSHA1IntermediatesAllowed()) { EXPECT_THAT(error, IsOk()); - EXPECT_EQ(CERT_STATUS_SHA1_SIGNATURE_PRESENT, verify_result.cert_status); + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_SHA1_SIGNATURE_PRESENT); } else { - EXPECT_THAT(error, IsError(ERR_CERT_WEAK_SIGNATURE_ALGORITHM)); - EXPECT_EQ(CERT_STATUS_WEAK_SIGNATURE_ALGORITHM | - CERT_STATUS_SHA1_SIGNATURE_PRESENT, - verify_result.cert_status); + EXPECT_NE(error, OK); + EXPECT_TRUE(verify_result.cert_status & + CERT_STATUS_WEAK_SIGNATURE_ALGORITHM); + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_SHA1_SIGNATURE_PRESENT); } } @@ -2249,10 +2520,6 @@ TEST_P(CertVerifyProcInternalTest, IsIssuedByKnownRootIgnoresTestRoots) { // Test verification with a leaf that does not contain embedded SCTs, and which // has a notBefore date after 2018/10/15, and with no |sct_list|. // On recent macOS and iOS versions this should fail to verify. -// The iOS simulator has different verifier behavior than a real device, and -// verification succeeds on all currently available versions. If this test -// fails on iossim in the future, disable the test on TARGET_IPHONE_SIMULATOR -// and file a bug against mattm. TEST_P(CertVerifyProcInternalTest, LeafNewerThan20181015NoScts) { scoped_refptr chain = CreateCertificateChainFromFile( GetTestCertsDirectory(), "treadclimber.pem", @@ -2274,7 +2541,7 @@ TEST_P(CertVerifyProcInternalTest, LeafNewerThan20181015NoScts) { #if defined(OS_IOS) && !TARGET_IPHONE_SIMULATOR if (verify_proc_type() == CERT_VERIFY_PROC_IOS) { - if (__builtin_available(iOS 12.2, *)) { + if (base::ios::IsRunningOnOrLater(12, 2, 0)) { // TODO(mattm): Check if this can this be mapped to some better error. EXPECT_THAT(error, IsError(ERR_CERT_INVALID)); EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_INVALID); @@ -2282,8 +2549,9 @@ TEST_P(CertVerifyProcInternalTest, LeafNewerThan20181015NoScts) { } } #elif defined(OS_MACOSX) - if (verify_proc_type() == CERT_VERIFY_PROC_MAC) { - if (__builtin_available(macOS 10.14.2, *)) { + if (verify_proc_type() == CERT_VERIFY_PROC_MAC || + verify_proc_type() == CERT_VERIFY_PROC_IOS) { + if (__builtin_available(macOS 10.14.2, iOS 13, *)) { // TODO(mattm): SecTrustEvaluate just gives a generic // CSSMERR_TP_VERIFY_ACTION_FAILED error. Not sure there's much that // could be done about that. @@ -2806,14 +3074,17 @@ class CertVerifyProcInternalWithNetFetchingTest // Registers a handler with the test server that responds with the given // Content-Type, HTTP status code, and response body, for GET requests // to |path|. - void RegisterSimpleTestServerHandler(std::string path, + // Returns the full URL to |path| for the current test server. + GURL RegisterSimpleTestServerHandler(std::string path, HttpStatusCode status_code, std::string content_type, std::string content) { + GURL handler_url(GetTestServerAbsoluteUrl(path)); base::AutoLock lock(request_handlers_lock_); request_handlers_.push_back(base::BindRepeating( &SimpleTestServerHandler, std::move(path), status_code, std::move(content_type), std::move(content))); + return handler_url; } // Returns a random URL path (starting with /) that has the given suffix. @@ -2826,15 +3097,14 @@ class CertVerifyProcInternalWithNetFetchingTest return test_server_.GetURL(path); } - // Creates a certificate chain for www.example.com, where the leaf certificate - // has an AIA URL pointing to the test server. - void CreateSimpleChainWithAIA( - scoped_refptr* out_leaf, - std::string* ca_issuers_path, - bssl::UniquePtr* out_intermediate, - scoped_refptr* out_root) { + // Creates a simple leaf->intermediate->root chain of CertBuilders with no AIA + // or CrlDistributionPoint extensions, and leaf having a subjectAltName of + // www.example.com. + static void CreateSimpleCertBuilderChain( + std::unique_ptr* out_leaf, + std::unique_ptr* out_intermediate, + std::unique_ptr* out_root) { const char kHostname[] = "www.example.com"; - base::FilePath certs_dir = GetTestNetDataDirectory() .AppendASCII("verify_certificate_chain_unittest") @@ -2844,24 +3114,169 @@ class CertVerifyProcInternalWithNetFetchingTest certs_dir, "chain.pem", X509Certificate::FORMAT_AUTO); ASSERT_EQ(3U, orig_certs.size()); - // Build a slightly modified variant of |orig_certs|. - CertBuilder root(orig_certs[2]->cert_buffer(), nullptr); - CertBuilder intermediate(orig_certs[1]->cert_buffer(), &root); - CertBuilder leaf(orig_certs[0]->cert_buffer(), &intermediate); + // Build slightly modified variants of |orig_certs|. + *out_root = + std::make_unique(orig_certs[2]->cert_buffer(), nullptr); + *out_intermediate = std::make_unique( + orig_certs[1]->cert_buffer(), out_root->get()); + (*out_intermediate)->EraseExtension(CrlDistributionPointsOid()); + (*out_intermediate)->EraseExtension(AuthorityInfoAccessOid()); + *out_leaf = std::make_unique(orig_certs[0]->cert_buffer(), + out_intermediate->get()); + (*out_leaf)->SetSubjectAltName(kHostname); + (*out_leaf)->EraseExtension(CrlDistributionPointsOid()); + (*out_leaf)->EraseExtension(AuthorityInfoAccessOid()); + } + + // Creates a certificate chain for www.example.com, where the leaf certificate + // has an AIA URL pointing to the test server. + void CreateSimpleChainWithAIA( + scoped_refptr* out_leaf, + std::string* ca_issuers_path, + bssl::UniquePtr* out_intermediate, + scoped_refptr* out_root) { + std::unique_ptr leaf, intermediate, root; + CreateSimpleCertBuilderChain(&leaf, &intermediate, &root); + ASSERT_TRUE(leaf && intermediate && root); // Make the leaf certificate have an AIA (CA Issuers) that points to the // embedded test server. This uses a random URL for predictable behavior in // the presence of global caching. *ca_issuers_path = MakeRandomPath(".cer"); GURL ca_issuers_url = GetTestServerAbsoluteUrl(*ca_issuers_path); - leaf.SetCaIssuersUrl(ca_issuers_url); - leaf.SetSubjectAltName(kHostname); + leaf->SetCaIssuersUrl(ca_issuers_url); // The chain being verified is solely the leaf certificate (missing the // intermediate and root). - *out_leaf = leaf.GetX509Certificate(); - *out_root = root.GetX509Certificate(); - *out_intermediate = intermediate.DupCertBuffer(); + *out_leaf = leaf->GetX509Certificate(); + *out_root = root->GetX509Certificate(); + *out_intermediate = intermediate->DupCertBuffer(); + } + + // Creates a CRL issued and signed by |crl_issuer|, marking |revoked_serials| + // as revoked. + // Returns the DER-encoded CRL. + static std::string CreateCrl(CertBuilder* crl_issuer, + const std::vector& revoked_serials, + DigestAlgorithm digest) { + std::string signature_algorithm; + const EVP_MD* md = nullptr; + switch (digest) { + case DigestAlgorithm::Sha256: { + signature_algorithm = Sha256WithRSAEncryption(); + md = EVP_sha256(); + break; + } + + case DigestAlgorithm::Sha1: { + signature_algorithm = Sha1WithRSAEncryption(); + md = EVP_sha1(); + break; + } + + case DigestAlgorithm::Md5: { + signature_algorithm = Md5WithRSAEncryption(); + md = EVP_md5(); + break; + } + + default: + ADD_FAILURE(); + return std::string(); + } + // TBSCertList ::= SEQUENCE { + // version Version OPTIONAL, + // -- if present, MUST be v2 + // signature AlgorithmIdentifier, + // issuer Name, + // thisUpdate Time, + // nextUpdate Time OPTIONAL, + // revokedCertificates SEQUENCE OF SEQUENCE { + // userCertificate CertificateSerialNumber, + // revocationDate Time, + // crlEntryExtensions Extensions OPTIONAL + // -- if present, version MUST be v2 + // } OPTIONAL, + // crlExtensions [0] EXPLICIT Extensions OPTIONAL + // -- if present, version MUST be v2 + // } + bssl::ScopedCBB tbs_cbb; + CBB tbs_cert_list, revoked_serials_cbb; + if (!CBB_init(tbs_cbb.get(), 10) || + !CBB_add_asn1(tbs_cbb.get(), &tbs_cert_list, CBS_ASN1_SEQUENCE) || + !CBB_add_asn1_uint64(&tbs_cert_list, 1 /* V2 */) || + !CBBAddBytes(&tbs_cert_list, signature_algorithm) || + !CBBAddBytes(&tbs_cert_list, crl_issuer->GetSubject()) || + !CBBAddTime(&tbs_cert_list, + base::Time::Now() - base::TimeDelta::FromDays(1)) || + !CBBAddTime(&tbs_cert_list, + base::Time::Now() + base::TimeDelta::FromDays(6))) { + ADD_FAILURE(); + return std::string(); + } + if (!revoked_serials.empty()) { + if (!CBB_add_asn1(&tbs_cert_list, &revoked_serials_cbb, + CBS_ASN1_SEQUENCE)) { + ADD_FAILURE(); + return std::string(); + } + for (const int64_t revoked_serial : revoked_serials) { + CBB revoked_serial_cbb; + if (!CBB_add_asn1(&revoked_serials_cbb, &revoked_serial_cbb, + CBS_ASN1_SEQUENCE) || + !CBB_add_asn1_uint64(&revoked_serial_cbb, revoked_serial) || + !CBBAddTime(&revoked_serial_cbb, + base::Time::Now() - base::TimeDelta::FromDays(1)) || + !CBB_flush(&revoked_serials_cbb)) { + ADD_FAILURE(); + return std::string(); + } + } + } + + std::string tbs_tlv = FinishCBB(tbs_cbb.get()); + + // CertificateList ::= SEQUENCE { + // tbsCertList TBSCertList, + // signatureAlgorithm AlgorithmIdentifier, + // signatureValue BIT STRING } + bssl::ScopedCBB crl_cbb; + CBB cert_list, signature; + bssl::ScopedEVP_MD_CTX ctx; + uint8_t* sig_out; + size_t sig_len; + if (!CBB_init(crl_cbb.get(), 10) || + !CBB_add_asn1(crl_cbb.get(), &cert_list, CBS_ASN1_SEQUENCE) || + !CBBAddBytes(&cert_list, tbs_tlv) || + !CBBAddBytes(&cert_list, signature_algorithm) || + !CBB_add_asn1(&cert_list, &signature, CBS_ASN1_BITSTRING) || + !CBB_add_u8(&signature, 0 /* no unused bits */) || + !EVP_DigestSignInit(ctx.get(), nullptr, md, nullptr, + crl_issuer->GetKey()) || + !EVP_DigestSign(ctx.get(), nullptr, &sig_len, + reinterpret_cast(tbs_tlv.data()), + tbs_tlv.size()) || + !CBB_reserve(&signature, &sig_out, sig_len) || + !EVP_DigestSign(ctx.get(), sig_out, &sig_len, + reinterpret_cast(tbs_tlv.data()), + tbs_tlv.size()) || + !CBB_did_write(&signature, sig_len)) { + ADD_FAILURE(); + return std::string(); + } + return FinishCBB(crl_cbb.get()); + } + + // Creates a CRL issued and signed by |crl_issuer|, marking |revoked_serials| + // as revoked, and registers it to be served by the test server. + // Returns the full URL to retrieve the CRL from the test server. + GURL CreateAndServeCrl(CertBuilder* crl_issuer, + const std::vector& revoked_serials, + DigestAlgorithm digest = DigestAlgorithm::Sha256) { + std::string crl = CreateCrl(crl_issuer, revoked_serials, digest); + std::string crl_path = MakeRandomPath(".crl"); + return RegisterSimpleTestServerHandler(crl_path, HTTP_OK, + "application/pkix-crl", crl); } private: @@ -3235,15 +3650,741 @@ TEST_P(CertVerifyProcInternalWithNetFetchingTest, // This seemed to be working on Windows when !AreSHA1IntermediatesAllowed() // from previous testing, but then failed on the Windows 10 bot. if (error != OK) { + EXPECT_TRUE(verify_result.cert_status & + CERT_STATUS_WEAK_SIGNATURE_ALGORITHM); + EXPECT_TRUE(verify_result.cert_status & + CERT_STATUS_SHA1_SIGNATURE_PRESENT); EXPECT_TRUE(verify_result.has_sha1); EXPECT_THAT(error, IsError(ERR_CERT_WEAK_SIGNATURE_ALGORITHM)); } } else { + EXPECT_NE(OK, error); + EXPECT_TRUE(verify_result.cert_status & + CERT_STATUS_WEAK_SIGNATURE_ALGORITHM); + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_SHA1_SIGNATURE_PRESENT); EXPECT_TRUE(verify_result.has_sha1); - EXPECT_THAT(error, IsError(ERR_CERT_WEAK_SIGNATURE_ALGORITHM)); } } +TEST_P(CertVerifyProcInternalWithNetFetchingTest, RevocationHardFailNoCrls) { + if (!SupportsRevCheckingRequiredLocalAnchors()) { + LOG(INFO) << "Skipping test as verifier doesn't support " + "VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS"; + return; + } + + // Create certs which have no AIA or CRL distribution points. + const char kHostname[] = "www.example.com"; + std::unique_ptr leaf, intermediate, root; + CreateSimpleCertBuilderChain(&leaf, &intermediate, &root); + ASSERT_TRUE(leaf && intermediate && root); + + // Trust the root and build a chain to verify that includes the intermediate. + ScopedTestRoot scoped_root(root->GetX509Certificate().get()); + scoped_refptr chain = CreateX509CertificateWithIntermediate( + leaf->DupCertBuffer(), intermediate->DupCertBuffer()); + ASSERT_TRUE(chain.get()); + + // Verify with hard-fail revocation checking for local anchors. + const int flags = CertVerifyProc::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; + CertVerifyResult verify_result; + int error = + Verify(chain.get(), kHostname, flags, CRLSet::BuiltinCRLSet().get(), + CertificateList(), &verify_result); + + // "Hard fail" handling varies for certificates that have no revocation + // mechanisms at all. Some implementations consider it okay, some consider it + // a failure. + if (verify_proc_type() == CERT_VERIFY_PROC_BUILTIN || + verify_proc_type() == CERT_VERIFY_PROC_WIN) { + EXPECT_THAT(error, IsOk()); + } else { + EXPECT_THAT(error, IsError(ERR_CERT_REVOKED)); + } + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); +} + +// CRL hard fail test where both leaf and intermediate are covered by valid +// CRLs which have empty (non-present) revokedCertificates list. Verification +// should succeed. +TEST_P(CertVerifyProcInternalWithNetFetchingTest, + RevocationHardFailCrlGoodNoRevokedCertificates) { + if (!SupportsRevCheckingRequiredLocalAnchors()) { + LOG(INFO) << "Skipping test as verifier doesn't support " + "VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS"; + return; + } + + const char kHostname[] = "www.example.com"; + std::unique_ptr leaf, intermediate, root; + CreateSimpleCertBuilderChain(&leaf, &intermediate, &root); + ASSERT_TRUE(leaf && intermediate && root); + + // Serve a root-issued CRL which does not revoke intermediate. + intermediate->SetCrlDistributionPointUrl(CreateAndServeCrl(root.get(), {})); + + // Serve an intermediate-issued CRL which does not revoke leaf. + leaf->SetCrlDistributionPointUrl(CreateAndServeCrl(intermediate.get(), {})); + + // Trust the root and build a chain to verify that includes the intermediate. + ScopedTestRoot scoped_root(root->GetX509Certificate().get()); + scoped_refptr chain = CreateX509CertificateWithIntermediate( + leaf->DupCertBuffer(), intermediate->DupCertBuffer()); + ASSERT_TRUE(chain.get()); + + // Verify with hard-fail revocation checking for local anchors. + const int flags = CertVerifyProc::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; + CertVerifyResult verify_result; + int error = + Verify(chain.get(), kHostname, flags, CRLSet::BuiltinCRLSet().get(), + CertificateList(), &verify_result); + + // Should pass, leaf and intermediate were covered by CRLs and were not + // revoked. + EXPECT_THAT(error, IsOk()); + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); +} + +// CRL hard fail test where both leaf and intermediate are covered by valid +// CRLs which have revokedCertificates lists that revoke other irrelevant +// serial numbers. Verification should succeed. +TEST_P(CertVerifyProcInternalWithNetFetchingTest, + RevocationHardFailCrlGoodIrrelevantSerialsRevoked) { + if (!SupportsRevCheckingRequiredLocalAnchors()) { + LOG(INFO) << "Skipping test as verifier doesn't support " + "VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS"; + return; + } + + const char kHostname[] = "www.example.com"; + std::unique_ptr leaf, intermediate, root; + CreateSimpleCertBuilderChain(&leaf, &intermediate, &root); + ASSERT_TRUE(leaf && intermediate && root); + + // Root-issued CRL revokes leaf's serial number. This is irrelevant. + intermediate->SetCrlDistributionPointUrl( + CreateAndServeCrl(root.get(), {leaf->GetSerialNumber()})); + + // Intermediate-issued CRL revokes intermediates's serial number. This is + // irrelevant. + leaf->SetCrlDistributionPointUrl( + CreateAndServeCrl(intermediate.get(), {intermediate->GetSerialNumber()})); + + // Trust the root and build a chain to verify that includes the intermediate. + ScopedTestRoot scoped_root(root->GetX509Certificate().get()); + scoped_refptr chain = CreateX509CertificateWithIntermediate( + leaf->DupCertBuffer(), intermediate->DupCertBuffer()); + ASSERT_TRUE(chain.get()); + + // Verify with hard-fail revocation checking for local anchors. + const int flags = CertVerifyProc::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; + CertVerifyResult verify_result; + int error = + Verify(chain.get(), kHostname, flags, CRLSet::BuiltinCRLSet().get(), + CertificateList(), &verify_result); + + // Should pass, leaf and intermediate were covered by CRLs and were not + // revoked. + EXPECT_THAT(error, IsOk()); + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); +} + +TEST_P(CertVerifyProcInternalWithNetFetchingTest, + RevocationHardFailLeafRevokedByCrl) { + if (!SupportsRevCheckingRequiredLocalAnchors()) { + LOG(INFO) << "Skipping test as verifier doesn't support " + "VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS"; + return; + } + + const char kHostname[] = "www.example.com"; + std::unique_ptr leaf, intermediate, root; + CreateSimpleCertBuilderChain(&leaf, &intermediate, &root); + ASSERT_TRUE(leaf && intermediate && root); + + // Root-issued CRL which does not revoke intermediate. + intermediate->SetCrlDistributionPointUrl(CreateAndServeCrl(root.get(), {})); + + // Leaf is revoked by intermediate issued CRL. + leaf->SetCrlDistributionPointUrl( + CreateAndServeCrl(intermediate.get(), {leaf->GetSerialNumber()})); + + // Trust the root and build a chain to verify that includes the intermediate. + ScopedTestRoot scoped_root(root->GetX509Certificate().get()); + scoped_refptr chain = CreateX509CertificateWithIntermediate( + leaf->DupCertBuffer(), intermediate->DupCertBuffer()); + ASSERT_TRUE(chain.get()); + + // Verify with hard-fail revocation checking for local anchors. + const int flags = CertVerifyProc::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; + CertVerifyResult verify_result; + int error = + Verify(chain.get(), kHostname, flags, CRLSet::BuiltinCRLSet().get(), + CertificateList(), &verify_result); + + // Should fail, leaf is revoked. + EXPECT_THAT(error, IsError(ERR_CERT_REVOKED)); + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); +} + +TEST_P(CertVerifyProcInternalWithNetFetchingTest, + RevocationHardFailIntermediateRevokedByCrl) { + if (!SupportsRevCheckingRequiredLocalAnchors()) { + LOG(INFO) << "Skipping test as verifier doesn't support " + "VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS"; + return; + } + + const char kHostname[] = "www.example.com"; + std::unique_ptr leaf, intermediate, root; + CreateSimpleCertBuilderChain(&leaf, &intermediate, &root); + ASSERT_TRUE(leaf && intermediate && root); + + // Intermediate is revoked by root issued CRL. + intermediate->SetCrlDistributionPointUrl( + CreateAndServeCrl(root.get(), {intermediate->GetSerialNumber()})); + + // Intermediate-issued CRL which does not revoke leaf. + leaf->SetCrlDistributionPointUrl(CreateAndServeCrl(intermediate.get(), {})); + + // Trust the root and build a chain to verify that includes the intermediate. + ScopedTestRoot scoped_root(root->GetX509Certificate().get()); + scoped_refptr chain = CreateX509CertificateWithIntermediate( + leaf->DupCertBuffer(), intermediate->DupCertBuffer()); + ASSERT_TRUE(chain.get()); + + // Verify with hard-fail revocation checking for local anchors. + const int flags = CertVerifyProc::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; + CertVerifyResult verify_result; + int error = + Verify(chain.get(), kHostname, flags, CRLSet::BuiltinCRLSet().get(), + CertificateList(), &verify_result); + + // Should fail, intermediate is revoked. + EXPECT_THAT(error, IsError(ERR_CERT_REVOKED)); + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); +} + +// CRL hard fail test where the intermediate certificate has a good CRL, but +// the leaf's distribution point returns an http error. Verification should +// fail. +TEST_P(CertVerifyProcInternalWithNetFetchingTest, + RevocationHardFailLeafCrlDpHttpError) { + if (!SupportsRevCheckingRequiredLocalAnchors()) { + LOG(INFO) << "Skipping test as verifier doesn't support " + "VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS"; + return; + } + + const char kHostname[] = "www.example.com"; + std::unique_ptr leaf, intermediate, root; + CreateSimpleCertBuilderChain(&leaf, &intermediate, &root); + ASSERT_TRUE(leaf && intermediate && root); + + // Serve a root-issued CRL which does not revoke intermediate. + intermediate->SetCrlDistributionPointUrl(CreateAndServeCrl(root.get(), {})); + + // Serve a 404 for the intermediate-issued CRL distribution point url. + leaf->SetCrlDistributionPointUrl(RegisterSimpleTestServerHandler( + MakeRandomPath(".crl"), HTTP_NOT_FOUND, "text/plain", "Not Found")); + + // Trust the root and build a chain to verify that includes the intermediate. + ScopedTestRoot scoped_root(root->GetX509Certificate().get()); + scoped_refptr chain = CreateX509CertificateWithIntermediate( + leaf->DupCertBuffer(), intermediate->DupCertBuffer()); + ASSERT_TRUE(chain.get()); + + // Verify with hard-fail revocation checking for local anchors. + const int flags = CertVerifyProc::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; + CertVerifyResult verify_result; + int error = + Verify(chain.get(), kHostname, flags, CRLSet::BuiltinCRLSet().get(), + CertificateList(), &verify_result); + + // Should fail since no revocation information was available for the leaf. + if (verify_proc_type() == CERT_VERIFY_PROC_BUILTIN) { + // TODO(https://crbug.com/964416): This should probably be ERR_CERT_REVOKED. + EXPECT_THAT(error, IsError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION)); + } else { + EXPECT_THAT(error, IsError(ERR_CERT_REVOKED)); + } + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); +} + +// CRL hard fail test where the leaf certificate has a good CRL, but +// the intermediate's distribution point returns an http error. Verification +// should fail. +TEST_P(CertVerifyProcInternalWithNetFetchingTest, + RevocationHardFailIntermediateCrlDpHttpError) { + if (!SupportsRevCheckingRequiredLocalAnchors()) { + LOG(INFO) << "Skipping test as verifier doesn't support " + "VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS"; + return; + } + + const char kHostname[] = "www.example.com"; + std::unique_ptr leaf, intermediate, root; + CreateSimpleCertBuilderChain(&leaf, &intermediate, &root); + ASSERT_TRUE(leaf && intermediate && root); + + // Serve a 404 for the root-issued CRL distribution point url. + intermediate->SetCrlDistributionPointUrl(RegisterSimpleTestServerHandler( + MakeRandomPath(".crl"), HTTP_NOT_FOUND, "text/plain", "Not Found")); + + // Serve an intermediate-issued CRL which does not revoke leaf. + leaf->SetCrlDistributionPointUrl(CreateAndServeCrl(intermediate.get(), {})); + + // Trust the root and build a chain to verify that includes the intermediate. + ScopedTestRoot scoped_root(root->GetX509Certificate().get()); + scoped_refptr chain = CreateX509CertificateWithIntermediate( + leaf->DupCertBuffer(), intermediate->DupCertBuffer()); + ASSERT_TRUE(chain.get()); + + // Verify with hard-fail revocation checking for local anchors. + const int flags = CertVerifyProc::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; + CertVerifyResult verify_result; + int error = + Verify(chain.get(), kHostname, flags, CRLSet::BuiltinCRLSet().get(), + CertificateList(), &verify_result); + + // Should fail since no revocation information was available for the + // intermediate. + if (verify_proc_type() == CERT_VERIFY_PROC_BUILTIN) { + // TODO(https://crbug.com/964416): This should probably be ERR_CERT_REVOKED. + EXPECT_THAT(error, IsError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION)); + } else { + EXPECT_THAT(error, IsError(ERR_CERT_REVOKED)); + } + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); +} + +TEST_P(CertVerifyProcInternalWithNetFetchingTest, RevocationSoftFailNoCrls) { + if (!SupportsSoftFailRevChecking()) { + LOG(INFO) << "Skipping test as verifier doesn't support " + "VERIFY_REV_CHECKING_ENABLED"; + return; + } + + // Create certs which have no AIA or CRL distribution points. + const char kHostname[] = "www.example.com"; + std::unique_ptr leaf, intermediate, root; + CreateSimpleCertBuilderChain(&leaf, &intermediate, &root); + ASSERT_TRUE(leaf && intermediate && root); + + // Trust the root and build a chain to verify that includes the intermediate. + ScopedTestRoot scoped_root(root->GetX509Certificate().get()); + scoped_refptr chain = CreateX509CertificateWithIntermediate( + leaf->DupCertBuffer(), intermediate->DupCertBuffer()); + ASSERT_TRUE(chain.get()); + + // Verify with soft-fail revocation checking. + const int flags = CertVerifyProc::VERIFY_REV_CHECKING_ENABLED; + CertVerifyResult verify_result; + int error = + Verify(chain.get(), kHostname, flags, CRLSet::BuiltinCRLSet().get(), + CertificateList(), &verify_result); + + if (verify_proc_type() == CERT_VERIFY_PROC_MAC && IsMacAtLeastOS10_12()) { + // CRL handling seems broken on macOS >= 10.12. + // TODO(mattm): followup on this. + EXPECT_THAT(error, IsError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION)); + } else { + // Soft-fail revocation checking should succeed when no revocation mechanism + // is available. + EXPECT_THAT(error, IsOk()); + } + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); +} + +// CRL soft fail test where both leaf and intermediate are covered by valid +// CRLs which have empty (non-present) revokedCertificates list. Verification +// should succeed. +TEST_P(CertVerifyProcInternalWithNetFetchingTest, + RevocationSoftFailCrlGoodNoRevokedCertificates) { + if (!SupportsSoftFailRevChecking()) { + LOG(INFO) << "Skipping test as verifier doesn't support " + "VERIFY_REV_CHECKING_ENABLED"; + return; + } + + const char kHostname[] = "www.example.com"; + std::unique_ptr leaf, intermediate, root; + CreateSimpleCertBuilderChain(&leaf, &intermediate, &root); + ASSERT_TRUE(leaf && intermediate && root); + + // Serve a root-issued CRL which does not revoke intermediate. + intermediate->SetCrlDistributionPointUrl(CreateAndServeCrl(root.get(), {})); + + // Serve an intermediate-issued CRL which does not revoke leaf. + leaf->SetCrlDistributionPointUrl(CreateAndServeCrl(intermediate.get(), {})); + + // Trust the root and build a chain to verify that includes the intermediate. + ScopedTestRoot scoped_root(root->GetX509Certificate().get()); + scoped_refptr chain = CreateX509CertificateWithIntermediate( + leaf->DupCertBuffer(), intermediate->DupCertBuffer()); + ASSERT_TRUE(chain.get()); + + // Verify with soft-fail revocation checking. + const int flags = CertVerifyProc::VERIFY_REV_CHECKING_ENABLED; + CertVerifyResult verify_result; + int error = + Verify(chain.get(), kHostname, flags, CRLSet::BuiltinCRLSet().get(), + CertificateList(), &verify_result); + + if (verify_proc_type() == CERT_VERIFY_PROC_MAC && IsMacAtLeastOS10_12()) { + // CRL handling seems broken on macOS >= 10.12. + // TODO(mattm): followup on this. + EXPECT_THAT(error, IsError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION)); + } else { + // Should pass, leaf and intermediate were covered by CRLs and were not + // revoked. + EXPECT_THAT(error, IsOk()); + } + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); +} + +// CRL soft fail test where both leaf and intermediate are covered by valid +// CRLs which have revokedCertificates lists that revoke other irrelevant +// serial numbers. Verification should succeed. +TEST_P(CertVerifyProcInternalWithNetFetchingTest, + RevocationSoftFailCrlGoodIrrelevantSerialsRevoked) { + if (!SupportsSoftFailRevChecking()) { + LOG(INFO) << "Skipping test as verifier doesn't support " + "VERIFY_REV_CHECKING_ENABLED"; + return; + } + + const char kHostname[] = "www.example.com"; + std::unique_ptr leaf, intermediate, root; + CreateSimpleCertBuilderChain(&leaf, &intermediate, &root); + ASSERT_TRUE(leaf && intermediate && root); + + // Root-issued CRL revokes leaf's serial number. This is irrelevant. + intermediate->SetCrlDistributionPointUrl( + CreateAndServeCrl(root.get(), {leaf->GetSerialNumber()})); + + // Intermediate-issued CRL revokes intermediates's serial number. This is + // irrelevant. + leaf->SetCrlDistributionPointUrl( + CreateAndServeCrl(intermediate.get(), {intermediate->GetSerialNumber()})); + + // Trust the root and build a chain to verify that includes the intermediate. + ScopedTestRoot scoped_root(root->GetX509Certificate().get()); + scoped_refptr chain = CreateX509CertificateWithIntermediate( + leaf->DupCertBuffer(), intermediate->DupCertBuffer()); + ASSERT_TRUE(chain.get()); + + // Verify with soft-fail revocation checking. + const int flags = CertVerifyProc::VERIFY_REV_CHECKING_ENABLED; + CertVerifyResult verify_result; + int error = + Verify(chain.get(), kHostname, flags, CRLSet::BuiltinCRLSet().get(), + CertificateList(), &verify_result); + + if (verify_proc_type() == CERT_VERIFY_PROC_MAC && IsMacAtLeastOS10_12()) { + // CRL handling seems broken on macOS >= 10.12. + // TODO(mattm): followup on this. + EXPECT_THAT(error, IsError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION)); + } else { + // Should pass, leaf and intermediate were covered by CRLs and were not + // revoked. + EXPECT_THAT(error, IsOk()); + } + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); +} + +TEST_P(CertVerifyProcInternalWithNetFetchingTest, + RevocationSoftFailLeafRevokedByCrl) { + if (!SupportsSoftFailRevChecking()) { + LOG(INFO) << "Skipping test as verifier doesn't support " + "VERIFY_REV_CHECKING_ENABLED"; + return; + } + + const char kHostname[] = "www.example.com"; + std::unique_ptr leaf, intermediate, root; + CreateSimpleCertBuilderChain(&leaf, &intermediate, &root); + ASSERT_TRUE(leaf && intermediate && root); + + // Root-issued CRL which does not revoke intermediate. + intermediate->SetCrlDistributionPointUrl(CreateAndServeCrl(root.get(), {})); + + // Leaf is revoked by intermediate issued CRL. + leaf->SetCrlDistributionPointUrl( + CreateAndServeCrl(intermediate.get(), {leaf->GetSerialNumber()})); + + // Trust the root and build a chain to verify that includes the intermediate. + ScopedTestRoot scoped_root(root->GetX509Certificate().get()); + scoped_refptr chain = CreateX509CertificateWithIntermediate( + leaf->DupCertBuffer(), intermediate->DupCertBuffer()); + ASSERT_TRUE(chain.get()); + + // Verify with soft-fail revocation checking. + const int flags = CertVerifyProc::VERIFY_REV_CHECKING_ENABLED; + CertVerifyResult verify_result; + int error = + Verify(chain.get(), kHostname, flags, CRLSet::BuiltinCRLSet().get(), + CertificateList(), &verify_result); + + if (verify_proc_type() == CERT_VERIFY_PROC_MAC && IsMacAtLeastOS10_12()) { + // CRL handling seems broken on macOS >= 10.12. + // TODO(mattm): followup on this. + EXPECT_THAT(error, IsError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION)); + } else { + // Should fail, leaf is revoked. + EXPECT_THAT(error, IsError(ERR_CERT_REVOKED)); + } + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); +} + +TEST_P(CertVerifyProcInternalWithNetFetchingTest, + RevocationSoftFailIntermediateRevokedByCrl) { + if (!SupportsSoftFailRevChecking()) { + LOG(INFO) << "Skipping test as verifier doesn't support " + "VERIFY_REV_CHECKING_ENABLED"; + return; + } + + const char kHostname[] = "www.example.com"; + std::unique_ptr leaf, intermediate, root; + CreateSimpleCertBuilderChain(&leaf, &intermediate, &root); + ASSERT_TRUE(leaf && intermediate && root); + + // Intermediate is revoked by root issued CRL. + intermediate->SetCrlDistributionPointUrl( + CreateAndServeCrl(root.get(), {intermediate->GetSerialNumber()})); + + // Intermediate-issued CRL which does not revoke leaf. + leaf->SetCrlDistributionPointUrl(CreateAndServeCrl(intermediate.get(), {})); + + // Trust the root and build a chain to verify that includes the intermediate. + ScopedTestRoot scoped_root(root->GetX509Certificate().get()); + scoped_refptr chain = CreateX509CertificateWithIntermediate( + leaf->DupCertBuffer(), intermediate->DupCertBuffer()); + ASSERT_TRUE(chain.get()); + + // Verify with soft-fail revocation checking. + const int flags = CertVerifyProc::VERIFY_REV_CHECKING_ENABLED; + CertVerifyResult verify_result; + int error = + Verify(chain.get(), kHostname, flags, CRLSet::BuiltinCRLSet().get(), + CertificateList(), &verify_result); + + if (verify_proc_type() == CERT_VERIFY_PROC_MAC && IsMacAtLeastOS10_12()) { + // CRL handling seems broken on macOS >= 10.12. + // TODO(mattm): followup on this. + EXPECT_THAT(error, IsError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION)); + } else { + // Should fail, intermediate is revoked. + EXPECT_THAT(error, IsError(ERR_CERT_REVOKED)); + } + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); +} + +TEST_P(CertVerifyProcInternalWithNetFetchingTest, + RevocationSoftFailLeafRevokedBySha1Crl) { + if (!SupportsSoftFailRevChecking()) { + LOG(INFO) << "Skipping test as verifier doesn't support " + "VERIFY_REV_CHECKING_ENABLED"; + return; + } + + const char kHostname[] = "www.example.com"; + std::unique_ptr leaf, intermediate, root; + CreateSimpleCertBuilderChain(&leaf, &intermediate, &root); + ASSERT_TRUE(leaf && intermediate && root); + + // Root-issued CRL which does not revoke intermediate. + intermediate->SetCrlDistributionPointUrl(CreateAndServeCrl(root.get(), {})); + + // Leaf is revoked by intermediate issued CRL which is signed with + // sha1WithRSAEncryption. + leaf->SetCrlDistributionPointUrl(CreateAndServeCrl( + intermediate.get(), {leaf->GetSerialNumber()}, DigestAlgorithm::Sha1)); + + // Trust the root and build a chain to verify that includes the intermediate. + ScopedTestRoot scoped_root(root->GetX509Certificate().get()); + scoped_refptr chain = CreateX509CertificateWithIntermediate( + leaf->DupCertBuffer(), intermediate->DupCertBuffer()); + ASSERT_TRUE(chain.get()); + + // Verify with soft-fail revocation checking. + const int flags = CertVerifyProc::VERIFY_REV_CHECKING_ENABLED; + CertVerifyResult verify_result; + int error = + Verify(chain.get(), kHostname, flags, CRLSet::BuiltinCRLSet().get(), + CertificateList(), &verify_result); + + if (verify_proc_type() == CERT_VERIFY_PROC_MAC && IsMacAtLeastOS10_12()) { + // CRL handling seems broken on macOS >= 10.12. + // TODO(mattm): followup on this. + EXPECT_THAT(error, IsError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION)); + } else { + // Should fail, leaf is revoked. + EXPECT_THAT(error, IsError(ERR_CERT_REVOKED)); + } + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); +} + +TEST_P(CertVerifyProcInternalWithNetFetchingTest, + RevocationSoftFailLeafRevokedByMd5Crl) { + if (!SupportsSoftFailRevChecking()) { + LOG(INFO) << "Skipping test as verifier doesn't support " + "VERIFY_REV_CHECKING_ENABLED"; + return; + } + + const char kHostname[] = "www.example.com"; + std::unique_ptr leaf, intermediate, root; + CreateSimpleCertBuilderChain(&leaf, &intermediate, &root); + ASSERT_TRUE(leaf && intermediate && root); + + // Root-issued CRL which does not revoke intermediate. + intermediate->SetCrlDistributionPointUrl(CreateAndServeCrl(root.get(), {})); + + // Leaf is revoked by intermediate issued CRL which is signed with + // md5WithRSAEncryption. + leaf->SetCrlDistributionPointUrl(CreateAndServeCrl( + intermediate.get(), {leaf->GetSerialNumber()}, DigestAlgorithm::Md5)); + + // Trust the root and build a chain to verify that includes the intermediate. + ScopedTestRoot scoped_root(root->GetX509Certificate().get()); + scoped_refptr chain = CreateX509CertificateWithIntermediate( + leaf->DupCertBuffer(), intermediate->DupCertBuffer()); + ASSERT_TRUE(chain.get()); + + // Verify with soft-fail revocation checking. + const int flags = CertVerifyProc::VERIFY_REV_CHECKING_ENABLED; + CertVerifyResult verify_result; + int error = + Verify(chain.get(), kHostname, flags, CRLSet::BuiltinCRLSet().get(), + CertificateList(), &verify_result); + + if (verify_proc_type() == CERT_VERIFY_PROC_BUILTIN) { + // TODO(https://crbug.com/964416): This should be OK? + EXPECT_THAT(error, IsError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION)); + } else if (verify_proc_type() == CERT_VERIFY_PROC_MAC && + IsMacAtLeastOS10_12()) { + // CRL handling seems broken on macOS >= 10.12. + // TODO(mattm): followup on this. + EXPECT_THAT(error, IsError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION)); + } else if (verify_proc_type() == CERT_VERIFY_PROC_WIN || + verify_proc_type() == CERT_VERIFY_PROC_MAC) { + // Windows and Mac <= 10.11 honor MD5 CRLs. ¯\_(ăƒ„)_/¯ + EXPECT_THAT(error, IsError(ERR_CERT_REVOKED)); + } else { + // Verification should succeed: MD5 signature algorithm is not supported + // and soft-fail checking will ignore the inability to get revocation + // status. + EXPECT_THAT(error, IsOk()); + } + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); +} + +// CRL soft fail test where the intermediate certificate has a good CRL, but +// the leaf's distribution point returns an http error. Verification should +// succeed. +TEST_P(CertVerifyProcInternalWithNetFetchingTest, + RevocationSoftFailLeafCrlDpHttpError) { + if (!SupportsSoftFailRevChecking()) { + LOG(INFO) << "Skipping test as verifier doesn't support " + "VERIFY_REV_CHECKING_ENABLED"; + return; + } + + const char kHostname[] = "www.example.com"; + std::unique_ptr leaf, intermediate, root; + CreateSimpleCertBuilderChain(&leaf, &intermediate, &root); + ASSERT_TRUE(leaf && intermediate && root); + + // Serve a root-issued CRL which does not revoke intermediate. + intermediate->SetCrlDistributionPointUrl(CreateAndServeCrl(root.get(), {})); + + // Serve a 404 for the intermediate-issued CRL distribution point url. + leaf->SetCrlDistributionPointUrl(RegisterSimpleTestServerHandler( + MakeRandomPath(".crl"), HTTP_NOT_FOUND, "text/plain", "Not Found")); + + // Trust the root and build a chain to verify that includes the intermediate. + ScopedTestRoot scoped_root(root->GetX509Certificate().get()); + scoped_refptr chain = CreateX509CertificateWithIntermediate( + leaf->DupCertBuffer(), intermediate->DupCertBuffer()); + ASSERT_TRUE(chain.get()); + + // Verify with soft-fail revocation checking. + const int flags = CertVerifyProc::VERIFY_REV_CHECKING_ENABLED; + CertVerifyResult verify_result; + int error = + Verify(chain.get(), kHostname, flags, CRLSet::BuiltinCRLSet().get(), + CertificateList(), &verify_result); + + if (verify_proc_type() == CERT_VERIFY_PROC_WIN) { + // Win gives ERR_CERT_UNABLE_TO_CHECK_REVOCATION if the revocation checking + // network requests failed. TODO(https://crbug.com/964416): should be OK? + EXPECT_THAT(error, IsError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION)); + } else if (verify_proc_type() == CERT_VERIFY_PROC_MAC && + IsMacAtLeastOS10_12()) { + // CRL handling seems broken on macOS >= 10.12. + // TODO(mattm): followup on this. + EXPECT_THAT(error, IsError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION)); + } else { + // Should succeed due to soft-fail revocation checking. + EXPECT_THAT(error, IsOk()); + } + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); +} + +// CRL soft fail test where the leaf certificate has a good CRL, but +// the intermediate's distribution point returns an http error. Verification +// should succeed. +TEST_P(CertVerifyProcInternalWithNetFetchingTest, + RevocationSoftFailIntermediateCrlDpHttpError) { + if (!SupportsSoftFailRevChecking()) { + LOG(INFO) << "Skipping test as verifier doesn't support " + "VERIFY_REV_CHECKING_ENABLED"; + return; + } + + const char kHostname[] = "www.example.com"; + std::unique_ptr leaf, intermediate, root; + CreateSimpleCertBuilderChain(&leaf, &intermediate, &root); + ASSERT_TRUE(leaf && intermediate && root); + + // Serve a 404 for the root-issued CRL distribution point url. + intermediate->SetCrlDistributionPointUrl(RegisterSimpleTestServerHandler( + MakeRandomPath(".crl"), HTTP_NOT_FOUND, "text/plain", "Not Found")); + + // Serve an intermediate-issued CRL which does not revoke leaf. + leaf->SetCrlDistributionPointUrl(CreateAndServeCrl(intermediate.get(), {})); + + // Trust the root and build a chain to verify that includes the intermediate. + ScopedTestRoot scoped_root(root->GetX509Certificate().get()); + scoped_refptr chain = CreateX509CertificateWithIntermediate( + leaf->DupCertBuffer(), intermediate->DupCertBuffer()); + ASSERT_TRUE(chain.get()); + + // Verify with soft-fail revocation checking. + const int flags = CertVerifyProc::VERIFY_REV_CHECKING_ENABLED; + CertVerifyResult verify_result; + int error = + Verify(chain.get(), kHostname, flags, CRLSet::BuiltinCRLSet().get(), + CertificateList(), &verify_result); + + if (verify_proc_type() == CERT_VERIFY_PROC_WIN) { + // Win gives ERR_CERT_UNABLE_TO_CHECK_REVOCATION if the revocation checking + // network requests failed. TODO(https://crbug.com/964416): should be OK? + EXPECT_THAT(error, IsError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION)); + } else if (verify_proc_type() == CERT_VERIFY_PROC_MAC && + IsMacAtLeastOS10_12()) { + // CRL handling seems broken on macOS >= 10.12. + // TODO(mattm): followup on this. + EXPECT_THAT(error, IsError(ERR_CERT_UNABLE_TO_CHECK_REVOCATION)); + } else { + // Should succeed due to soft-fail revocation checking. + EXPECT_THAT(error, IsOk()); + } + EXPECT_TRUE(verify_result.cert_status & CERT_STATUS_REV_CHECKING_ENABLED); +} + TEST(CertVerifyProcTest, RejectsMD2) { scoped_refptr cert( ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem")); diff --git a/chromium/net/cert/cert_verify_proc_win.h b/chromium/net/cert/cert_verify_proc_win.h index e5849069fbf..b89f08839b3 100644 --- a/chromium/net/cert/cert_verify_proc_win.h +++ b/chromium/net/cert/cert_verify_proc_win.h @@ -11,7 +11,7 @@ namespace net { // Performs certificate path construction and validation using Windows' // CryptoAPI. -class CertVerifyProcWin : public CertVerifyProc { +class NET_EXPORT_PRIVATE CertVerifyProcWin : public CertVerifyProc { public: CertVerifyProcWin(); diff --git a/chromium/net/cert/crl_set_fuzzer.cc b/chromium/net/cert/crl_set_fuzzer.cc new file mode 100644 index 00000000000..3b83709d190 --- /dev/null +++ b/chromium/net/cert/crl_set_fuzzer.cc @@ -0,0 +1,32 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "net/cert/crl_set.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + if (size < 32 + 32 + 20) + return 0; + + FuzzedDataProvider data_provider(data, size); + std::string spki_hash = data_provider.ConsumeBytesAsString(32); + std::string issuer_hash = data_provider.ConsumeBytesAsString(32); + size_t serial_length = data_provider.ConsumeIntegralInRange(4, 19); + std::string serial = data_provider.ConsumeBytesAsString(serial_length); + std::string crlset_data = data_provider.ConsumeRemainingBytesAsString(); + + scoped_refptr out_crl_set; + net::CRLSet::Parse(crlset_data, &out_crl_set); + + if (out_crl_set) { + out_crl_set->CheckSPKI(spki_hash); + out_crl_set->CheckSerial(serial, issuer_hash); + out_crl_set->IsExpired(); + } + + return 0; +} diff --git a/chromium/net/cert/ct_signed_certificate_timestamp_log_param.cc b/chromium/net/cert/ct_signed_certificate_timestamp_log_param.cc index 88f0dd59620..e90fb45853b 100644 --- a/chromium/net/cert/ct_signed_certificate_timestamp_log_param.cc +++ b/chromium/net/cert/ct_signed_certificate_timestamp_log_param.cc @@ -13,7 +13,6 @@ #include "base/values.h" #include "net/cert/ct_sct_to_string.h" #include "net/cert/signed_certificate_timestamp.h" -#include "net/log/net_log_capture_mode.h" namespace net { @@ -72,9 +71,8 @@ base::Value SCTListToPrintableValues( } // namespace -base::Value NetLogSignedCertificateTimestampCallback( - const SignedCertificateTimestampAndStatusList* scts, - NetLogCaptureMode capture_mode) { +base::Value NetLogSignedCertificateTimestampParams( + const SignedCertificateTimestampAndStatusList* scts) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetKey("scts", SCTListToPrintableValues(*scts)); @@ -82,11 +80,10 @@ base::Value NetLogSignedCertificateTimestampCallback( return dict; } -base::Value NetLogRawSignedCertificateTimestampCallback( +base::Value NetLogRawSignedCertificateTimestampParams( base::StringPiece embedded_scts, base::StringPiece sct_list_from_ocsp, - base::StringPiece sct_list_from_tls_extension, - NetLogCaptureMode capture_mode) { + base::StringPiece sct_list_from_tls_extension) { base::Value dict(base::Value::Type::DICTIONARY); SetBinaryData("embedded_scts", embedded_scts, &dict); diff --git a/chromium/net/cert/ct_signed_certificate_timestamp_log_param.h b/chromium/net/cert/ct_signed_certificate_timestamp_log_param.h index 89eb38ced2e..5704f82a5e9 100644 --- a/chromium/net/cert/ct_signed_certificate_timestamp_log_param.h +++ b/chromium/net/cert/ct_signed_certificate_timestamp_log_param.h @@ -16,25 +16,21 @@ class Value; namespace net { -class NetLogCaptureMode; - // Creates a dictionary of processed Signed Certificate Timestamps to be // logged in the NetLog. // See the documentation for SIGNED_CERTIFICATE_TIMESTAMPS_CHECKED // in net/log/net_log_event_type_list.h -base::Value NetLogSignedCertificateTimestampCallback( - const SignedCertificateTimestampAndStatusList* scts, - NetLogCaptureMode capture_mode); +base::Value NetLogSignedCertificateTimestampParams( + const SignedCertificateTimestampAndStatusList* scts); // Creates a dictionary of raw Signed Certificate Timestamps to be logged // in the NetLog. // See the documentation for SIGNED_CERTIFICATE_TIMESTAMPS_RECEIVED // in net/log/net_log_event_type_list.h -base::Value NetLogRawSignedCertificateTimestampCallback( +base::Value NetLogRawSignedCertificateTimestampParams( base::StringPiece embedded_scts, base::StringPiece sct_list_from_ocsp, - base::StringPiece sct_list_from_tls_extension, - NetLogCaptureMode capture_mode); + base::StringPiece sct_list_from_tls_extension); } // namespace net diff --git a/chromium/net/cert/internal/crl.cc b/chromium/net/cert/internal/crl.cc new file mode 100644 index 00000000000..1e580ad7678 --- /dev/null +++ b/chromium/net/cert/internal/crl.cc @@ -0,0 +1,603 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/cert/internal/crl.h" + +#include "base/stl_util.h" +#include "net/cert/internal/cert_errors.h" +#include "net/cert/internal/revocation_util.h" +#include "net/cert/internal/signature_algorithm.h" +#include "net/cert/internal/verify_name_match.h" +#include "net/cert/internal/verify_signed_data.h" +#include "net/der/input.h" +#include "net/der/parse_values.h" +#include "net/der/parser.h" +#include "net/der/tag.h" + +namespace net { + +namespace { + +// id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 } +// In dotted notation: 2.5.29.28 +der::Input IssuingDistributionPointOid() { + static const uint8_t oid[] = {0x55, 0x1d, 0x1c}; + return der::Input(oid); +} + +WARN_UNUSED_RESULT bool NormalizeNameTLV(const der::Input& name_tlv, + std::string* out_normalized_name) { + der::Parser parser(name_tlv); + der::Input name_rdn; + net::CertErrors unused_errors; + return parser.ReadTag(der::kSequence, &name_rdn) && + NormalizeName(name_rdn, out_normalized_name, &unused_errors) && + !parser.HasMore(); +} + +bool ContainsExactMatchingName(std::vector a, + std::vector b) { + std::sort(a.begin(), a.end()); + std::sort(b.begin(), b.end()); + return !base::STLSetIntersection>(a, b) + .empty(); +} + +} // namespace + +bool ParseCrlCertificateList(const der::Input& crl_tlv, + der::Input* out_tbs_cert_list_tlv, + der::Input* out_signature_algorithm_tlv, + der::BitString* out_signature_value) { + der::Parser parser(crl_tlv); + + // CertificateList ::= SEQUENCE { + der::Parser certificate_list_parser; + if (!parser.ReadSequence(&certificate_list_parser)) + return false; + + // tbsCertList TBSCertList + if (!certificate_list_parser.ReadRawTLV(out_tbs_cert_list_tlv)) + return false; + + // signatureAlgorithm AlgorithmIdentifier, + if (!certificate_list_parser.ReadRawTLV(out_signature_algorithm_tlv)) + return false; + + // signatureValue BIT STRING } + if (!certificate_list_parser.ReadBitString(out_signature_value)) + return false; + + // There isn't an extension point at the end of CertificateList. + if (certificate_list_parser.HasMore()) + return false; + + // By definition the input was a single CertificateList, so there shouldn't be + // unconsumed data. + if (parser.HasMore()) + return false; + + return true; +} + +bool ParseCrlTbsCertList(const der::Input& tbs_tlv, ParsedCrlTbsCertList* out) { + der::Parser parser(tbs_tlv); + + // TBSCertList ::= SEQUENCE { + der::Parser tbs_parser; + if (!parser.ReadSequence(&tbs_parser)) + return false; + + // version Version OPTIONAL, + // -- if present, MUST be v2 + base::Optional version_der; + if (!tbs_parser.ReadOptionalTag(der::kInteger, &version_der)) + return false; + if (version_der.has_value()) { + uint64_t version64; + if (!der::ParseUint64(*version_der, &version64)) + return false; + // If version is present, it MUST be v2(1). + if (version64 != 1) + return false; + out->version = CrlVersion::V2; + } else { + // Uh, RFC 5280 doesn't actually say it anywhere, but presumably if version + // is not specified, it is V1. + out->version = CrlVersion::V1; + } + + // signature AlgorithmIdentifier, + if (!tbs_parser.ReadRawTLV(&out->signature_algorithm_tlv)) + return false; + + // issuer Name, + if (!tbs_parser.ReadRawTLV(&out->issuer_tlv)) + return false; + + // thisUpdate Time, + if (!ReadUTCOrGeneralizedTime(&tbs_parser, &out->this_update)) + return false; + + // nextUpdate Time OPTIONAL, + der::Tag maybe_next_update_tag; + der::Input unused_next_update_input; + if (tbs_parser.PeekTagAndValue(&maybe_next_update_tag, + &unused_next_update_input) && + (maybe_next_update_tag == der::kUtcTime || + maybe_next_update_tag == der::kGeneralizedTime)) { + der::GeneralizedTime next_update_time; + if (!ReadUTCOrGeneralizedTime(&tbs_parser, &next_update_time)) + return false; + out->next_update = next_update_time; + } else { + out->next_update = base::nullopt; + } + + // revokedCertificates SEQUENCE OF SEQUENCE { ... } OPTIONAL, + der::Input unused_revoked_certificates; + der::Tag maybe_revoked_certifigates_tag; + if (tbs_parser.PeekTagAndValue(&maybe_revoked_certifigates_tag, + &unused_revoked_certificates) && + maybe_revoked_certifigates_tag == der::kSequence) { + der::Input revoked_certificates_tlv; + if (!tbs_parser.ReadRawTLV(&revoked_certificates_tlv)) + return false; + out->revoked_certificates_tlv = revoked_certificates_tlv; + } else { + out->revoked_certificates_tlv = base::nullopt; + } + + // crlExtensions [0] EXPLICIT Extensions OPTIONAL + // -- if present, version MUST be v2 + if (!tbs_parser.ReadOptionalTag(der::ContextSpecificConstructed(0), + &out->crl_extensions_tlv)) { + return false; + } + if (out->crl_extensions_tlv.has_value()) { + if (out->version != CrlVersion::V2) + return false; + } + + if (tbs_parser.HasMore()) { + // Invalid or extraneous elements. + return false; + } + + // By definition the input was a single sequence, so there shouldn't be + // unconsumed data. + if (parser.HasMore()) + return false; + + return true; +} + +bool ParseIssuingDistributionPoint( + const der::Input& extension_value, + std::unique_ptr* out_distribution_point_names, + ContainedCertsType* out_only_contains_cert_type) { + der::Parser idp_extension_value_parser(extension_value); + // IssuingDistributionPoint ::= SEQUENCE { + der::Parser idp_parser; + if (!idp_extension_value_parser.ReadSequence(&idp_parser)) + return false; + + // 5.2.5. Conforming CRLs issuers MUST NOT issue CRLs where the DER + // encoding of the issuing distribution point extension is an empty + // sequence. + if (!idp_parser.HasMore()) + return false; + + // distributionPoint [0] DistributionPointName OPTIONAL, + base::Optional distribution_point; + if (!idp_parser.ReadOptionalTag( + der::kTagContextSpecific | der::kTagConstructed | 0, + &distribution_point)) { + return false; + } + + if (distribution_point.has_value()) { + // DistributionPointName ::= CHOICE { + der::Parser dp_name_parser(*distribution_point); + // fullName [0] GeneralNames, + // nameRelativeToCRLIssuer [1] RelativeDistinguishedName } + base::Optional der_full_name; + if (!dp_name_parser.ReadOptionalTag( + der::kTagContextSpecific | der::kTagConstructed | 0, + &der_full_name)) { + return false; + } + if (!der_full_name) { + // Only fullName is supported. + return false; + } + CertErrors errors; + *out_distribution_point_names = + GeneralNames::CreateFromValue(*der_full_name, &errors); + if (!*out_distribution_point_names) + return false; + + if (dp_name_parser.HasMore()) { + // CHOICE represents a single value. + return false; + } + } + + *out_only_contains_cert_type = ContainedCertsType::ANY_CERTS; + + // onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, + base::Optional only_contains_user_certs; + if (!idp_parser.ReadOptionalTag(der::kTagContextSpecific | 1, + &only_contains_user_certs)) { + return false; + } + if (only_contains_user_certs.has_value()) { + bool bool_value; + if (!der::ParseBool(*only_contains_user_certs, &bool_value)) + return false; + if (!bool_value) + return false; // DER-encoding requires DEFAULT values be omitted. + *out_only_contains_cert_type = ContainedCertsType::USER_CERTS; + } + + // onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, + base::Optional only_contains_ca_certs; + if (!idp_parser.ReadOptionalTag(der::kTagContextSpecific | 2, + &only_contains_ca_certs)) { + return false; + } + if (only_contains_ca_certs.has_value()) { + bool bool_value; + if (!der::ParseBool(*only_contains_ca_certs, &bool_value)) + return false; + if (!bool_value) + return false; // DER-encoding requires DEFAULT values be omitted. + if (*out_only_contains_cert_type != ContainedCertsType::ANY_CERTS) { + // 5.2.5. at most one of onlyContainsUserCerts, onlyContainsCACerts, + // and onlyContainsAttributeCerts may be set to TRUE. + return false; + } + *out_only_contains_cert_type = ContainedCertsType::CA_CERTS; + } + + // onlySomeReasons [3] ReasonFlags OPTIONAL, + // indirectCRL [4] BOOLEAN DEFAULT FALSE, + // onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE } + // onlySomeReasons, indirectCRL, and onlyContainsAttributeCerts are not + // supported, fail parsing if they are present. + if (idp_parser.HasMore()) + return false; + + return true; +} + +CRLRevocationStatus GetCRLStatusForCert( + const der::Input& cert_serial, + CrlVersion crl_version, + const base::Optional& revoked_certificates_tlv) { + if (!revoked_certificates_tlv.has_value()) { + // RFC 5280 Section 5.1.2.6: "When there are no revoked certificates, the + // revoked certificates list MUST be absent." + // No covered certificates are revoked, therefore the cert is good. + return CRLRevocationStatus::GOOD; + } + + der::Parser parser(*revoked_certificates_tlv); + + // revokedCertificates SEQUENCE OF SEQUENCE { + der::Parser revoked_certificates_parser; + if (!parser.ReadSequence(&revoked_certificates_parser)) + return CRLRevocationStatus::UNKNOWN; + + // RFC 5280 Section 5.1.2.6: "When there are no revoked certificates, the + // revoked certificates list MUST be absent." + if (!revoked_certificates_parser.HasMore()) + return CRLRevocationStatus::UNKNOWN; + + // By definition the input was a single Extensions sequence, so there + // shouldn't be unconsumed data. + if (parser.HasMore()) + return CRLRevocationStatus::UNKNOWN; + + bool found_matching_serial = false; + + while (revoked_certificates_parser.HasMore()) { + // revokedCertificates SEQUENCE OF SEQUENCE { + der::Parser crl_entry_parser; + if (!revoked_certificates_parser.ReadSequence(&crl_entry_parser)) + return CRLRevocationStatus::UNKNOWN; + + der::Input revoked_cert_serial_number; + // userCertificate CertificateSerialNumber, + if (!crl_entry_parser.ReadTag(der::kInteger, &revoked_cert_serial_number)) + return CRLRevocationStatus::UNKNOWN; + + // revocationDate Time, + der::GeneralizedTime unused_revocation_date; + if (!ReadUTCOrGeneralizedTime(&crl_entry_parser, &unused_revocation_date)) + return CRLRevocationStatus::UNKNOWN; + + // crlEntryExtensions Extensions OPTIONAL + if (crl_entry_parser.HasMore()) { + // -- if present, version MUST be v2 + if (crl_version != CrlVersion::V2) + return CRLRevocationStatus::UNKNOWN; + + der::Input crl_entry_extensions_tlv; + if (!crl_entry_parser.ReadRawTLV(&crl_entry_extensions_tlv)) + return CRLRevocationStatus::UNKNOWN; + + std::map extensions; + if (!ParseExtensions(crl_entry_extensions_tlv, &extensions)) + return CRLRevocationStatus::UNKNOWN; + + // RFC 5280 Section 5.3: "If a CRL contains a critical CRL entry + // extension that the application cannot process, then the application + // MUST NOT use that CRL to determine the status of any certificates." + for (const auto& ext : extensions) { + if (ext.second.critical) + return CRLRevocationStatus::UNKNOWN; + } + } + + if (crl_entry_parser.HasMore()) + return CRLRevocationStatus::UNKNOWN; + + if (revoked_cert_serial_number == cert_serial) { + // Cert is revoked, but can't return yet since there might be critical + // extensions on later entries that would prevent use of this CRL. + found_matching_serial = true; + } + } + + if (found_matching_serial) + return CRLRevocationStatus::REVOKED; + + // |cert| is not present in the revokedCertificates list. + return CRLRevocationStatus::GOOD; +} + +ParsedCrlTbsCertList::ParsedCrlTbsCertList() = default; +ParsedCrlTbsCertList::~ParsedCrlTbsCertList() = default; + +CRLRevocationStatus CheckCRL(base::StringPiece raw_crl, + const ParsedCertificateList& valid_chain, + size_t target_cert_index, + const ParsedDistributionPoint& cert_dp, + const base::Time& verify_time, + const base::TimeDelta& max_age) { + DCHECK_LT(target_cert_index, valid_chain.size()); + const ParsedCertificate* target_cert = valid_chain[target_cert_index].get(); + + // 6.3.3 (a) Update the local CRL cache by obtaining a complete CRL, a + // delta CRL, or both, as required. + // + // This implementation only supports complete CRLs and takes the CRL as + // input, it is up to the caller to provide an up to date CRL. + + der::Input tbs_cert_list_tlv; + der::Input signature_algorithm_tlv; + der::BitString signature_value; + if (!ParseCrlCertificateList(der::Input(raw_crl), &tbs_cert_list_tlv, + &signature_algorithm_tlv, &signature_value)) { + return CRLRevocationStatus::UNKNOWN; + } + + ParsedCrlTbsCertList tbs_cert_list; + if (!ParseCrlTbsCertList(tbs_cert_list_tlv, &tbs_cert_list)) + return CRLRevocationStatus::UNKNOWN; + + // 5.1.1.2 signatureAlgorithm + // This field MUST contain the same algorithm identifier as the + // signature field in the sequence tbsCertList (Section 5.1.2.2). + if (!SignatureAlgorithm::IsEquivalent( + signature_algorithm_tlv, tbs_cert_list.signature_algorithm_tlv)) { + return CRLRevocationStatus::UNKNOWN; + } + // TODO(https://crbug.com/749276): Check the signature algorithm against + // policy. + std::unique_ptr signature_algorithm = + SignatureAlgorithm::Create(signature_algorithm_tlv, /*errors=*/nullptr); + if (!signature_algorithm) + return CRLRevocationStatus::UNKNOWN; + + // Check CRL dates. Roughly corresponds to 6.3.3 (a) (1) but does not attempt + // to update the CRL if it is out of date. + if (!CheckRevocationDateValid( + tbs_cert_list.this_update, + base::OptionalOrNullptr(tbs_cert_list.next_update), verify_time, + max_age)) { + return CRLRevocationStatus::UNKNOWN; + } + + // 6.3.3 (a) (2) is skipped: This implementation does not support delta CRLs. + + // 6.3.3 (b) Verify the issuer and scope of the complete CRL as follows: + // 6.3.3 (b) (1) If the DP includes cRLIssuer, then verify that the issuer + // field in the complete CRL matches cRLIssuer in the DP and + // that the complete CRL contains an issuing distribution + // point extension with the indirectCRL boolean asserted. + if (cert_dp.has_crl_issuer) { + // Indirect CRLs are not supported. + return CRLRevocationStatus::UNKNOWN; + } + // 6.3.3 (b) (1) Otherwise, verify that the CRL issuer matches the + // certificate issuer. + // + // Normalization for the name comparison is used although the RFC is not + // clear on this. There are several places that explicitly are called out as + // requiring identical encodings: + // + // 4.2.1.13. CRL Distribution Points (cert extension) says the DP cRLIssuer + // field MUST be exactly the same as the encoding in issuer field of the + // CRL. + // + // 5.2.5. Issuing Distribution Point (crl extension) + // The identical encoding MUST be used in the distributionPoint fields + // of the certificate and the CRL. + // + // 5.3.3. Certificate Issuer (crl entry extension) also says "The encoding of + // the DN MUST be identical to the encoding used in the certificate" + // + // But 6.3.3 (b) (1) just says "matches". Also NIST PKITS includes at least + // one test that requires normalization here. + // TODO(https://crbug.com/749276): could do exact comparison first and only + // fall back to normalizing if that fails. + std::string normalized_crl_issuer; + if (!NormalizeNameTLV(tbs_cert_list.issuer_tlv, &normalized_crl_issuer)) + return CRLRevocationStatus::UNKNOWN; + if (der::Input(&normalized_crl_issuer) != target_cert->normalized_issuer()) + return CRLRevocationStatus::UNKNOWN; + + if (tbs_cert_list.crl_extensions_tlv.has_value()) { + std::map extensions; + if (!ParseExtensions(*tbs_cert_list.crl_extensions_tlv, &extensions)) + return CRLRevocationStatus::UNKNOWN; + + // 6.3.3 (b) (2) If the complete CRL includes an issuing distribution point + // (IDP) CRL extension, check the following: + ParsedExtension idp_extension; + if (ConsumeExtension(IssuingDistributionPointOid(), &extensions, + &idp_extension)) { + std::unique_ptr distribution_point_names; + ContainedCertsType only_contains_cert_type; + if (!ParseIssuingDistributionPoint(idp_extension.value, + &distribution_point_names, + &only_contains_cert_type)) { + return CRLRevocationStatus::UNKNOWN; + } + + if (distribution_point_names) { + // 6.3.3. (b) (2) (i) If the distribution point name is present in the + // IDP CRL extension and the distribution field is + // present in the DP, then verify that one of the + // names in the IDP matches one of the names in the + // DP. + // 5.2.5. The identical encoding MUST be used in the distributionPoint + // fields of the certificate and the CRL. + // TODO(https://crbug.com/749276): Check other name types? + if (!ContainsExactMatchingName( + cert_dp.uris, + distribution_point_names->uniform_resource_identifiers)) { + return CRLRevocationStatus::UNKNOWN; + } + + // 6.3.3. (b) (2) (i) If the distribution point name is present in the + // IDP CRL extension and the distribution field is + // omitted from the DP, then verify that one of the + // names in the IDP matches one of the names in the + // cRLIssuer field of the DP. + // Indirect CRLs are not supported, if indirectCRL was specified, + // ParseIssuingDistributionPoint would already have failed. + } + + switch (only_contains_cert_type) { + case ContainedCertsType::USER_CERTS: + // 6.3.3. (b) (2) (ii) If the onlyContainsUserCerts boolean is + // asserted in the IDP CRL extension, verify + // that the certificate does not include the + // basic constraints extension with the cA + // boolean asserted. + // 5.2.5. If either onlyContainsUserCerts or onlyContainsCACerts is + // set to TRUE, then the scope of the CRL MUST NOT include any + // version 1 or version 2 certificates. + if ((target_cert->has_basic_constraints() && + target_cert->basic_constraints().is_ca) || + target_cert->tbs().version == CertificateVersion::V1 || + target_cert->tbs().version == CertificateVersion::V2) { + return CRLRevocationStatus::UNKNOWN; + } + break; + + case ContainedCertsType::CA_CERTS: + // 6.3.3. (b) (2) (iii) If the onlyContainsCACerts boolean is asserted + // in the IDP CRL extension, verify that the + // certificate includes the basic constraints + // extension with the cA boolean asserted. + // The version check is not done here, as the basicConstraints + // extension is required, and could not be present unless it is a V3 + // certificate. + if (!target_cert->has_basic_constraints() || + !target_cert->basic_constraints().is_ca) { + return CRLRevocationStatus::UNKNOWN; + } + break; + + case ContainedCertsType::ANY_CERTS: + // (iv) Verify that the onlyContainsAttributeCerts + // boolean is not asserted. + // If onlyContainsAttributeCerts was present, + // ParseIssuingDistributionPoint would already have failed. + break; + } + } + + for (const auto& ext : extensions) { + // Fail if any unhandled critical CRL extensions are present. + if (ext.second.critical) + return CRLRevocationStatus::UNKNOWN; + } + } + + // 6.3.3 (c-e) skipped: delta CRLs and reason codes are not supported. + + // This implementation only supports direct CRLs where the CRL was signed by + // one of the certs in its validated issuer chain. This allows handling some + // cases of key rollover without requiring additional CRL issuer cert + // discovery & path building. + // TODO(https://crbug.com/749276): should this loop start at + // |target_cert_index|? There doesn't seem to be anything in the specs that + // precludes a CRL signed by a self-issued cert from covering itself. On the + // other hand it seems like a pretty weird thing to allow and causes NIST + // PKITS 4.5.3 to pass when it seems like it would not be intended to (since + // issuingDistributionPoint CRL extension is not handled). + for (size_t i = target_cert_index + 1; i < valid_chain.size(); ++i) { + const ParsedCertificate* issuer_cert = valid_chain[i].get(); + + // 6.3.3 (f) Obtain and validate the certification path for the issuer of + // the complete CRL. The trust anchor for the certification + // path MUST be the same as the trust anchor used to validate + // the target certificate. + // + // As the |issuer_cert| is from the already validated chain, it is already + // known to chain to the same trust anchor as the target certificate. + if (der::Input(&normalized_crl_issuer) != issuer_cert->normalized_subject()) + continue; + + // 6.3.3 (f) If a key usage extension is present in the CRL issuer's + // certificate, verify that the cRLSign bit is set. + if (issuer_cert->has_key_usage() && + !issuer_cert->key_usage().AssertsBit(KEY_USAGE_BIT_CRL_SIGN)) { + continue; + } + + // 6.3.3 (g) Validate the signature on the complete CRL using the public + // key validated in step (f). + if (!VerifySignedData(*signature_algorithm, tbs_cert_list_tlv, + signature_value, issuer_cert->tbs().spki_tlv)) { + continue; + } + + // 6.3.3 (h,i) skipped. This implementation does not support delta CRLs. + + // 6.3.3 (j) If (cert_status is UNREVOKED), then search for the + // certificate on the complete CRL. If an entry is found that + // matches the certificate issuer and serial number as described + // in Section 5.3.3, then set the cert_status variable to the + // indicated reason as described in step (i). + // + // CRL is valid and covers |target_cert|, check if |target_cert| is present + // in the revokedCertificates sequence. + return GetCRLStatusForCert(target_cert->tbs().serial_number, + tbs_cert_list.version, + tbs_cert_list.revoked_certificates_tlv); + + // 6.3.3 (k,l) skipped. This implementation does not support reason codes. + } + + // Did not find the issuer & signer of |raw_crl| in |valid_chain|. + return CRLRevocationStatus::UNKNOWN; +} + +} // namespace net diff --git a/chromium/net/cert/internal/crl.h b/chromium/net/cert/internal/crl.h new file mode 100644 index 00000000000..a61b2156faf --- /dev/null +++ b/chromium/net/cert/internal/crl.h @@ -0,0 +1,224 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_CERT_INTERNAL_CRL_H_ +#define NET_CERT_INTERNAL_CRL_H_ + +#include "base/optional.h" +#include "base/strings/string_piece_forward.h" +#include "base/time/time.h" +#include "net/base/net_export.h" +#include "net/cert/internal/general_names.h" +#include "net/cert/internal/parsed_certificate.h" +#include "net/der/input.h" +#include "net/der/parse_values.h" + +namespace net { + +struct ParsedCrlTbsCertList; +struct ParsedDistributionPoint; + +// TODO(https://crbug.com/749276): This is the same enum with the same meaning +// as OCSPRevocationStatus, maybe they should be merged? +enum class CRLRevocationStatus { + GOOD = 0, + REVOKED = 1, + UNKNOWN = 2, + MAX_VALUE = UNKNOWN +}; + +// Parses a DER-encoded CRL "CertificateList" as specified by RFC 5280 Section +// 5.1. Returns true on success and sets the results in the |out_*| parameters. +// The contents of the output data is not validated. +// +// Note that on success the out parameters alias data from the input |crl_tlv|. +// Hence the output values are only valid as long as |crl_tlv| remains valid. +// +// On failure the out parameters have an undefined state. Some of them may have +// been updated during parsing, whereas others may not have been changed. +// +// CertificateList ::= SEQUENCE { +// tbsCertList TBSCertList, +// signatureAlgorithm AlgorithmIdentifier, +// signatureValue BIT STRING } +NET_EXPORT_PRIVATE bool ParseCrlCertificateList( + const der::Input& crl_tlv, + der::Input* out_tbs_cert_list_tlv, + der::Input* out_signature_algorithm_tlv, + der::BitString* out_signature_value) WARN_UNUSED_RESULT; + +// Parses a DER-encoded "TBSCertList" as specified by RFC 5280 Section 5.1. +// Returns true on success and sets the results in |out|. +// +// Note that on success |out| aliases data from the input |tbs_tlv|. +// Hence the fields of the ParsedCrlTbsCertList are only valid as long as +// |tbs_tlv| remains valid. +// +// On failure |out| has an undefined state. Some of its fields may have been +// updated during parsing, whereas others may not have been changed. +// +// Refer to the per-field documentation of ParsedCrlTbsCertList for details on +// what validity checks parsing performs. +// +// TBSCertList ::= SEQUENCE { +// version Version OPTIONAL, +// -- if present, MUST be v2 +// signature AlgorithmIdentifier, +// issuer Name, +// thisUpdate Time, +// nextUpdate Time OPTIONAL, +// revokedCertificates SEQUENCE OF SEQUENCE { +// userCertificate CertificateSerialNumber, +// revocationDate Time, +// crlEntryExtensions Extensions OPTIONAL +// -- if present, version MUST be v2 +// } OPTIONAL, +// crlExtensions [0] EXPLICIT Extensions OPTIONAL +// -- if present, version MUST be v2 +// } +NET_EXPORT_PRIVATE bool ParseCrlTbsCertList(const der::Input& tbs_tlv, + ParsedCrlTbsCertList* out) + WARN_UNUSED_RESULT; + +// Represents a CRL "Version" from RFC 5280. TBSCertList reuses the same +// Version definition from TBSCertificate, however only v1(not present) and +// v2(1) are valid values, so a unique enum is used to avoid confusion. +enum class CrlVersion { + V1, + V2, +}; + +// Corresponds with "TBSCertList" from RFC 5280 Section 5.1: +struct NET_EXPORT_PRIVATE ParsedCrlTbsCertList { + ParsedCrlTbsCertList(); + ~ParsedCrlTbsCertList(); + + // version Version OPTIONAL, + // -- if present, MUST be v2 + // + // Parsing guarantees that the version is one of v1 or v2. + CrlVersion version = CrlVersion::V1; + + // signature AlgorithmIdentifier, + // + // This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No + // guarantees are made regarding the value of this SEQUENCE. + // + // This can be further parsed using SignatureValue::Create(). + der::Input signature_algorithm_tlv; + + // issuer Name, + // + // This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No + // guarantees are made regarding the value of this SEQUENCE. + der::Input issuer_tlv; + + // thisUpdate Time, + // nextUpdate Time OPTIONAL, + // + // Parsing guarantees that thisUpdate and nextUpdate(if present) are valid + // DER-encoded dates, however it DOES NOT guarantee anything about their + // values. For instance notAfter could be before notBefore, or the dates + // could indicate an expired CRL. + der::GeneralizedTime this_update; + base::Optional next_update; + + // revokedCertificates SEQUENCE OF SEQUENCE { + // userCertificate CertificateSerialNumber, + // revocationDate Time, + // crlEntryExtensions Extensions OPTIONAL + // -- if present, version MUST be v2 + // } OPTIONAL, + // + // This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No + // guarantees are made regarding the value of this SEQUENCE. + base::Optional revoked_certificates_tlv; + + // crlExtensions [0] EXPLICIT Extensions OPTIONAL + // -- if present, version MUST be v2 + // + // This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No + // guarantees are made regarding the value of this SEQUENCE. (Note that the + // EXPLICIT outer tag is stripped.) + // + // Parsing guarantees that if extensions is present the version is v2. + base::Optional crl_extensions_tlv; +}; + +// Represents the IssuingDistributionPoint certificate type constraints: +enum class ContainedCertsType { + // Neither onlyContainsUserCerts or onlyContainsCACerts was present. + ANY_CERTS, + // onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, + USER_CERTS, + // onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, + CA_CERTS, +}; + +// Parses a DER-encoded IssuingDistributionPoint extension value. +// Returns true on success and sets the results in the |out_*| parameters. +// +// If the IssuingDistributionPoint contains a distributionPoint fullName field, +// |out_distribution_point_names| will contain the parsed representation. +// If the distributionPoint type is nameRelativeToCRLIssuer, parsing will fail. +// +// |out_only_contains_cert_type| will contain the logical representation of the +// onlyContainsUserCerts and onlyContainsCACerts fields (or their absence). +// +// indirectCRL and onlyContainsAttributeCerts are not supported and parsing will +// fail if they are present. +// +// Note that on success |out_distribution_point_names| aliases data from the +// input |extension_value|. +// +// On failure the |out_*| parameters have undefined state. +// +// IssuingDistributionPoint ::= SEQUENCE { +// distributionPoint [0] DistributionPointName OPTIONAL, +// onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, +// onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, +// onlySomeReasons [3] ReasonFlags OPTIONAL, +// indirectCRL [4] BOOLEAN DEFAULT FALSE, +// onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE } +NET_EXPORT_PRIVATE bool ParseIssuingDistributionPoint( + const der::Input& extension_value, + std::unique_ptr* out_distribution_point_names, + ContainedCertsType* out_only_contains_cert_type) WARN_UNUSED_RESULT; + +NET_EXPORT_PRIVATE CRLRevocationStatus +GetCRLStatusForCert(const der::Input& cert_serial, + CrlVersion crl_version, + const base::Optional& revoked_certificates_tlv); + +// Checks the revocation status of the certificate |cert| by using the +// DER-encoded |raw_crl|. |cert| must already have passed certificate path +// validation. +// +// Returns GOOD if the CRL indicates the certificate is not revoked, +// REVOKED if it indicates it is revoked, or UNKNOWN for all other cases. +// +// * |raw_crl|: A DER encoded CRL CertificateList. +// * |valid_chain|: The validated certificate chain containing the target cert. +// * |target_cert_index|: The index into |valid_chain| of the certificate being +// checked for revocation. +// * |cert_dp|: The distribution point from the target certificate's CRL +// distribution points extension that |raw_crl| corresponds to. If +// |raw_crl| was not specified in a distribution point, the caller must +// synthesize a ParsedDistributionPoint object as specified by RFC 5280 +// 6.3.3. +// * |verify_time|: The time to use when checking revocation status. +// * |max_age|: The maximum age for a CRL, implemented as time since +// the |thisUpdate| field in the CRL TBSCertList. Responses older than +// |max_age| will be considered invalid. +NET_EXPORT CRLRevocationStatus +CheckCRL(base::StringPiece raw_crl, + const ParsedCertificateList& valid_chain, + size_t target_cert_index, + const ParsedDistributionPoint& cert_dp, + const base::Time& verify_time, + const base::TimeDelta& max_age) WARN_UNUSED_RESULT; + +} // namespace net + +#endif // NET_CERT_INTERNAL_CRL_H_ diff --git a/chromium/net/cert/internal/crl_getcrlstatusforcert_fuzzer.cc b/chromium/net/cert/internal/crl_getcrlstatusforcert_fuzzer.cc new file mode 100644 index 00000000000..a02ad88cb56 --- /dev/null +++ b/chromium/net/cert/internal/crl_getcrlstatusforcert_fuzzer.cc @@ -0,0 +1,28 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "crypto/sha2.h" +#include "net/cert/internal/crl.h" +#include "net/der/input.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + const net::der::Input input_der(data, size); + + const std::string data_hash = + crypto::SHA256HashString(input_der.AsStringPiece()); + const net::CrlVersion crl_version = + (data_hash[0] % 2) ? net::CrlVersion::V2 : net::CrlVersion::V1; + const size_t serial_len = data_hash[1] % (data_hash.size() - 2); + CHECK_LT(serial_len + 2, data_hash.size()); + const net::der::Input cert_serial( + reinterpret_cast(data_hash.data() + 2), serial_len); + + net::GetCRLStatusForCert(cert_serial, crl_version, + base::make_optional(input_der)); + + return 0; +} diff --git a/chromium/net/cert/internal/crl_parse_crl_certificatelist_fuzzer.cc b/chromium/net/cert/internal/crl_parse_crl_certificatelist_fuzzer.cc new file mode 100644 index 00000000000..e735e327d8a --- /dev/null +++ b/chromium/net/cert/internal/crl_parse_crl_certificatelist_fuzzer.cc @@ -0,0 +1,22 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "net/cert/internal/crl.h" +#include "net/der/input.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + net::der::Input crl_der(data, size); + + net::der::Input tbs_cert_list_tlv; + net::der::Input signature_algorithm_tlv; + net::der::BitString signature_value; + + ignore_result(net::ParseCrlCertificateList( + crl_der, &tbs_cert_list_tlv, &signature_algorithm_tlv, &signature_value)); + + return 0; +} diff --git a/chromium/net/cert/internal/crl_parse_crl_tbscertlist_fuzzer.cc b/chromium/net/cert/internal/crl_parse_crl_tbscertlist_fuzzer.cc new file mode 100644 index 00000000000..2fe8a0ea83b --- /dev/null +++ b/chromium/net/cert/internal/crl_parse_crl_tbscertlist_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "net/cert/internal/crl.h" +#include "net/der/input.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + net::der::Input input_der(data, size); + + net::ParsedCrlTbsCertList tbs_cert_list; + ignore_result(net::ParseCrlTbsCertList(input_der, &tbs_cert_list)); + + return 0; +} diff --git a/chromium/net/cert/internal/crl_parse_issuing_distribution_point_fuzzer.cc b/chromium/net/cert/internal/crl_parse_issuing_distribution_point_fuzzer.cc new file mode 100644 index 00000000000..24bce9866f8 --- /dev/null +++ b/chromium/net/cert/internal/crl_parse_issuing_distribution_point_fuzzer.cc @@ -0,0 +1,25 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "net/cert/internal/crl.h" +#include "net/der/input.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + net::der::Input idp_der(data, size); + + std::unique_ptr distribution_point_names; + net::ContainedCertsType only_contains_cert_type; + + if (net::ParseIssuingDistributionPoint(idp_der, &distribution_point_names, + &only_contains_cert_type)) { + CHECK((distribution_point_names && + distribution_point_names->present_name_types != + net::GENERAL_NAME_NONE) || + only_contains_cert_type != net::ContainedCertsType::ANY_CERTS); + } + return 0; +} diff --git a/chromium/net/cert/internal/crl_unittest.cc b/chromium/net/cert/internal/crl_unittest.cc new file mode 100644 index 00000000000..728159d8b60 --- /dev/null +++ b/chromium/net/cert/internal/crl_unittest.cc @@ -0,0 +1,202 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/cert/internal/crl.h" + +#include "net/cert/internal/cert_errors.h" +#include "net/cert/internal/parsed_certificate.h" +#include "net/cert/internal/test_helpers.h" +#include "testing/gtest/include/gtest/gtest.h" +#include "third_party/boringssl/src/include/openssl/pool.h" + +namespace net { + +namespace { + +constexpr base::TimeDelta kAgeOneWeek = base::TimeDelta::FromDays(7); + +std::string GetFilePath(base::StringPiece file_name) { + return std::string("net/data/crl_unittest/") + file_name.as_string(); +} + +scoped_refptr ParseCertificate(base::StringPiece data) { + CertErrors errors; + return ParsedCertificate::Create( + bssl::UniquePtr(CRYPTO_BUFFER_new( + reinterpret_cast(data.data()), data.size(), nullptr)), + {}, &errors); +} + +class CheckCRLTest : public ::testing::TestWithParam {}; + +// Test prefix naming scheme: +// good = valid CRL, cert affirmatively not revoked +// revoked = valid CRL, cert affirmatively revoked +// bad = valid CRL, but cert status is unknown (cases like unhandled features, +// mismatching issuer or signature, etc) +// invalid = corrupt or violates some spec requirement +constexpr char const* kTestParams[] = { + "good.pem", + "good_issuer_name_normalization.pem", + "good_issuer_no_keyusage.pem", + "good_no_nextupdate.pem", + "good_fake_extension.pem", + "good_fake_extension_no_nextupdate.pem", + "good_generalizedtime.pem", + "good_no_version.pem", + "good_no_crldp.pem", + "good_key_rollover.pem", + "good_idp_contains_uri.pem", + "good_idp_onlycontainsusercerts.pem", + "good_idp_onlycontainsusercerts_no_basic_constraints.pem", + "good_idp_onlycontainscacerts.pem", + "good_idp_uri_and_onlycontainsusercerts.pem", + "good_idp_uri_and_onlycontainscacerts.pem", + "revoked.pem", + "revoked_no_nextupdate.pem", + "revoked_fake_crlentryextension.pem", + "revoked_generalized_revocationdate.pem", + "revoked_key_rollover.pem", + "bad_crldp_has_crlissuer.pem", + "bad_fake_critical_extension.pem", + "bad_fake_critical_crlentryextension.pem", + "bad_signature.pem", + "bad_thisupdate_in_future.pem", + "bad_thisupdate_too_old.pem", + "bad_nextupdate_too_old.pem", + "bad_wrong_issuer.pem", + "bad_key_rollover_signature.pem", + "bad_idp_contains_wrong_uri.pem", + "bad_idp_indirectcrl.pem", + "bad_idp_onlycontainsusercerts.pem", + "bad_idp_onlycontainscacerts.pem", + "bad_idp_onlycontainscacerts_no_basic_constraints.pem", + "bad_idp_uri_and_onlycontainsusercerts.pem", + "bad_idp_uri_and_onlycontainscacerts.pem", + "invalid_mismatched_signature_algorithm.pem", + "invalid_revoked_empty_sequence.pem", + "invalid_v1_with_extension.pem", + "invalid_v1_with_crlentryextension.pem", + "invalid_v1_explicit.pem", + "invalid_v3.pem", + "invalid_issuer_keyusage_no_crlsign.pem", + "invalid_key_rollover_issuer_keyusage_no_crlsign.pem", + "invalid_garbage_version.pem", + "invalid_garbage_tbs_signature_algorithm.pem", + "invalid_garbage_issuer_name.pem", + "invalid_garbage_thisupdate.pem", + "invalid_garbage_after_thisupdate.pem", + "invalid_garbage_after_nextupdate.pem", + "invalid_garbage_after_revokedcerts.pem", + "invalid_garbage_after_extensions.pem", + "invalid_garbage_tbscertlist.pem", + "invalid_garbage_signaturealgorithm.pem", + "invalid_garbage_signaturevalue.pem", + "invalid_garbage_after_signaturevalue.pem", + "invalid_garbage_revoked_serial_number.pem", + "invalid_garbage_revocationdate.pem", + "invalid_garbage_after_revocationdate.pem", + "invalid_garbage_after_crlentryextensions.pem", + "invalid_garbage_crlentry.pem", + "invalid_idp_dpname_choice_extra_data.pem", + "invalid_idp_empty_sequence.pem", + "invalid_idp_onlycontains_user_and_ca_certs.pem", + "invalid_idp_onlycontainsusercerts_v1_leaf.pem", +}; + +struct PrintTestName { + std::string operator()( + const testing::TestParamInfo& info) const { + base::StringPiece name(info.param); + // Strip ".pem" from the end as GTest names cannot contain period. + name.remove_suffix(4); + return name.as_string(); + } +}; + +INSTANTIATE_TEST_SUITE_P(, + CheckCRLTest, + ::testing::ValuesIn(kTestParams), + PrintTestName()); + +TEST_P(CheckCRLTest, FromFile) { + base::StringPiece file_name(GetParam()); + + std::string crl_data; + std::string ca_data_2; + std::string ca_data; + std::string cert_data; + const PemBlockMapping mappings[] = { + {"CRL", &crl_data}, + {"CA CERTIFICATE 2", &ca_data_2, /*optional=*/true}, + {"CA CERTIFICATE", &ca_data}, + {"CERTIFICATE", &cert_data}, + }; + + ASSERT_TRUE(ReadTestDataFromPemFile(GetFilePath(file_name), mappings)); + + scoped_refptr cert = ParseCertificate(cert_data); + ASSERT_TRUE(cert); + scoped_refptr issuer_cert = ParseCertificate(ca_data); + ASSERT_TRUE(issuer_cert); + ParsedCertificateList certs = {cert, issuer_cert}; + if (!ca_data_2.empty()) { + scoped_refptr issuer_cert_2 = + ParseCertificate(ca_data_2); + ASSERT_TRUE(issuer_cert_2); + certs.push_back(issuer_cert_2); + } + + // Assumes that all the target certs in the test data certs have at most 1 + // CRL distributionPoint. If the cert has a CRL distributionPoint, it is + // used for verifying the CRL, otherwise the CRL is verified with a + // synthesized distributionPoint. This is allowed since there are some + // conditions that require a V1 certificate to test, which cannot have a + // crlDistributionPoints extension. + // TODO(https://crbug.com/749276): This seems slightly hacky. Maybe the + // distribution point to use should be specified separately in the test PEM? + ParsedDistributionPoint fake_cert_dp; + ParsedDistributionPoint* cert_dp = &fake_cert_dp; + std::vector distribution_points; + ParsedExtension crl_dp_extension; + if (cert->GetExtension(CrlDistributionPointsOid(), &crl_dp_extension)) { + ASSERT_TRUE(ParseCrlDistributionPoints(crl_dp_extension.value, + &distribution_points)); + ASSERT_LE(distribution_points.size(), 1U); + if (!distribution_points.empty()) + cert_dp = &distribution_points[0]; + } + ASSERT_TRUE(cert_dp); + + // Mar 9 00:00:00 2017 GMT + base::Time kVerifyTime = + base::Time::UnixEpoch() + base::TimeDelta::FromSeconds(1489017600); + + CRLRevocationStatus expected_revocation_status = CRLRevocationStatus::UNKNOWN; + if (file_name.starts_with("good")) + expected_revocation_status = CRLRevocationStatus::GOOD; + else if (file_name.starts_with("revoked")) + expected_revocation_status = CRLRevocationStatus::REVOKED; + + CRLRevocationStatus revocation_status = + CheckCRL(crl_data, certs, /*target_cert_index=*/0, *cert_dp, kVerifyTime, + kAgeOneWeek); + EXPECT_EQ(expected_revocation_status, revocation_status); + + // Test with a random cert added to the front of the chain and + // |target_cert_index=1|. This is a hacky way to verify that + // target_cert_index is actually being honored. + ParsedCertificateList other_certs; + ASSERT_TRUE(ReadCertChainFromFile("net/data/ssl/certificates/ok_cert.pem", + &other_certs)); + ASSERT_FALSE(other_certs.empty()); + certs.insert(certs.begin(), other_certs[0]); + revocation_status = CheckCRL(crl_data, certs, /*target_cert_index=*/1, + *cert_dp, kVerifyTime, kAgeOneWeek); + EXPECT_EQ(expected_revocation_status, revocation_status); +} + +} // namespace + +} // namespace net diff --git a/chromium/net/cert/internal/ocsp.h b/chromium/net/cert/internal/ocsp.h index e8ab44efbbc..5a4dca150c1 100644 --- a/chromium/net/cert/internal/ocsp.h +++ b/chromium/net/cert/internal/ocsp.h @@ -224,24 +224,6 @@ struct NET_EXPORT OCSPResponse { std::vector certs; }; -// Baseline Requirements 1.5.6, section 4.9.10: -// For the status of Subscriber Certificates: The CA SHALL update information -// provided via an Online Certificate Status Protocol at least every four -// days. OCSP responses from this service MUST have a maximum expiration -// time of ten days. -// TODO(mattm): Document the rationale for 7 days. -constexpr base::TimeDelta kMaxOCSPLeafUpdateAge = base::TimeDelta::FromDays(7); - -// Baseline Requirements 1.5.6, section 4.9.10: -// For the status of Subordinate CA Certificates: The CA SHALL update -// information provided via an Online Certificate Status Protocol at least -// (i) every twelve months and (ii) within 24 hours after revoking a -// Subordinate CA Certificate. -// Use 366 days to allow for leap years, though it is overly permissive in -// other years. -constexpr base::TimeDelta kMaxOCSPIntermediateUpdateAge = - base::TimeDelta::FromDays(366); - // From RFC 6960: // // id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } diff --git a/chromium/net/cert/internal/path_builder.cc b/chromium/net/cert/internal/path_builder.cc index b04dfdb05d8..c39f67c01a7 100644 --- a/chromium/net/cert/internal/path_builder.cc +++ b/chromium/net/cert/internal/path_builder.cc @@ -9,6 +9,7 @@ #include #include "base/logging.h" +#include "base/metrics/histogram_functions.h" #include "base/strings/string_number_conversions.h" #include "crypto/sha2.h" #include "net/base/net_errors.h" @@ -55,6 +56,11 @@ std::string PathDebugString(const ParsedCertificateList& certs) { return s; } +void RecordIterationCountHistogram(uint32_t iteration_count) { + base::UmaHistogramCounts10000("Net.CertVerifier.PathBuilderIterationCount", + iteration_count); +} + // This structure describes a certificate and its trust level. Note that |cert| // may be null to indicate an "empty" entry. struct IssuerEntry { @@ -372,6 +378,7 @@ class CertPathIter { // returns false. bool GetNextPath(ParsedCertificateList* out_certs, CertificateTrust* out_last_cert_trust, + const base::TimeTicks deadline, uint32_t* iteration_count, const uint32_t max_iteration_count); @@ -405,9 +412,13 @@ void CertPathIter::AddCertIssuerSource(CertIssuerSource* cert_issuer_source) { bool CertPathIter::GetNextPath(ParsedCertificateList* out_certs, CertificateTrust* out_last_cert_trust, + const base::TimeTicks deadline, uint32_t* iteration_count, const uint32_t max_iteration_count) { while (true) { + if (!deadline.is_null() && base::TimeTicks::Now() > deadline) + return false; + if (!next_issuer_.cert) { if (cur_path_.Empty()) { DVLOG(1) << "CertPathIter exhausted all paths..."; @@ -565,6 +576,10 @@ void CertPathBuilder::SetIterationLimit(uint32_t limit) { max_iteration_count_ = limit; } +void CertPathBuilder::SetDeadline(base::TimeTicks deadline) { + deadline_ = deadline; +} + void CertPathBuilder::Run() { uint32_t iteration_count = 0; @@ -573,12 +588,16 @@ void CertPathBuilder::Run() { std::make_unique(); if (!cert_path_iter_->GetNextPath(&result_path->certs, - &result_path->last_cert_trust, + &result_path->last_cert_trust, deadline_, &iteration_count, max_iteration_count_)) { // No more paths to check. if (max_iteration_count_ > 0 && iteration_count > max_iteration_count_) { out_result_->exceeded_iteration_limit = true; } + if (!deadline_.is_null() && base::TimeTicks::Now() > deadline_) { + out_result_->exceeded_deadline = true; + } + RecordIterationCountHistogram(iteration_count); return; } @@ -600,6 +619,7 @@ void CertPathBuilder::Run() { AddResultPath(std::move(result_path)); if (path_is_good) { + RecordIterationCountHistogram(iteration_count); // Found a valid path, return immediately. // TODO(mattm): add debug/test mode that tries all possible paths. return; diff --git a/chromium/net/cert/internal/path_builder.h b/chromium/net/cert/internal/path_builder.h index ec095177123..5562c4ebd32 100644 --- a/chromium/net/cert/internal/path_builder.h +++ b/chromium/net/cert/internal/path_builder.h @@ -133,6 +133,10 @@ class NET_EXPORT CertPathBuilder { // configured with |SetIterationLimit|. bool exceeded_iteration_limit = false; + // True if the search stopped because it exceeded the deadline configured + // with |SetDeadline|. + bool exceeded_deadline = false; + private: DISALLOW_COPY_AND_ASSIGN(Result); }; @@ -177,6 +181,12 @@ class NET_EXPORT CertPathBuilder { // new intermediate over all potential paths. void SetIterationLimit(uint32_t limit); + // Sets a deadline for completing path building. If |deadline| has passed and + // path building has not completed, path building will stop. Note that this + // is not a hard limit, there is no guarantee how far past |deadline| time + // will be when path building is aborted. + void SetDeadline(base::TimeTicks deadline); + // Executes verification of the target certificate. // // Upon return results are written to the |result| object passed into the @@ -196,6 +206,7 @@ class NET_EXPORT CertPathBuilder { const InitialPolicyMappingInhibit initial_policy_mapping_inhibit_; const InitialAnyPolicyInhibit initial_any_policy_inhibit_; uint32_t max_iteration_count_ = 0; + base::TimeTicks deadline_; Result* out_result_; diff --git a/chromium/net/cert/internal/path_builder_pkits_unittest.cc b/chromium/net/cert/internal/path_builder_pkits_unittest.cc index 9c0d90e2201..32dd630f7d7 100644 --- a/chromium/net/cert/internal/path_builder_pkits_unittest.cc +++ b/chromium/net/cert/internal/path_builder_pkits_unittest.cc @@ -6,27 +6,109 @@ #include "net/base/net_errors.h" #include "net/cert/internal/cert_issuer_source_static.h" +#include "net/cert/internal/common_cert_errors.h" +#include "net/cert/internal/crl.h" #include "net/cert/internal/parse_certificate.h" #include "net/cert/internal/parsed_certificate.h" #include "net/cert/internal/simple_path_builder_delegate.h" #include "net/cert/internal/trust_store_in_memory.h" #include "net/cert/internal/verify_certificate_chain.h" +#include "net/der/encode_values.h" #include "net/der/input.h" #include "third_party/boringssl/src/include/openssl/pool.h" - -// TODO(mattm): these require CRL support: -#define Section7InvalidkeyUsageCriticalcRLSignFalseTest4 \ - DISABLED_Section7InvalidkeyUsageCriticalcRLSignFalseTest4 -#define Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5 \ - DISABLED_Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5 - #include "net/cert/internal/nist_pkits_unittest.h" namespace net { namespace { +class CrlCheckingPathBuilderDelegate : public SimplePathBuilderDelegate { + public: + CrlCheckingPathBuilderDelegate(const std::vector& der_crls, + const base::Time& verify_time, + const base::TimeDelta& max_age, + size_t min_rsa_modulus_length_bits, + DigestPolicy digest_policy) + : SimplePathBuilderDelegate(min_rsa_modulus_length_bits, digest_policy), + der_crls_(der_crls), + verify_time_(verify_time), + max_age_(max_age) {} + + void CheckPathAfterVerification(CertPathBuilderResultPath* path) override { + SimplePathBuilderDelegate::CheckPathAfterVerification(path); + + if (!path->IsValid()) + return; + + // It would be preferable if this test could use + // CheckValidatedChainRevocation somehow, but that only supports getting + // CRLs by http distributionPoints. So this just settles for writing a + // little bit of wrapper code to test CheckCRL directly. + const ParsedCertificateList& certs = path->certs; + for (size_t reverse_i = 0; reverse_i < certs.size(); ++reverse_i) { + size_t i = certs.size() - reverse_i - 1; + + // Trust anchors bypass OCSP/CRL revocation checks. (The only way to + // revoke trust anchors is via CRLSet or the built-in SPKI blacklist). + if (reverse_i == 0 && path->last_cert_trust.IsTrustAnchor()) + continue; + + // RFC 5280 6.3.3. [If the CRL was not specified in a distribution + // point], assume a DP with both the reasons and the + // cRLIssuer fields omitted and a distribution point + // name of the certificate issuer. + // Since this implementation only supports URI names in distribution + // points, this means a default-initialized ParsedDistributionPoint is + // sufficient. + ParsedDistributionPoint fake_cert_dp; + ParsedDistributionPoint* cert_dp = &fake_cert_dp; + + // If the target cert does have a distribution point, use it. + std::vector distribution_points; + ParsedExtension crl_dp_extension; + if (certs[i]->GetExtension(CrlDistributionPointsOid(), + &crl_dp_extension)) { + ASSERT_TRUE(ParseCrlDistributionPoints(crl_dp_extension.value, + &distribution_points)); + ASSERT_LE(distribution_points.size(), 1U); + if (!distribution_points.empty()) + cert_dp = &distribution_points[0]; + } + + bool cert_good = false; + + for (const auto& der_crl : der_crls_) { + CRLRevocationStatus crl_status = + CheckCRL(der_crl, certs, i, *cert_dp, verify_time_, max_age_); + if (crl_status == CRLRevocationStatus::REVOKED) { + path->errors.GetErrorsForCert(i)->AddError( + cert_errors::kCertificateRevoked); + return; + } + if (crl_status == CRLRevocationStatus::GOOD) { + cert_good = true; + break; + } + } + if (!cert_good) { + // PKITS tests assume hard-fail revocation checking. + // From PKITS 4.4: "When running the tests in this section, the + // application should be configured in such a way that the + // certification path is not accepted unless valid, up-to-date + // revocation data is available for every certificate in the path." + path->errors.GetErrorsForCert(i)->AddError( + cert_errors::kUnableToCheckRevocation); + } + } + } + + private: + std::vector der_crls_; + const base::Time verify_time_; + const base::TimeDelta max_age_; +}; + class PathBuilderPkitsTestDelegate { public: static void RunTest(std::vector cert_ders, @@ -56,19 +138,44 @@ class PathBuilderPkitsTestDelegate { scoped_refptr target_cert(certs.back()); - SimplePathBuilderDelegate path_builder_delegate( - 1024, SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1); + base::StringPiece test_number = info.test_number; + std::unique_ptr path_builder_delegate; + if (test_number == "4.4.19" || test_number == "4.5.3" || + test_number == "4.5.4" || test_number == "4.5.6") { + // TODO(https://crbug.com/749276): extend CRL support: These tests + // require better CRL issuer cert discovery & path building and/or + // issuingDistributionPoint extension handling. Disable CRL checking for + // them for now. Maybe should just run these with CRL checking enabled + // and expect them to fail? + path_builder_delegate = std::make_unique( + 1024, SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1); + } else { + base::Time verify_time; + ASSERT_TRUE(der::GeneralizedTimeToTime(info.time, &verify_time)); + path_builder_delegate = std::make_unique( + crl_ders, verify_time, /*max_age=*/base::TimeDelta::FromDays(365 * 2), + 1024, SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1); + } CertPathBuilder::Result result; CertPathBuilder path_builder( - std::move(target_cert), &trust_store, &path_builder_delegate, info.time, - KeyPurpose::ANY_EKU, info.initial_explicit_policy, + std::move(target_cert), &trust_store, path_builder_delegate.get(), + info.time, KeyPurpose::ANY_EKU, info.initial_explicit_policy, info.initial_policy_set, info.initial_policy_mapping_inhibit, info.initial_inhibit_any_policy, &result); path_builder.AddCertIssuerSource(&cert_issuer_source); path_builder.Run(); + if (info.should_validate != result.HasValidPath()) { + for (size_t i = 0; i < result.paths.size(); ++i) { + const net::CertPathBuilderResultPath* result_path = + result.paths[i].get(); + LOG(ERROR) << "path " << i << " errors:\n" + << result_path->errors.ToDebugString(result_path->certs); + } + } + ASSERT_EQ(info.should_validate, result.HasValidPath()); if (result.HasValidPath()) { @@ -89,6 +196,13 @@ INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, PkitsTest03VerifyingNameChaining, PathBuilderPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, + PkitsTest04BasicCertificateRevocationTests, + PathBuilderPkitsTestDelegate); +INSTANTIATE_TYPED_TEST_SUITE_P( + PathBuilder, + PkitsTest05VerifyingPathswithSelfIssuedCertificates, + PathBuilderPkitsTestDelegate); INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, PkitsTest06VerifyingBasicConstraints, PathBuilderPkitsTestDelegate); @@ -117,8 +231,9 @@ INSTANTIATE_TYPED_TEST_SUITE_P(PathBuilder, PkitsTest16PrivateCertificateExtensions, PathBuilderPkitsTestDelegate); -// TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests, -// PkitsTest05VerifyingPathswithSelfIssuedCertificates, -// PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs +// TODO(https://crbug.com/749276): extend CRL support?: +// PkitsTest14DistributionPoints: indirect CRLs and reason codes are not +// supported. +// PkitsTest15DeltaCRLs: Delta CRLs are not supported. } // namespace net diff --git a/chromium/net/cert/internal/path_builder_unittest.cc b/chromium/net/cert/internal/path_builder_unittest.cc index a2bba7fdc06..1a954a76e92 100644 --- a/chromium/net/cert/internal/path_builder_unittest.cc +++ b/chromium/net/cert/internal/path_builder_unittest.cc @@ -7,6 +7,7 @@ #include "base/base_paths.h" #include "base/files/file_util.h" #include "base/path_service.h" +#include "base/test/metrics/histogram_tester.h" #include "net/cert/internal/cert_error_params.h" #include "net/cert/internal/cert_issuer_source_static.h" #include "net/cert/internal/common_cert_errors.h" @@ -30,6 +31,7 @@ namespace net { namespace { using ::testing::_; +using ::testing::ElementsAre; using ::testing::Invoke; using ::testing::NiceMock; using ::testing::Return; @@ -450,12 +452,11 @@ TEST_F(PathBuilderMultiRootTest, TestCertIssuerOrdering) { } TEST_F(PathBuilderMultiRootTest, TestIterationLimit) { - // Both D(D) and C(D) are trusted roots. + // D(D) is the trust root. TrustStoreInMemory trust_store; trust_store.AddTrustAnchor(d_by_d_); - trust_store.AddTrustAnchor(c_by_d_); - // Certs B(C), and C(D) are all supplied. + // Certs B(C) and C(D) are supplied. CertIssuerSourceStatic sync_certs; sync_certs.AddCert(b_by_c_); sync_certs.AddCert(c_by_d_); @@ -481,10 +482,60 @@ TEST_F(PathBuilderMultiRootTest, TestIterationLimit) { path_builder.SetIterationLimit(5); } + base::HistogramTester histogram_tester; path_builder.Run(); EXPECT_EQ(!insufficient_limit, result.HasValidPath()); EXPECT_EQ(insufficient_limit, result.exceeded_iteration_limit); + + if (insufficient_limit) { + EXPECT_THAT(histogram_tester.GetAllSamples( + "Net.CertVerifier.PathBuilderIterationCount"), + ElementsAre(base::Bucket(/*sample=*/2, /*count=*/1))); + } else { + EXPECT_THAT(histogram_tester.GetAllSamples( + "Net.CertVerifier.PathBuilderIterationCount"), + ElementsAre(base::Bucket(/*sample=*/3, /*count=*/1))); + } + } +} + +TEST_F(PathBuilderMultiRootTest, TestTrivialDeadline) { + // C(D) is the trust root. + TrustStoreInMemory trust_store; + trust_store.AddTrustAnchor(c_by_d_); + + // Cert B(C) is supplied. + CertIssuerSourceStatic sync_certs; + sync_certs.AddCert(b_by_c_); + + for (const bool insufficient_limit : {true, false}) { + SCOPED_TRACE(insufficient_limit); + + CertPathBuilder::Result result; + CertPathBuilder path_builder( + a_by_b_, &trust_store, &delegate_, time_, KeyPurpose::ANY_EKU, + initial_explicit_policy_, user_initial_policy_set_, + initial_policy_mapping_inhibit_, initial_any_policy_inhibit_, &result); + path_builder.AddCertIssuerSource(&sync_certs); + + if (insufficient_limit) { + // Set a deadline one millisecond in the past. Path building should fail + // since the deadline is already past. + path_builder.SetDeadline(base::TimeTicks::Now() - + base::TimeDelta::FromMilliseconds(1)); + } else { + // The other tests in this file exercise the case that |SetDeadline| + // isn't called. Therefore set a sufficient limit for the path to be + // found. + path_builder.SetDeadline(base::TimeTicks::Now() + + base::TimeDelta::FromDays(1)); + } + + path_builder.Run(); + + EXPECT_EQ(!insufficient_limit, result.HasValidPath()); + EXPECT_EQ(insufficient_limit, result.exceeded_deadline); } } diff --git a/chromium/net/cert/internal/revocation_checker.cc b/chromium/net/cert/internal/revocation_checker.cc index e01b9104a85..9b444c5c11b 100644 --- a/chromium/net/cert/internal/revocation_checker.cc +++ b/chromium/net/cert/internal/revocation_checker.cc @@ -10,6 +10,7 @@ #include "crypto/sha2.h" #include "net/cert/cert_net_fetcher.h" #include "net/cert/internal/common_cert_errors.h" +#include "net/cert/internal/crl.h" #include "net/cert/internal/ocsp.h" #include "net/cert/internal/parsed_certificate.h" #include "net/cert/internal/trust_store.h" @@ -26,17 +27,24 @@ void MarkCertificateRevoked(CertErrors* errors) { errors->AddError(cert_errors::kCertificateRevoked); } -// Checks the revocation status of |cert| according to |policy|. If the checks -// failed, returns false and adds errors to |cert_errors|. +// Checks the revocation status of |certs[target_cert_index]| according to +// |policy|. If the checks failed, returns false and adds errors to +// |cert_errors|. // // TODO(eroman): Make the verification time an input. -bool CheckCertRevocation(const ParsedCertificate* cert, - const ParsedCertificate* issuer_cert, +bool CheckCertRevocation(const ParsedCertificateList& certs, + size_t target_cert_index, const RevocationPolicy& policy, base::StringPiece stapled_ocsp_response, base::TimeDelta max_age, CertNetFetcher* net_fetcher, CertErrors* cert_errors) { + DCHECK_LT(target_cert_index, certs.size()); + const ParsedCertificate* cert = certs[target_cert_index].get(); + const ParsedCertificate* issuer_cert = + target_cert_index + 1 < certs.size() ? certs[target_cert_index + 1].get() + : nullptr; + // Check using stapled OCSP, if available. if (!stapled_ocsp_response.empty() && issuer_cert) { // TODO(eroman): CheckOCSP() re-parses the certificates, perhaps just pass @@ -61,8 +69,6 @@ bool CheckCertRevocation(const ParsedCertificate* cert, } } - // TODO(eroman): Check CRL. - if (!policy.check_revocation) { // TODO(eroman): Should still check CRL/OCSP caches. return true; @@ -145,6 +151,80 @@ bool CheckCertRevocation(const ParsedCertificate* cert, } } + // Check CRLs. + ParsedExtension crl_dp_extension; + if (cert->GetExtension(CrlDistributionPointsOid(), &crl_dp_extension)) { + std::vector distribution_points; + if (ParseCrlDistributionPoints(crl_dp_extension.value, + &distribution_points)) { + for (const auto& distribution_point : distribution_points) { + if (distribution_point.has_crl_issuer) { + // Ignore indirect CRLs (CRL where CRLissuer != cert issuer), which + // are optional according to RFC 5280's profile. + continue; + } + + for (const auto& crl_uri : distribution_point.uris) { + // Only consider http:// URLs (https:// could create a circular + // dependency). + GURL parsed_crl_url(crl_uri); + if (!parsed_crl_url.is_valid() || + !parsed_crl_url.SchemeIs(url::kHttpScheme)) { + continue; + } + + found_revocation_info = true; + + if (!policy.networking_allowed) + continue; + + if (!net_fetcher) { + LOG(ERROR) << "Cannot fetch CRL as didn't specify a |net_fetcher|"; + continue; + } + + // Fetch it over network. + // + // Note that no attempt is made to refetch without cache if a cached + // CRL is too old, nor is there a separate CRL cache. It is assumed + // the CRL server will send reasonable HTTP caching headers. + // + // TODO(eroman): Bound the maximum time allowed spent doing network + // requests. + std::unique_ptr net_crl_request = + net_fetcher->FetchCrl(parsed_crl_url, CertNetFetcher::DEFAULT, + CertNetFetcher::DEFAULT); + + Error net_error; + std::vector crl_response_bytes; + net_crl_request->WaitForResult(&net_error, &crl_response_bytes); + + if (net_error != OK) { + failed_network_fetch = true; + continue; + } + + CRLRevocationStatus crl_status = CheckCRL( + base::StringPiece( + reinterpret_cast(crl_response_bytes.data()), + crl_response_bytes.size()), + certs, target_cert_index, distribution_point, base::Time::Now(), + max_age); + + switch (crl_status) { + case CRLRevocationStatus::REVOKED: + MarkCertificateRevoked(cert_errors); + return false; + case CRLRevocationStatus::GOOD: + return true; + case CRLRevocationStatus::UNKNOWN: + break; + } + } + } + } + } + // Reaching here means that revocation checking was inconclusive. Determine // whether failure to complete revocation checking constitutes an error. @@ -191,9 +271,6 @@ void CheckValidatedChainRevocation(const ParsedCertificateList& certs, // are added to |errors|. for (size_t reverse_i = 0; reverse_i < certs.size(); ++reverse_i) { size_t i = certs.size() - reverse_i - 1; - const ParsedCertificate* cert = certs[i].get(); - const ParsedCertificate* issuer_cert = - i + 1 < certs.size() ? certs[i + 1].get() : nullptr; // Trust anchors bypass OCSP/CRL revocation checks. (The only way to revoke // trust anchors is via CRLSet or the built-in SPKI blacklist). Since @@ -206,13 +283,16 @@ void CheckValidatedChainRevocation(const ParsedCertificateList& certs, base::StringPiece stapled_ocsp = (i == 0) ? stapled_leaf_ocsp_response : base::StringPiece(); - base::TimeDelta max_age = - (i == 0) ? kMaxOCSPLeafUpdateAge : kMaxOCSPIntermediateUpdateAge; + // TODO(https://crbug.com/971714): This applies Baseline Requirements max + // update age to all revocation checks, including locally trusted anchors. + // Confirm whether this causes any issues in enterprise deployments. + base::TimeDelta max_age = (i == 0) ? kMaxRevocationLeafUpdateAge + : kMaxRevocationIntermediateUpdateAge; // Check whether this certificate's revocation status complies with the // policy. bool cert_ok = - CheckCertRevocation(cert, issuer_cert, policy, stapled_ocsp, max_age, + CheckCertRevocation(certs, i, policy, stapled_ocsp, max_age, net_fetcher, errors->GetErrorsForCert(i)); if (!cert_ok) { diff --git a/chromium/net/cert/internal/revocation_checker.h b/chromium/net/cert/internal/revocation_checker.h index e22972fbaca..89590bb2667 100644 --- a/chromium/net/cert/internal/revocation_checker.h +++ b/chromium/net/cert/internal/revocation_checker.h @@ -15,6 +15,41 @@ namespace net { class CertPathErrors; class CertNetFetcher; +// Baseline Requirements 1.6.5, section 4.9.7: +// For the status of Subscriber Certificates: If the CA publishes a CRL, +// then the CA SHALL update and reissue CRLs at least once every seven +// days, and the value of the nextUpdate field MUST NOT be more than ten +// days beyond the value of the thisUpdate field. +// +// Baseline Requirements 1.6.5, section 4.9.10: +// For the status of Subscriber Certificates: The CA SHALL update +// information provided via an Online Certificate Status Protocol at least +// every four days. OCSP responses from this service MUST have a maximum +// expiration time of ten days. +// +// Use 7 days as the max allowable leaf revocation status age, which is +// sufficient for both CRL and OCSP, and which aligns with Microsoft policies. +constexpr base::TimeDelta kMaxRevocationLeafUpdateAge = + base::TimeDelta::FromDays(7); + +// Baseline Requirements 1.6.5, section 4.9.7: +// For the status of Subordinate CA Certificates: The CA SHALL update and +// reissue CRLs at least (i) once every twelve months and (ii) within 24 +// hours after revoking a Subordinate CA Certificate, and the value of the +// nextUpdate field MUST NOT be more than twelve months beyond the value of +// the thisUpdate field. +// +// Baseline Requirements 1.6.5, section 4.9.10: +// For the status of Subordinate CA Certificates: The CA SHALL update +// information provided via an Online Certificate Status Protocol at least +// (i) every twelve months and (ii) within 24 hours after revoking a +// Subordinate CA Certificate. +// +// Use 366 days to allow for leap years, though it is overly permissive in +// other years. +constexpr base::TimeDelta kMaxRevocationIntermediateUpdateAge = + base::TimeDelta::FromDays(366); + // RevocationPolicy describes how revocation should be carried out for a // particular chain. struct NET_EXPORT_PRIVATE RevocationPolicy { diff --git a/chromium/net/cert/internal/system_trust_store.cc b/chromium/net/cert/internal/system_trust_store.cc index ada022f2a91..e8b1e31b9fb 100644 --- a/chromium/net/cert/internal/system_trust_store.cc +++ b/chromium/net/cert/internal/system_trust_store.cc @@ -4,6 +4,10 @@ #include "net/cert/internal/system_trust_store.h" +#if defined(USE_NSS_CERTS) +#include "net/cert/internal/system_trust_store_nss.h" +#endif // defined(USE_NSS_CERTS) + #if defined(USE_NSS_CERTS) #include #include @@ -15,6 +19,7 @@ #include "base/files/file_path.h" #include "base/files/file_util.h" +#include "base/no_destructor.h" #include "build/build_config.h" #include "net/cert/internal/cert_errors.h" #include "net/cert/internal/parsed_certificate.h" @@ -31,7 +36,6 @@ #include "net/cert/scoped_nss_types.h" #elif defined(OS_MACOSX) && !defined(OS_IOS) #include "net/cert/internal/trust_store_mac.h" -#include "net/cert/known_roots_mac.h" #include "net/cert/x509_util_mac.h" #elif defined(OS_FUCHSIA) #include "third_party/boringssl/src/include/openssl/pool.h" @@ -73,8 +77,9 @@ namespace { class SystemTrustStoreNSS : public BaseSystemTrustStore { public: - explicit SystemTrustStoreNSS() : trust_store_nss_(trustSSL) { - trust_store_.AddTrustStore(&trust_store_nss_); + explicit SystemTrustStoreNSS(std::unique_ptr trust_store_nss) + : trust_store_nss_(std::move(trust_store_nss)) { + trust_store_.AddTrustStore(trust_store_nss_.get()); // When running in test mode, also layer in the test-only root certificates. // @@ -112,22 +117,35 @@ class SystemTrustStoreNSS : public BaseSystemTrustStore { } private: - TrustStoreNSS trust_store_nss_; + std::unique_ptr trust_store_nss_; }; } // namespace std::unique_ptr CreateSslSystemTrustStore() { - return std::make_unique(); + return std::make_unique( + std::make_unique(trustSSL)); +} + +std::unique_ptr +CreateSslSystemTrustStoreNSSWithUserSlotRestriction( + crypto::ScopedPK11Slot user_slot) { + return std::make_unique( + std::make_unique(trustSSL, std::move(user_slot))); +} + +std::unique_ptr +CreateSslSystemTrustStoreNSSWithNoUserSlots() { + return std::make_unique(std::make_unique( + trustSSL, TrustStoreNSS::DisallowTrustForCertsOnUserSlots())); } #elif defined(OS_MACOSX) && !defined(OS_IOS) class SystemTrustStoreMac : public BaseSystemTrustStore { public: - explicit SystemTrustStoreMac() : trust_store_mac_(kSecPolicyAppleSSL) { - InitializeKnownRoots(); - trust_store_.AddTrustStore(&trust_store_mac_); + SystemTrustStoreMac() { + trust_store_.AddTrustStore(GetGlobalTrustStoreMac()); // When running in test mode, also layer in the test-only root certificates. // @@ -145,18 +163,15 @@ class SystemTrustStoreMac : public BaseSystemTrustStore { // IsKnownRoot returns true if the given trust anchor is a standard one (as // opposed to a user-installed root) bool IsKnownRoot(const ParsedCertificate* trust_anchor) const override { - der::Input bytes = trust_anchor->der_cert(); - base::ScopedCFTypeRef cert_ref = - x509_util::CreateSecCertificateFromBytes(bytes.UnsafeData(), - bytes.Length()); - if (!cert_ref) - return false; - - return net::IsKnownRoot(cert_ref); + return GetGlobalTrustStoreMac()->IsKnownRoot(trust_anchor); } private: - TrustStoreMac trust_store_mac_; + TrustStoreMac* GetGlobalTrustStoreMac() const { + static base::NoDestructor static_trust_store_mac( + kSecPolicyAppleSSL); + return static_trust_store_mac.get(); + } }; std::unique_ptr CreateSslSystemTrustStore() { diff --git a/chromium/net/cert/internal/system_trust_store_nss.h b/chromium/net/cert/internal/system_trust_store_nss.h new file mode 100644 index 00000000000..b7037d52e5e --- /dev/null +++ b/chromium/net/cert/internal/system_trust_store_nss.h @@ -0,0 +1,33 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_CERT_INTERNAL_SYSTEM_TRUST_STORE_NSS_H_ +#define NET_CERT_INTERNAL_SYSTEM_TRUST_STORE_NSS_H_ + +#include "crypto/scoped_nss_types.h" +#include "net/base/net_export.h" +#include "net/cert/internal/system_trust_store.h" + +namespace net { + +// Create a SystemTrustStore that will accept trust for: +// (*) built-in certificates +// (*) test root certificates +// (*) additional trust anchors (added through SystemTrustStore::AddTrustAnchor) +// (*) certificates stored on the |user_slot|. +NET_EXPORT std::unique_ptr +CreateSslSystemTrustStoreNSSWithUserSlotRestriction( + crypto::ScopedPK11Slot user_slot); + +// Create a SystemTrustStore that will accept trust for: +// (*) built-in certificates +// (*) test root certificates +// (*) additional trust anchors (added through SystemTrustStore::AddTrustAnchor) +// It will not accept trust for certificates stored on other slots. +NET_EXPORT std::unique_ptr +CreateSslSystemTrustStoreNSSWithNoUserSlots(); + +} // namespace net + +#endif // NET_CERT_INTERNAL_SYSTEM_TRUST_STORE_NSS_H_ diff --git a/chromium/net/cert/internal/system_trust_store_nss_unittest.cc b/chromium/net/cert/internal/system_trust_store_nss_unittest.cc new file mode 100644 index 00000000000..9e3e581baa9 --- /dev/null +++ b/chromium/net/cert/internal/system_trust_store_nss_unittest.cc @@ -0,0 +1,163 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/cert/internal/system_trust_store.h" + +#include +#include + +#include + +#include "base/macros.h" +#include "crypto/scoped_nss_types.h" +#include "crypto/scoped_test_nss_db.h" +#include "net/cert/internal/cert_errors.h" +#include "net/cert/internal/parsed_certificate.h" +#include "net/cert/internal/system_trust_store_nss.h" +#include "net/cert/test_root_certs.h" +#include "net/cert/x509_certificate.h" +#include "net/cert/x509_util.h" +#include "net/cert/x509_util_nss.h" +#include "net/test/cert_test_util.h" +#include "net/test/test_data_directory.h" +#include "testing/gmock/include/gmock/gmock.h" +#include "testing/gtest/include/gtest/gtest.h" +#include "third_party/boringssl/src/include/openssl/evp.h" + +namespace net { + +namespace { + +// Parses |x509_cert| as a ParsedCertificate and stores the output in +// *|out_parsed_cert|. Wrap in ASSERT_NO_FATAL_FAILURE on callsites. +::testing::AssertionResult ParseX509Certificate( + const scoped_refptr& x509_cert, + scoped_refptr* out_parsed_cert) { + CertErrors parsing_errors; + *out_parsed_cert = ParsedCertificate::Create( + bssl::UpRef(x509_cert->cert_buffer()), + x509_util::DefaultParseCertificateOptions(), &parsing_errors); + if (!*out_parsed_cert) { + return ::testing::AssertionFailure() + << "ParseCertificate::Create() failed:\n" + << parsing_errors.ToDebugString(); + } + return ::testing::AssertionSuccess(); +} + +class SystemTrustStoreNSSTest : public ::testing::Test { + public: + SystemTrustStoreNSSTest() : test_root_certs_(TestRootCerts::GetInstance()) {} + ~SystemTrustStoreNSSTest() override = default; + + void SetUp() override { + ::testing::Test::SetUp(); + + root_cert_ = + ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem"); + ASSERT_TRUE(root_cert_); + ASSERT_NO_FATAL_FAILURE( + ParseX509Certificate(root_cert_, &parsed_root_cert_)); + nss_root_cert_ = + x509_util::CreateCERTCertificateFromX509Certificate(root_cert_.get()); + ASSERT_TRUE(nss_root_cert_); + + ASSERT_TRUE(test_nssdb_.is_open()); + ASSERT_TRUE(other_test_nssdb_.is_open()); + } + + protected: + // Imports |nss_root_cert_| into |slot| and sets trust flags so that it is a + // trusted CA for SSL. + void ImportRootCertAsTrusted(PK11SlotInfo* slot) { + SECStatus srv = PK11_ImportCert(slot, nss_root_cert_.get(), + CK_INVALID_HANDLE, "nickname_root_cert", + PR_FALSE /* includeTrust (unused) */); + ASSERT_EQ(SECSuccess, srv); + + CERTCertTrust trust = {0}; + trust.sslFlags = CERTDB_TRUSTED_CA | CERTDB_VALID_CA; + srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), nss_root_cert_.get(), + &trust); + ASSERT_EQ(SECSuccess, srv); + } + + crypto::ScopedTestNSSDB test_nssdb_; + crypto::ScopedTestNSSDB other_test_nssdb_; + + TestRootCerts* test_root_certs_; + + scoped_refptr root_cert_; + scoped_refptr parsed_root_cert_; + ScopedCERTCertificate nss_root_cert_; + + private: + DISALLOW_COPY_AND_ASSIGN(SystemTrustStoreNSSTest); +}; + +// Tests that SystemTrustStore respects TestRootCerts. +TEST_F(SystemTrustStoreNSSTest, TrustTestRootCerts) { + std::unique_ptr system_trust_store = + CreateSslSystemTrustStore(); + + EXPECT_TRUE(test_root_certs_->Add(root_cert_.get())); + CertificateTrust trust; + system_trust_store->GetTrustStore()->GetTrust(parsed_root_cert_.get(), + &trust); + EXPECT_EQ(CertificateTrustType::TRUSTED_ANCHOR, trust.type); + + test_root_certs_->Clear(); + system_trust_store->GetTrustStore()->GetTrust(parsed_root_cert_.get(), + &trust); + EXPECT_EQ(CertificateTrustType::UNSPECIFIED, trust.type); +} + +// Tests that SystemTrustStore created for NSS with a user-slot restriction +// allows certificates stored on the specified user slot to be trusted. +TEST_F(SystemTrustStoreNSSTest, UserSlotRestrictionAllows) { + std::unique_ptr system_trust_store = + CreateSslSystemTrustStoreNSSWithUserSlotRestriction( + crypto::ScopedPK11Slot(PK11_ReferenceSlot(test_nssdb_.slot()))); + + ASSERT_NO_FATAL_FAILURE(ImportRootCertAsTrusted(test_nssdb_.slot())); + + CertificateTrust trust; + system_trust_store->GetTrustStore()->GetTrust(parsed_root_cert_.get(), + &trust); + EXPECT_EQ(CertificateTrustType::TRUSTED_ANCHOR, trust.type); +} + +// Tests that SystemTrustStore created for NSS with a user-slot restriction +// does not allows certificates stored only on user slots different from the one +// specified to be trusted. +TEST_F(SystemTrustStoreNSSTest, UserSlotRestrictionDisallows) { + std::unique_ptr system_trust_store = + CreateSslSystemTrustStoreNSSWithUserSlotRestriction( + crypto::ScopedPK11Slot(PK11_ReferenceSlot(test_nssdb_.slot()))); + + ASSERT_NO_FATAL_FAILURE(ImportRootCertAsTrusted(other_test_nssdb_.slot())); + + CertificateTrust trust; + system_trust_store->GetTrustStore()->GetTrust(parsed_root_cert_.get(), + &trust); + EXPECT_EQ(CertificateTrustType::UNSPECIFIED, trust.type); +} + +// Tests that SystemTrustStore created for NSS without allowing trust for +// certificate stored on user slots. +TEST_F(SystemTrustStoreNSSTest, NoUserSlots) { + std::unique_ptr system_trust_store = + CreateSslSystemTrustStoreNSSWithNoUserSlots(); + + ASSERT_NO_FATAL_FAILURE(ImportRootCertAsTrusted(test_nssdb_.slot())); + + CertificateTrust trust; + system_trust_store->GetTrustStore()->GetTrust(parsed_root_cert_.get(), + &trust); + EXPECT_EQ(CertificateTrustType::UNSPECIFIED, trust.type); +} + +} // namespace + +} // namespace net diff --git a/chromium/net/cert/internal/trust_store_mac.cc b/chromium/net/cert/internal/trust_store_mac.cc index 9c8217c5379..e1ce10c219d 100644 --- a/chromium/net/cert/internal/trust_store_mac.cc +++ b/chromium/net/cert/internal/trust_store_mac.cc @@ -6,17 +6,25 @@ #include +#include "base/atomicops.h" +#include "base/bind.h" +#include "base/callback_list.h" +#include "base/containers/flat_map.h" #include "base/logging.h" #include "base/mac/foundation_util.h" #include "base/mac/mac_logging.h" +#include "base/no_destructor.h" #include "base/synchronization/lock.h" #include "crypto/mac_security_services_lock.h" +#include "net/base/hash_value.h" +#include "net/base/network_notification_thread_mac.h" #include "net/cert/internal/cert_errors.h" #include "net/cert/internal/parse_name.h" #include "net/cert/internal/parsed_certificate.h" #include "net/cert/test_keychain_search_list_mac.h" #include "net/cert/x509_util.h" #include "net/cert/x509_util_mac.h" +#include "third_party/boringssl/src/include/openssl/sha.h" namespace net { @@ -27,6 +35,8 @@ namespace { // Indicates the trust status of a certificate. enum class TrustStatus { + // Trust status is unknown / uninitialized. + UNKNOWN, // Certificate inherits trust value from its issuer. If the certificate is the // root of the chain, this implies distrust. UNSPECIFIED, @@ -151,54 +161,313 @@ TrustStatus IsTrustSettingsTrustedForPolicy(CFArrayRef trust_settings, return TrustStatus::UNSPECIFIED; } -// Returns true if the certificate |cert_handle| is trusted for the policy -// |policy_oid|. -TrustStatus IsSecCertificateTrustedForPolicy( +// Returns the trust status for |cert_handle| for the policy |policy_oid| in +// |trust_domain|. +TrustStatus IsCertificateTrustedForPolicyInDomain( const scoped_refptr& cert, - SecCertificateRef cert_handle, - const CFStringRef policy_oid) { + const CFStringRef policy_oid, + SecTrustSettingsDomain trust_domain) { + // TODO(eroman): Inefficient -- path building will convert between + // SecCertificateRef and ParsedCertificate representations multiple times + // (when getting the issuers, and again here). + // + // This conversion will also be done for each domain the cert policy is + // checked, but the TrustDomainCache ensures this function is only called on + // domains that actually have settings for the cert. The common case is that + // a cert will have trust settings in only zero or one domains, and when in + // more than one domain it would generally be because one domain is + // overriding the setting in the next, so it would only get done once anyway. + base::ScopedCFTypeRef cert_handle = + x509_util::CreateSecCertificateFromBytes(cert->der_cert().UnsafeData(), + cert->der_cert().Length()); + if (!cert_handle) + return TrustStatus::UNSPECIFIED; + const bool is_self_issued = cert->normalized_subject() == cert->normalized_issuer(); - // Evaluate trust domains in user, admin, system order. Admin settings can - // override system ones, and user settings can override both admin and system. - for (const auto& trust_domain : - {kSecTrustSettingsDomainUser, kSecTrustSettingsDomainAdmin, - kSecTrustSettingsDomainSystem}) { - base::ScopedCFTypeRef trust_settings; - OSStatus err; + + base::ScopedCFTypeRef trust_settings; + OSStatus err; + { + base::AutoLock lock(crypto::GetMacSecurityServicesLock()); + err = SecTrustSettingsCopyTrustSettings(cert_handle, trust_domain, + trust_settings.InitializeInto()); + } + if (err == errSecItemNotFound) { + // No trust settings for that domain.. try the next. + return TrustStatus::UNSPECIFIED; + } + if (err) { + OSSTATUS_LOG(ERROR, err) << "SecTrustSettingsCopyTrustSettings error"; + return TrustStatus::UNSPECIFIED; + } + TrustStatus trust = IsTrustSettingsTrustedForPolicy( + trust_settings, is_self_issued, policy_oid); + return trust; +} + +// Caches calculated trust status for certificates present in a single trust +// domain. +class TrustDomainCache { + public: + TrustDomainCache(SecTrustSettingsDomain domain, CFStringRef policy_oid) + : domain_(domain), policy_oid_(policy_oid) { + DCHECK(policy_oid_); + } + + // (Re-)Initializes the cache with the certs in |domain_| set to UNKNOWN trust + // status. + void Initialize() { + trust_status_cache_.clear(); + + base::ScopedCFTypeRef cert_array; + OSStatus rv; { base::AutoLock lock(crypto::GetMacSecurityServicesLock()); - err = SecTrustSettingsCopyTrustSettings(cert_handle, trust_domain, - trust_settings.InitializeInto()); + rv = SecTrustSettingsCopyCertificates(domain_, + cert_array.InitializeInto()); } - if (err == errSecItemNotFound) { - // No trust settings for that domain.. try the next. - continue; + if (rv != noErr) { + // Note: SecTrustSettingsCopyCertificates can legitimately return + // errSecNoTrustSettings if there are no trust settings in |domain_|. + return; } - if (err) { - OSSTATUS_LOG(ERROR, err) << "SecTrustSettingsCopyTrustSettings error"; - continue; + std::vector> trust_status_vector; + for (CFIndex i = 0, size = CFArrayGetCount(cert_array); i < size; ++i) { + SecCertificateRef cert = reinterpret_cast( + const_cast(CFArrayGetValueAtIndex(cert_array, i))); + trust_status_vector.emplace_back(x509_util::CalculateFingerprint256(cert), + TrustStatus::UNKNOWN); } - TrustStatus trust = IsTrustSettingsTrustedForPolicy( - trust_settings, is_self_issued, policy_oid); - if (trust != TrustStatus::UNSPECIFIED) - return trust; + trust_status_cache_ = base::flat_map( + std::move(trust_status_vector)); } - // No trust settings, or none of the settings were for the correct policy, or - // had the correct trust result. - return TrustStatus::UNSPECIFIED; + // Returns the trust status for |cert| in |domain_|. + TrustStatus IsCertTrusted(const scoped_refptr& cert, + const SHA256HashValue& cert_hash) { + auto cache_iter = trust_status_cache_.find(cert_hash); + if (cache_iter == trust_status_cache_.end()) { + // Cert does not have trust settings in this domain, return UNSPECIFIED. + return TrustStatus::UNSPECIFIED; + } + + if (cache_iter->second != TrustStatus::UNKNOWN) { + // Cert has trust settings and trust has already been calculated, return + // the cached value. + return cache_iter->second; + } + + // Cert has trust settings but trust has not been calculated yet. + // Calculate it now, insert into cache, and return. + TrustStatus cert_trust = + IsCertificateTrustedForPolicyInDomain(cert, policy_oid_, domain_); + cache_iter->second = cert_trust; + return cert_trust; + } + + // Returns true if the certificate with |cert_hash| is present in |domain_|. + bool ContainsCert(const SHA256HashValue& cert_hash) const { + return trust_status_cache_.find(cert_hash) != trust_status_cache_.end(); + } + + private: + const SecTrustSettingsDomain domain_; + const CFStringRef policy_oid_; + base::flat_map trust_status_cache_; + + DISALLOW_COPY_AND_ASSIGN(TrustDomainCache); +}; + +SHA256HashValue CalculateFingerprint256(const der::Input& buffer) { + SHA256HashValue sha256; + SHA256(buffer.UnsafeData(), buffer.Length(), sha256.data); + return sha256; } +// Watches macOS keychain for trust setting changes, and notifies any +// registered callbacks. This is necessary as the keychain callback API is +// keyed only on the callback function pointer rather than function pointer + +// context, so it cannot be safely registered multiple callbacks with the same +// function pointer and different contexts. +class KeychainTrustSettingsChangedNotifier { + public: + // Registers |callback| to be run when the keychain trust settings change. + // Must be called on the network notification thread. |callback| will be run + // on the network notification thread. The returned Subscription must be + // destroyed on the network notification thread. + static std::unique_ptr::Subscription> AddCallback( + base::RepeatingClosure callback) { + DCHECK(GetNetworkNotificationThreadMac()->RunsTasksInCurrentSequence()); + return Get()->callback_list_.Add(std::move(callback)); + } + + private: + friend base::NoDestructor; + + KeychainTrustSettingsChangedNotifier() { + DCHECK(GetNetworkNotificationThreadMac()->RunsTasksInCurrentSequence()); + OSStatus status = SecKeychainAddCallback( + &KeychainTrustSettingsChangedNotifier::KeychainCallback, + kSecTrustSettingsChangedEventMask, this); + if (status != noErr) + OSSTATUS_LOG(ERROR, status) << "SecKeychainAddCallback failed"; + } + + ~KeychainTrustSettingsChangedNotifier() = delete; + + static OSStatus KeychainCallback(SecKeychainEvent keychain_event, + SecKeychainCallbackInfo* info, + void* context) { + KeychainTrustSettingsChangedNotifier* notifier = + reinterpret_cast(context); + notifier->callback_list_.Notify(); + return errSecSuccess; + } + + static KeychainTrustSettingsChangedNotifier* Get() { + static base::NoDestructor notifier; + return notifier.get(); + } + + base::CallbackList callback_list_; + + DISALLOW_COPY_AND_ASSIGN(KeychainTrustSettingsChangedNotifier); +}; + +// Observes keychain events and increments the value returned by Iteration() +// each time the trust settings change. +class KeychainTrustObserver { + public: + KeychainTrustObserver() { + GetNetworkNotificationThreadMac()->PostTask( + FROM_HERE, + base::BindOnce( + &KeychainTrustObserver::RegisterCallbackOnNotificationThread, + base::Unretained(this))); + } + + // Destroying the observer unregisters the callback. Must be destroyed on the + // notification thread in order to safely release |subscription_|. + ~KeychainTrustObserver() { + DCHECK(GetNetworkNotificationThreadMac()->RunsTasksInCurrentSequence()); + } + + // Returns the current iteration count, which is incremented every time + // keychain trust settings change. This may be called from any thread. + int64_t Iteration() const { return base::subtle::Acquire_Load(&iteration_); } + + private: + void RegisterCallbackOnNotificationThread() { + DCHECK(GetNetworkNotificationThreadMac()->RunsTasksInCurrentSequence()); + subscription_ = + KeychainTrustSettingsChangedNotifier::AddCallback(base::BindRepeating( + &KeychainTrustObserver::Increment, base::Unretained(this))); + } + + void Increment() { base::subtle::Barrier_AtomicIncrement(&iteration_, 1); } + + // Only accessed on the notification thread. + std::unique_ptr::Subscription> subscription_; + + base::subtle::Atomic64 iteration_ = 0; + + DISALLOW_COPY_AND_ASSIGN(KeychainTrustObserver); +}; + } // namespace +// TrustCache caches the calculated trust status of certificates with trust +// settings in each of the three trust domains, and ensures the cache is reset +// if trust settings are modified. +class TrustStoreMac::TrustCache { + public: + explicit TrustCache(CFStringRef policy_oid) + : system_domain_cache_(kSecTrustSettingsDomainSystem, policy_oid), + admin_domain_cache_(kSecTrustSettingsDomainAdmin, policy_oid), + user_domain_cache_(kSecTrustSettingsDomainUser, policy_oid) { + keychain_observer_ = std::make_unique(); + } + + ~TrustCache() { + GetNetworkNotificationThreadMac()->DeleteSoon( + FROM_HERE, std::move(keychain_observer_)); + } + + // Returns true if |cert| is present in kSecTrustSettingsDomainSystem. + bool IsKnownRoot(const ParsedCertificate* cert) { + SHA256HashValue cert_hash = CalculateFingerprint256(cert->der_cert()); + + base::AutoLock lock(cache_lock_); + MaybeInitializeCache(); + return system_domain_cache_.ContainsCert(cert_hash); + } + + // Returns the trust status for |cert|. + TrustStatus IsCertTrusted(const scoped_refptr& cert) { + SHA256HashValue cert_hash = CalculateFingerprint256(cert->der_cert()); + + base::AutoLock lock(cache_lock_); + MaybeInitializeCache(); + + // Evaluate trust domains in user, admin, system order. Admin settings can + // override system ones, and user settings can override both admin and + // system. + for (TrustDomainCache* trust_domain_cache : + {&user_domain_cache_, &admin_domain_cache_, &system_domain_cache_}) { + TrustStatus ts = trust_domain_cache->IsCertTrusted(cert, cert_hash); + if (ts != TrustStatus::UNSPECIFIED) + return ts; + } + + // Cert did not have trust settings in any domain. + return TrustStatus::UNSPECIFIED; + } + + private: + // (Re-)Initialize the cache if necessary. Must be called after acquiring + // |cache_lock_| and before accessing any of the |*_domain_cache_| members. + void MaybeInitializeCache() { + cache_lock_.AssertAcquired(); + int64_t keychain_iteration = keychain_observer_->Iteration(); + if (iteration_ == keychain_iteration) + return; + + iteration_ = keychain_iteration; + user_domain_cache_.Initialize(); + admin_domain_cache_.Initialize(); + if (!system_domain_initialized_) { + // In practice, the system trust domain does not change during runtime, + // and SecTrustSettingsCopyCertificates on the system domain is quite + // slow, so the system domain cache is not reset on keychain changes. + system_domain_cache_.Initialize(); + system_domain_initialized_ = true; + } + } + + std::unique_ptr keychain_observer_; + + base::Lock cache_lock_; + // |cache_lock_| must be held while accessing any following members. + int64_t iteration_ = -1; + bool system_domain_initialized_ = false; + TrustDomainCache system_domain_cache_; + TrustDomainCache admin_domain_cache_; + TrustDomainCache user_domain_cache_; + + DISALLOW_COPY_AND_ASSIGN(TrustCache); +}; + TrustStoreMac::TrustStoreMac(CFTypeRef policy_oid) - : policy_oid_(base::mac::CFCastStrict(policy_oid)) { - DCHECK(policy_oid_); -} + : trust_cache_(std::make_unique( + base::mac::CFCastStrict(policy_oid))) {} TrustStoreMac::~TrustStoreMac() = default; +bool TrustStoreMac::IsKnownRoot(const ParsedCertificate* cert) const { + return trust_cache_->IsKnownRoot(cert); +} + void TrustStoreMac::SyncGetIssuersOf(const ParsedCertificate* cert, ParsedCertificateList* issuers) { base::ScopedCFTypeRef name_data = GetMacNormalizedIssuer(cert); @@ -243,19 +512,7 @@ void TrustStoreMac::SyncGetIssuersOf(const ParsedCertificate* cert, void TrustStoreMac::GetTrust(const scoped_refptr& cert, CertificateTrust* trust) const { - // TODO(eroman): Inefficient -- path building will convert between - // SecCertificateRef and ParsedCertificate representations multiple times - // (when getting the issuers, and again here). - base::ScopedCFTypeRef cert_handle = - x509_util::CreateSecCertificateFromBytes(cert->der_cert().UnsafeData(), - cert->der_cert().Length()); - if (!cert_handle) { - *trust = CertificateTrust::ForUnspecified(); - return; - } - - TrustStatus trust_status = - IsSecCertificateTrustedForPolicy(cert, cert_handle, policy_oid_); + TrustStatus trust_status = trust_cache_->IsCertTrusted(cert); switch (trust_status) { case TrustStatus::TRUSTED: *trust = CertificateTrust::ForTrustAnchor(); @@ -266,6 +523,11 @@ void TrustStoreMac::GetTrust(const scoped_refptr& cert, case TrustStatus::UNSPECIFIED: *trust = CertificateTrust::ForUnspecified(); return; + case TrustStatus::UNKNOWN: + // UNKNOWN is an implementation detail of TrustCache and should never be + // returned. + NOTREACHED(); + break; } *trust = CertificateTrust::ForUnspecified(); diff --git a/chromium/net/cert/internal/trust_store_mac.h b/chromium/net/cert/internal/trust_store_mac.h index b0b56a9ba9c..b2f54407284 100644 --- a/chromium/net/cert/internal/trust_store_mac.h +++ b/chromium/net/cert/internal/trust_store_mac.h @@ -16,7 +16,12 @@ namespace net { // TrustStoreMac is an implementation of TrustStore which uses macOS keychain -// to find trust anchors for path building. +// to find trust anchors for path building. Trust state is cached, so a single +// TrustStoreMac instance should be created and used for all verifications of a +// given policy. +// TrustStoreMac objects are threadsafe and methods may be called from multiple +// threads simultaneously. It is the owner's responsibility to ensure the +// TrustStoreMac object outlives any threads accessing it. class NET_EXPORT TrustStoreMac : public TrustStore { public: // Creates a TrustStoreMac which will find anchors that are trusted for @@ -29,6 +34,10 @@ class NET_EXPORT TrustStoreMac : public TrustStore { explicit TrustStoreMac(CFTypeRef policy_oid); ~TrustStoreMac() override; + // Returns true if the given certificate is present in the system trust + // domain. + bool IsKnownRoot(const ParsedCertificate* cert) const; + // TrustStore implementation: void SyncGetIssuersOf(const ParsedCertificate* cert, ParsedCertificateList* issuers) override; @@ -39,6 +48,8 @@ class NET_EXPORT TrustStoreMac : public TrustStore { FRIEND_TEST_ALL_PREFIXES(TrustStoreMacTest, MultiRootNotTrusted); FRIEND_TEST_ALL_PREFIXES(TrustStoreMacTest, SystemCerts); + class TrustCache; + // Finds certificates in the OS keychains whose Subject matches |name_data|. // The result is an array of SecCertificateRef. static base::ScopedCFTypeRef @@ -51,7 +62,7 @@ class NET_EXPORT TrustStoreMac : public TrustStore { static base::ScopedCFTypeRef GetMacNormalizedIssuer( const ParsedCertificate* cert); - const CFStringRef policy_oid_; + std::unique_ptr trust_cache_; DISALLOW_COPY_AND_ASSIGN(TrustStoreMac); }; diff --git a/chromium/net/cert/internal/trust_store_nss.cc b/chromium/net/cert/internal/trust_store_nss.cc index 3ab6343027e..6725971e369 100644 --- a/chromium/net/cert/internal/trust_store_nss.cc +++ b/chromium/net/cert/internal/trust_store_nss.cc @@ -11,17 +11,27 @@ #include "net/cert/internal/cert_errors.h" #include "net/cert/internal/parsed_certificate.h" #include "net/cert/scoped_nss_types.h" +#include "net/cert/test_root_certs.h" #include "net/cert/x509_util.h" #include "net/cert/x509_util_nss.h" -// TODO(mattm): structure so that supporting ChromeOS multi-profile stuff is -// doable (Have a TrustStoreChromeOS which uses net::NSSProfileFilterChromeOS, -// similar to CertVerifyProcChromeOS.) - namespace net { TrustStoreNSS::TrustStoreNSS(SECTrustType trust_type) - : trust_type_(trust_type) {} + : trust_type_(trust_type), filter_trusted_certs_by_slot_(false) {} + +TrustStoreNSS::TrustStoreNSS(SECTrustType trust_type, + crypto::ScopedPK11Slot user_slot) + : trust_type_(trust_type), + filter_trusted_certs_by_slot_(true), + user_slot_(std::move(user_slot)) { + DCHECK(user_slot_); +} + +TrustStoreNSS::TrustStoreNSS( + SECTrustType trust_type, + DisallowTrustForCertsOnUserSlots disallow_trust_for_certs_on_user_slots) + : trust_type_(trust_type), filter_trusted_certs_by_slot_(true) {} TrustStoreNSS::~TrustStoreNSS() = default; @@ -46,16 +56,24 @@ void TrustStoreNSS::SyncGetIssuersOf(const ParsedCertificate* cert, for (CERTCertListNode* node = CERT_LIST_HEAD(found_certs); !CERT_LIST_END(node, found_certs); node = CERT_LIST_NEXT(node)) { +#if !defined(OS_CHROMEOS) // TODO(mattm): use CERT_GetCertIsTemp when minimum NSS version is >= 3.31. if (node->cert->istemp) { - // Ignore temporary NSS certs. This ensures that during the trial when - // CertVerifyProcNSS and CertVerifyProcBuiltin are being used - // simultaneously, the builtin verifier does not get to "cheat" by using - // AIA fetched certs from CertVerifyProcNSS. + // Ignore temporary NSS certs on platforms other than Chrome OS. This + // ensures that during the trial when CertVerifyProcNSS and + // CertVerifyProcBuiltin are being used simultaneously, the builtin + // verifier does not get to "cheat" by using AIA fetched certs from + // CertVerifyProcNSS. // TODO(https://crbug.com/951479): remove this when CertVerifyProcBuiltin // becomes the default. + // This is not done for Chrome OS because temporary NSS certs are + // currently used there to implement policy-provided untrusted authority + // certificates, and no trials are being done on Chrome OS. + // TODO(https://crbug.com/978854): remove the Chrome OS exception when + // certificates are passed. continue; } +#endif // !defined(OS_CHROMEOS) CertErrors parse_errors; scoped_refptr cur_cert = ParsedCertificate::Create( @@ -95,6 +113,11 @@ void TrustStoreNSS::GetTrust(const scoped_refptr& cert, return; } + if (!IsCertAllowedForTrust(nss_cert.get())) { + *out_trust = CertificateTrust::ForUnspecified(); + return; + } + // Determine the trustedness of the matched certificate. CERTCertTrust trust; if (CERT_GetCertTrust(nss_cert.get(), &trust) != SECSuccess) { @@ -124,4 +147,38 @@ void TrustStoreNSS::GetTrust(const scoped_refptr& cert, return; } +bool TrustStoreNSS::IsCertAllowedForTrust(CERTCertificate* cert) const { + // If |filter_trusted_certs_by_slot_| is false, allow trust for any + // certificate, no matter which slot it is stored on. + if (!filter_trusted_certs_by_slot_) + return true; + + crypto::ScopedPK11SlotList slots_for_cert( + PK11_GetAllSlotsForCert(cert, nullptr)); + if (!slots_for_cert) + return false; + + for (PK11SlotListElement* slot_element = + PK11_GetFirstSafe(slots_for_cert.get()); + slot_element; + slot_element = PK11_GetNextSafe(slots_for_cert.get(), slot_element, + /*restart=*/PR_FALSE)) { + PK11SlotInfo* slot = slot_element->slot; + bool allow_slot = + // Allow the root certs module. + PK11_HasRootCerts(slot) || + // Allow read-only internal slots. + (PK11_IsInternal(slot) && !PK11_IsRemovable(slot)) || + // Allow |user_slot_| if specified. + (user_slot_ && slot == user_slot_.get()); + + if (allow_slot) { + PK11_FreeSlotListElement(slots_for_cert.get(), slot_element); + return true; + } + } + + return false; +} + } // namespace net diff --git a/chromium/net/cert/internal/trust_store_nss.h b/chromium/net/cert/internal/trust_store_nss.h index fd66b45d4ee..9c44093391e 100644 --- a/chromium/net/cert/internal/trust_store_nss.h +++ b/chromium/net/cert/internal/trust_store_nss.h @@ -5,9 +5,11 @@ #ifndef NET_CERT_INTERNAL_TRUST_STORE_NSS_H_ #define NET_CERT_INTERNAL_TRUST_STORE_NSS_H_ +#include #include #include "base/memory/ref_counted.h" +#include "crypto/scoped_nss_types.h" #include "net/base/net_export.h" #include "net/cert/internal/trust_store.h" @@ -17,9 +19,31 @@ namespace net { // anchors for path building. class NET_EXPORT TrustStoreNSS : public TrustStore { public: + struct DisallowTrustForCertsOnUserSlots {}; + // Creates a TrustStoreNSS which will find anchors that are trusted for // |trust_type|. + // The created TrustStoreNSS will not perform any filtering based on the slot + // certificates are stored on. explicit TrustStoreNSS(SECTrustType trust_type); + + // Creates a TrustStoreNSS which will find anchors that are trusted for + // |trust_type|. + // The created TrustStoreNSS will allow trust for certificates that: + // (*) are built-in certificates + // (*) are stored on a read-only internal slot + // (*) are stored on the |user_slot|. + TrustStoreNSS(SECTrustType trust_type, crypto::ScopedPK11Slot user_slot); + + // Creates a TrustStoreNSS which will find anchors that are trusted for + // |trust_type|. + // The created TrustStoreNSS will allow trust for certificates that: + // (*) are built-in certificates + // (*) are stored on a read-only internal slot + TrustStoreNSS( + SECTrustType trust_type, + DisallowTrustForCertsOnUserSlots disallow_trust_for_certs_on_user_slots); + ~TrustStoreNSS() override; // CertIssuerSource implementation: @@ -31,8 +55,30 @@ class NET_EXPORT TrustStoreNSS : public TrustStore { CertificateTrust* trust) const override; private: + bool IsCertAllowedForTrust(CERTCertificate* cert) const; + SECTrustType trust_type_; + // |filter_trusted_certs_by_slot_| and |user_slot_| together specify which + // slots certificates must be stored on to be allowed to be trusted. The + // possible combinations are: + // + // |filter_trusted_certs_by_slot_| == false: Allow any certificate to be + // trusted, don't filter by slot. |user_slot_| is ignored in this case. + // + // |filter_trusted_certs_by_slot_| == true and |user_slot_| = nullptr: Allow + // certificates to be trusted if they + // (*) are built-in certificates or + // (*) are stored on a read-only internal slot. + // + // |filter_trusted_certs_by_slot_| == true and |user_slot_| != nullptr: Allow + // certificates to be trusted if they + // (*) are built-in certificates or + // (*) are stored on a read-only internal slot or + // (*) are stored on |user_slot_|. + const bool filter_trusted_certs_by_slot_; + crypto::ScopedPK11Slot user_slot_; + DISALLOW_COPY_AND_ASSIGN(TrustStoreNSS); }; diff --git a/chromium/net/cert/internal/trust_store_nss_unittest.cc b/chromium/net/cert/internal/trust_store_nss_unittest.cc index 1a7a94cb1cb..d22a0360e82 100644 --- a/chromium/net/cert/internal/trust_store_nss_unittest.cc +++ b/chromium/net/cert/internal/trust_store_nss_unittest.cc @@ -6,25 +6,82 @@ #include #include +#include #include #include "base/strings/string_number_conversions.h" +#include "crypto/nss_util_internal.h" #include "crypto/scoped_test_nss_db.h" #include "net/cert/internal/cert_issuer_source_sync_unittest.h" +#include "net/cert/internal/parsed_certificate.h" #include "net/cert/internal/test_helpers.h" #include "net/cert/scoped_nss_types.h" +#include "net/cert/test_root_certs.h" +#include "net/cert/x509_util.h" #include "net/cert/x509_util_nss.h" #include "testing/gtest/include/gtest/gtest.h" +#include "third_party/boringssl/src/include/openssl/pool.h" namespace net { namespace { -class TrustStoreNSSTest : public testing::Test { +// Returns the slot which holds the built-in root certificates. +crypto::ScopedPK11Slot GetRootCertsSlot() { + crypto::AutoSECMODListReadLock auto_lock; + SECMODModuleList* head = SECMOD_GetDefaultModuleList(); + for (SECMODModuleList* item = head; item != NULL; item = item->next) { + int slot_count = item->module->loaded ? item->module->slotCount : 0; + for (int i = 0; i < slot_count; i++) { + PK11SlotInfo* slot = item->module->slots[i]; + if (!PK11_IsPresent(slot)) + continue; + if (PK11_HasRootCerts(slot)) + return crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot)); + } + } + return crypto::ScopedPK11Slot(); +} + +// Returns a built-in trusted root certificte. If multiple ones are available, +// it is not specified which one is returned. If none are available, returns +// nullptr. +scoped_refptr GetASSLTrustedBuiltinRoot() { + crypto::ScopedPK11Slot root_certs_slot = GetRootCertsSlot(); + if (!root_certs_slot) + return nullptr; + + scoped_refptr ssl_trusted_root; + + CERTCertList* cert_list = PK11_ListCertsInSlot(root_certs_slot.get()); + for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); + !CERT_LIST_END(node, cert_list); node = CERT_LIST_NEXT(node)) { + CERTCertTrust trust; + if (CERT_GetCertTrust(node->cert, &trust) != SECSuccess) + continue; + int trust_flags = SEC_GET_TRUST_FLAGS(&trust, trustSSL); + if ((trust_flags & CERTDB_TRUSTED_CA) == CERTDB_TRUSTED_CA) { + ssl_trusted_root = + x509_util::CreateX509CertificateFromCERTCertificate(node->cert); + break; + } + } + CERT_DestroyCertList(cert_list); + if (!ssl_trusted_root) + return nullptr; + + CertErrors parsing_errors; + return ParsedCertificate::Create(bssl::UpRef(ssl_trusted_root->cert_buffer()), + x509_util::DefaultParseCertificateOptions(), + &parsing_errors); +} + +class TrustStoreNSSTestBase : public ::testing::Test { public: void SetUp() override { ASSERT_TRUE(test_nssdb_.is_open()); + ASSERT_TRUE(other_test_nssdb_.is_open()); ParsedCertificateList chain; ReadCertChainFromFile( "net/data/verify_certificate_chain_unittest/key-rollover/oldchain.pem", @@ -51,31 +108,35 @@ class TrustStoreNSSTest : public testing::Test { ASSERT_TRUE(newroot_); ASSERT_TRUE(newrootrollover_); - trust_store_nss_.reset(new TrustStoreNSS(trustSSL)); + trust_store_nss_ = CreateTrustStoreNSS(); } + // Creates the TrustStoreNSS instance. Subclasses will customize the slot + // filtering behavior here. + virtual std::unique_ptr CreateTrustStoreNSS() = 0; + std::string GetUniqueNickname() { return "trust_store_nss_unittest" + base::NumberToString(nickname_counter_++); } - void AddCertToNSS(const ParsedCertificate* cert) { + void AddCertToNSSSlot(const ParsedCertificate* cert, PK11SlotInfo* slot) { ScopedCERTCertificate nss_cert(x509_util::CreateCERTCertificateFromBytes( cert->der_cert().UnsafeData(), cert->der_cert().Length())); ASSERT_TRUE(nss_cert); - SECStatus srv = PK11_ImportCert( - test_nssdb_.slot(), nss_cert.get(), CK_INVALID_HANDLE, - GetUniqueNickname().c_str(), PR_FALSE /* includeTrust (unused) */); + SECStatus srv = PK11_ImportCert(slot, nss_cert.get(), CK_INVALID_HANDLE, + GetUniqueNickname().c_str(), + PR_FALSE /* includeTrust (unused) */); ASSERT_EQ(SECSuccess, srv); } void AddCertsToNSS() { - AddCertToNSS(target_.get()); - AddCertToNSS(oldintermediate_.get()); - AddCertToNSS(newintermediate_.get()); - AddCertToNSS(oldroot_.get()); - AddCertToNSS(newroot_.get()); - AddCertToNSS(newrootrollover_.get()); + AddCertToNSSSlot(target_.get(), test_nssdb_.slot()); + AddCertToNSSSlot(oldintermediate_.get(), test_nssdb_.slot()); + AddCertToNSSSlot(newintermediate_.get(), test_nssdb_.slot()); + AddCertToNSSSlot(oldroot_.get(), test_nssdb_.slot()); + AddCertToNSSSlot(newroot_.get(), test_nssdb_.slot()); + AddCertToNSSSlot(newrootrollover_.get(), test_nssdb_.slot()); // Check that the certificates can be retrieved as expected. EXPECT_TRUE( @@ -192,30 +253,102 @@ class TrustStoreNSSTest : public testing::Test { scoped_refptr newintermediate_; scoped_refptr newrootrollover_; crypto::ScopedTestNSSDB test_nssdb_; + crypto::ScopedTestNSSDB other_test_nssdb_; std::unique_ptr trust_store_nss_; unsigned nickname_counter_ = 0; }; -// Without adding any certs to the NSS DB, should get no anchor results for any -// of the test certs. -TEST_F(TrustStoreNSSTest, CertsNotPresent) { +// Specifies which kind of per-slot filtering the TrustStoreNSS is supposed to +// perform in the parametrized TrustStoreNSSTestWithSlotFilterType. +enum class SlotFilterType { + kDontFilter, + kDoNotAllowUserSlots, + kAllowSpecifiedUserSlot +}; + +// Used for testing a TrustStoreNSS with the slot filter type specified by the +// test parameter. +class TrustStoreNSSTestWithSlotFilterType + : public TrustStoreNSSTestBase, + public testing::WithParamInterface { + public: + TrustStoreNSSTestWithSlotFilterType() = default; + ~TrustStoreNSSTestWithSlotFilterType() override = default; + + std::unique_ptr CreateTrustStoreNSS() override { + switch (GetParam()) { + case SlotFilterType::kDontFilter: + return std::make_unique(trustSSL); + case SlotFilterType::kDoNotAllowUserSlots: + return std::make_unique( + trustSSL, TrustStoreNSS::DisallowTrustForCertsOnUserSlots()); + case SlotFilterType::kAllowSpecifiedUserSlot: + return std::make_unique( + trustSSL, + crypto::ScopedPK11Slot(PK11_ReferenceSlot(test_nssdb_.slot()))); + } + } +}; + +// Without adding any certs to the NSS DB, should get no anchor results for +// any of the test certs. +TEST_P(TrustStoreNSSTestWithSlotFilterType, CertsNotPresent) { EXPECT_TRUE(TrustStoreContains(target_, ParsedCertificateList())); EXPECT_TRUE(TrustStoreContains(newintermediate_, ParsedCertificateList())); EXPECT_TRUE(TrustStoreContains(newroot_, ParsedCertificateList())); } +#if !defined(OS_CHROMEOS) // TrustStoreNSS should not return temporary certs. (See // https://crbug.com/951166) -TEST_F(TrustStoreNSSTest, TempCertNotPresent) { +TEST_P(TrustStoreNSSTestWithSlotFilterType, TempCertNotPresent) { ScopedCERTCertificate temp_nss_cert(x509_util::CreateCERTCertificateFromBytes( newintermediate_->der_cert().UnsafeData(), newintermediate_->der_cert().Length())); EXPECT_TRUE(TrustStoreContains(target_, ParsedCertificateList())); } +#else // !defined(OS_CHROMEOS) +// TrustStoreNSS should return temporary certs on Chrome OS, because on Chrome +// OS temporary certs are used to supply policy-provided untrusted authority +// certs. (See https://crbug.com/978854) +TEST_P(TrustStoreNSSTestWithSlotFilterType, TempCertPresent) { + ScopedCERTCertificate temp_nss_cert(x509_util::CreateCERTCertificateFromBytes( + newintermediate_->der_cert().UnsafeData(), + newintermediate_->der_cert().Length())); + EXPECT_TRUE(TrustStoreContains(target_, {newintermediate_})); +} +#endif // !defined(OS_CHROMEOS) + +// Independent of the specified slot-based filtering mode, built-in root certs +// should always be trusted. +TEST_P(TrustStoreNSSTestWithSlotFilterType, TrustAllowedForBuiltinRootCerts) { + auto builtin_root_cert = GetASSLTrustedBuiltinRoot(); + ASSERT_TRUE(builtin_root_cert); + EXPECT_TRUE( + HasTrust({builtin_root_cert}, CertificateTrustType::TRUSTED_ANCHOR)); +} + +INSTANTIATE_TEST_SUITE_P( + TrustStoreNSSTest_AllSlotFilterTypes, + TrustStoreNSSTestWithSlotFilterType, + ::testing::Values(SlotFilterType::kDontFilter, + SlotFilterType::kDoNotAllowUserSlots, + SlotFilterType::kAllowSpecifiedUserSlot)); + +// Tests a TrustStoreNSS that does not filter which certificates +class TrustStoreNSSTestWithoutSlotFilter : public TrustStoreNSSTestBase { + public: + TrustStoreNSSTestWithoutSlotFilter() = default; + ~TrustStoreNSSTestWithoutSlotFilter() override = default; + + std::unique_ptr CreateTrustStoreNSS() override { + return std::make_unique(trustSSL); + } +}; // If certs are present in NSS DB but aren't marked as trusted, should get no // anchor results for any of the test certs. -TEST_F(TrustStoreNSSTest, CertsPresentButNotTrusted) { +TEST_F(TrustStoreNSSTestWithoutSlotFilter, CertsPresentButNotTrusted) { AddCertsToNSS(); // None of the certificates are trusted. @@ -225,7 +358,7 @@ TEST_F(TrustStoreNSSTest, CertsPresentButNotTrusted) { } // Trust a single self-signed CA certificate. -TEST_F(TrustStoreNSSTest, TrustedCA) { +TEST_F(TrustStoreNSSTestWithoutSlotFilter, TrustedCA) { AddCertsToNSS(); TrustCert(newroot_.get()); @@ -238,7 +371,7 @@ TEST_F(TrustStoreNSSTest, TrustedCA) { } // Distrust a single self-signed CA certificate. -TEST_F(TrustStoreNSSTest, DistrustedCA) { +TEST_F(TrustStoreNSSTestWithoutSlotFilter, DistrustedCA) { AddCertsToNSS(); DistrustCert(newroot_.get()); @@ -251,7 +384,7 @@ TEST_F(TrustStoreNSSTest, DistrustedCA) { } // Trust a single intermediate certificate. -TEST_F(TrustStoreNSSTest, TrustedIntermediate) { +TEST_F(TrustStoreNSSTestWithoutSlotFilter, TrustedIntermediate) { AddCertsToNSS(); TrustCert(newintermediate_.get()); @@ -263,7 +396,7 @@ TEST_F(TrustStoreNSSTest, TrustedIntermediate) { } // Distrust a single intermediate certificate. -TEST_F(TrustStoreNSSTest, DistrustedIntermediate) { +TEST_F(TrustStoreNSSTestWithoutSlotFilter, DistrustedIntermediate) { AddCertsToNSS(); DistrustCert(newintermediate_.get()); @@ -274,7 +407,7 @@ TEST_F(TrustStoreNSSTest, DistrustedIntermediate) { } // Trust a single server certificate. -TEST_F(TrustStoreNSSTest, TrustedServer) { +TEST_F(TrustStoreNSSTestWithoutSlotFilter, TrustedServer) { AddCertsToNSS(); TrustServerCert(target_.get()); @@ -287,7 +420,7 @@ TEST_F(TrustStoreNSSTest, TrustedServer) { } // Trust multiple self-signed CA certificates with the same name. -TEST_F(TrustStoreNSSTest, MultipleTrustedCAWithSameSubject) { +TEST_F(TrustStoreNSSTestWithoutSlotFilter, MultipleTrustedCAWithSameSubject) { AddCertsToNSS(); TrustCert(oldroot_.get()); TrustCert(newroot_.get()); @@ -301,7 +434,7 @@ TEST_F(TrustStoreNSSTest, MultipleTrustedCAWithSameSubject) { // Different trust settings for multiple self-signed CA certificates with the // same name. -TEST_F(TrustStoreNSSTest, DifferingTrustCAWithSameSubject) { +TEST_F(TrustStoreNSSTestWithoutSlotFilter, DifferingTrustCAWithSameSubject) { AddCertsToNSS(); DistrustCert(oldroot_.get()); TrustCert(newroot_.get()); @@ -313,6 +446,62 @@ TEST_F(TrustStoreNSSTest, DifferingTrustCAWithSameSubject) { EXPECT_TRUE(HasTrust({newroot_}, CertificateTrustType::TRUSTED_ANCHOR)); } +// Tests for a TrustStoreNSS which does not allow certificates on user slots +// to be trusted. +class TrustStoreNSSTestDoNotAllowUserSlots : public TrustStoreNSSTestBase { + public: + TrustStoreNSSTestDoNotAllowUserSlots() = default; + ~TrustStoreNSSTestDoNotAllowUserSlots() override = default; + + std::unique_ptr CreateTrustStoreNSS() override { + return std::make_unique( + trustSSL, TrustStoreNSS::DisallowTrustForCertsOnUserSlots()); + } +}; + +// A certificate that is stored on a "user slot" is not trusted if the +// TrustStoreNSS is not allowed to trust certificates on user slots. +TEST_F(TrustStoreNSSTestDoNotAllowUserSlots, CertOnUserSlot) { + AddCertToNSSSlot(newroot_.get(), test_nssdb_.slot()); + TrustCert(newroot_.get()); + EXPECT_TRUE(HasTrust({newroot_}, CertificateTrustType::UNSPECIFIED)); +} + +// Tests for a TrustStoreNSS which does allows certificates on user slots to +// be only trusted if they are on a specific user slot. +class TrustStoreNSSTestAllowSpecifiedUserSlot : public TrustStoreNSSTestBase { + public: + TrustStoreNSSTestAllowSpecifiedUserSlot() = default; + ~TrustStoreNSSTestAllowSpecifiedUserSlot() override = default; + + std::unique_ptr CreateTrustStoreNSS() override { + return std::make_unique( + trustSSL, + crypto::ScopedPK11Slot(PK11_ReferenceSlot(test_nssdb_.slot()))); + } +}; + +// A certificate that is stored on a "user slot" is trusted if the +// TrustStoreNSS is allowed to trust that user slot. +TEST_F(TrustStoreNSSTestAllowSpecifiedUserSlot, CertOnUserSlot) { + AddCertToNSSSlot(newroot_.get(), test_nssdb_.slot()); + TrustCert(newroot_.get()); + EXPECT_TRUE(HasTrust({newroot_}, CertificateTrustType::TRUSTED_ANCHOR)); +} + +// A certificate that is stored on a "user slot" is not trusted if the +// TrustStoreNSS is allowed to trust a user slot, but the certificate is +// stored on another user slot. +TEST_F(TrustStoreNSSTestAllowSpecifiedUserSlot, CertOnOtherUserSlot) { + AddCertToNSSSlot(newroot_.get(), other_test_nssdb_.slot()); + TrustCert(newroot_.get()); + EXPECT_TRUE(HasTrust({newroot_}, CertificateTrustType::UNSPECIFIED)); +} + +// TODO(https://crbug.com/980443): If the internal non-removable slot is +// relevant on Chrome OS, add a test for allowing trust for certificates +// stored on that slot. + class TrustStoreNSSTestDelegate { public: TrustStoreNSSTestDelegate() : trust_store_nss_(trustSSL) {} @@ -345,8 +534,8 @@ INSTANTIATE_TYPED_TEST_SUITE_P(TrustStoreNSSTest2, CertIssuerSourceSyncTest, TrustStoreNSSTestDelegate); -// NSS doesn't normalize UTF8String values, so use the not-normalized version of -// those tests. +// NSS doesn't normalize UTF8String values, so use the not-normalized version +// of those tests. INSTANTIATE_TYPED_TEST_SUITE_P(TrustStoreNSSNotNormalizedTest, CertIssuerSourceSyncNotNormalizedTest, TrustStoreNSSTestDelegate); diff --git a/chromium/net/cert/internal/verify_certificate_chain_pkits_unittest.cc b/chromium/net/cert/internal/verify_certificate_chain_pkits_unittest.cc index 2c8bf0be2b3..f262f51eb1e 100644 --- a/chromium/net/cert/internal/verify_certificate_chain_pkits_unittest.cc +++ b/chromium/net/cert/internal/verify_certificate_chain_pkits_unittest.cc @@ -10,7 +10,8 @@ #include "net/der/input.h" #include "third_party/boringssl/src/include/openssl/pool.h" -// TODO(mattm): these require CRL support: +// These require CRL support, which is not implemented at the +// VerifyCertificateChain level. #define Section7InvalidkeyUsageCriticalcRLSignFalseTest4 \ DISABLED_Section7InvalidkeyUsageCriticalcRLSignFalseTest4 #define Section7InvalidkeyUsageNotCriticalcRLSignFalseTest5 \ @@ -119,7 +120,9 @@ INSTANTIATE_TYPED_TEST_SUITE_P(VerifyCertificateChain, PkitsTest16PrivateCertificateExtensions, VerifyCertificateChainPkitsTestDelegate); -// TODO(mattm): CRL support: PkitsTest04BasicCertificateRevocationTests, +// These require CRL support, which is not implemented at the +// VerifyCertificateChain level: +// PkitsTest04BasicCertificateRevocationTests, // PkitsTest05VerifyingPathswithSelfIssuedCertificates, // PkitsTest14DistributionPoints, PkitsTest15DeltaCRLs diff --git a/chromium/net/cert/internal/verify_name_match_fuzzer.cc b/chromium/net/cert/internal/verify_name_match_fuzzer.cc index 03c7e9cda12..a22d3f907a0 100644 --- a/chromium/net/cert/internal/verify_name_match_fuzzer.cc +++ b/chromium/net/cert/internal/verify_name_match_fuzzer.cc @@ -9,17 +9,19 @@ #include -#include "base/test/fuzzed_data_provider.h" #include "net/der/input.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" // Entry point for LibFuzzer. extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - base::FuzzedDataProvider fuzzed_data(data, size); + FuzzedDataProvider fuzzed_data(data, size); // Intentionally using uint16_t here to avoid empty |second_part|. size_t first_part_size = fuzzed_data.ConsumeIntegral(); - std::vector first_part = fuzzed_data.ConsumeBytes(first_part_size); - std::vector second_part = fuzzed_data.ConsumeRemainingBytes(); + std::vector first_part = + fuzzed_data.ConsumeBytes(first_part_size); + std::vector second_part = + fuzzed_data.ConsumeRemainingBytes(); net::der::Input in1(first_part.data(), first_part.size()); net::der::Input in2(second_part.data(), second_part.size()); diff --git a/chromium/net/cert/internal/verify_name_match_verifynameinsubtree_fuzzer.cc b/chromium/net/cert/internal/verify_name_match_verifynameinsubtree_fuzzer.cc index d948e59fb6c..a289c7f190b 100644 --- a/chromium/net/cert/internal/verify_name_match_verifynameinsubtree_fuzzer.cc +++ b/chromium/net/cert/internal/verify_name_match_verifynameinsubtree_fuzzer.cc @@ -9,17 +9,19 @@ #include -#include "base/test/fuzzed_data_provider.h" #include "net/der/input.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" // Entry point for LibFuzzer. extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - base::FuzzedDataProvider fuzzed_data(data, size); + FuzzedDataProvider fuzzed_data(data, size); // Intentionally using uint16_t here to avoid empty |second_part|. size_t first_part_size = fuzzed_data.ConsumeIntegral(); - std::vector first_part = fuzzed_data.ConsumeBytes(first_part_size); - std::vector second_part = fuzzed_data.ConsumeRemainingBytes(); + std::vector first_part = + fuzzed_data.ConsumeBytes(first_part_size); + std::vector second_part = + fuzzed_data.ConsumeRemainingBytes(); net::der::Input in1(first_part.data(), first_part.size()); net::der::Input in2(second_part.data(), second_part.size()); diff --git a/chromium/net/cert/mock_cert_verifier.cc b/chromium/net/cert/mock_cert_verifier.cc index 3a5161ff64b..e65dadb7e7f 100644 --- a/chromium/net/cert/mock_cert_verifier.cc +++ b/chromium/net/cert/mock_cert_verifier.cc @@ -43,7 +43,7 @@ struct MockCertVerifier::Rule { class MockCertVerifier::MockRequest : public CertVerifier::Request { public: MockRequest(CertVerifyResult* result, CompletionOnceCallback callback) - : result_(result), callback_(std::move(callback)), weak_factory_(this) {} + : result_(result), callback_(std::move(callback)) {} void ReturnResultLater(int rv, const CertVerifyResult& result) { base::ThreadTaskRunnerHandle::Get()->PostTask( @@ -59,7 +59,7 @@ class MockCertVerifier::MockRequest : public CertVerifier::Request { CertVerifyResult* result_; CompletionOnceCallback callback_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; }; MockCertVerifier::MockCertVerifier() diff --git a/chromium/net/cert/multi_log_ct_verifier.cc b/chromium/net/cert/multi_log_ct_verifier.cc index cd473fb96ee..a541cec6d89 100644 --- a/chromium/net/cert/multi_log_ct_verifier.cc +++ b/chromium/net/cert/multi_log_ct_verifier.cc @@ -6,8 +6,6 @@ #include -#include "base/bind.h" -#include "base/callback_helpers.h" #include "base/metrics/histogram_macros.h" #include "base/values.h" #include "net/base/net_errors.h" @@ -19,7 +17,6 @@ #include "net/cert/signed_certificate_timestamp_and_status.h" #include "net/cert/x509_certificate.h" #include "net/log/net_log_event_type.h" -#include "net/log/net_log_parameters_callback.h" #include "net/log/net_log_with_source.h" namespace net { @@ -103,12 +100,11 @@ void MultiLogCTVerifier::Verify( // Log to Net Log, after extracting SCTs but before possibly failing on // X.509 entry creation. - NetLogParametersCallback net_log_callback = - base::Bind(&NetLogRawSignedCertificateTimestampCallback, embedded_scts, - sct_list_from_ocsp, sct_list_from_tls_extension); - - net_log.AddEvent(NetLogEventType::SIGNED_CERTIFICATE_TIMESTAMPS_RECEIVED, - net_log_callback); + net_log.AddEvent( + NetLogEventType::SIGNED_CERTIFICATE_TIMESTAMPS_RECEIVED, [&] { + return NetLogRawSignedCertificateTimestampParams( + embedded_scts, sct_list_from_ocsp, sct_list_from_tls_extension); + }); ct::SignedEntryData x509_entry; if (ct::GetX509SignedEntry(cert->cert_buffer(), &x509_entry)) { @@ -130,11 +126,9 @@ void MultiLogCTVerifier::Verify( base::TimeDelta::FromMilliseconds(100), 50); } - NetLogParametersCallback net_log_checked_callback = - base::Bind(&NetLogSignedCertificateTimestampCallback, output_scts); - - net_log.AddEvent(NetLogEventType::SIGNED_CERTIFICATE_TIMESTAMPS_CHECKED, - net_log_checked_callback); + net_log.AddEvent(NetLogEventType::SIGNED_CERTIFICATE_TIMESTAMPS_CHECKED, [&] { + return NetLogSignedCertificateTimestampParams(output_scts); + }); } void MultiLogCTVerifier::VerifySCTs( diff --git a/chromium/net/cert/multi_log_ct_verifier_unittest.cc b/chromium/net/cert/multi_log_ct_verifier_unittest.cc index d935767f7bb..d171a465b33 100644 --- a/chromium/net/cert/multi_log_ct_verifier_unittest.cc +++ b/chromium/net/cert/multi_log_ct_verifier_unittest.cc @@ -24,7 +24,7 @@ #include "net/log/net_log_source_type.h" #include "net/log/net_log_with_source.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" +#include "net/log/test_net_log_util.h" #include "net/test/cert_test_util.h" #include "net/test/ct_test_util.h" #include "net/test/test_data_directory.h" @@ -65,25 +65,23 @@ class MultiLogCTVerifierTest : public ::testing::Test { } bool CheckForEmbeddedSCTInNetLog(const TestNetLog& net_log) { - TestNetLogEntry::List entries; - net_log.GetEntries(&entries); + auto entries = net_log.GetEntries(); if (entries.size() != 2) return false; - const TestNetLogEntry& received = entries[0]; - std::string embedded_scts; - if (!received.GetStringValue("embedded_scts", &embedded_scts)) - return false; - if (embedded_scts.empty()) + auto embedded_scts = + GetOptionalStringValueFromParams(entries[0], "embedded_scts"); + if (!embedded_scts || embedded_scts->empty()) return false; - const TestNetLogEntry& parsed = entries[1]; - base::ListValue* scts; - if (!parsed.GetListValue("scts", &scts) || scts->GetSize() != 1) { + const NetLogEntry& parsed = entries[1]; + const base::ListValue* scts; + if (!GetListValueFromParams(parsed, "scts", &scts) || + scts->GetSize() != 1) { return false; } - base::DictionaryValue* the_sct; + const base::DictionaryValue* the_sct; if (!scts->GetDictionary(0, &the_sct)) return false; diff --git a/chromium/net/cert/multi_threaded_cert_verifier.cc b/chromium/net/cert/multi_threaded_cert_verifier.cc index 531aa0e9cbb..912090d85a8 100644 --- a/chromium/net/cert/multi_threaded_cert_verifier.cc +++ b/chromium/net/cert/multi_threaded_cert_verifier.cc @@ -35,8 +35,6 @@ namespace net { -class NetLogCaptureMode; - // Allows DoVerifyOnWorkerThread to wait on a base::WaitableEvent. // DoVerifyOnWorkerThread may wait on network operations done on a separate // sequence. For instance when using the NSS-based implementation of certificate @@ -83,8 +81,7 @@ class MultiThreadedCertVerifierScopedAllowBaseSyncPrimitives namespace { -base::Value CertVerifyResultCallback(const CertVerifyResult& verify_result, - NetLogCaptureMode capture_mode) { +base::Value CertVerifyResultParams(const CertVerifyResult& verify_result) { base::DictionaryValue results; results.SetBoolean("has_md5", verify_result.has_md5); results.SetBoolean("has_md2", verify_result.has_md2); @@ -94,9 +91,8 @@ base::Value CertVerifyResultCallback(const CertVerifyResult& verify_result, results.SetBoolean("is_issued_by_additional_trust_anchor", verify_result.is_issued_by_additional_trust_anchor); results.SetInteger("cert_status", verify_result.cert_status); - results.SetKey("verified_cert", - NetLogX509CertificateCallback( - verify_result.verified_cert.get(), capture_mode)); + results.SetKey("verified_cert", NetLogX509CertificateParams( + verify_result.verified_cert.get())); std::unique_ptr hashes(new base::ListValue()); for (auto it = verify_result.public_key_hashes.begin(); @@ -221,11 +217,10 @@ class CertVerifierJob { net_log_(NetLogWithSource::Make(net_log, NetLogSourceType::CERT_VERIFIER_JOB)), cert_verifier_(cert_verifier), - is_first_job_(false), - weak_ptr_factory_(this) { - net_log_.BeginEvent(NetLogEventType::CERT_VERIFIER_JOB, - base::Bind(&NetLogX509CertificateCallback, - base::Unretained(key.certificate().get()))); + is_first_job_(false) { + net_log_.BeginEvent(NetLogEventType::CERT_VERIFIER_JOB, [&] { + return NetLogX509CertificateParams(key.certificate().get()); + }); } // Indicates whether this was the first job started by the CertVerifier. This @@ -279,9 +274,8 @@ class CertVerifierJob { std::unique_ptr request(new CertVerifierRequest( this, std::move(callback), verify_result, net_log)); - request->net_log().AddEvent( - NetLogEventType::CERT_VERIFIER_REQUEST_BOUND_TO_JOB, - net_log_.source().ToEventParametersCallback()); + request->net_log().AddEventReferencingSource( + NetLogEventType::CERT_VERIFIER_REQUEST_BOUND_TO_JOB, net_log_.source()); requests_.Append(request.get()); return request; @@ -292,9 +286,9 @@ class CertVerifierJob { // Called on completion of the Job to log UMA metrics and NetLog events. void LogMetrics(const ResultHelper& verify_result) { - net_log_.EndEvent( - NetLogEventType::CERT_VERIFIER_JOB, - base::Bind(&CertVerifyResultCallback, verify_result.result)); + net_log_.EndEvent(NetLogEventType::CERT_VERIFIER_JOB, [&] { + return CertVerifyResultParams(verify_result.result); + }); base::TimeDelta latency = base::TimeTicks::Now() - start_time_; if (cert_verifier_->should_record_histograms_) { UMA_HISTOGRAM_CUSTOM_TIMES("Net.CertVerifier_Job_Latency", latency, @@ -345,7 +339,7 @@ class CertVerifierJob { MultiThreadedCertVerifier* cert_verifier_; // Non-owned. bool is_first_job_; - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; }; MultiThreadedCertVerifier::MultiThreadedCertVerifier( diff --git a/chromium/net/cert/nss_cert_database.cc b/chromium/net/cert/nss_cert_database.cc index bc966fbe0d6..56dd1272052 100644 --- a/chromium/net/cert/nss_cert_database.cc +++ b/chromium/net/cert/nss_cert_database.cc @@ -70,8 +70,7 @@ NSSCertDatabase::NSSCertDatabase(crypto::ScopedPK11Slot public_slot, crypto::ScopedPK11Slot private_slot) : public_slot_(std::move(public_slot)), private_slot_(std::move(private_slot)), - observer_list_(new base::ObserverListThreadSafe), - weak_factory_(this) { + observer_list_(new base::ObserverListThreadSafe) { CHECK(public_slot_); CertDatabase* cert_db = CertDatabase::GetInstance(); diff --git a/chromium/net/cert/nss_cert_database.h b/chromium/net/cert/nss_cert_database.h index cee2f01b492..97be8c45eb3 100644 --- a/chromium/net/cert/nss_cert_database.h +++ b/chromium/net/cert/nss_cert_database.h @@ -282,7 +282,7 @@ class NET_EXPORT NSSCertDatabase { const scoped_refptr> observer_list_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(NSSCertDatabase); }; diff --git a/chromium/net/cert/test_root_certs.cc b/chromium/net/cert/test_root_certs.cc index f455d18f001..2790669081c 100644 --- a/chromium/net/cert/test_root_certs.cc +++ b/chromium/net/cert/test_root_certs.cc @@ -60,19 +60,23 @@ TestRootCerts::TestRootCerts() { ScopedTestRoot::ScopedTestRoot() = default; ScopedTestRoot::ScopedTestRoot(X509Certificate* cert) { - Reset(cert); + Reset({cert}); +} + +ScopedTestRoot::ScopedTestRoot(CertificateList certs) { + Reset(std::move(certs)); } ScopedTestRoot::~ScopedTestRoot() { - Reset(nullptr); + Reset({}); } -void ScopedTestRoot::Reset(X509Certificate* cert) { - if (cert_.get()) +void ScopedTestRoot::Reset(CertificateList certs) { + if (!certs_.empty()) TestRootCerts::GetInstance()->Clear(); - if (cert) - TestRootCerts::GetInstance()->Add(cert); - cert_ = cert; + for (const auto& cert : certs) + TestRootCerts::GetInstance()->Add(cert.get()); + certs_ = certs; } } // namespace net diff --git a/chromium/net/cert/test_root_certs.h b/chromium/net/cert/test_root_certs.h index 53157181b4c..c0be7b78328 100644 --- a/chromium/net/cert/test_root_certs.h +++ b/chromium/net/cert/test_root_certs.h @@ -32,6 +32,7 @@ class FilePath; namespace net { class X509Certificate; +typedef std::vector> CertificateList; // TestRootCerts is a helper class for unit tests that is used to // artificially mark a certificate as trusted, independent of the local @@ -149,17 +150,21 @@ class NET_EXPORT_PRIVATE ScopedTestRoot { // TestRootCerts store (if there were existing roots they are // cleared). explicit ScopedTestRoot(X509Certificate* cert); + // Creates a ScopedTestRoot that sets |certs| as the only roots in the + // TestRootCerts store (if there were existing roots they are + // cleared). + explicit ScopedTestRoot(CertificateList certs); ~ScopedTestRoot(); - // Assigns |cert| to be the new test root cert. If |cert| is NULL, undoes + // Assigns |certs| to be the new test root certs. If |certs| is empty, undoes // any work the ScopedTestRoot may have previously done. - // If |cert_| contains a certificate (due to a prior call to Reset or due to - // a cert being passed at construction), the existing TestRootCerts store is + // If |certs_| contains certificates (due to a prior call to Reset or due to + // certs being passed at construction), the existing TestRootCerts store is // cleared. - void Reset(X509Certificate* cert); + void Reset(CertificateList certs); private: - scoped_refptr cert_; + CertificateList certs_; DISALLOW_COPY_AND_ASSIGN(ScopedTestRoot); }; diff --git a/chromium/net/cert/trial_comparison_cert_verifier.cc b/chromium/net/cert/trial_comparison_cert_verifier.cc index 7f96f2978f9..f3bd119c80d 100644 --- a/chromium/net/cert/trial_comparison_cert_verifier.cc +++ b/chromium/net/cert/trial_comparison_cert_verifier.cc @@ -31,8 +31,7 @@ namespace net { namespace { -base::Value TrialVerificationJobResultCallback(bool trial_success, - NetLogCaptureMode capture_mode) { +base::Value TrialVerificationJobResultParams(bool trial_success) { base::Value results(base::Value::Type::DICTIONARY); results.SetBoolKey("trial_success", trial_success); return results; @@ -139,9 +138,9 @@ class TrialComparisonCertVerifier::TrialVerificationJob { primary_error_(primary_error), primary_result_(primary_result) { net_log_.BeginEvent(NetLogEventType::TRIAL_CERT_VERIFIER_JOB); - source_net_log.AddEvent( + source_net_log.AddEventReferencingSource( NetLogEventType::TRIAL_CERT_VERIFIER_JOB_COMPARISON_STARTED, - net_log_.source().ToEventParametersCallback()); + net_log_.source()); } ~TrialVerificationJob() { @@ -172,9 +171,9 @@ class TrialComparisonCertVerifier::TrialVerificationJob { UMA_HISTOGRAM_ENUMERATION("Net.CertVerifier_TrialComparisonResult", result_code); - net_log_.EndEvent( - NetLogEventType::TRIAL_CERT_VERIFIER_JOB, - base::BindRepeating(&TrialVerificationJobResultCallback, is_success)); + net_log_.EndEvent(NetLogEventType::TRIAL_CERT_VERIFIER_JOB, [&] { + return TrialVerificationJobResultParams(is_success); + }); if (!is_success) { cert_verifier->report_callback_.Run( diff --git a/chromium/net/cert/x509_certificate.cc b/chromium/net/cert/x509_certificate.cc index f196769dff3..6973f4a01fa 100644 --- a/chromium/net/cert/x509_certificate.cc +++ b/chromium/net/cert/x509_certificate.cc @@ -37,6 +37,7 @@ #include "net/cert/x509_util.h" #include "net/der/encode_values.h" #include "net/der/parser.h" +#include "net/dns/dns_util.h" #include "third_party/boringssl/src/include/openssl/evp.h" #include "third_party/boringssl/src/include/openssl/pkcs7.h" #include "third_party/boringssl/src/include/openssl/pool.h" @@ -439,13 +440,13 @@ bool X509Certificate::IsIssuedByEncoded( std::string normalized_cert_issuer; if (!GetNormalizedCertIssuer(cert_buffer_.get(), &normalized_cert_issuer)) return false; - if (base::ContainsValue(normalized_issuers, normalized_cert_issuer)) + if (base::Contains(normalized_issuers, normalized_cert_issuer)) return true; for (const auto& intermediate : intermediate_ca_certs_) { if (!GetNormalizedCertIssuer(intermediate.get(), &normalized_cert_issuer)) return false; - if (base::ContainsValue(normalized_issuers, normalized_cert_issuer)) + if (base::Contains(normalized_issuers, normalized_cert_issuer)) return true; } return false; @@ -475,11 +476,8 @@ bool X509Certificate::VerifyHostname( "[" + hostname + "]" : hostname; url::CanonHostInfo host_info; std::string reference_name = CanonicalizeHost(host_or_ip, &host_info); - // CanonicalizeHost does not normalize absolute vs relative DNS names. If - // the input name was absolute (included trailing .), normalize it as if it - // was relative. - if (!reference_name.empty() && *reference_name.rbegin() == '.') - reference_name.resize(reference_name.size() - 1); + + // If the host cannot be canonicalized, fail fast. if (reference_name.empty()) return false; @@ -488,9 +486,24 @@ bool X509Certificate::VerifyHostname( base::StringPiece ip_addr_string( reinterpret_cast(host_info.address), host_info.AddressLength()); - return base::ContainsValue(cert_san_ip_addrs, ip_addr_string); + return base::Contains(cert_san_ip_addrs, ip_addr_string); } + // The host portion of a URL may support a variety of name resolution formats + // and services. However, the only supported name types in this code are IP + // addresses, which have been handled above via iPAddress subjectAltNames, + // and DNS names, via dNSName subjectAltNames. + // Validate that the host conforms to the DNS preferred name syntax, in + // either relative or absolute form, and exclude the "root" label for DNS. + if (reference_name == "." || !IsValidDNSDomain(reference_name)) + return false; + + // CanonicalizeHost does not normalize absolute vs relative DNS names. If + // the input name was absolute (included trailing .), normalize it as if it + // was relative. + if (reference_name.back() == '.') + reference_name.pop_back(); + // |reference_domain| is the remainder of |host| after the leading host // component is stripped off, but includes the leading dot e.g. // "www.f.com" -> ".f.com". diff --git a/chromium/net/cert/x509_certificate_net_log_param.cc b/chromium/net/cert/x509_certificate_net_log_param.cc index d2ddf074a5c..aaacd0a5fe0 100644 --- a/chromium/net/cert/x509_certificate_net_log_param.cc +++ b/chromium/net/cert/x509_certificate_net_log_param.cc @@ -15,8 +15,7 @@ namespace net { -base::Value NetLogX509CertificateCallback(const X509Certificate* certificate, - NetLogCaptureMode capture_mode) { +base::Value NetLogX509CertificateParams(const X509Certificate* certificate) { base::Value dict(base::Value::Type::DICTIONARY); base::Value certs(base::Value::Type::LIST); std::vector encoded_chain; diff --git a/chromium/net/cert/x509_certificate_net_log_param.h b/chromium/net/cert/x509_certificate_net_log_param.h index c328189763c..986a508a03e 100644 --- a/chromium/net/cert/x509_certificate_net_log_param.h +++ b/chromium/net/cert/x509_certificate_net_log_param.h @@ -15,13 +15,11 @@ class Value; namespace net { -class NetLogCaptureMode; class X509Certificate; // Creates NetLog parameter to describe an X509Certificate. -NET_EXPORT base::Value NetLogX509CertificateCallback( - const X509Certificate* certificate, - NetLogCaptureMode capture_mode); +NET_EXPORT base::Value NetLogX509CertificateParams( + const X509Certificate* certificate); } // namespace net diff --git a/chromium/net/cert/x509_certificate_unittest.cc b/chromium/net/cert/x509_certificate_unittest.cc index bd422925a3f..6fd11721d68 100644 --- a/chromium/net/cert/x509_certificate_unittest.cc +++ b/chromium/net/cert/x509_certificate_unittest.cc @@ -1202,8 +1202,14 @@ const CertificateNameVerifyTestData kNameVerifyTestData[] = { {false, "wwww.bar.foo.com", "w*w.bar.foo.c0m"}, {false, "WALLY.bar.foo.com", "wa*.bar.foo.com"}, {false, "wally.bar.foo.com", "*Ly.bar.foo.com"}, + // Hostname escaping tests {true, "ww%57.foo.com", "www.foo.com"}, - {true, "www&.foo.com", "www%26.foo.com"}, + {true, "www%2Efoo.com", "www.foo.com"}, + {false, "www%00.foo.com", "www,foo.com,www.foo.com"}, + {false, "www%0D.foo.com", "www.foo.com,www\r.foo.com"}, + {false, "www%40foo.com", "www@foo.com"}, + {false, "www%2E%2Efoo.com", "www.foo.com,www..foo.com"}, + {false, "www%252Efoo.com", "www.foo.com"}, // IDN tests {true, "xn--poema-9qae5a.com.br", "xn--poema-9qae5a.com.br"}, {true, "www.xn--poema-9qae5a.com.br", "*.xn--poema-9qae5a.com.br"}, @@ -1287,6 +1293,16 @@ const CertificateNameVerifyTestData kNameVerifyTestData[] = { {false, "1.2.3.4.5.6", "*.2.3.4.5.6"}, {true, "1.2.3.4.5", "1.2.3.4.5"}, // Invalid host names. + {false, ".", ""}, + {false, ".", "."}, + {false, "1.2.3.4..", "", "1.2.3.4"}, + {false, "www..domain.example", "www.domain.example"}, + {false, "www^domain.example", "www^domain.example"}, + {false, "www%20.domain.example", "www .domain.example"}, + {false, "www%2520.domain.example", "www .domain.example"}, + {false, "www%5E.domain.example", "www^domain.example"}, + {false, "www,domain.example", "www,domain.example"}, + {false, "0x000000002200037955161..", "0x000000002200037955161"}, {false, "junk)(£)$*!@~#", "junk)(£)$*!@~#"}, {false, "www.*.com", "www.*.com"}, {false, "w$w.f.com", "w$w.f.com"}, diff --git a/chromium/net/cert/x509_util_android.cc b/chromium/net/cert/x509_util_android.cc index 3ad4bdf65f9..d607d5bc83d 100644 --- a/chromium/net/cert/x509_util_android.cc +++ b/chromium/net/cert/x509_util_android.cc @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "jni/X509Util_jni.h" #include "net/cert/cert_database.h" +#include "net/net_jni_headers/X509Util_jni.h" using base::android::JavaParamRef; diff --git a/chromium/net/cert_net/cert_net_fetcher_impl.cc b/chromium/net/cert_net/cert_net_fetcher_impl.cc index 11a1166a23a..349c6562153 100644 --- a/chromium/net/cert_net/cert_net_fetcher_impl.cc +++ b/chromium/net/cert_net/cert_net_fetcher_impl.cc @@ -135,21 +135,19 @@ class CertNetFetcherImpl::AsyncCertNetFetcherImpl { void Fetch(std::unique_ptr request_params, scoped_refptr request); + // Removes |job| from the in progress jobs and transfers ownership to the + // caller. + std::unique_ptr RemoveJob(Job* job); + // Cancels outstanding jobs, which stops network requests and signals the // corresponding RequestCores that the requests have completed. void Shutdown(); private: - friend class Job; - // Finds a job with a matching RequestPararms or returns nullptr if there was // no match. Job* FindJob(const RequestParams& params); - // Removes |job| from the in progress jobs and transfers ownership to the - // caller. - std::unique_ptr RemoveJob(Job* job); - // The in-progress jobs. This set does not contain the job which is actively // invoking callbacks (OnJobCompleted). JobSet jobs_; diff --git a/chromium/net/cert_net/nss_ocsp.cc b/chromium/net/cert_net/nss_ocsp.cc index 9fa92efecc2..826d297fb80 100644 --- a/chromium/net/cert_net/nss_ocsp.cc +++ b/chromium/net/cert_net/nss_ocsp.cc @@ -519,12 +519,12 @@ void OCSPIOLoop::PostTaskToIOLoop(const base::Location& from_here, } void OCSPIOLoop::AddRequest(OCSPRequestSession* request) { - DCHECK(!base::ContainsKey(requests_, request)); + DCHECK(!base::Contains(requests_, request)); requests_.insert(request); } void OCSPIOLoop::RemoveRequest(OCSPRequestSession* request) { - DCHECK(base::ContainsKey(requests_, request)); + DCHECK(base::Contains(requests_, request)); requests_.erase(request); } diff --git a/chromium/net/cookies/canonical_cookie.cc b/chromium/net/cookies/canonical_cookie.cc index 4b2fd725631..c63b2d836db 100644 --- a/chromium/net/cookies/canonical_cookie.cc +++ b/chromium/net/cookies/canonical_cookie.cc @@ -283,11 +283,18 @@ std::unique_ptr CanonicalCookie::CreateSanitizedCookie( // Validate consistency of passed arguments. if (ParsedCookie::ParseTokenString(name) != name || ParsedCookie::ParseValueString(value) != value || + !ParsedCookie::IsValidCookieAttributeValue(name) || + !ParsedCookie::IsValidCookieAttributeValue(value) || ParsedCookie::ParseValueString(domain) != domain || ParsedCookie::ParseValueString(path) != path) { return nullptr; } + // This validation step must happen before GetCookieDomainWithString, so it + // doesn't fail DCHECKs. + if (!cookie_util::DomainIsHostOnly(url.host())) + return nullptr; + std::string cookie_domain; if (!cookie_util::GetCookieDomainWithString(url, domain, &cookie_domain)) return nullptr; @@ -299,6 +306,11 @@ std::unique_ptr CanonicalCookie::CreateSanitizedCookie( if (!path.empty() && cookie_path != path) return nullptr; + if (!IsCookiePrefixValid(GetCookiePrefix(name), url, secure, domain, + cookie_path)) { + return nullptr; + } + if (!last_access_time.is_null() && creation_time.is_null()) return nullptr; @@ -327,7 +339,6 @@ bool CanonicalCookie::IsEquivalentForSecureCookieMatching( } bool CanonicalCookie::IsOnPath(const std::string& url_path) const { - // A zero length would be unsafe for our trailing '/' checks, and // would also make no sense for our prefix match. The code that // creates a CanonicalCookie should make sure the path is never zero length, @@ -492,39 +503,6 @@ bool CanonicalCookie::PartialCompare(const CanonicalCookie& other) const { return PartialCookieOrdering(*this, other) < 0; } -bool CanonicalCookie::FullCompare(const CanonicalCookie& other) const { - // Do the partial comparison first. - int diff = PartialCookieOrdering(*this, other); - if (diff != 0) - return diff < 0; - - DCHECK(IsEquivalent(other)); - - // Compare other fields. - diff = Value().compare(other.Value()); - if (diff != 0) - return diff < 0; - - if (CreationDate() != other.CreationDate()) - return CreationDate() < other.CreationDate(); - - if (ExpiryDate() != other.ExpiryDate()) - return ExpiryDate() < other.ExpiryDate(); - - if (LastAccessDate() != other.LastAccessDate()) - return LastAccessDate() < other.LastAccessDate(); - - if (IsSecure() != other.IsSecure()) - return IsSecure(); - - if (IsHttpOnly() != other.IsHttpOnly()) - return IsHttpOnly(); - - // TODO(chlily): This should also compare the SameSite attribute. - - return Priority() < other.Priority(); -} - bool CanonicalCookie::IsCanonical() const { // Not checking domain or path against ParsedCookie as it may have // come purely from the URL. @@ -619,11 +597,23 @@ void CanonicalCookie::RecordCookiePrefixMetrics( bool CanonicalCookie::IsCookiePrefixValid(CanonicalCookie::CookiePrefix prefix, const GURL& url, const ParsedCookie& parsed_cookie) { + return CanonicalCookie::IsCookiePrefixValid( + prefix, url, parsed_cookie.IsSecure(), + parsed_cookie.HasDomain() ? parsed_cookie.Domain() : "", + parsed_cookie.HasPath() ? parsed_cookie.Path() : ""); +} + +bool CanonicalCookie::IsCookiePrefixValid(CanonicalCookie::CookiePrefix prefix, + const GURL& url, + bool secure, + const std::string& domain, + const std::string& path) { if (prefix == CanonicalCookie::COOKIE_PREFIX_SECURE) - return parsed_cookie.IsSecure() && url.SchemeIsCryptographic(); + return secure && url.SchemeIsCryptographic(); if (prefix == CanonicalCookie::COOKIE_PREFIX_HOST) { - return parsed_cookie.IsSecure() && url.SchemeIsCryptographic() && - !parsed_cookie.HasDomain() && parsed_cookie.Path() == "/"; + const bool domain_valid = + domain.empty() || (url.HostIsIPAddress() && url.host() == domain); + return secure && url.SchemeIsCryptographic() && domain_valid && path == "/"; } return true; } diff --git a/chromium/net/cookies/canonical_cookie.h b/chromium/net/cookies/canonical_cookie.h index 71f61bf8c85..163efdd1fcc 100644 --- a/chromium/net/cookies/canonical_cookie.h +++ b/chromium/net/cookies/canonical_cookie.h @@ -83,9 +83,10 @@ class NET_EXPORT CanonicalCookie { }; // Creates a new |CanonicalCookie| from the |cookie_line| and the - // |creation_time|. Canonicalizes and validates inputs. May return NULL if - // an attribute value is invalid. |creation_time| may not be null. Sets - // optional |status| to the relevent CookieInclusionStatus if provided + // |creation_time|. Canonicalizes and validates inputs. May return NULL if + // an attribute value is invalid. |url| must be valid. |creation_time| may + // not be null. Sets optional |status| to the relevant CookieInclusionStatus + // if provided static std::unique_ptr Create( const GURL& url, const std::string& cookie_line, @@ -221,13 +222,6 @@ class NET_EXPORT CanonicalCookie { // are identical for PartialCompare(). bool PartialCompare(const CanonicalCookie& other) const; - // TODO(chlily): Remove this. There should not be multiple cookies for which - // PartialCompare disagrees. This is only used in tests. - // Returns true if the cookie is less than |other|, considering all fields. - // FullCompare() is consistent with PartialCompare(): cookies sorted using - // FullCompare() are also sorted with respect to PartialCompare(). - bool FullCompare(const CanonicalCookie& other) const; - // Return whether this object is a valid CanonicalCookie(). Invalid // cookies may be constructed by the detailed constructor. // A cookie is considered canonical if-and-only-if: @@ -274,6 +268,11 @@ class NET_EXPORT CanonicalCookie { static bool IsCookiePrefixValid(CookiePrefix prefix, const GURL& url, const ParsedCookie& parsed_cookie); + static bool IsCookiePrefixValid(CookiePrefix prefix, + const GURL& url, + bool secure, + const std::string& domain, + const std::string& path); // Returns the cookie's domain, with the leading dot removed, if present. std::string DomainWithoutDot() const; diff --git a/chromium/net/cookies/canonical_cookie_fuzzer.cc b/chromium/net/cookies/canonical_cookie_fuzzer.cc new file mode 100644 index 00000000000..816b0a9b4f1 --- /dev/null +++ b/chromium/net/cookies/canonical_cookie_fuzzer.cc @@ -0,0 +1,58 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include +#include + +#include "net/cookies/canonical_cookie.h" +#include "net/cookies/cookie_constants.h" +#include "net/cookies/cookie_util.h" +#include "net/cookies/parsed_cookie.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" + +namespace net { +const base::Time getRandomTime(FuzzedDataProvider* data_provider) { + const uint64_t max = std::numeric_limits::max(); + return base::Time::FromTimeT( + data_provider->ConsumeIntegralInRange(0, max)); +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + FuzzedDataProvider data_provider(data, size); + + const std::string name = data_provider.ConsumeRandomLengthString(800); + const std::string value = data_provider.ConsumeRandomLengthString(800); + const std::string domain = data_provider.ConsumeRandomLengthString(800); + const std::string path = data_provider.ConsumeRandomLengthString(800); + + const GURL url(data_provider.ConsumeRandomLengthString(800)); + if (!url.is_valid()) + return 0; + + const base::Time creation = getRandomTime(&data_provider); + const base::Time expiration = getRandomTime(&data_provider); + const base::Time last_access = getRandomTime(&data_provider); + + const std::unique_ptr sanitized_cookie = + CanonicalCookie::CreateSanitizedCookie( + url, name, value, domain, path, creation, expiration, last_access, + data_provider.ConsumeBool(), data_provider.ConsumeBool(), + CookieSameSite::UNSPECIFIED, CookiePriority::COOKIE_PRIORITY_DEFAULT); + + if (sanitized_cookie) { + CHECK(sanitized_cookie->IsCanonical()); + + // Check identity property of various comparison functions + const CanonicalCookie copied_cookie = *sanitized_cookie; + CHECK(sanitized_cookie->IsEquivalent(copied_cookie)); + CHECK(sanitized_cookie->IsEquivalentForSecureCookieMatching(copied_cookie)); + CHECK(!sanitized_cookie->PartialCompare(copied_cookie)); + } + + return 0; +} +} // namespace net diff --git a/chromium/net/cookies/canonical_cookie_unittest.cc b/chromium/net/cookies/canonical_cookie_unittest.cc index 3f3c57c7724..c78be99cd3b 100644 --- a/chromium/net/cookies/canonical_cookie_unittest.cc +++ b/chromium/net/cookies/canonical_cookie_unittest.cc @@ -784,42 +784,6 @@ TEST(CanonicalCookieTest, PartialCompare) { EXPECT_TRUE(cookie->IsEquivalent(*cookie)); } -TEST(CanonicalCookieTest, FullCompare) { - GURL url("http://www.example.com"); - base::Time creation_time = base::Time::Now(); - CookieOptions options; - std::unique_ptr cookie( - CanonicalCookie::Create(url, "a=b", creation_time, options)); - std::unique_ptr cookie_different_path( - CanonicalCookie::Create(url, "a=b; path=/foo", creation_time, options)); - std::unique_ptr cookie_different_value( - CanonicalCookie::Create(url, "a=c", creation_time, options)); - - // Cookie is equivalent to itself. - EXPECT_FALSE(cookie->FullCompare(*cookie)); - - // Changing the path affects the ordering. - EXPECT_TRUE(cookie->FullCompare(*cookie_different_path)); - EXPECT_FALSE(cookie_different_path->FullCompare(*cookie)); - - // Changing the value affects the ordering. - EXPECT_TRUE(cookie->FullCompare(*cookie_different_value)); - EXPECT_FALSE(cookie_different_value->FullCompare(*cookie)); - - // FullCompare() implies PartialCompare(). - auto check_consistency = - [](const CanonicalCookie& a, const CanonicalCookie& b) { - if (a.FullCompare(b)) - EXPECT_FALSE(b.PartialCompare(a)); - else if (b.FullCompare(a)) - EXPECT_FALSE(a.PartialCompare(b)); - }; - - check_consistency(*cookie, *cookie_different_path); - check_consistency(*cookie, *cookie_different_value); - check_consistency(*cookie_different_path, *cookie_different_value); -} - TEST(CanonicalCookieTest, SecureCookiePrefix) { GURL https_url("https://www.example.test"); GURL http_url("http://www.example.test"); @@ -897,6 +861,18 @@ TEST(CanonicalCookieTest, HostCookiePrefix) { EXPECT_EQ(CanonicalCookie::CookieInclusionStatus::EXCLUDE_INVALID_PREFIX, status); + // A __Host- cookie may have a domain if it's an IP address that matches the + // URL. + EXPECT_TRUE( + CanonicalCookie::Create(GURL("https://127.0.0.1"), + "__Host-A=B; Domain=127.0.0.1; Path=/; Secure;", + creation_time, options, &status)); + // A __Host- cookie with an IP address domain does not need the domain + // attribute specified explicitly (just like a normal domain). + EXPECT_TRUE(CanonicalCookie::Create(GURL("https://127.0.0.1"), + "__Host-A=B; Domain=; Path=/; Secure;", + creation_time, options, &status)); + // A __Host- cookie must have a Path of "/". EXPECT_FALSE(CanonicalCookie::Create(https_url, "__Host-A=B; Path=/foo; Secure;", @@ -1392,6 +1368,21 @@ TEST(CanonicalCookieTest, CreateSanitizedCookie_Logic) { false /*httponly*/, CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT)); + // Test the file:// protocol. + EXPECT_TRUE(CanonicalCookie::CreateSanitizedCookie( + GURL("file:///"), "A", "B", std::string(), "/foo", one_hour_ago, + one_hour_from_now, base::Time(), false /*secure*/, false /*httponly*/, + CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT)); + EXPECT_TRUE(CanonicalCookie::CreateSanitizedCookie( + GURL("file:///home/user/foo.txt"), "A", "B", std::string(), "/foo", + one_hour_ago, one_hour_from_now, base::Time(), false /*secure*/, + false /*httponly*/, CookieSameSite::NO_RESTRICTION, + COOKIE_PRIORITY_DEFAULT)); + EXPECT_FALSE(CanonicalCookie::CreateSanitizedCookie( + GURL("file:///home/user/foo.txt"), "A", "B", "home", "/foo", one_hour_ago, + one_hour_from_now, base::Time(), false /*secure*/, false /*httponly*/, + CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT)); + // Test that malformed attributes fail to set the cookie. EXPECT_FALSE(CanonicalCookie::CreateSanitizedCookie( GURL("http://www.foo.com/foo"), " A", "B", std::string(), "/foo", @@ -1408,11 +1399,21 @@ TEST(CanonicalCookieTest, CreateSanitizedCookie_Logic) { base::Time(), base::Time(), base::Time(), false /*secure*/, false /*httponly*/, CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT)); + EXPECT_FALSE(CanonicalCookie::CreateSanitizedCookie( + GURL("http://www.foo.com/foo"), "A\x07", "B", std::string(), "/foo", + one_hour_ago, one_hour_from_now, base::Time(), false /*secure*/, + false /*httponly*/, CookieSameSite::NO_RESTRICTION, + COOKIE_PRIORITY_DEFAULT)); EXPECT_FALSE(CanonicalCookie::CreateSanitizedCookie( GURL("http://www.foo.com"), "A", " B", std::string(), "/foo", base::Time(), base::Time(), base::Time(), false /*secure*/, false /*httponly*/, CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT)); + EXPECT_FALSE(CanonicalCookie::CreateSanitizedCookie( + GURL("http://www.foo.com"), "A", "\x0fZ", std::string(), "/foo", + base::Time(), base::Time(), base::Time(), false /*secure*/, + false /*httponly*/, CookieSameSite::NO_RESTRICTION, + COOKIE_PRIORITY_DEFAULT)); EXPECT_FALSE(CanonicalCookie::CreateSanitizedCookie( GURL("http://www.foo.com"), "A", "B", "www.foo.com ", "/foo", base::Time(), base::Time(), base::Time(), false /*secure*/, @@ -1509,6 +1510,97 @@ TEST(CanonicalCookieTest, CreateSanitizedCookie_Logic) { COOKIE_PRIORITY_DEFAULT); ASSERT_TRUE(cc); EXPECT_EQ("/foo%7F", cc->Path()); + + // A __Secure- cookie must be Secure. + EXPECT_TRUE(CanonicalCookie::CreateSanitizedCookie( + GURL("https://www.foo.com"), "__Secure-A", "B", ".www.foo.com", "/", + two_hours_ago, one_hour_from_now, one_hour_ago, true, false, + CookieSameSite::NO_RESTRICTION, CookiePriority::COOKIE_PRIORITY_DEFAULT)); + EXPECT_FALSE(CanonicalCookie::CreateSanitizedCookie( + GURL("https://www.foo.com"), "__Secure-A", "B", ".www.foo.com", "/", + two_hours_ago, one_hour_from_now, one_hour_ago, false, false, + CookieSameSite::NO_RESTRICTION, CookiePriority::COOKIE_PRIORITY_DEFAULT)); + + // A __Host- cookie must be Secure. + EXPECT_TRUE(CanonicalCookie::CreateSanitizedCookie( + GURL("https://www.foo.com"), "__Host-A", "B", std::string(), "/", + two_hours_ago, one_hour_from_now, one_hour_ago, true, false, + CookieSameSite::NO_RESTRICTION, CookiePriority::COOKIE_PRIORITY_DEFAULT)); + EXPECT_FALSE(CanonicalCookie::CreateSanitizedCookie( + GURL("https://www.foo.com"), "__Host-A", "B", std::string(), "/", + two_hours_ago, one_hour_from_now, one_hour_ago, false, false, + CookieSameSite::NO_RESTRICTION, CookiePriority::COOKIE_PRIORITY_DEFAULT)); + + // A __Host- cookie must have path "/". + EXPECT_TRUE(CanonicalCookie::CreateSanitizedCookie( + GURL("https://www.foo.com"), "__Host-A", "B", std::string(), "/", + two_hours_ago, one_hour_from_now, one_hour_ago, true, false, + CookieSameSite::NO_RESTRICTION, CookiePriority::COOKIE_PRIORITY_DEFAULT)); + EXPECT_FALSE(CanonicalCookie::CreateSanitizedCookie( + GURL("https://www.foo.com"), "__Host-A", "B", std::string(), "/foo", + two_hours_ago, one_hour_from_now, one_hour_ago, true, false, + CookieSameSite::NO_RESTRICTION, CookiePriority::COOKIE_PRIORITY_DEFAULT)); + + // A __Host- cookie must not specify a domain. + EXPECT_TRUE(CanonicalCookie::CreateSanitizedCookie( + GURL("https://www.foo.com"), "__Host-A", "B", std::string(), "/", + two_hours_ago, one_hour_from_now, one_hour_ago, true, false, + CookieSameSite::NO_RESTRICTION, CookiePriority::COOKIE_PRIORITY_DEFAULT)); + EXPECT_FALSE(CanonicalCookie::CreateSanitizedCookie( + GURL("https://www.foo.com"), "__Host-A", "B", ".www.foo.com", "/", + two_hours_ago, one_hour_from_now, one_hour_ago, true, false, + CookieSameSite::NO_RESTRICTION, CookiePriority::COOKIE_PRIORITY_DEFAULT)); + // Without __Host- prefix, this is a valid host cookie because it does not + // specify a domain. + EXPECT_TRUE(CanonicalCookie::CreateSanitizedCookie( + GURL("https://www.foo.com"), "A", "B", std::string(), "/", two_hours_ago, + one_hour_from_now, one_hour_ago, true, false, + CookieSameSite::NO_RESTRICTION, CookiePriority::COOKIE_PRIORITY_DEFAULT)); + // Without __Host- prefix, this is a valid domain (not host) cookie. + EXPECT_TRUE(CanonicalCookie::CreateSanitizedCookie( + GURL("https://www.foo.com"), "A", "B", ".www.foo.com", "/", two_hours_ago, + one_hour_from_now, one_hour_ago, true, false, + CookieSameSite::NO_RESTRICTION, CookiePriority::COOKIE_PRIORITY_DEFAULT)); + + // The __Host- prefix should not prevent otherwise-valid host cookies from + // being accepted. + EXPECT_TRUE(CanonicalCookie::CreateSanitizedCookie( + GURL("https://127.0.0.1"), "A", "B", std::string(), "/", two_hours_ago, + one_hour_from_now, one_hour_ago, true, false, + CookieSameSite::NO_RESTRICTION, CookiePriority::COOKIE_PRIORITY_DEFAULT)); + EXPECT_TRUE(CanonicalCookie::CreateSanitizedCookie( + GURL("https://127.0.0.1"), "__Host-A", "B", std::string(), "/", + two_hours_ago, one_hour_from_now, one_hour_ago, true, false, + CookieSameSite::NO_RESTRICTION, CookiePriority::COOKIE_PRIORITY_DEFAULT)); + // Host cookies should not specify domain unless it is an IP address that + // matches the URL. + EXPECT_TRUE(CanonicalCookie::CreateSanitizedCookie( + GURL("https://127.0.0.1"), "A", "B", "127.0.0.1", "/", two_hours_ago, + one_hour_from_now, one_hour_ago, true, false, + CookieSameSite::NO_RESTRICTION, CookiePriority::COOKIE_PRIORITY_DEFAULT)); + EXPECT_TRUE(CanonicalCookie::CreateSanitizedCookie( + GURL("https://127.0.0.1"), "__Host-A", "B", "127.0.0.1", "/", + two_hours_ago, one_hour_from_now, one_hour_ago, true, false, + CookieSameSite::NO_RESTRICTION, CookiePriority::COOKIE_PRIORITY_DEFAULT)); + + // Check that CreateSanitizedCookie can gracefully fail on inputs that would + // crash cookie_util::GetCookieDomainWithString due to failing + // DCHECKs. Specifically, GetCookieDomainWithString requires that if the + // domain is empty or the URL's host matches the domain, then the URL's host + // must pass DomainIsHostOnly; it must not begin with a period. + EXPECT_FALSE(CanonicalCookie::CreateSanitizedCookie( + GURL("http://..."), "A", "B", "...", "/", base::Time(), base::Time(), + base::Time(), false /*secure*/, false /*httponly*/, + CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT)); + EXPECT_FALSE(CanonicalCookie::CreateSanitizedCookie( + GURL("http://."), "A", "B", std::string(), "/", base::Time(), + base::Time(), base::Time(), false /*secure*/, false /*httponly*/, + CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT)); + EXPECT_FALSE(CanonicalCookie::CreateSanitizedCookie( + GURL("http://.chromium.org"), "A", "B", ".chromium.org", "/", + base::Time(), base::Time(), base::Time(), false /*secure*/, + false /*httponly*/, CookieSameSite::NO_RESTRICTION, + COOKIE_PRIORITY_DEFAULT)); } TEST(CanonicalCookieTest, IsSetPermittedInContext) { diff --git a/chromium/net/cookies/cookie_monster.cc b/chromium/net/cookies/cookie_monster.cc index 5772e2ac6eb..83a309d40b1 100644 --- a/chromium/net/cookies/cookie_monster.cc +++ b/chromium/net/cookies/cookie_monster.cc @@ -71,6 +71,7 @@ #include "net/cookies/cookie_util.h" #include "net/cookies/parsed_cookie.h" #include "net/log/net_log.h" +#include "net/log/net_log_values.h" #include "url/origin.h" using base::Time; @@ -355,16 +356,14 @@ CookieMonster::CookieMonster(scoped_refptr store, store_(std::move(store)), last_access_threshold_(last_access_threshold), last_statistic_record_time_(base::Time::Now()), - persist_session_cookies_(false), - weak_ptr_factory_(this) { + persist_session_cookies_(false) { InitializeHistograms(); cookieable_schemes_.insert( cookieable_schemes_.begin(), kDefaultCookieableSchemes, kDefaultCookieableSchemes + kDefaultCookieableSchemesCount); - net_log_.BeginEvent( - NetLogEventType::COOKIE_STORE_ALIVE, - base::BindRepeating(&NetLogCookieMonsterConstructorCallback, - store != nullptr)); + net_log_.BeginEvent(NetLogEventType::COOKIE_STORE_ALIVE, [&] { + return NetLogCookieMonsterConstructorParams(store != nullptr); + }); } // Asynchronous CookieMonster API @@ -514,16 +513,16 @@ void CookieMonster::SetCookieableSchemes( void CookieMonster::SetPersistSessionCookies(bool persist_session_cookies) { DCHECK(thread_checker_.CalledOnValidThread()); DCHECK(!initialized_); - net_log_.AddEvent( - NetLogEventType::COOKIE_STORE_SESSION_PERSISTENCE, - NetLog::BoolCallback("persistence", persist_session_cookies)); + net_log_.AddEntryWithBoolParams( + NetLogEventType::COOKIE_STORE_SESSION_PERSISTENCE, NetLogEventPhase::NONE, + "persistence", persist_session_cookies); persist_session_cookies_ = persist_session_cookies; } bool CookieMonster::IsCookieableScheme(const std::string& scheme) { DCHECK(thread_checker_.CalledOnValidThread()); - return base::ContainsValue(cookieable_schemes_, scheme); + return base::Contains(cookieable_schemes_, scheme); } const char* const CookieMonster::kDefaultCookieableSchemes[] = {"http", "https", @@ -1076,10 +1075,11 @@ CanonicalCookie::CookieInclusionStatus CookieMonster::DeleteAnyEquivalentCookie( cc_skipped_secure = cc; histogram_cookie_delete_equivalent_->Add( COOKIE_DELETE_EQUIVALENT_SKIPPING_SECURE); - net_log_.AddEvent( - NetLogEventType::COOKIE_STORE_COOKIE_REJECTED_SECURE, - base::BindRepeating(&NetLogCookieMonsterCookieRejectedSecure, cc, - &ecc)); + net_log_.AddEvent(NetLogEventType::COOKIE_STORE_COOKIE_REJECTED_SECURE, + [&](NetLogCaptureMode capture_mode) { + return NetLogCookieMonsterCookieRejectedSecure( + cc, &ecc, capture_mode); + }); // If the cookie is equivalent to the new cookie and wouldn't have been // skipped for being HTTP-only, record that it is a skipped secure cookie // that would have been deleted otherwise. @@ -1103,8 +1103,10 @@ CanonicalCookie::CookieInclusionStatus CookieMonster::DeleteAnyEquivalentCookie( skipped_httponly = true; net_log_.AddEvent( NetLogEventType::COOKIE_STORE_COOKIE_REJECTED_HTTPONLY, - base::BindRepeating(&NetLogCookieMonsterCookieRejectedHttponly, cc, - &ecc)); + [&](NetLogCaptureMode capture_mode) { + return NetLogCookieMonsterCookieRejectedHttponly(cc, &ecc, + capture_mode); + }); } else { cookie_it_to_possibly_delete = curit; } @@ -1133,8 +1135,10 @@ CanonicalCookie::CookieInclusionStatus CookieMonster::DeleteAnyEquivalentCookie( DCHECK(cc_skipped_secure); net_log_.AddEvent( NetLogEventType::COOKIE_STORE_COOKIE_PRESERVED_SKIPPED_SECURE, - base::BindRepeating(&NetLogCookieMonsterCookiePreservedSkippedSecure, - cc_skipped_secure, cc_to_possibly_delete, &ecc)); + [&](NetLogCaptureMode capture_mode) { + return NetLogCookieMonsterCookiePreservedSkippedSecure( + cc_skipped_secure, cc_to_possibly_delete, &ecc, capture_mode); + }); } } @@ -1155,8 +1159,10 @@ CookieMonster::CookieMap::iterator CookieMonster::InternalInsertCookie( CanonicalCookie* cc_ptr = cc.get(); net_log_.AddEvent(NetLogEventType::COOKIE_STORE_COOKIE_ADDED, - base::BindRepeating(&NetLogCookieMonsterCookieAdded, - cc.get(), sync_to_store)); + [&](NetLogCaptureMode capture_mode) { + return NetLogCookieMonsterCookieAdded( + cc.get(), sync_to_store, capture_mode); + }); if ((cc_ptr->IsPersistent() || persist_session_cookies_) && store_.get() && sync_to_store) { store_->AddCookie(*cc_ptr); @@ -1369,8 +1375,10 @@ void CookieMonster::InternalDeleteCookie(CookieMap::iterator it, ChangeCausePair mapping = kChangeCauseMapping[deletion_cause]; if (deletion_cause != DELETE_COOKIE_DONT_RECORD) { net_log_.AddEvent(NetLogEventType::COOKIE_STORE_COOKIE_DELETED, - base::BindRepeating(&NetLogCookieMonsterCookieDeleted, cc, - mapping.cause, sync_to_store)); + [&](NetLogCaptureMode capture_mode) { + return NetLogCookieMonsterCookieDeleted( + cc, mapping.cause, sync_to_store, capture_mode); + }); } if ((cc->IsPersistent() || persist_session_cookies_) && store_.get() && diff --git a/chromium/net/cookies/cookie_monster.h b/chromium/net/cookies/cookie_monster.h index 9b7dbbe4f64..913737e7819 100644 --- a/chromium/net/cookies/cookie_monster.h +++ b/chromium/net/cookies/cookie_monster.h @@ -126,6 +126,10 @@ class NET_EXPORT CookieMonster : public CookieStore { static const size_t kDomainCookiesQuotaMedium; static const size_t kDomainCookiesQuotaHigh; + // The number of days since last access that cookies will not be subject + // to global garbage collection. + static const int kSafeFromGlobalPurgeDays; + // The store passed in should not have had Init() called on it yet. This // class will take care of initializing it. The backing store is NOT owned by // this class, but it must remain valid for the duration of the cookie @@ -202,7 +206,6 @@ class NET_EXPORT CookieMonster : public CookieStore { private: // For garbage collection constants. FRIEND_TEST_ALL_PREFIXES(CookieMonsterTest, TestHostGarbageCollection); - FRIEND_TEST_ALL_PREFIXES(CookieMonsterTest, GarbageCollectionTriggers); FRIEND_TEST_ALL_PREFIXES(CookieMonsterTest, GarbageCollectWithSecureCookiesOnly); FRIEND_TEST_ALL_PREFIXES(CookieMonsterTest, TestGCTimes); @@ -336,10 +339,6 @@ class NET_EXPORT CookieMonster : public CookieStore { COOKIE_DELETE_EQUIVALENT_LAST_ENTRY }; - // The number of days since last access that cookies will not be subject - // to global garbage collection. - static const int kSafeFromGlobalPurgeDays; - // Record statistics every kRecordStatisticsIntervalSeconds of uptime. static const int kRecordStatisticsIntervalSeconds = 10 * 60; @@ -624,7 +623,7 @@ class NET_EXPORT CookieMonster : public CookieStore { base::ThreadChecker thread_checker_; - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(CookieMonster); }; diff --git a/chromium/net/cookies/cookie_monster_change_dispatcher.cc b/chromium/net/cookies/cookie_monster_change_dispatcher.cc index 39ccf3b25f4..7d09ea4bae0 100644 --- a/chromium/net/cookies/cookie_monster_change_dispatcher.cc +++ b/chromium/net/cookies/cookie_monster_change_dispatcher.cc @@ -35,8 +35,7 @@ CookieMonsterChangeDispatcher::Subscription::Subscription( name_key_(std::move(name_key)), url_(std::move(url)), callback_(std::move(callback)), - task_runner_(base::ThreadTaskRunnerHandle::Get()), - weak_ptr_factory_(this) { + task_runner_(base::ThreadTaskRunnerHandle::Get()) { DCHECK(url_.is_valid() || url_.is_empty()); DCHECK_EQ(url_.is_empty(), domain_key_ == kGlobalDomainKey); @@ -80,8 +79,7 @@ void CookieMonsterChangeDispatcher::Subscription::DoDispatchChange( callback_.Run(cookie, change_cause); } -CookieMonsterChangeDispatcher::CookieMonsterChangeDispatcher() - : weak_ptr_factory_(this) {} +CookieMonsterChangeDispatcher::CookieMonsterChangeDispatcher() {} CookieMonsterChangeDispatcher::~CookieMonsterChangeDispatcher() { DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); diff --git a/chromium/net/cookies/cookie_monster_change_dispatcher.h b/chromium/net/cookies/cookie_monster_change_dispatcher.h index caf35e8d91e..b1d7c51fadb 100644 --- a/chromium/net/cookies/cookie_monster_change_dispatcher.h +++ b/chromium/net/cookies/cookie_monster_change_dispatcher.h @@ -105,7 +105,7 @@ class CookieMonsterChangeDispatcher : public CookieChangeDispatcher { // Used to cancel delayed calls to DoDispatchChange() when the subscription // gets destroyed. - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(Subscription); }; @@ -149,7 +149,7 @@ class CookieMonsterChangeDispatcher : public CookieChangeDispatcher { THREAD_CHECKER(thread_checker_); // Vends weak pointers to subscriptions. - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(CookieMonsterChangeDispatcher); }; diff --git a/chromium/net/cookies/cookie_monster_netlog_params.cc b/chromium/net/cookies/cookie_monster_netlog_params.cc index f7a58843d4c..89b38d4170d 100644 --- a/chromium/net/cookies/cookie_monster_netlog_params.cc +++ b/chromium/net/cookies/cookie_monster_netlog_params.cc @@ -9,9 +9,7 @@ namespace net { -base::Value NetLogCookieMonsterConstructorCallback( - bool persistent_store, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogCookieMonsterConstructorParams(bool persistent_store) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetBoolKey("persistent_store", persistent_store); return dict; @@ -20,7 +18,7 @@ base::Value NetLogCookieMonsterConstructorCallback( base::Value NetLogCookieMonsterCookieAdded(const CanonicalCookie* cookie, bool sync_requested, NetLogCaptureMode capture_mode) { - if (!capture_mode.include_cookies_and_credentials()) + if (!NetLogCaptureIncludesSensitive(capture_mode)) return base::Value(); base::Value dict(base::Value::Type::DICTIONARY); @@ -41,7 +39,7 @@ base::Value NetLogCookieMonsterCookieDeleted(const CanonicalCookie* cookie, CookieChangeCause cause, bool sync_requested, NetLogCaptureMode capture_mode) { - if (!capture_mode.include_cookies_and_credentials()) + if (!NetLogCaptureIncludesSensitive(capture_mode)) return base::Value(); base::Value dict(base::Value::Type::DICTIONARY); @@ -59,7 +57,7 @@ base::Value NetLogCookieMonsterCookieRejectedSecure( const CanonicalCookie* old_cookie, const CanonicalCookie* new_cookie, NetLogCaptureMode capture_mode) { - if (!capture_mode.include_cookies_and_credentials()) + if (!NetLogCaptureIncludesSensitive(capture_mode)) return base::Value(); base::Value dict(base::Value::Type::DICTIONARY); dict.SetStringKey("name", old_cookie->Name()); @@ -75,7 +73,7 @@ base::Value NetLogCookieMonsterCookieRejectedHttponly( const CanonicalCookie* old_cookie, const CanonicalCookie* new_cookie, NetLogCaptureMode capture_mode) { - if (!capture_mode.include_cookies_and_credentials()) + if (!NetLogCaptureIncludesSensitive(capture_mode)) return base::Value(); base::Value dict(base::Value::Type::DICTIONARY); dict.SetStringKey("name", old_cookie->Name()); @@ -91,7 +89,7 @@ base::Value NetLogCookieMonsterCookiePreservedSkippedSecure( const CanonicalCookie* preserved, const CanonicalCookie* new_cookie, NetLogCaptureMode capture_mode) { - if (!capture_mode.include_cookies_and_credentials()) + if (!NetLogCaptureIncludesSensitive(capture_mode)) return base::Value(); base::Value dict(base::Value::Type::DICTIONARY); dict.SetStringKey("name", preserved->Name()); diff --git a/chromium/net/cookies/cookie_monster_netlog_params.h b/chromium/net/cookies/cookie_monster_netlog_params.h index a00e65b2604..28135a94d2d 100644 --- a/chromium/net/cookies/cookie_monster_netlog_params.h +++ b/chromium/net/cookies/cookie_monster_netlog_params.h @@ -18,9 +18,7 @@ namespace net { // Returns a Value containing NetLog parameters for constructing // a CookieMonster. -base::Value NetLogCookieMonsterConstructorCallback( - bool persistent_store, - NetLogCaptureMode capture_mode); +base::Value NetLogCookieMonsterConstructorParams(bool persistent_store); // Returns a Value containing NetLog parameters for adding a cookie. base::Value NetLogCookieMonsterCookieAdded(const CanonicalCookie* cookie, diff --git a/chromium/net/cookies/cookie_monster_unittest.cc b/chromium/net/cookies/cookie_monster_unittest.cc index 88505a38514..6846e014e4f 100644 --- a/chromium/net/cookies/cookie_monster_unittest.cc +++ b/chromium/net/cookies/cookie_monster_unittest.cc @@ -806,8 +806,16 @@ class CookieMonsterTestBase : public CookieStoreTest { // no store (and hence no ability to affect access time). CookieMonster* CreateMonsterForGC(int num_cookies) { CookieMonster* cm(new CookieMonster(nullptr, &net_log_)); + base::Time creation_time = base::Time::Now(); for (int i = 0; i < num_cookies; i++) { - SetCookie(cm, GURL(base::StringPrintf("http://h%05d.izzle", i)), "a=1"); + std::unique_ptr cc(std::make_unique( + "a", "1", base::StringPrintf("h%05d.izzle", i), "/" /* path */, + creation_time, base::Time() /* expiration_time */, + creation_time /* last_access */, false /* secure */, + false /* http_only */, CookieSameSite::NO_RESTRICTION, + COOKIE_PRIORITY_DEFAULT)); + cm->SetCanonicalCookieAsync(std::move(cc), "http", CookieOptions(), + CookieStore::SetCookiesCallback()); } return cm; } @@ -2084,75 +2092,78 @@ TEST_F(CookieMonsterTest, CookieListOrdering) { } } -// This test and CookieMonstertest.TestGCTimes (in cookie_monster_perftest.cc) -// are somewhat complementary twins. This test is probing for whether -// garbage collection always happens when it should (i.e. that we actually -// get rid of cookies when we should). The perftest is probing for +// These garbage collection tests and CookieMonstertest.TestGCTimes (in +// cookie_monster_perftest.cc) are somewhat complementary. These tests probe +// for whether garbage collection always happens when it should (i.e. that we +// actually get rid of cookies when we should). The perftest is probing for // whether garbage collection happens when it shouldn't. See comments // before that test for more details. -// Disabled on Windows, see crbug.com/126095 -#if defined(OS_WIN) -#define MAYBE_GarbageCollectionTriggers DISABLED_GarbageCollectionTriggers -#else -#define MAYBE_GarbageCollectionTriggers GarbageCollectionTriggers -#endif +// Check to make sure that a whole lot of recent cookies doesn't get rid of +// anything after garbage collection is checked for. +TEST_F(CookieMonsterTest, GarbageCollectionKeepsRecentEphemeralCookies) { + std::unique_ptr cm( + CreateMonsterForGC(CookieMonster::kMaxCookies * 2 /* num_cookies */)); + EXPECT_EQ(CookieMonster::kMaxCookies * 2, GetAllCookies(cm.get()).size()); + // Will trigger GC. + SetCookie(cm.get(), GURL("http://newdomain.com"), "b=2"); + EXPECT_EQ(CookieMonster::kMaxCookies * 2 + 1, GetAllCookies(cm.get()).size()); +} -TEST_F(CookieMonsterTest, MAYBE_GarbageCollectionTriggers) { - // First we check to make sure that a whole lot of recent cookies - // doesn't get rid of anything after garbage collection is checked for. - { - std::unique_ptr cm( - CreateMonsterForGC(CookieMonster::kMaxCookies * 2)); - EXPECT_EQ(CookieMonster::kMaxCookies * 2, GetAllCookies(cm.get()).size()); - SetCookie(cm.get(), GURL("http://newdomain.com"), "b=2"); - EXPECT_EQ(CookieMonster::kMaxCookies * 2 + 1, - GetAllCookies(cm.get()).size()); - } +// A whole lot of recent cookies; GC shouldn't happen. +TEST_F(CookieMonsterTest, GarbageCollectionKeepsRecentCookies) { + std::unique_ptr cm = CreateMonsterFromStoreForGC( + CookieMonster::kMaxCookies * 2 /* num_cookies */, 0 /* num_old_cookies */, + 0, 0, CookieMonster::kSafeFromGlobalPurgeDays * 2); + EXPECT_EQ(CookieMonster::kMaxCookies * 2, GetAllCookies(cm.get()).size()); + // Will trigger GC. + SetCookie(cm.get(), GURL("http://newdomain.com"), "b=2"); + EXPECT_EQ(CookieMonster::kMaxCookies * 2 + 1, GetAllCookies(cm.get()).size()); +} - // Now we explore a series of relationships between cookie last access - // time and size of store to make sure we only get rid of cookies when - // we really should. - const struct TestCase { - size_t num_cookies; - size_t num_old_cookies; - size_t expected_initial_cookies; - // Indexed by ExpiryAndKeyScheme - size_t expected_cookies_after_set; - } test_cases[] = { - {// A whole lot of recent cookies; gc shouldn't happen. - CookieMonster::kMaxCookies * 2, - 0, - CookieMonster::kMaxCookies * 2, - CookieMonster::kMaxCookies * 2 + 1}, - {// Some old cookies, but still overflowing max. - CookieMonster::kMaxCookies * 2, - CookieMonster::kMaxCookies / 2, - CookieMonster::kMaxCookies * 2, - CookieMonster::kMaxCookies * 2 - CookieMonster::kMaxCookies / 2 + 1}, - {// Old cookies enough to bring us right down to our purge line. - CookieMonster::kMaxCookies * 2, - CookieMonster::kMaxCookies + CookieMonster::kPurgeCookies + 1, - CookieMonster::kMaxCookies * 2, - CookieMonster::kMaxCookies - CookieMonster::kPurgeCookies}, - {// Old cookies enough to bring below our purge line (which we - // shouldn't do). - CookieMonster::kMaxCookies * 2, - CookieMonster::kMaxCookies * 3 / 2, - CookieMonster::kMaxCookies * 2, - CookieMonster::kMaxCookies - CookieMonster::kPurgeCookies}}; - - for (const auto& test_case : test_cases) { - std::unique_ptr cm = CreateMonsterFromStoreForGC( - test_case.num_cookies, test_case.num_old_cookies, 0, 0, - CookieMonster::kSafeFromGlobalPurgeDays * 2); - EXPECT_EQ(test_case.expected_initial_cookies, - GetAllCookies(cm.get()).size()); - // Will trigger GC - SetCookie(cm.get(), GURL("http://newdomain.com"), "b=2"); - EXPECT_EQ(test_case.expected_cookies_after_set, - GetAllCookies(cm.get()).size()); - } +// Test case where there are more than kMaxCookies - kPurgeCookies recent +// cookies. All old cookies should be garbage collected, all recent cookies +// kept. +TEST_F(CookieMonsterTest, GarbageCollectionKeepsOnlyRecentCookies) { + std::unique_ptr cm = CreateMonsterFromStoreForGC( + CookieMonster::kMaxCookies * 2 /* num_cookies */, + CookieMonster::kMaxCookies / 2 /* num_old_cookies */, 0, 0, + CookieMonster::kSafeFromGlobalPurgeDays * 2); + EXPECT_EQ(CookieMonster::kMaxCookies * 2, GetAllCookies(cm.get()).size()); + // Will trigger GC. + SetCookie(cm.get(), GURL("http://newdomain.com"), "b=2"); + EXPECT_EQ(CookieMonster::kMaxCookies * 2 - CookieMonster::kMaxCookies / 2 + 1, + GetAllCookies(cm.get()).size()); +} + +// Test case where there are exactly kMaxCookies - kPurgeCookies recent cookies. +// All old cookies should be deleted. +TEST_F(CookieMonsterTest, GarbageCollectionExactlyAllOldCookiesDeleted) { + std::unique_ptr cm = CreateMonsterFromStoreForGC( + CookieMonster::kMaxCookies * 2 /* num_cookies */, + CookieMonster::kMaxCookies + CookieMonster::kPurgeCookies + + 1 /* num_old_cookies */, + 0, 0, CookieMonster::kSafeFromGlobalPurgeDays * 2); + EXPECT_EQ(CookieMonster::kMaxCookies * 2, GetAllCookies(cm.get()).size()); + // Will trigger GC. + SetCookie(cm.get(), GURL("http://newdomain.com"), "b=2"); + EXPECT_EQ(CookieMonster::kMaxCookies - CookieMonster::kPurgeCookies, + GetAllCookies(cm.get()).size()); +} + +// Test case where there are less than kMaxCookies - kPurgeCookies recent +// cookies. Enough old cookies should be deleted to reach kMaxCookies - +// kPurgeCookies total cookies, but no more. Some old cookies should be kept. +TEST_F(CookieMonsterTest, GarbageCollectionTriggers5) { + std::unique_ptr cm = CreateMonsterFromStoreForGC( + CookieMonster::kMaxCookies * 2 /* num_cookies */, + CookieMonster::kMaxCookies * 3 / 2 /* num_old_cookies */, 0, 0, + CookieMonster::kSafeFromGlobalPurgeDays * 2); + EXPECT_EQ(CookieMonster::kMaxCookies * 2, GetAllCookies(cm.get()).size()); + // Will trigger GC. + SetCookie(cm.get(), GURL("http://newdomain.com"), "b=2"); + EXPECT_EQ(CookieMonster::kMaxCookies - CookieMonster::kPurgeCookies, + GetAllCookies(cm.get()).size()); } // Tests garbage collection when there are only secure cookies. @@ -2452,8 +2463,7 @@ TEST_F(CookieMonsterTest, SetAllCookies) { EXPECT_EQ("Z", it->Value()); cm = nullptr; - TestNetLogEntry::List entries; - net_log_.GetEntries(&entries); + auto entries = net_log_.GetEntries(); size_t pos = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::COOKIE_STORE_ALIVE, NetLogEventPhase::BEGIN); pos = ExpectLogContainsSomewhere( @@ -2480,8 +2490,7 @@ TEST_F(CookieMonsterTest, DeleteAll) { EXPECT_EQ(1, store->flush_count()); cm = nullptr; - TestNetLogEntry::List entries; - net_log_.GetEntries(&entries); + auto entries = net_log_.GetEntries(); size_t pos = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::COOKIE_STORE_ALIVE, NetLogEventPhase::BEGIN); pos = ExpectLogContainsSomewhere( @@ -2760,8 +2769,7 @@ TEST_F(CookieMonsterTest, CookieDeleteEquivalentHistogramTest) { cookie_source_histogram, CookieMonster::COOKIE_DELETE_EQUIVALENT_WOULD_HAVE_DELETED, 1); - TestNetLogEntry::List entries; - net_log_.GetEntries(&entries); + auto entries = net_log_.GetEntries(); ExpectLogContainsSomewhere( entries, 0, NetLogEventType::COOKIE_STORE_COOKIE_REJECTED_SECURE, NetLogEventPhase::NONE); @@ -2956,8 +2964,7 @@ TEST_F(CookieMonsterTest, SetSecureCookies) { EXPECT_EQ(CanonicalCookie::CookieInclusionStatus::EXCLUDE_OVERWRITE_HTTP_ONLY, SetCookieReturnStatus(cm.get(), https_url, "C=E; Secure")); - TestNetLogEntry::List entries; - net_log_.GetEntries(&entries); + auto entries = net_log_.GetEntries(); ExpectLogContainsSomewhere( entries, 0, NetLogEventType::COOKIE_STORE_COOKIE_REJECTED_HTTPONLY, NetLogEventPhase::NONE); diff --git a/chromium/net/cookies/cookie_util.cc b/chromium/net/cookies/cookie_util.cc index a9b98aba99a..874cb613a1d 100644 --- a/chromium/net/cookies/cookie_util.cc +++ b/chromium/net/cookies/cookie_util.cc @@ -467,6 +467,17 @@ CookieOptions::SameSiteCookieContext ComputeSameSiteContextForScriptSet( return CookieOptions::SameSiteCookieContext::CROSS_SITE; } +NET_EXPORT CookieOptions::SameSiteCookieContext +ComputeSameSiteContextForSubresource(const GURL& url, + const GURL& site_for_cookies) { + // If the URL is same-site as site_for_cookies it's same-site as all frames + // in the tree from the initiator frame up --- including the initiator frame. + if (MatchesSiteForCookies(url, site_for_cookies)) + return CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT; + else + return CookieOptions::SameSiteCookieContext::CROSS_SITE; +} + CanonicalCookie::CookieInclusionStatus CookieWouldBeExcludedDueToSameSite( const CanonicalCookie& cookie, const CookieOptions& options) { diff --git a/chromium/net/cookies/cookie_util.h b/chromium/net/cookies/cookie_util.h index 89a9c2584d5..8154c19de26 100644 --- a/chromium/net/cookies/cookie_util.h +++ b/chromium/net/cookies/cookie_util.h @@ -37,6 +37,8 @@ NET_EXPORT std::string GetEffectiveDomain(const std::string& scheme, // On success returns true, and sets cookie_domain to either a // -host cookie domain (ex: "google.com") // -domain cookie domain (ex: ".google.com") +// On success, DomainIsHostOnly(url.host()) is DCHECKed. The URL's host must not +// begin with a '.' character. NET_EXPORT bool GetCookieDomainWithString(const GURL& url, const std::string& domain_string, std::string* result); @@ -135,6 +137,13 @@ NET_EXPORT CookieOptions::SameSiteCookieContext ComputeSameSiteContextForScriptSet(const GURL& url, const GURL& site_for_cookies); +// Determines which of the cookies for |url| can be accessed when fetching a +// subresources. This is either CROSS_SITE or SAME_SITE_STRICT, +// since the initiator for a subresource is the frame loading it. +NET_EXPORT CookieOptions::SameSiteCookieContext +ComputeSameSiteContextForSubresource(const GURL& url, + const GURL& site_for_cookies); + // Checks whether a cookie would be excluded due to SameSite restrictions, // assuming SameSiteByDefaultCookies and CookiesWithoutSameSiteMustBeSecure // were turned on. This should be called on a cookie that is in fact included, diff --git a/chromium/net/cookies/cookie_util_unittest.cc b/chromium/net/cookies/cookie_util_unittest.cc index 664f009f78a..2c8a4f3a65b 100644 --- a/chromium/net/cookies/cookie_util_unittest.cc +++ b/chromium/net/cookies/cookie_util_unittest.cc @@ -379,6 +379,33 @@ TEST(CookieUtilTest, ComputeSameSiteContextForSet) { GURL("http://example.com/dir"), GURL("https://sub.example.com"))); } +TEST(CookieUtilTest, TestComputeSameSiteContextForSubresource) { + // |site_for_cookies| not matching the URL -> it's cross-site. + EXPECT_EQ(CookieOptions::SameSiteCookieContext::CROSS_SITE, + cookie_util::ComputeSameSiteContextForSubresource( + GURL("http://example.com"), GURL("http://notexample.com"))); + + // This isn't a full on origin check --- subdomains and different schema are + // accepted. + EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + cookie_util::ComputeSameSiteContextForSubresource( + GURL("https://example.com"), GURL("http://example.com"))); + + EXPECT_EQ( + CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + cookie_util::ComputeSameSiteContextForSubresource( + GURL("http://sub.example.com"), GURL("http://sub2.example.com"))); + + EXPECT_EQ( + CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + cookie_util::ComputeSameSiteContextForSubresource( + GURL("http://sub.example.com"), GURL("http://sub.example.com:8080"))); + + EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + cookie_util::ComputeSameSiteContextForSubresource( + GURL("http://example.com"), GURL("http://example.com"))); +} + TEST(CookieUtilTest, IgnoreCookieStatusList) { CookieList cookie_list_out; base::OnceCallback callback = diff --git a/chromium/net/cookies/parse_cookie_line_fuzzer.cc b/chromium/net/cookies/parse_cookie_line_fuzzer.cc index 997839841ba..a8aaf007e6b 100644 --- a/chromium/net/cookies/parse_cookie_line_fuzzer.cc +++ b/chromium/net/cookies/parse_cookie_line_fuzzer.cc @@ -5,11 +5,82 @@ #include #include +#include "base/logging.h" #include "net/cookies/parsed_cookie.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" + +const std::string GetArbitraryString(FuzzedDataProvider* data_provider) { + // Adding a fudge factor to kMaxCookieSize so that both branches of the bounds + // detection code will be tested. + return data_provider->ConsumeRandomLengthString( + net::ParsedCookie::kMaxCookieSize + 10); +} // Entry point for LibFuzzer. extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - std::string input(data, data + size); - net::ParsedCookie parsed_cookie(input); + FuzzedDataProvider data_provider(data, size); + const std::string cookie_line = GetArbitraryString(&data_provider); + net::ParsedCookie parsed_cookie(cookie_line); + + // Call zero or one of ParsedCookie's mutator methods. Should not call + // anything other than SetName/SetValue when !IsValid(). + const uint8_t action = data_provider.ConsumeIntegralInRange(0, 10); + switch (action) { + case 1: + parsed_cookie.SetName(GetArbitraryString(&data_provider)); + break; + case 2: + parsed_cookie.SetValue(GetArbitraryString(&data_provider)); + break; + } + + if (parsed_cookie.IsValid()) { + switch (action) { + case 3: + if (parsed_cookie.IsValid()) + parsed_cookie.SetPath(GetArbitraryString(&data_provider)); + break; + case 4: + parsed_cookie.SetDomain(GetArbitraryString(&data_provider)); + break; + case 5: + parsed_cookie.SetExpires(GetArbitraryString(&data_provider)); + break; + case 6: + parsed_cookie.SetMaxAge(GetArbitraryString(&data_provider)); + break; + case 7: + parsed_cookie.SetIsSecure(data_provider.ConsumeBool()); + break; + case 8: + parsed_cookie.SetIsHttpOnly(data_provider.ConsumeBool()); + break; + case 9: + parsed_cookie.SetSameSite(GetArbitraryString(&data_provider)); + break; + case 10: + parsed_cookie.SetPriority(GetArbitraryString(&data_provider)); + break; + } + } + + // Check that serialize/deserialize inverse property holds for valid cookies. + if (parsed_cookie.IsValid()) { + const std::string serialized = parsed_cookie.ToCookieLine(); + net::ParsedCookie reparsed_cookie(serialized); + const std::string reserialized = reparsed_cookie.ToCookieLine(); + + // RFC6265 requires semicolons to be followed by spaces. Because our parser + // permits this rule to be broken, but follows the rule in ToCookieLine(), + // it's possible to serialize a string that's longer than the original + // input. If the serialized string exceeds kMaxCookieSize, the parser will + // reject it. For this fuzzer, we are considering this situation a false + // positive. + if (serialized.size() <= net::ParsedCookie::kMaxCookieSize) { + CHECK(reparsed_cookie.IsValid()); + CHECK_EQ(serialized, reserialized); + } + } + return 0; } diff --git a/chromium/net/cookies/parsed_cookie.cc b/chromium/net/cookies/parsed_cookie.cc index 520f33e453f..b3053327942 100644 --- a/chromium/net/cookies/parsed_cookie.cc +++ b/chromium/net/cookies/parsed_cookie.cc @@ -221,7 +221,11 @@ std::string ParsedCookie::ToCookieLine() const { if (!out.empty()) out.append("; "); out.append(it->first); - if (it->first != kSecureTokenName && it->first != kHttpOnlyTokenName) { + // Determine whether to emit the pair's value component. We should always + // print it for the first pair(see crbug.com/977619). After the first pair, + // we need to consider whether the name component is a special token. + if (it == pairs_.begin() || + (it->first != kSecureTokenName && it->first != kHttpOnlyTokenName)) { out.append("="); out.append(it->second); } @@ -448,12 +452,28 @@ void ParsedCookie::SetupAttributes() { bool ParsedCookie::SetString(size_t* index, const std::string& key, - const std::string& value) { - if (value.empty()) { + const std::string& untrusted_value) { + // This function should do equivalent input validation to the + // constructor. Otherwise, the Set* functions can put this ParsedCookie in a + // state where parsing the output of ToCookieLine() produces a different + // ParsedCookie. + // + // Without input validation, invoking pc.SetPath(" baz ") would result in + // pc.ToCookieLine() == "path= baz ". Parsing the "path= baz " string would + // produce a cookie with "path" attribute equal to "baz" (no spaces). We + // should not produce cookie lines that parse to different key/value pairs! + + // Inputs containing invalid characters should be ignored. + if (!IsValidCookieAttributeValue(untrusted_value)) + return false; + + // Use the same whitespace trimming code as the constructor. + const std::string parsed_value = ParseValueString(untrusted_value); + if (parsed_value.empty()) { ClearAttributePair(*index); return true; } else { - return SetAttributePair(index, key, value); + return SetAttributePair(index, key, parsed_value); } } @@ -469,7 +489,7 @@ bool ParsedCookie::SetBool(size_t* index, const std::string& key, bool value) { bool ParsedCookie::SetAttributePair(size_t* index, const std::string& key, const std::string& value) { - if (!(HttpUtil::IsToken(key) && IsValidCookieAttributeValue(value))) + if (!HttpUtil::IsToken(key)) return false; if (!IsValid()) return false; diff --git a/chromium/net/cookies/parsed_cookie_unittest.cc b/chromium/net/cookies/parsed_cookie_unittest.cc index 535ae075e90..eb038f688ad 100644 --- a/chromium/net/cookies/parsed_cookie_unittest.cc +++ b/chromium/net/cookies/parsed_cookie_unittest.cc @@ -505,6 +505,87 @@ TEST(ParsedCookieTest, SetSameSite) { EXPECT_TRUE(pc.IsValid()); } +TEST(ParsedCookieTest, SettersInputValidation) { + ParsedCookie pc("name=foobar"); + EXPECT_TRUE(pc.SetPath("baz")); + EXPECT_EQ(pc.ToCookieLine(), "name=foobar; path=baz"); + + EXPECT_TRUE(pc.SetPath(" baz ")); + EXPECT_EQ(pc.ToCookieLine(), "name=foobar; path=baz"); + + EXPECT_TRUE(pc.SetPath(" ")); + EXPECT_EQ(pc.ToCookieLine(), "name=foobar"); + + EXPECT_TRUE(pc.SetDomain(" baz ")); + EXPECT_EQ(pc.ToCookieLine(), "name=foobar; domain=baz"); + + // Invalid characters + EXPECT_FALSE(pc.SetPath(" baz\n ")); + EXPECT_FALSE(pc.SetPath("f;oo")); + EXPECT_FALSE(pc.SetPath("\r")); + EXPECT_FALSE(pc.SetPath("\a")); + EXPECT_FALSE(pc.SetPath("\t")); + EXPECT_FALSE(pc.SetSameSite("\r")); +} + +TEST(ParsedCookieTest, ToCookieLineSpecialTokens) { + // Special tokens "secure" and "httponly" should be treated as any other name + // when they are in the first position. + { + ParsedCookie pc(""); + pc.SetName("secure"); + EXPECT_EQ(pc.ToCookieLine(), "secure="); + } + { + ParsedCookie pc("secure"); + EXPECT_EQ(pc.ToCookieLine(), "=secure"); + } + { + ParsedCookie pc("secure=foo"); + EXPECT_EQ(pc.ToCookieLine(), "secure=foo"); + } + { + ParsedCookie pc("foo=secure"); + EXPECT_EQ(pc.ToCookieLine(), "foo=secure"); + } + { + ParsedCookie pc("httponly=foo"); + EXPECT_EQ(pc.ToCookieLine(), "httponly=foo"); + } + { + ParsedCookie pc("foo"); + pc.SetName("secure"); + EXPECT_EQ(pc.ToCookieLine(), "secure=foo"); + } + { + ParsedCookie pc("bar"); + pc.SetName("httponly"); + EXPECT_EQ(pc.ToCookieLine(), "httponly=bar"); + } + { + ParsedCookie pc("foo=bar; baz=bob"); + EXPECT_EQ(pc.ToCookieLine(), "foo=bar; baz=bob"); + } + // Outside of the first position, the value associated with a special name + // should not be printed. + { + ParsedCookie pc("name=foo; secure"); + EXPECT_EQ(pc.ToCookieLine(), "name=foo; secure"); + } + { + ParsedCookie pc("name=foo; secure=bar"); + EXPECT_EQ(pc.ToCookieLine(), "name=foo; secure"); + } + { + ParsedCookie pc("name=foo; httponly=baz"); + EXPECT_EQ(pc.ToCookieLine(), "name=foo; httponly"); + } + { + ParsedCookie pc("name=foo; bar=secure"); + EXPECT_EQ(pc.ToCookieLine(), "name=foo; bar=secure"); + } +} + TEST(ParsedCookieTest, SameSiteValues) { struct TestCase { const char* cookie; diff --git a/chromium/net/data/ssl/blacklist/3ae699d94e8febdacb86d4f90d40903333478e65e0655c432451197e33fa07f2.pem b/chromium/net/data/ssl/blacklist/3ae699d94e8febdacb86d4f90d40903333478e65e0655c432451197e33fa07f2.pem new file mode 100644 index 00000000000..ddd2df8a7eb --- /dev/null +++ b/chromium/net/data/ssl/blacklist/3ae699d94e8febdacb86d4f90d40903333478e65e0655c432451197e33fa07f2.pem @@ -0,0 +1,151 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 14:ed:7e:90:75:b6:ae:86:8e:1a:3b:02:4f:8a:94:af:c8:f5:db:ba + Signature Algorithm: sha384WithRSAEncryption + Issuer: C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2 G3 + Validity + Not Before: Apr 19 18:20:31 2017 GMT + Not After : Apr 19 18:20:31 2025 GMT + Subject: C = AE, O = DarkMatter LLC, CN = DarkMatter High Assurance CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (4096 bit) + Modulus: + 00:84:e0:4e:84:58:b4:e5:9a:f5:a9:2f:d3:34:10: + 72:47:7e:d8:6c:7a:ef:74:3d:04:6d:c8:25:fc:7e: + 21:c4:9d:77:17:f0:3d:68:5c:93:3d:f9:8c:15:cd: + 44:22:fb:ca:44:9e:35:37:6d:a4:ed:92:c0:0b:48: + 50:0e:48:c0:6c:90:50:eb:d3:54:6b:21:97:1f:04: + 44:c8:fb:f8:fc:71:1c:e4:58:90:74:0c:48:c6:33: + 94:78:9e:61:3b:f7:25:9e:2a:a3:96:1f:93:6b:60: + 04:c9:aa:13:70:95:fa:76:2a:00:fd:9c:d3:75:ac: + 01:1a:b4:5e:43:f2:10:ec:70:b7:a1:03:fa:3c:b9: + 5a:45:64:e4:a4:3d:25:2d:96:85:2d:49:ce:74:39: + 39:3b:28:0a:12:a0:16:6d:92:dd:85:da:e5:1d:ec: + 3e:69:fc:8a:2a:83:3a:ad:60:b8:08:d1:6b:69:c8: + c0:85:4c:a0:6e:6d:83:a5:36:df:fd:ff:86:7b:e3: + 7b:63:da:55:a7:45:96:05:0a:93:39:41:03:53:37: + 52:83:36:92:e2:d4:f0:7e:b9:4c:5e:b3:db:0e:4d: + 2c:66:f9:98:b6:6d:d9:5e:a1:bd:f8:de:b2:9f:f9: + 95:94:a8:35:29:30:bd:63:c7:b4:2f:18:d7:02:ee: + 09:03:c7:e8:85:68:03:57:ae:2a:fc:04:7c:2c:e5: + 35:98:a5:78:fe:a0:94:da:6c:0e:a0:93:e6:f1:5e: + 5e:25:8d:eb:9c:db:bf:96:4b:bf:ae:19:02:7c:7f: + d2:27:8d:ba:a0:f7:7b:c8:98:d6:39:23:bb:8f:7e: + 33:2c:7e:62:60:55:7f:89:54:a1:9b:3e:00:a0:6e: + fc:36:c1:bd:e0:5f:f3:77:3f:22:6e:32:d3:f2:38: + ee:f5:fb:13:de:5e:91:b4:d1:66:cf:5c:71:7d:28: + 94:ee:2a:59:89:fb:54:75:6b:08:7c:8c:c1:b2:db: + dc:53:17:0a:ed:1f:07:26:fe:24:0d:1e:45:49:24: + 58:13:ee:df:02:6c:5d:e4:bc:32:b5:65:20:4a:4b: + 84:53:86:ba:ed:76:94:a9:87:13:cb:ce:cd:b5:83: + 3e:9b:ac:2a:53:6b:c0:6a:34:cb:13:4e:8b:cb:8c: + d3:11:86:d4:bd:7d:58:54:aa:05:a9:95:b0:8c:0e: + 70:f2:45:bb:39:ee:cf:26:74:f8:4c:0d:70:9f:92: + 63:e7:10:6b:05:41:8f:3a:3a:7d:73:ea:18:1a:06: + fc:92:b6:c3:f1:e7:6d:a9:d4:d9:90:a4:e9:ed:e7: + 8d:9d:d4:25:f2:4e:30:b1:91:63:19:2c:a8:52:9c: + 09:3e:9b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.8024.0.2.100.1.2 + CPS: https://ca.darkmatter.ae/iCPS + Policy: 2.23.140.1.1 + Policy: 2.16.784.1.1.7.35.2.2.1.1 + + Authority Information Access: + OCSP - URI:http://ocsp.quovadisglobal.com + CA Issuers - URI:http://cacerts.darkmatter.ae/qvrca2g3.crt + + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, OCSP Signing + X509v3 Authority Key Identifier: + keyid:ED:E7:6F:76:5A:BF:60:EC:49:5B:C6:A5:77:BB:72:16:71:9B:C4:3D + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl1.darkmatter.ae/qvrca2g3.crl + + Full Name: + URI:http://crl2.darkmatter.ae/qvrca2g3.crl + + X509v3 Subject Key Identifier: + 5D:F1:FB:6A:67:81:E6:84:5B:57:37:5C:0F:99:B5:DC:9D:44:3B:55 + Signature Algorithm: sha384WithRSAEncryption + 7a:e5:0b:18:d1:70:38:9b:26:5e:a0:ad:4b:ce:9d:d0:7e:83: + 30:e4:0f:af:88:01:51:cd:ed:bc:b8:f6:e0:5c:5b:6c:81:19: + 76:86:1e:9b:fe:04:d4:85:47:07:6b:7e:5b:af:b0:88:b6:aa: + 9a:11:d6:f1:c2:f6:fb:0e:70:3e:fa:79:b3:ab:d2:c8:23:a9: + 5d:24:0b:22:27:25:a2:05:a0:7e:b3:0e:9b:40:dd:84:85:6d: + 0f:f1:6e:7e:a9:25:aa:04:16:3f:04:77:0c:f3:2c:e2:c3:f4: + d0:72:71:69:83:f0:42:70:86:35:51:02:50:42:ea:f8:bc:c2: + 3b:fd:ea:52:57:6a:bd:bf:0c:16:7b:1b:c1:3d:91:c1:cf:b9: + b5:b1:18:13:4a:9f:88:b3:37:79:49:cf:91:95:c4:5f:3d:db: + 82:a0:83:d9:75:0b:da:d9:7d:76:bc:5b:c7:f1:7a:bd:9f:b5: + f6:0a:fd:fd:8a:e6:1c:7e:d4:9b:c9:95:50:30:73:f3:50:dd: + b2:2e:e4:57:c1:02:4f:8f:e4:fd:13:0a:ab:8c:e4:ca:5d:e6: + 8b:ca:63:21:f4:d0:44:19:46:c4:05:db:44:37:ee:e3:d2:06: + 24:18:07:5d:7c:ee:79:c4:7f:9f:ba:de:52:92:82:76:00:e8: + 03:e2:c0:69:4f:42:1b:ca:d2:52:09:54:8e:88:c3:4a:17:66: + 65:fd:78:14:bc:ec:5c:42:88:16:89:d4:ca:05:eb:2d:a1:2c: + 52:ca:a8:86:49:ae:e0:24:1d:2f:ce:03:75:e2:54:bc:78:b6: + c2:4b:41:1a:47:e6:3e:5f:b3:40:7a:e8:67:5f:a1:67:8d:07: + 09:53:87:35:74:f2:33:a3:0b:f8:d1:e7:6f:57:b6:da:45:2a: + 94:46:80:89:45:32:1f:11:26:2a:19:be:1f:45:ec:e2:c2:df: + a4:5c:df:fb:9f:e9:75:18:52:dc:b9:e1:5c:b7:14:5a:62:31: + bd:6b:37:6d:3b:06:36:1f:76:ab:ec:8f:32:25:f5:cf:2b:e2: + 12:f1:3b:3e:f5:13:16:e8:a6:cb:a7:f9:94:96:5e:88:51:fb: + e9:4b:24:8f:8c:41:dd:b6:15:ee:44:cf:8f:b6:4e:a7:9e:77: + ab:27:cb:14:86:61:eb:54:ab:c5:f4:16:42:47:1a:e4:9f:fb: + 35:2c:7f:38:82:c2:17:11:ed:7c:83:49:1c:ba:46:3d:28:8d: + 67:0d:79:59:fb:43:7f:4b:de:2f:f4:ea:d2:b7:49:32:fe:4b: + 73:86:de:57:5b:7a:fa:86:9e:01:01:c7:47:16:6f:d3:22:fa: + 2c:c3:51:22:e9:fa:1b:0d +-----BEGIN CERTIFICATE----- +MIIG8DCCBNigAwIBAgIUFO1+kHW2roaOGjsCT4qUr8j127owDQYJKoZIhvcNAQEM +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xNzA0MTkxODIwMzFaFw0y +NTA0MTkxODIwMzFaME0xCzAJBgNVBAYTAkFFMRcwFQYDVQQKDA5EYXJrTWF0dGVy +IExMQzElMCMGA1UEAwwcRGFya01hdHRlciBIaWdoIEFzc3VyYW5jZSBDQTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAITgToRYtOWa9akv0zQQckd+2Gx6 +73Q9BG3IJfx+IcSddxfwPWhckz35jBXNRCL7ykSeNTdtpO2SwAtIUA5IwGyQUOvT +VGshlx8ERMj7+PxxHORYkHQMSMYzlHieYTv3JZ4qo5Yfk2tgBMmqE3CV+nYqAP2c +03WsARq0XkPyEOxwt6ED+jy5WkVk5KQ9JS2WhS1JznQ5OTsoChKgFm2S3YXa5R3s +Pmn8iiqDOq1guAjRa2nIwIVMoG5tg6U23/3/hnvje2PaVadFlgUKkzlBA1M3UoM2 +kuLU8H65TF6z2w5NLGb5mLZt2V6hvfjesp/5lZSoNSkwvWPHtC8Y1wLuCQPH6IVo +A1euKvwEfCzlNZileP6glNpsDqCT5vFeXiWN65zbv5ZLv64ZAnx/0ieNuqD3e8iY +1jkju49+Myx+YmBVf4lUoZs+AKBu/DbBveBf83c/Im4y0/I47vX7E95ekbTRZs9c +cX0olO4qWYn7VHVrCHyMwbLb3FMXCu0fByb+JA0eRUkkWBPu3wJsXeS8MrVlIEpL +hFOGuu12lKmHE8vOzbWDPpusKlNrwGo0yxNOi8uM0xGG1L19WFSqBamVsIwOcPJF +uznuzyZ0+EwNcJ+SY+cQawVBjzo6fXPqGBoG/JK2w/HnbanU2ZCk6e3njZ3UJfJO +MLGRYxksqFKcCT6bAgMBAAGjggHLMIIBxzASBgNVHRMBAf8ECDAGAQH/AgEAMF4G +A1UdIARXMFUwOwYMKwYBBAG+WAACZAECMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8v +Y2EuZGFya21hdHRlci5hZS9pQ1BTMAcGBWeBDAEBMA0GC2CGEAEBByMCAgEBMHEG +CCsGAQUFBwEBBGUwYzAqBggrBgEFBQcwAYYeaHR0cDovL29jc3AucXVvdmFkaXNn +bG9iYWwuY29tMDUGCCsGAQUFBzAChilodHRwOi8vY2FjZXJ0cy5kYXJrbWF0dGVy +LmFlL3F2cmNhMmczLmNydDAOBgNVHQ8BAf8EBAMCAYYwJwYDVR0lBCAwHgYIKwYB +BQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDCTAfBgNVHSMEGDAWgBTt5292Wr9g7Elb +xqV3u3IWcZvEPTBlBgNVHR8EXjBcMCygKqAohiZodHRwOi8vY3JsMS5kYXJrbWF0 +dGVyLmFlL3F2cmNhMmczLmNybDAsoCqgKIYmaHR0cDovL2NybDIuZGFya21hdHRl +ci5hZS9xdnJjYTJnMy5jcmwwHQYDVR0OBBYEFF3x+2pngeaEW1c3XA+ZtdydRDtV +MA0GCSqGSIb3DQEBDAUAA4ICAQB65QsY0XA4myZeoK1Lzp3QfoMw5A+viAFRze28 +uPbgXFtsgRl2hh6b/gTUhUcHa35br7CItqqaEdbxwvb7DnA++nmzq9LII6ldJAsi +JyWiBaB+sw6bQN2EhW0P8W5+qSWqBBY/BHcM8yziw/TQcnFpg/BCcIY1UQJQQur4 +vMI7/epSV2q9vwwWexvBPZHBz7m1sRgTSp+Iszd5Sc+RlcRfPduCoIPZdQva2X12 +vFvH8Xq9n7X2Cv39iuYcftSbyZVQMHPzUN2yLuRXwQJPj+T9EwqrjOTKXeaLymMh +9NBEGUbEBdtEN+7j0gYkGAddfO55xH+fut5SkoJ2AOgD4sBpT0IbytJSCVSOiMNK +F2Zl/XgUvOxcQogWidTKBestoSxSyqiGSa7gJB0vzgN14lS8eLbCS0EaR+Y+X7NA +euhnX6FnjQcJU4c1dPIzowv40edvV7baRSqURoCJRTIfESYqGb4fReziwt+kXN/7 +n+l1GFLcueFctxRaYjG9azdtOwY2H3ar7I8yJfXPK+IS8Ts+9RMW6KbLp/mUll6I +UfvpSySPjEHdthXuRM+Ptk6nnnerJ8sUhmHrVKvF9BZCRxrkn/s1LH84gsIXEe18 +g0kcukY9KI1nDXlZ+0N/S94v9OrSt0ky/ktzht5XW3r6hp4BAcdHFm/TIvosw1Ei +6fobDQ== +-----END CERTIFICATE----- diff --git a/chromium/net/data/ssl/blacklist/a25a19546819d048000ef9c6577c4bcd8d2155b1e4346a4599d6c8b79799d4a1.pem b/chromium/net/data/ssl/blacklist/a25a19546819d048000ef9c6577c4bcd8d2155b1e4346a4599d6c8b79799d4a1.pem new file mode 100644 index 00000000000..9057e67e88e --- /dev/null +++ b/chromium/net/data/ssl/blacklist/a25a19546819d048000ef9c6577c4bcd8d2155b1e4346a4599d6c8b79799d4a1.pem @@ -0,0 +1,150 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 62:7a:61:b1:0e:7f:5f:27:be:3b:eb:5e:94:cf:7f:f4:48:de:e1:c5 + Signature Algorithm: sha384WithRSAEncryption + Issuer: C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2 G3 + Validity + Not Before: Apr 19 18:27:31 2017 GMT + Not After : Apr 19 18:27:31 2025 GMT + Subject: C = AE, O = DarkMatter LLC, CN = DarkMatter Secure CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (4096 bit) + Modulus: + 00:93:2f:2e:6d:82:b3:37:53:c3:d7:80:53:bc:01: + ab:4c:3a:ce:a9:d9:0e:73:8e:e7:d6:8c:25:91:08: + 49:3f:f5:c8:35:51:a0:e2:1e:62:75:da:e3:44:f5: + f9:e1:20:67:54:eb:20:85:b5:be:ef:f4:11:cb:0b: + 4b:18:47:53:c6:66:fa:60:dc:74:13:dc:92:7e:4f: + 73:d7:ec:99:f6:42:38:e9:be:1f:b7:d6:00:c4:6e: + 8f:46:0c:4c:f8:1f:f5:d9:e7:b1:6f:10:f9:f1:e0: + 9d:46:e5:04:e3:a0:bd:a5:84:32:dc:be:89:6e:71: + 11:29:88:d3:24:1d:51:e0:ea:cc:e7:4b:50:5e:a7: + 92:f8:ed:99:1b:f2:b1:28:89:19:45:79:db:2c:0b: + 5b:3b:87:53:15:74:c4:02:16:13:7d:cd:47:29:fc: + b5:4a:2b:93:f9:d0:7a:92:f6:cc:da:8b:e9:95:65: + 7d:1d:3a:15:3c:7a:ca:be:90:4a:ca:00:8f:f9:34: + 3c:d4:ff:86:5d:4b:ac:3e:00:27:c5:94:e5:11:ad: + 4c:e6:94:0a:83:17:89:7e:61:09:a1:55:2c:87:11: + 4f:cf:bc:1a:ae:f3:33:3d:fb:8f:94:19:45:b1:c3: + 33:90:22:a9:19:87:52:db:a8:60:33:72:92:d1:4e: + 75:be:e3:c5:e8:87:73:a5:ea:dd:91:ae:63:07:a7: + e5:b6:df:30:51:60:bc:66:e6:50:11:2a:eb:65:b3: + 24:33:e1:7a:7d:15:20:45:50:df:8e:ff:01:31:b2: + f7:86:a3:a9:ff:fa:aa:3a:d8:ea:e4:af:89:58:57: + 6a:22:47:29:7b:68:1b:45:a1:89:db:34:ac:f9:aa: + 31:d7:b5:3f:4a:64:77:e9:c4:0c:75:5f:92:a4:72: + 54:3a:44:10:bc:eb:e9:e9:8a:27:33:12:cd:8f:b5: + 9f:2a:14:4e:d4:1f:36:71:0d:e6:29:60:7e:03:32: + 39:fd:03:0c:d2:68:c1:5b:77:84:c6:be:a2:5d:1f: + b0:c2:43:8e:82:fc:fd:8a:27:f2:59:dc:a3:cb:ba: + 92:59:2f:d3:48:65:2e:c1:d5:c2:77:07:87:5e:d8: + b4:a4:29:c5:dd:b3:ef:f6:c5:c8:ea:36:1e:94:e5: + bd:08:9c:04:0e:2b:1f:f1:df:7e:68:41:c2:aa:05: + 94:0d:d3:40:b4:a5:66:7f:b3:7b:24:fc:b2:89:e3: + 19:83:98:d3:90:06:8d:78:10:d9:be:73:62:5e:46: + bb:27:dd:f2:0b:ac:db:38:b1:96:35:3f:33:ea:fb: + eb:25:97:ef:41:b3:c0:f9:64:9d:62:07:02:71:82: + 88:95:29 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Certificate Policies: + Policy: 2.16.784.1.1.7.35.2.2.1.2 + CPS: https://ca.darkmatter.ae/iCPS + Policy: 2.23.140.1.2.2 + Policy: 2.23.140.1.2.3 + + Authority Information Access: + OCSP - URI:http://ocsp.quovadisglobal.com + CA Issuers - URI:http://cacerts.darkmatter.ae/qvrca2g3.crt + + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, OCSP Signing + X509v3 Authority Key Identifier: + keyid:ED:E7:6F:76:5A:BF:60:EC:49:5B:C6:A5:77:BB:72:16:71:9B:C4:3D + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl1.darkmatter.ae/qvrca2g3.crl + + Full Name: + URI:http://crl2.darkmatter.ae/qvrca2g3.crl + + X509v3 Subject Key Identifier: + A2:50:A4:70:CB:3B:B5:CA:61:94:27:13:96:3A:74:76:AA:9D:EC:34 + Signature Algorithm: sha384WithRSAEncryption + 72:e3:c5:33:02:2b:cd:b4:91:bc:65:ca:95:ad:b5:90:fe:ee: + ac:f1:95:92:12:1e:85:fb:58:64:bf:43:a8:49:ad:56:3c:85: + 65:d5:40:7d:09:83:d5:67:bf:b4:d3:62:72:d3:7e:c7:9e:d4: + ac:1d:62:95:c6:f2:06:5d:b9:36:2f:b5:d0:06:73:f6:78:17: + 3d:34:56:76:fa:a5:15:77:89:af:40:c5:c0:56:34:02:f9:80: + 45:e2:a5:49:40:84:6f:7e:fc:22:d7:f4:12:53:e7:1c:b2:f1: + e0:84:92:76:0b:54:e5:1b:5c:9f:c2:54:6e:09:8c:17:b8:f1: + 14:0b:16:dc:e0:ed:17:00:66:6f:ea:26:cf:9c:07:c7:86:46: + 9a:b4:85:ca:2d:18:4f:c0:a7:81:2b:89:54:81:f3:e1:a1:7b: + 60:67:fc:8b:02:e3:2f:92:85:de:e0:c9:0e:1b:f1:4c:f0:3f: + 7b:8d:b4:f1:32:9a:2f:64:24:81:b9:46:4b:1d:da:c3:a1:ac: + 19:93:92:85:95:f8:98:88:b4:52:21:3b:f4:50:35:50:fb:86: + 81:52:9e:81:a5:43:db:a9:ac:38:53:c3:28:e0:b9:e0:6e:4c: + 49:b2:18:cf:53:44:cc:ab:10:89:7b:c6:55:55:6d:44:91:1b: + 8c:61:4b:f8:78:93:9e:7a:3d:72:e2:d2:e8:5e:2d:e5:fb:09: + 0f:a3:3b:1a:d9:22:34:75:da:1b:2e:c7:e7:44:2e:10:b7:25: + b1:10:9a:ea:73:8b:b9:87:41:5b:3f:43:a7:e2:50:a6:28:98: + 67:92:74:f8:35:67:41:d8:b2:84:cc:72:d6:99:45:20:96:05: + c2:8a:da:72:72:42:2f:47:e1:7f:b5:22:11:50:40:6d:d9:1b: + c1:5a:21:67:a0:18:7a:9a:6c:72:50:42:6c:bb:f9:6f:eb:9a: + f9:e6:b0:4c:76:6f:9f:9f:db:68:05:fc:63:95:58:ef:f4:1c: + 94:33:b1:dc:6d:73:1d:92:f3:00:19:65:36:fc:fa:69:1d:d0: + 42:98:e4:c1:3d:d9:d5:67:02:3a:99:a0:4c:52:2f:03:d6:4c: + 6b:fd:80:b3:7f:31:66:ad:50:1d:ba:fa:17:14:cf:b2:43:be: + 8d:2a:bc:74:7f:f4:9c:22:f2:a9:8b:1e:cf:07:89:df:8d:1e: + 59:28:96:25:2c:09:7c:9f:81:0e:d5:56:fa:fa:57:a8:5f:3a: + 40:e8:55:4b:31:0e:8c:37:61:17:3f:aa:62:79:5a:70:4b:9d: + 97:a1:d8:19:e3:ca:75:aa:20:c1:7c:80:b0:37:b6:8f:99:5a: + 48:97:cb:d4:d5:80:98:c7 +-----BEGIN CERTIFICATE----- +MIIG4zCCBMugAwIBAgIUYnphsQ5/Xye+O+telM9/9Eje4cUwDQYJKoZIhvcNAQEM +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xNzA0MTkxODI3MzFaFw0y +NTA0MTkxODI3MzFaMEUxCzAJBgNVBAYTAkFFMRcwFQYDVQQKDA5EYXJrTWF0dGVy +IExMQzEdMBsGA1UEAwwURGFya01hdHRlciBTZWN1cmUgQ0EwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQCTLy5tgrM3U8PXgFO8AatMOs6p2Q5zjufWjCWR +CEk/9cg1UaDiHmJ12uNE9fnhIGdU6yCFtb7v9BHLC0sYR1PGZvpg3HQT3JJ+T3PX +7Jn2Qjjpvh+31gDEbo9GDEz4H/XZ57FvEPnx4J1G5QTjoL2lhDLcvolucREpiNMk +HVHg6sznS1Bep5L47Zkb8rEoiRlFedssC1s7h1MVdMQCFhN9zUcp/LVKK5P50HqS +9szai+mVZX0dOhU8esq+kErKAI/5NDzU/4ZdS6w+ACfFlOURrUzmlAqDF4l+YQmh +VSyHEU/PvBqu8zM9+4+UGUWxwzOQIqkZh1LbqGAzcpLRTnW+48Xoh3Ol6t2RrmMH +p+W23zBRYLxm5lARKutlsyQz4Xp9FSBFUN+O/wExsveGo6n/+qo62Orkr4lYV2oi +Ryl7aBtFoYnbNKz5qjHXtT9KZHfpxAx1X5KkclQ6RBC86+npiiczEs2PtZ8qFE7U +HzZxDeYpYH4DMjn9AwzSaMFbd4TGvqJdH7DCQ46C/P2KJ/JZ3KPLupJZL9NIZS7B +1cJ3B4de2LSkKcXds+/2xcjqNh6U5b0InAQOKx/x335oQcKqBZQN00C0pWZ/s3sk +/LKJ4xmDmNOQBo14ENm+c2JeRrsn3fILrNs4sZY1PzPq++sll+9Bs8D5ZJ1iBwJx +goiVKQIDAQABo4IBxjCCAcIwEgYDVR0TAQH/BAgwBgEB/wIBADBZBgNVHSAEUjBQ +MDoGC2CGEAEBByMCAgECMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vY2EuZGFya21h +dHRlci5hZS9pQ1BTMAgGBmeBDAECAjAIBgZngQwBAgMwcQYIKwYBBQUHAQEEZTBj +MCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5xdW92YWRpc2dsb2JhbC5jb20wNQYI +KwYBBQUHMAKGKWh0dHA6Ly9jYWNlcnRzLmRhcmttYXR0ZXIuYWUvcXZyY2EyZzMu +Y3J0MA4GA1UdDwEB/wQEAwIBhjAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUH +AwIGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFO3nb3Zav2DsSVvGpXe7chZxm8Q9MGUG +A1UdHwReMFwwLKAqoCiGJmh0dHA6Ly9jcmwxLmRhcmttYXR0ZXIuYWUvcXZyY2Ey +ZzMuY3JsMCygKqAohiZodHRwOi8vY3JsMi5kYXJrbWF0dGVyLmFlL3F2cmNhMmcz +LmNybDAdBgNVHQ4EFgQUolCkcMs7tcphlCcTljp0dqqd7DQwDQYJKoZIhvcNAQEM +BQADggIBAHLjxTMCK820kbxlypWttZD+7qzxlZISHoX7WGS/Q6hJrVY8hWXVQH0J +g9Vnv7TTYnLTfsee1KwdYpXG8gZduTYvtdAGc/Z4Fz00Vnb6pRV3ia9AxcBWNAL5 +gEXipUlAhG9+/CLX9BJT5xyy8eCEknYLVOUbXJ/CVG4JjBe48RQLFtzg7RcAZm/q +Js+cB8eGRpq0hcotGE/Ap4EriVSB8+Ghe2Bn/IsC4y+Shd7gyQ4b8UzwP3uNtPEy +mi9kJIG5Rksd2sOhrBmTkoWV+JiItFIhO/RQNVD7hoFSnoGlQ9uprDhTwyjgueBu +TEmyGM9TRMyrEIl7xlVVbUSRG4xhS/h4k556PXLi0uheLeX7CQ+jOxrZIjR12hsu +x+dELhC3JbEQmupzi7mHQVs/Q6fiUKYomGeSdPg1Z0HYsoTMctaZRSCWBcKK2nJy +Qi9H4X+1IhFQQG3ZG8FaIWegGHqabHJQQmy7+W/rmvnmsEx2b5+f22gF/GOVWO/0 +HJQzsdxtcx2S8wAZZTb8+mkd0EKY5ME92dVnAjqZoExSLwPWTGv9gLN/MWatUB26 ++hcUz7JDvo0qvHR/9Jwi8qmLHs8Hid+NHlkoliUsCXyfgQ7VVvr6V6hfOkDoVUsx +Dow3YRc/qmJ5WnBLnZeh2BnjynWqIMF8gLA3to+ZWkiXy9TVgJjH +-----END CERTIFICATE----- diff --git a/chromium/net/data/ssl/blacklist/d8888f4a84f74c974dffb573a1bf5bbbacd1713b905096f8eb015062bf396c4d.pem b/chromium/net/data/ssl/blacklist/d8888f4a84f74c974dffb573a1bf5bbbacd1713b905096f8eb015062bf396c4d.pem new file mode 100644 index 00000000000..0ee82451ce4 --- /dev/null +++ b/chromium/net/data/ssl/blacklist/d8888f4a84f74c974dffb573a1bf5bbbacd1713b905096f8eb015062bf396c4d.pem @@ -0,0 +1,149 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 19:ff:34:56:9d:36:6b:a1:f6:6e:8d:95:32:ee:05:d0:55:b9:dd:1d + Signature Algorithm: sha384WithRSAEncryption + Issuer: C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 3 G3 + Validity + Not Before: Apr 19 18:38:50 2017 GMT + Not After : Apr 19 18:38:50 2025 GMT + Subject: C = AE, O = DarkMatter LLC, CN = DarkMatter Assured CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (4096 bit) + Modulus: + 00:89:14:f9:94:77:15:68:79:c0:1b:95:4c:72:c0: + f7:40:b1:01:c8:f6:90:f8:1d:d4:8a:47:23:4e:7c: + 4b:7e:73:3f:e1:65:16:db:42:c4:0e:ec:ec:d0:99: + ef:27:5d:f3:b1:fc:4c:3e:bb:48:2c:e8:1e:81:94: + dd:a7:3e:66:eb:0f:66:2b:89:22:62:af:1d:da:82: + 82:1b:8b:35:34:35:46:19:73:23:27:95:67:72:b1: + e6:59:02:7d:cb:02:7c:e8:51:b2:0b:be:48:31:03: + 86:ef:e9:bf:fd:99:b4:00:2d:57:2e:49:b0:a1:fd: + 67:65:a7:90:ee:7a:3a:93:33:e8:f3:fb:26:4c:8c: + 12:4d:8f:0b:d1:04:c9:7a:47:28:f5:48:9d:4d:6d: + 6e:0b:03:9b:b1:23:86:c8:de:e8:73:fc:53:23:be: + 50:33:0c:77:37:57:89:88:30:57:75:f3:03:8c:cc: + fe:4c:be:14:3a:1f:1a:e3:6e:57:14:7b:12:b7:96: + ea:b3:8b:ed:88:05:d5:75:f2:f6:0a:2d:2b:e7:14: + 44:9a:ea:17:04:fb:4b:b2:84:10:68:5e:a0:e3:c5: + 88:17:f4:4f:c4:1d:c1:b6:c4:f3:50:58:81:8d:a7: + d5:19:9a:dc:f6:1f:54:0a:87:7d:19:a8:17:68:89: + 9d:41:ef:5f:71:7f:52:fb:11:c7:ba:88:a7:5e:79: + 2a:93:96:22:41:36:8d:41:4b:52:76:b8:d6:d6:41: + 32:47:aa:a7:ef:81:07:12:d1:9a:0b:99:06:ca:9c: + 5e:ce:e4:5f:8d:2d:82:a9:cf:0d:59:b7:26:11:ae: + 4c:c8:d7:e2:b8:70:d0:a1:46:1f:1d:c8:17:c8:a1: + ff:1a:a9:25:59:1a:48:dd:69:72:9a:59:e0:e3:74: + 4b:0d:63:85:2a:6d:b7:45:05:92:6d:cd:30:5b:5e: + fa:0c:12:96:42:d1:f7:46:ee:d5:6b:5c:b5:3e:5d: + 2f:dc:ac:c8:e4:ba:f2:5c:d9:6d:49:09:ee:ba:b3: + 6e:ed:c4:86:11:59:25:f8:9b:98:83:c5:21:1b:de: + 78:94:5f:19:40:18:40:7e:40:3a:54:cf:39:6c:ef: + 8a:aa:80:17:b4:20:8a:64:f5:a2:73:0c:f4:47:67: + 68:a4:ee:da:08:84:bd:c4:a4:4e:a4:8f:db:c4:ae: + 5c:d5:39:88:ab:b9:10:61:1f:54:54:7f:69:24:32: + 5f:fd:51:98:fb:39:44:0e:16:d4:7e:79:3b:a9:40: + 00:e0:0c:74:ca:a5:e9:de:22:78:83:d9:f9:35:04: + 43:fd:27:97:8e:14:e3:62:7c:7b:ee:33:1c:e2:c1: + c0:ab:73 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Certificate Policies: + Policy: 2.16.784.1.1.7.35.2.2.2 + CPS: https://ca.darkmatter.ae/iCPS + Policy: 1.3.6.1.4.1.8024.1.300 + + Authority Information Access: + OCSP - URI:http://ocsp.quovadisglobal.com + CA Issuers - URI:http://cacerts.darkmatter.ae/qvrca3g3.crt + + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Extended Key Usage: + TLS Web Client Authentication, OCSP Signing, E-mail Protection, 1.3.6.1.4.1.311.10.3.12 + X509v3 Authority Key Identifier: + keyid:C6:17:D0:BC:A8:EA:02:43:F2:1B:06:99:5D:2B:90:20:B9:D7:9C:E4 + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl1.darkmatter.ae/qvrca3g3.crl + + Full Name: + URI:http://crl2.darkmatter.ae/qvrca3g3.crl + + X509v3 Subject Key Identifier: + 05:61:41:C6:3D:0D:28:BE:62:9F:98:F3:AF:A3:33:EA:C0:FD:F0:E9 + Signature Algorithm: sha384WithRSAEncryption + 7e:30:5a:ca:6c:5d:00:d9:94:38:c3:ca:b7:ca:50:c1:d1:c5: + 45:93:f7:76:1b:bb:26:d8:63:f2:a0:3e:44:97:60:d1:be:04: + ba:a3:77:9f:f5:57:cb:be:e6:57:72:20:5c:81:5d:39:68:e5: + b7:e4:1d:ac:43:c3:48:37:45:f4:f1:f4:cd:e0:ca:f1:3c:65: + 3a:af:e6:3e:ce:cd:28:47:ed:d1:e7:24:fd:08:32:e4:89:15: + fd:30:d7:48:84:eb:75:7c:3e:e4:55:42:b4:b8:1b:98:7b:6b: + cb:91:ff:34:f9:d3:ec:d4:3b:a2:e4:5b:4c:34:e6:6a:ec:ca: + 46:a5:47:e1:fa:b6:1b:1e:95:f2:d7:a1:eb:8d:40:38:c3:d2: + f7:07:63:31:2d:93:cc:71:a6:e1:41:a3:f6:31:22:67:c8:3b: + 65:fd:4d:c8:4b:07:2a:52:f6:51:9a:2d:9f:b3:94:e9:a2:35: + 70:08:a2:a7:b2:ab:c6:fd:e9:62:74:07:5c:eb:2d:19:c4:8d: + 10:10:d1:f5:f4:80:b2:2f:00:ff:c4:94:30:b2:b5:db:be:e0: + 9c:b9:ff:2f:7c:dc:96:ae:06:c0:0a:93:2e:19:7c:f8:28:79: + 02:ac:c5:59:14:cd:63:24:f3:6e:c4:87:80:19:ce:ea:00:72: + 9e:87:7d:02:5c:34:01:74:f7:a8:6e:66:b4:d3:99:4e:57:d7: + 43:32:3b:c1:9d:08:65:06:f7:e2:e0:35:22:88:2f:9c:fd:5e: + 95:ee:d9:38:90:17:0b:ee:87:81:47:13:de:42:8e:48:1a:c1: + 0f:93:f3:b4:3a:28:5a:8d:66:6c:1d:9f:95:b7:75:41:d0:cf: + 9d:30:2e:5d:a6:af:3b:05:e1:0c:ff:1f:a1:c1:e7:3e:3e:14: + 6d:01:52:e0:b8:40:12:fe:c4:4c:48:88:0f:ad:43:c9:06:54: + b1:76:a4:3f:24:16:62:08:bb:51:ff:81:86:b4:af:eb:d3:62: + ad:df:41:bb:58:85:42:cf:1b:6d:a9:32:8b:39:fb:7d:e9:2e: + cc:58:fb:bb:e5:da:35:89:38:7e:18:85:dd:80:2a:08:d6:0d: + 8b:25:b4:34:9f:c3:46:bf:ad:af:87:89:59:26:8d:17:f4:7f: + 42:dd:54:b2:40:1d:82:95:a1:40:bb:33:57:fa:c1:c4:fb:e6: + 4c:4b:ef:e8:03:dc:09:d4:83:17:97:67:ad:f3:e3:31:1b:19: + 28:3e:63:4d:1e:9c:de:be:0f:0d:cd:72:9c:0f:5f:2c:7d:0d: + 67:14:aa:a5:8b:37:da:c0:66:a6:2a:05:16:3d:f7:3c:42:cf: + 99:50:d9:06:15:23:3b:2a +-----BEGIN CERTIFICATE----- +MIIG6TCCBNGgAwIBAgIUGf80Vp02a6H2bo2VMu4F0FW53R0wDQYJKoZIhvcNAQEM +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xNzA0MTkxODM4NTBaFw0y +NTA0MTkxODM4NTBaMEYxCzAJBgNVBAYTAkFFMRcwFQYDVQQKDA5EYXJrTWF0dGVy +IExMQzEeMBwGA1UEAwwVRGFya01hdHRlciBBc3N1cmVkIENBMIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAiRT5lHcVaHnAG5VMcsD3QLEByPaQ+B3Uikcj +TnxLfnM/4WUW20LEDuzs0JnvJ13zsfxMPrtILOgegZTdpz5m6w9mK4kiYq8d2oKC +G4s1NDVGGXMjJ5VncrHmWQJ9ywJ86FGyC75IMQOG7+m//Zm0AC1XLkmwof1nZaeQ +7no6kzPo8/smTIwSTY8L0QTJekco9UidTW1uCwObsSOGyN7oc/xTI75QMwx3N1eJ +iDBXdfMDjMz+TL4UOh8a425XFHsSt5bqs4vtiAXVdfL2Ci0r5xREmuoXBPtLsoQQ +aF6g48WIF/RPxB3BtsTzUFiBjafVGZrc9h9UCod9GagXaImdQe9fcX9S+xHHuoin +Xnkqk5YiQTaNQUtSdrjW1kEyR6qn74EHEtGaC5kGypxezuRfjS2Cqc8NWbcmEa5M +yNfiuHDQoUYfHcgXyKH/GqklWRpI3Wlymlng43RLDWOFKm23RQWSbc0wW176DBKW +QtH3Ru7Va1y1Pl0v3KzI5LryXNltSQnuurNu7cSGEVkl+JuYg8UhG954lF8ZQBhA +fkA6VM85bO+KqoAXtCCKZPWicwz0R2dopO7aCIS9xKROpI/bxK5c1TmIq7kQYR9U +VH9pJDJf/VGY+zlEDhbUfnk7qUAA4Ax0yqXp3iJ4g9n5NQRD/SeXjhTjYnx77jMc +4sHAq3MCAwEAAaOCAcswggHHMBIGA1UdEwEB/wQIMAYBAf8CAQAwUgYDVR0gBEsw +STA5BgpghhABAQcjAgICMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vY2EuZGFya21h +dHRlci5hZS9pQ1BTMAwGCisGAQQBvlgBgiwwcQYIKwYBBQUHAQEEZTBjMCoGCCsG +AQUFBzABhh5odHRwOi8vb2NzcC5xdW92YWRpc2dsb2JhbC5jb20wNQYIKwYBBQUH +MAKGKWh0dHA6Ly9jYWNlcnRzLmRhcmttYXR0ZXIuYWUvcXZyY2EzZzMuY3J0MA4G +A1UdDwEB/wQEAwIBhjAzBgNVHSUELDAqBggrBgEFBQcDAgYIKwYBBQUHAwkGCCsG +AQUFBwMEBgorBgEEAYI3CgMMMB8GA1UdIwQYMBaAFMYX0Lyo6gJD8hsGmV0rkCC5 +15zkMGUGA1UdHwReMFwwLKAqoCiGJmh0dHA6Ly9jcmwxLmRhcmttYXR0ZXIuYWUv +cXZyY2EzZzMuY3JsMCygKqAohiZodHRwOi8vY3JsMi5kYXJrbWF0dGVyLmFlL3F2 +cmNhM2czLmNybDAdBgNVHQ4EFgQUBWFBxj0NKL5in5jzr6Mz6sD98OkwDQYJKoZI +hvcNAQEMBQADggIBAH4wWspsXQDZlDjDyrfKUMHRxUWT93YbuybYY/KgPkSXYNG+ +BLqjd5/1V8u+5ldyIFyBXTlo5bfkHaxDw0g3RfTx9M3gyvE8ZTqv5j7OzShH7dHn +JP0IMuSJFf0w10iE63V8PuRVQrS4G5h7a8uR/zT50+zUO6LkW0w05mrsykalR+H6 +thselfLXoeuNQDjD0vcHYzEtk8xxpuFBo/YxImfIO2X9TchLBypS9lGaLZ+zlOmi +NXAIoqeyq8b96WJ0B1zrLRnEjRAQ0fX0gLIvAP/ElDCytdu+4Jy5/y983JauBsAK +ky4ZfPgoeQKsxVkUzWMk827Eh4AZzuoAcp6HfQJcNAF096huZrTTmU5X10MyO8Gd +CGUG9+LgNSKIL5z9XpXu2TiQFwvuh4FHE95CjkgawQ+T87Q6KFqNZmwdn5W3dUHQ +z50wLl2mrzsF4Qz/H6HB5z4+FG0BUuC4QBL+xExIiA+tQ8kGVLF2pD8kFmIIu1H/ +gYa0r+vTYq3fQbtYhULPG22pMos5+33pLsxY+7vl2jWJOH4Yhd2AKgjWDYsltDSf +w0a/ra+HiVkmjRf0f0LdVLJAHYKVoUC7M1f6wcT75kxL7+gD3AnUgxeXZ63z4zEb +GSg+Y00enN6+Dw3NcpwPXyx9DWcUqqWLN9rAZqYqBRY99zxCz5lQ2QYVIzsq +-----END CERTIFICATE----- diff --git a/chromium/net/data/ssl/certificates/README b/chromium/net/data/ssl/certificates/README index 32c7d287b1f..9f9714f6321 100644 --- a/chromium/net/data/ssl/certificates/README +++ b/chromium/net/data/ssl/certificates/README @@ -95,10 +95,6 @@ unit tests. - unittest.key.bin : private key stored unencrypted. -- unittest.originbound.der: A test origin-bound certificate for - https://www.google.com:443. -- unittest.originbound.key.der: matching PrivateKeyInfo. - - multivalue_rdn.pem : A regression test for http://crbug.com/101009. A certificate with all of the AttributeTypeAndValues stored within a single RelativeDistinguishedName, rather than one AVA per RDN as normally seen. diff --git a/chromium/net/data/ssl/certificates/unittest.originbound.der b/chromium/net/data/ssl/certificates/unittest.originbound.der deleted file mode 100644 index b37f59396e2..00000000000 Binary files a/chromium/net/data/ssl/certificates/unittest.originbound.der and /dev/null differ diff --git a/chromium/net/data/ssl/certificates/unittest.originbound.key.der b/chromium/net/data/ssl/certificates/unittest.originbound.key.der deleted file mode 100644 index 1ecdd1ebc10..00000000000 --- a/chromium/net/data/ssl/certificates/unittest.originbound.key.der +++ /dev/null @@ -1,2 +0,0 @@ -0¸0# -*†H†÷  0ÇÙº§‚çưy©mµwÄq#úO'³0ˆf¬vm*ÇLà̃u[Âçó}:xª¿̃øOf²½₫7­Vu{)Ôç¯Hî†A‘Œöt£ <ª̀\Û‘eđNesejÅû¢‹)ÄÔ=iÀ÷ÀP:đlJ(8dïv×Å´›¨Ư6$kÁt"M¿Î+êeç]—¸¥4\&vI–]rå)&|ÈSÀ³ \ No newline at end of file diff --git a/chromium/net/der/parser.cc b/chromium/net/der/parser.cc index 4a43c2f275b..df7f11888c0 100644 --- a/chromium/net/der/parser.cc +++ b/chromium/net/der/parser.cc @@ -61,9 +61,9 @@ bool Parser::ReadTagAndValue(Tag* tag, Input* out) { return true; } -bool Parser::ReadOptionalTag(Tag tag, Input* out, bool* present) { +bool Parser::ReadOptionalTag(Tag tag, base::Optional* out) { if (!HasMore()) { - *present = false; + *out = base::nullopt; return true; } Tag actual_tag; @@ -73,15 +73,23 @@ bool Parser::ReadOptionalTag(Tag tag, Input* out, bool* present) { } if (actual_tag == tag) { CHECK(Advance()); - *present = true; *out = value; } else { advance_len_ = 0; - *present = false; + *out = base::nullopt; } return true; } +bool Parser::ReadOptionalTag(Tag tag, Input* out, bool* present) { + base::Optional tmp_out; + if (!ReadOptionalTag(tag, &tmp_out)) + return false; + *present = tmp_out.has_value(); + *out = tmp_out.value_or(der::Input()); + return true; +} + bool Parser::SkipOptionalTag(Tag tag, bool* present) { Input out; return ReadOptionalTag(tag, &out, present); diff --git a/chromium/net/der/parser.h b/chromium/net/der/parser.h index fa96ba907e0..410a5aeb3d1 100644 --- a/chromium/net/der/parser.h +++ b/chromium/net/der/parser.h @@ -9,6 +9,7 @@ #include "base/compiler_specific.h" #include "base/macros.h" +#include "base/optional.h" #include "net/base/net_export.h" #include "net/der/input.h" #include "net/der/tag.h" @@ -116,11 +117,20 @@ class NET_EXPORT Parser { // to parse any structure with these 4 methods; convenience methods are also // provided to make some cases easier. + // If the current tag in the input is |tag|, it puts the corresponding value + // in |out| and advances the input to the next TLV. If the current tag is + // something else, then |out| is set to nullopt and the input is not + // advanced. Like ReadTagAndValue, it returns false if the encoding is + // invalid and does not advance the input. + bool ReadOptionalTag(Tag tag, base::Optional* out) WARN_UNUSED_RESULT; + // If the current tag in the input is |tag|, it puts the corresponding value // in |out|, sets |was_present| to true, and advances the input to the next // TLV. If the current tag is something else, then |was_present| is set to // false and the input is not advanced. Like ReadTagAndValue, it returns // false if the encoding is invalid and does not advance the input. + // DEPRECATED: use the base::Optional version above in new code. + // TODO(mattm): convert the existing callers and remove this override. bool ReadOptionalTag(Tag tag, Input* out, bool* was_present) WARN_UNUSED_RESULT; diff --git a/chromium/net/der/parser_unittest.cc b/chromium/net/der/parser_unittest.cc index 781bd34f3b2..7c51b0e0f1e 100644 --- a/chromium/net/der/parser_unittest.cc +++ b/chromium/net/der/parser_unittest.cc @@ -65,6 +65,92 @@ TEST(ParserTest, FailsIfLengthOverlapsAnotherTLV) { ASSERT_FALSE(inner_sequence.ReadTagAndValue(&tag, &value)); } +TEST(ParserTest, ReadOptionalTagPresent) { + // DER encoding of 2 top-level TLV values: + // INTEGER { 1 } + // OCTET_STRING { `02` } + const uint8_t der[] = {0x02, 0x01, 0x01, 0x04, 0x01, 0x02}; + Parser parser((Input(der))); + + Input value; + bool present; + ASSERT_TRUE(parser.ReadOptionalTag(kInteger, &value, &present)); + ASSERT_TRUE(present); + const uint8_t expected_int_value[] = {0x01}; + ASSERT_EQ(Input(expected_int_value), value); + + Tag tag; + ASSERT_TRUE(parser.ReadTagAndValue(&tag, &value)); + ASSERT_EQ(kOctetString, tag); + const uint8_t expected_octet_string_value[] = {0x02}; + ASSERT_EQ(Input(expected_octet_string_value), value); + + ASSERT_FALSE(parser.HasMore()); +} + +TEST(ParserTest, ReadOptionalTag2Present) { + // DER encoding of 2 top-level TLV values: + // INTEGER { 1 } + // OCTET_STRING { `02` } + const uint8_t der[] = {0x02, 0x01, 0x01, 0x04, 0x01, 0x02}; + Parser parser((Input(der))); + + base::Optional optional_value; + ASSERT_TRUE(parser.ReadOptionalTag(kInteger, &optional_value)); + ASSERT_TRUE(optional_value.has_value()); + const uint8_t expected_int_value[] = {0x01}; + ASSERT_EQ(Input(expected_int_value), *optional_value); + + Tag tag; + Input value; + ASSERT_TRUE(parser.ReadTagAndValue(&tag, &value)); + ASSERT_EQ(kOctetString, tag); + const uint8_t expected_octet_string_value[] = {0x02}; + ASSERT_EQ(Input(expected_octet_string_value), value); + + ASSERT_FALSE(parser.HasMore()); +} + +TEST(ParserTest, ReadOptionalTagNotPresent) { + // DER encoding of 1 top-level TLV value: + // OCTET_STRING { `02` } + const uint8_t der[] = {0x04, 0x01, 0x02}; + Parser parser((Input(der))); + + Input value; + bool present; + ASSERT_TRUE(parser.ReadOptionalTag(kInteger, &value, &present)); + ASSERT_FALSE(present); + + Tag tag; + ASSERT_TRUE(parser.ReadTagAndValue(&tag, &value)); + ASSERT_EQ(kOctetString, tag); + const uint8_t expected_octet_string_value[] = {0x02}; + ASSERT_EQ(Input(expected_octet_string_value), value); + + ASSERT_FALSE(parser.HasMore()); +} + +TEST(ParserTest, ReadOptionalTag2NotPresent) { + // DER encoding of 1 top-level TLV value: + // OCTET_STRING { `02` } + const uint8_t der[] = {0x04, 0x01, 0x02}; + Parser parser((Input(der))); + + base::Optional optional_value; + ASSERT_TRUE(parser.ReadOptionalTag(kInteger, &optional_value)); + ASSERT_FALSE(optional_value.has_value()); + + Tag tag; + Input value; + ASSERT_TRUE(parser.ReadTagAndValue(&tag, &value)); + ASSERT_EQ(kOctetString, tag); + const uint8_t expected_octet_string_value[] = {0x02}; + ASSERT_EQ(Input(expected_octet_string_value), value); + + ASSERT_FALSE(parser.HasMore()); +} + TEST(ParserTest, CanSkipOptionalTagAtEndOfInput) { const uint8_t der[] = {0x02 /* INTEGER */, 0x01, 0x01}; Parser parser((Input(der))); diff --git a/chromium/net/disk_cache/backend_unittest.cc b/chromium/net/disk_cache/backend_unittest.cc index ac46244b366..b7bba50b9bf 100644 --- a/chromium/net/disk_cache/backend_unittest.cc +++ b/chromium/net/disk_cache/backend_unittest.cc @@ -4992,12 +4992,26 @@ TEST_F(DiskCacheBackendTest, MAYBE_NonEmptyCorruptSimpleCacheDoesNotRecover) { } TEST_F(DiskCacheBackendTest, SimpleOwnershipTransferBackendDestroyRace) { + struct CleanupContext { + explicit CleanupContext(bool* ran_ptr) : ran_ptr(ran_ptr) {} + ~CleanupContext() { + *ran_ptr = true; + // A realistic CleanupContext would call Close on non-null, + // which would be a double-Close when what this is testing was broken. + // Here, just check for expected case. + EXPECT_EQ(owned_entry, nullptr); + } + + bool* ran_ptr; + disk_cache::Entry* owned_entry = nullptr; + }; + const char kKey[] = "skeleton"; // See https://crbug.com/946349 // This tests that if the SimpleBackendImpl is destroyed after SimpleEntryImpl // decides to return an entry to the caller, but before the callback is run - // that no entry is leaked. + // that no entry is leaked, and that the out pointer is not written to. SetSimpleCacheMode(); InitCache(); @@ -5006,11 +5020,30 @@ TEST_F(DiskCacheBackendTest, SimpleOwnershipTransferBackendDestroyRace) { // Make sure create actually succeeds, not just optimistically. RunUntilIdle(); - disk_cache::Entry* alias = nullptr; - // This is relying on the alias code resulting in synchronous posting of async - // result, so that backend destruction can be neatly slotted in between. + bool cleanup_context_ran = false; + auto cleanup_context = std::make_unique(&cleanup_context_ran); + disk_cache::Entry** dest = &cleanup_context->owned_entry; + + // The OpenEntry code below will find a pre-existing entry in a READY state, + // so it will immediately post a task to return a result. Destroying the + // backend before running the event loop again will run that callback in the + // dead-backend state, while OpenEntry completion was still with it alive. + EXPECT_EQ(net::ERR_IO_PENDING, - cache_->OpenEntry(kKey, net::HIGHEST, &alias, base::DoNothing())); + cache_->OpenEntry( + kKey, net::HIGHEST, dest, + base::BindOnce( + [](std::unique_ptr, int net_status) { + // The callback is here for ownership of CleanupContext, + // and it shouldn't get invoked in this test. + ADD_FAILURE() << "This should not actually run"; + }, + std::move(cleanup_context)))); cache_.reset(); + + // Give CleanupContext a chance to do its thing. + RunUntilIdle(); + EXPECT_TRUE(cleanup_context_ran); + entry->Close(); } diff --git a/chromium/net/disk_cache/blockfile/backend_impl.cc b/chromium/net/disk_cache/blockfile/backend_impl.cc index bc53189510f..b231b7caa42 100644 --- a/chromium/net/disk_cache/blockfile/backend_impl.cc +++ b/chromium/net/disk_cache/blockfile/backend_impl.cc @@ -173,8 +173,7 @@ BackendImpl::BackendImpl( consider_evicting_at_op_end_(false), net_log_(net_log), done_(base::WaitableEvent::ResetPolicy::MANUAL, - base::WaitableEvent::InitialState::NOT_SIGNALED), - ptr_factory_(this) {} + base::WaitableEvent::InitialState::NOT_SIGNALED) {} BackendImpl::BackendImpl( const base::FilePath& path, @@ -202,8 +201,7 @@ BackendImpl::BackendImpl( consider_evicting_at_op_end_(false), net_log_(net_log), done_(base::WaitableEvent::ResetPolicy::MANUAL, - base::WaitableEvent::InitialState::NOT_SIGNALED), - ptr_factory_(this) {} + base::WaitableEvent::InitialState::NOT_SIGNALED) {} BackendImpl::~BackendImpl() { if (user_flags_ & kNoRandom) { @@ -1937,11 +1935,6 @@ void BackendImpl::ReportStats() { stats_.SetCounter(Stats::DOOM_CACHE, 0); stats_.SetCounter(Stats::DOOM_RECENT, 0); - int age = (Time::Now() - - Time::FromInternalValue(data_->header.create_time)).InHours(); - if (age) - CACHE_UMA(HOURS, "FilesAge", 0, age); - int64_t total_hours = stats_.GetCounter(Stats::TIMER) / 120; if (!data_->header.create_time || !data_->header.lru.filled) { int cause = data_->header.create_time ? 0 : 1; diff --git a/chromium/net/disk_cache/blockfile/backend_impl.h b/chromium/net/disk_cache/blockfile/backend_impl.h index 99d28d7b966..16a492ba739 100644 --- a/chromium/net/disk_cache/blockfile/backend_impl.h +++ b/chromium/net/disk_cache/blockfile/backend_impl.h @@ -430,7 +430,7 @@ class NET_EXPORT_PRIVATE BackendImpl : public Backend { std::unique_ptr timer_; // Usage timer. base::WaitableEvent done_; // Signals the end of background work. scoped_refptr trace_object_; // Initializes internal tracing. - base::WeakPtrFactory ptr_factory_; + base::WeakPtrFactory ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(BackendImpl); }; diff --git a/chromium/net/disk_cache/blockfile/entry_impl.cc b/chromium/net/disk_cache/blockfile/entry_impl.cc index 7323333edc7..8e5fc81b4f8 100644 --- a/chromium/net/disk_cache/blockfile/entry_impl.cc +++ b/chromium/net/disk_cache/blockfile/entry_impl.cc @@ -71,9 +71,9 @@ void SyncCallback::OnFileIOComplete(int bytes_copied) { entry_->DecrementIoCount(); if (!callback_.is_null()) { if (entry_->net_log().IsCapturing()) { - entry_->net_log().EndEvent( - end_event_type_, - disk_cache::CreateNetLogReadWriteCompleteCallback(bytes_copied)); + disk_cache::NetLogReadWriteComplete(entry_->net_log(), end_event_type_, + net::NetLogEventPhase::END, + bytes_copied); } entry_->ReportIOTime(disk_cache::EntryImpl::kAsyncIO, start_); buf_ = nullptr; // Release the buffer before invoking the callback. @@ -335,17 +335,17 @@ int EntryImpl::ReadDataImpl(int index, int buf_len, CompletionOnceCallback callback) { if (net_log_.IsCapturing()) { - net_log_.BeginEvent( - net::NetLogEventType::ENTRY_READ_DATA, - CreateNetLogReadWriteDataCallback(index, offset, buf_len, false)); + NetLogReadWriteData(net_log_, net::NetLogEventType::ENTRY_READ_DATA, + net::NetLogEventPhase::BEGIN, index, offset, buf_len, + false); } int result = InternalReadData(index, offset, buf, buf_len, std::move(callback)); if (result != net::ERR_IO_PENDING && net_log_.IsCapturing()) { - net_log_.EndEvent(net::NetLogEventType::ENTRY_READ_DATA, - CreateNetLogReadWriteCompleteCallback(result)); + NetLogReadWriteComplete(net_log_, net::NetLogEventType::ENTRY_READ_DATA, + net::NetLogEventPhase::END, result); } return result; } @@ -357,17 +357,17 @@ int EntryImpl::WriteDataImpl(int index, CompletionOnceCallback callback, bool truncate) { if (net_log_.IsCapturing()) { - net_log_.BeginEvent( - net::NetLogEventType::ENTRY_WRITE_DATA, - CreateNetLogReadWriteDataCallback(index, offset, buf_len, truncate)); + NetLogReadWriteData(net_log_, net::NetLogEventType::ENTRY_WRITE_DATA, + net::NetLogEventPhase::BEGIN, index, offset, buf_len, + truncate); } int result = InternalWriteData(index, offset, buf, buf_len, std::move(callback), truncate); if (result != net::ERR_IO_PENDING && net_log_.IsCapturing()) { - net_log_.EndEvent(net::NetLogEventType::ENTRY_WRITE_DATA, - CreateNetLogReadWriteCompleteCallback(result)); + NetLogReadWriteComplete(net_log_, net::NetLogEventType::ENTRY_WRITE_DATA, + net::NetLogEventPhase::END, result); } return result; } @@ -752,9 +752,9 @@ void EntryImpl::BeginLogging(net::NetLog* net_log, bool created) { DCHECK(!net_log_.net_log()); net_log_ = net::NetLogWithSource::Make( net_log, net::NetLogSourceType::DISK_CACHE_ENTRY); - net_log_.BeginEvent( - net::NetLogEventType::DISK_CACHE_ENTRY_IMPL, - CreateNetLogParametersEntryCreationCallback(this, created)); + net_log_.BeginEvent(net::NetLogEventType::DISK_CACHE_ENTRY_IMPL, [&] { + return CreateNetLogParametersEntryCreationParams(this, created); + }); } const net::NetLogWithSource& EntryImpl::net_log() const { diff --git a/chromium/net/disk_cache/blockfile/eviction.cc b/chromium/net/disk_cache/blockfile/eviction.cc index 2608c7a1b4f..489f5494f10 100644 --- a/chromium/net/disk_cache/blockfile/eviction.cc +++ b/chromium/net/disk_cache/blockfile/eviction.cc @@ -79,7 +79,7 @@ namespace disk_cache { // The real initialization happens during Init(), init_ is the only member that // has to be initialized here. -Eviction::Eviction() : backend_(nullptr), init_(false), ptr_factory_(this) {} +Eviction::Eviction() : backend_(nullptr), init_(false) {} Eviction::~Eviction() = default; diff --git a/chromium/net/disk_cache/blockfile/eviction.h b/chromium/net/disk_cache/blockfile/eviction.h index baea659e247..283463f5808 100644 --- a/chromium/net/disk_cache/blockfile/eviction.h +++ b/chromium/net/disk_cache/blockfile/eviction.h @@ -81,7 +81,7 @@ class Eviction { bool delay_trim_; bool init_; bool test_mode_; - base::WeakPtrFactory ptr_factory_; + base::WeakPtrFactory ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(Eviction); }; diff --git a/chromium/net/disk_cache/blockfile/histogram_macros.h b/chromium/net/disk_cache/blockfile/histogram_macros.h index a2204b0eaa0..3a681779df0 100644 --- a/chromium/net/disk_cache/blockfile/histogram_macros.h +++ b/chromium/net/disk_cache/blockfile/histogram_macros.h @@ -102,7 +102,8 @@ case net::PNACL_CACHE: \ CACHE_HISTOGRAM_##type(my_name.data(), sample); \ break; \ - case net::GENERATED_CODE_CACHE: \ + case net::GENERATED_BYTE_CODE_CACHE: \ + case net::GENERATED_NATIVE_CODE_CACHE: \ break; \ } \ } diff --git a/chromium/net/disk_cache/blockfile/in_flight_backend_io.cc b/chromium/net/disk_cache/blockfile/in_flight_backend_io.cc index 32895a59047..c4922955b42 100644 --- a/chromium/net/disk_cache/blockfile/in_flight_backend_io.cc +++ b/chromium/net/disk_cache/blockfile/in_flight_backend_io.cc @@ -396,10 +396,7 @@ void BackendIO::ExecuteEntryOperation() { InFlightBackendIO::InFlightBackendIO( BackendImpl* backend, const scoped_refptr& background_thread) - : backend_(backend), - background_thread_(background_thread), - ptr_factory_(this) { -} + : backend_(backend), background_thread_(background_thread) {} InFlightBackendIO::~InFlightBackendIO() = default; diff --git a/chromium/net/disk_cache/blockfile/in_flight_backend_io.h b/chromium/net/disk_cache/blockfile/in_flight_backend_io.h index 7d0502192fe..724cc338323 100644 --- a/chromium/net/disk_cache/blockfile/in_flight_backend_io.h +++ b/chromium/net/disk_cache/blockfile/in_flight_backend_io.h @@ -251,7 +251,7 @@ class InFlightBackendIO : public InFlightIO { void PostOperation(const base::Location& from_here, BackendIO* operation); BackendImpl* backend_; scoped_refptr background_thread_; - base::WeakPtrFactory ptr_factory_; + base::WeakPtrFactory ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(InFlightBackendIO); }; diff --git a/chromium/net/disk_cache/blockfile/sparse_control.cc b/chromium/net/disk_cache/blockfile/sparse_control.cc index f06489014a7..cdde574433b 100644 --- a/chromium/net/disk_cache/blockfile/sparse_control.cc +++ b/chromium/net/disk_cache/blockfile/sparse_control.cc @@ -290,9 +290,8 @@ int SparseControl::StartIO(SparseOperation op, abort_ = false; if (entry_->net_log().IsCapturing()) { - entry_->net_log().BeginEvent( - GetSparseEventType(operation_), - CreateNetLogSparseOperationCallback(offset_, buf_len_)); + NetLogSparseOperation(entry_->net_log(), GetSparseEventType(operation_), + net::NetLogEventPhase::BEGIN, offset_, buf_len_); } DoChildrenIO(); @@ -690,9 +689,9 @@ void SparseControl::DoChildrenIO() { // Range operations are finished synchronously, often without setting // |finished_| to true. if (kGetRangeOperation == operation_ && entry_->net_log().IsCapturing()) { - entry_->net_log().EndEvent( - net::NetLogEventType::SPARSE_GET_RANGE, - CreateNetLogGetAvailableRangeResultCallback(offset_, result_)); + entry_->net_log().EndEvent(net::NetLogEventType::SPARSE_GET_RANGE, [&] { + return CreateNetLogGetAvailableRangeResultParams(offset_, result_); + }); } if (finished_) { if (kGetRangeOperation != operation_ && entry_->net_log().IsCapturing()) { @@ -726,20 +725,20 @@ bool SparseControl::DoChildIO() { switch (operation_) { case kReadOperation: if (entry_->net_log().IsCapturing()) { - entry_->net_log().BeginEvent( - net::NetLogEventType::SPARSE_READ_CHILD_DATA, - CreateNetLogSparseReadWriteCallback(child_->net_log().source(), - child_len_)); + NetLogSparseReadWrite(entry_->net_log(), + net::NetLogEventType::SPARSE_READ_CHILD_DATA, + net::NetLogEventPhase::BEGIN, + child_->net_log().source(), child_len_); } rv = child_->ReadDataImpl(kSparseData, child_offset_, user_buf_.get(), child_len_, std::move(callback)); break; case kWriteOperation: if (entry_->net_log().IsCapturing()) { - entry_->net_log().BeginEvent( - net::NetLogEventType::SPARSE_WRITE_CHILD_DATA, - CreateNetLogSparseReadWriteCallback(child_->net_log().source(), - child_len_)); + NetLogSparseReadWrite(entry_->net_log(), + net::NetLogEventType::SPARSE_WRITE_CHILD_DATA, + net::NetLogEventPhase::BEGIN, + child_->net_log().source(), child_len_); } rv = child_->WriteDataImpl(kSparseData, child_offset_, user_buf_.get(), child_len_, std::move(callback), false); diff --git a/chromium/net/disk_cache/blockfile/stats.cc b/chromium/net/disk_cache/blockfile/stats.cc index 161e0135142..43c6758ccfe 100644 --- a/chromium/net/disk_cache/blockfile/stats.cc +++ b/chromium/net/disk_cache/blockfile/stats.cc @@ -139,26 +139,12 @@ void Stats::InitSizeHistogram() { return; first_time = false; - int min = 1; - int max = 64 * 1024; - int num_buckets = 75; - base::BucketRanges ranges(num_buckets + 1); - base::Histogram::InitializeBucketRanges(min, max, &ranges); - - base::HistogramBase* stats_histogram = base::Histogram::FactoryGet( - "DiskCache.SizeStats2", min, max, num_buckets, - base::HistogramBase::kUmaTargetedHistogramFlag); - - base::SampleVector samples(&ranges); for (int i = 0; i < kDataSizesLength; i++) { // This is a good time to fix any inconsistent data. The count should be // always positive, but if it's not, reset the value now. if (data_sizes_[i] < 0) data_sizes_[i] = 0; - - samples.Accumulate(GetBucketRange(i) / 1024, data_sizes_[i]); } - stats_histogram->AddSamples(samples); } int Stats::StorageSize() { diff --git a/chromium/net/disk_cache/disk_cache_fuzzer.cc b/chromium/net/disk_cache/disk_cache_fuzzer.cc index e0d6561fd37..a840879548a 100644 --- a/chromium/net/disk_cache/disk_cache_fuzzer.cc +++ b/chromium/net/disk_cache/disk_cache_fuzzer.cc @@ -82,18 +82,12 @@ struct InitGlobals { print_comms_ = ::getenv("LPM_DUMP_NATIVE_INPUT"); - // Mark this thread as an IO_THREAD with MOCK_TIME, and ensure that every - // other thread's time is driven from this thread's MOCK_TIME. - scoped_task_environment_ = std::make_unique< - base::test::ScopedTaskEnvironment>( - base::test::ScopedTaskEnvironment::MainThreadType::IO_MOCK_TIME, - base::test::ScopedTaskEnvironment::NowSource::MAIN_THREAD_MOCK_TIME); - - // Work around for a DCHECK issue: DCHECK(!TimeTicks::Now().is_null()) - // Since MOCK_TIME starts at 0 the starting time is considered null. - // So make it non-zero. - scoped_task_environment_->FastForwardBy( - base::TimeDelta::FromMilliseconds(1)); + // Mark this thread as an IO_THREAD with MOCK_TIME, and ensure that Now() + // is driven from the same mock clock. + scoped_task_environment_ = + std::make_unique( + base::test::ScopedTaskEnvironment::MainThreadType::IO, + base::test::ScopedTaskEnvironment::TimeSource::MOCK_TIME_AND_NOW); // Disable noisy logging as per "libFuzzer in Chrome" documentation: // testing/libfuzzer/getting_started.md#Disable-noisy-error-message-logging. @@ -270,9 +264,13 @@ net::CacheType GetCacheTypeAndPrint( MAYBE_PRINT << "Cache type = PNACL_CACHE." << std::endl; return net::CacheType::PNACL_CACHE; break; - case disk_cache_fuzzer::FuzzCommands::GENERATED_CODE_CACHE: - MAYBE_PRINT << "Cache type = GENERATED_CODE_CACHE." << std::endl; - return net::CacheType::GENERATED_CODE_CACHE; + case disk_cache_fuzzer::FuzzCommands::GENERATED_BYTE_CODE_CACHE: + MAYBE_PRINT << "Cache type = GENERATED_BYTE_CODE_CACHE." << std::endl; + return net::CacheType::GENERATED_BYTE_CODE_CACHE; + break; + case disk_cache_fuzzer::FuzzCommands::GENERATED_NATIVE_CODE_CACHE: + MAYBE_PRINT << "Cache type = GENERATED_NATIVE_CODE_CACHE." << std::endl; + return net::CacheType::GENERATED_NATIVE_CODE_CACHE; break; case disk_cache_fuzzer::FuzzCommands::DISK_CACHE: MAYBE_PRINT << "Cache type = DISK_CACHE." << std::endl; diff --git a/chromium/net/disk_cache/disk_cache_fuzzer.proto b/chromium/net/disk_cache/disk_cache_fuzzer.proto index 2918d9f7c00..779bdb59af3 100644 --- a/chromium/net/disk_cache/disk_cache_fuzzer.proto +++ b/chromium/net/disk_cache/disk_cache_fuzzer.proto @@ -28,8 +28,9 @@ message FuzzCommands { MEDIA_CACHE = 2; SHADER_CACHE = 3; PNACL_CACHE = 4; - GENERATED_CODE_CACHE = 5; + GENERATED_BYTE_CODE_CACHE = 5; DISK_CACHE = 6; + GENERATED_NATIVE_CODE_CACHE = 7; } required CacheType cache_type = 4; diff --git a/chromium/net/disk_cache/entry_unittest.cc b/chromium/net/disk_cache/entry_unittest.cc index d70451aefb4..f39812a5287 100644 --- a/chromium/net/disk_cache/entry_unittest.cc +++ b/chromium/net/disk_cache/entry_unittest.cc @@ -81,6 +81,7 @@ class DiskCacheEntryTest : public DiskCacheTestWithCache { void DoomSparseEntry(); void PartialSparseEntry(); void SparseInvalidArg(); + void SparseClipEnd(bool expected_unsupported); bool SimpleCacheMakeBadChecksumEntry(const std::string& key, int data_size); bool SimpleCacheThirdStreamFileExists(const char* key); void SyncDoomEntry(const char* key); @@ -2430,6 +2431,14 @@ void DiskCacheEntryTest::SparseInvalidArg() { EXPECT_EQ(net::ERR_INVALID_ARGUMENT, GetAvailableRange(entry, 0, -1, &start_out)); + int rv = WriteSparseData( + entry, std::numeric_limits::max() - kSize + 1, buf.get(), kSize); + // Blockfile rejects anything over 64GiB with + // net::ERR_CACHE_OPERATION_NOT_SUPPORTED, which is also OK here, as it's not + // an overflow or something else nonsensical. + EXPECT_TRUE(rv == net::ERR_INVALID_ARGUMENT || + rv == net::ERR_CACHE_OPERATION_NOT_SUPPORTED); + entry->Close(); } @@ -2450,6 +2459,67 @@ TEST_F(DiskCacheEntryTest, SimpleSparseInvalidArg) { SparseInvalidArg(); } +void DiskCacheEntryTest::SparseClipEnd(bool expect_unsupported) { + std::string key("key"); + disk_cache::Entry* entry = nullptr; + ASSERT_THAT(CreateEntry(key, &entry), IsOk()); + + const int kSize = 1024; + scoped_refptr buf = base::MakeRefCounted(kSize); + CacheTestFillBuffer(buf->data(), kSize, false); + + scoped_refptr read_buf = + base::MakeRefCounted(kSize * 2); + CacheTestFillBuffer(read_buf->data(), kSize * 2, false); + + const int64_t kOffset = std::numeric_limits::max() - kSize; + int rv = WriteSparseData(entry, kOffset, buf.get(), kSize); + EXPECT_EQ( + rv, expect_unsupported ? net::ERR_CACHE_OPERATION_NOT_SUPPORTED : kSize); + + // Try to read further than offset range, should get clipped (if supported). + rv = ReadSparseData(entry, kOffset, read_buf.get(), kSize * 2); + if (expect_unsupported) { + EXPECT_EQ(rv, net::ERR_CACHE_OPERATION_NOT_SUPPORTED); + } else { + EXPECT_EQ(kSize, rv); + EXPECT_EQ(0, memcmp(buf->data(), read_buf->data(), kSize)); + } + + int64_t out_start = 0; + net::TestCompletionCallback cb; + rv = entry->GetAvailableRange(kOffset - kSize, kSize * 3, &out_start, + cb.callback()); + rv = cb.GetResult(rv); + if (expect_unsupported) { + EXPECT_EQ(rv, net::ERR_CACHE_OPERATION_NOT_SUPPORTED); + } else { + EXPECT_EQ(kSize, rv); + EXPECT_EQ(kOffset, out_start); + } + + entry->Close(); +} + +TEST_F(DiskCacheEntryTest, SparseClipEnd) { + InitCache(); + + // Blockfile refuses to deal with sparse indices over 64GiB. + SparseClipEnd(/* expect_unsupported = */ true); +} + +TEST_F(DiskCacheEntryTest, MemoryOnlySparseClipEnd) { + SetMemoryOnlyMode(); + InitCache(); + SparseClipEnd(/* expect_unsupported = */ false); +} + +TEST_F(DiskCacheEntryTest, SimpleSparseClipEnd) { + SetSimpleCacheMode(); + InitCache(); + SparseClipEnd(/* expect_unsupported = */ false); +} + // Tests that corrupt sparse children are removed automatically. TEST_F(DiskCacheEntryTest, CleanupSparseEntry) { InitCache(); diff --git a/chromium/net/disk_cache/memory/mem_backend_impl.cc b/chromium/net/disk_cache/memory/mem_backend_impl.cc index a03c53d1321..bddd885827e 100644 --- a/chromium/net/disk_cache/memory/mem_backend_impl.cc +++ b/chromium/net/disk_cache/memory/mem_backend_impl.cc @@ -63,8 +63,7 @@ MemBackendImpl::MemBackendImpl(net::NetLog* net_log) net_log_(net_log), memory_pressure_listener_( base::BindRepeating(&MemBackendImpl::OnMemoryPressure, - base::Unretained(this))), - weak_factory_(this) {} + base::Unretained(this))) {} MemBackendImpl::~MemBackendImpl() { DCHECK(CheckLRUListOrder(lru_list_)); diff --git a/chromium/net/disk_cache/memory/mem_backend_impl.h b/chromium/net/disk_cache/memory/mem_backend_impl.h index f79ef33207a..046fed2a222 100644 --- a/chromium/net/disk_cache/memory/mem_backend_impl.h +++ b/chromium/net/disk_cache/memory/mem_backend_impl.h @@ -149,7 +149,7 @@ class NET_EXPORT_PRIVATE MemBackendImpl final : public Backend { base::MemoryPressureListener memory_pressure_listener_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(MemBackendImpl); }; diff --git a/chromium/net/disk_cache/memory/mem_entry_impl.cc b/chromium/net/disk_cache/memory/mem_entry_impl.cc index 61845b9a801..bb9affc918b 100644 --- a/chromium/net/disk_cache/memory/mem_entry_impl.cc +++ b/chromium/net/disk_cache/memory/mem_entry_impl.cc @@ -36,20 +36,6 @@ const int kMaxChildEntryBits = 12; // Sparse entry children have maximum size of 4KB. const int kMaxChildEntrySize = 1 << kMaxChildEntryBits; -// This enum is used for histograms, so only append to the end. -enum MemEntryWriteResult { - MEM_ENTRY_WRITE_RESULT_SUCCESS = 0, - MEM_ENTRY_WRITE_RESULT_INVALID_ARGUMENT = 1, - MEM_ENTRY_WRITE_RESULT_OVER_MAX_ENTRY_SIZE = 2, - MEM_ENTRY_WRITE_RESULT_EXCEEDED_CACHE_STORAGE_SIZE = 3, - MEM_ENTRY_WRITE_RESULT_MAX = 4, -}; - -void RecordWriteResult(MemEntryWriteResult result) { - UMA_HISTOGRAM_ENUMERATION("MemCache.WriteResult", result, - MEM_ENTRY_WRITE_RESULT_MAX); -} - // Convert global offset to child index. int64_t ToChildIndex(int64_t offset) { return offset >> kMaxChildEntryBits; @@ -70,9 +56,7 @@ std::string GenerateChildName(const std::string& base_name, int64_t child_id) { // Returns NetLog parameters for the creation of a MemEntryImpl. A separate // function is needed because child entries don't store their key(). -base::Value NetLogEntryCreationCallback( - const MemEntryImpl* entry, - net::NetLogCaptureMode /* capture_mode */) { +base::Value NetLogEntryCreationParams(const MemEntryImpl* entry) { base::Value dict(base::Value::Type::DICTIONARY); std::string key; switch (entry->type()) { @@ -203,16 +187,16 @@ int MemEntryImpl::ReadData(int index, int buf_len, CompletionOnceCallback callback) { if (net_log_.IsCapturing()) { - net_log_.BeginEvent( - net::NetLogEventType::ENTRY_READ_DATA, - CreateNetLogReadWriteDataCallback(index, offset, buf_len, false)); + NetLogReadWriteData(net_log_, net::NetLogEventType::ENTRY_READ_DATA, + net::NetLogEventPhase::BEGIN, index, offset, buf_len, + false); } int result = InternalReadData(index, offset, buf, buf_len); if (net_log_.IsCapturing()) { - net_log_.EndEvent(net::NetLogEventType::ENTRY_READ_DATA, - CreateNetLogReadWriteCompleteCallback(result)); + NetLogReadWriteComplete(net_log_, net::NetLogEventType::ENTRY_READ_DATA, + net::NetLogEventPhase::END, result); } return result; } @@ -224,17 +208,18 @@ int MemEntryImpl::WriteData(int index, CompletionOnceCallback callback, bool truncate) { if (net_log_.IsCapturing()) { - net_log_.BeginEvent( - net::NetLogEventType::ENTRY_WRITE_DATA, - CreateNetLogReadWriteDataCallback(index, offset, buf_len, truncate)); + NetLogReadWriteData(net_log_, net::NetLogEventType::ENTRY_WRITE_DATA, + net::NetLogEventPhase::BEGIN, index, offset, buf_len, + truncate); } int result = InternalWriteData(index, offset, buf, buf_len, truncate); if (net_log_.IsCapturing()) { - net_log_.EndEvent(net::NetLogEventType::ENTRY_WRITE_DATA, - CreateNetLogReadWriteCompleteCallback(result)); + NetLogReadWriteComplete(net_log_, net::NetLogEventType::ENTRY_WRITE_DATA, + net::NetLogEventPhase::END, result); } + return result; } @@ -243,8 +228,8 @@ int MemEntryImpl::ReadSparseData(int64_t offset, int buf_len, CompletionOnceCallback callback) { if (net_log_.IsCapturing()) { - net_log_.BeginEvent(net::NetLogEventType::SPARSE_READ, - CreateNetLogSparseOperationCallback(offset, buf_len)); + NetLogSparseOperation(net_log_, net::NetLogEventType::SPARSE_READ, + net::NetLogEventPhase::BEGIN, offset, buf_len); } int result = InternalReadSparseData(offset, buf, buf_len); if (net_log_.IsCapturing()) @@ -257,8 +242,8 @@ int MemEntryImpl::WriteSparseData(int64_t offset, int buf_len, CompletionOnceCallback callback) { if (net_log_.IsCapturing()) { - net_log_.BeginEvent(net::NetLogEventType::SPARSE_WRITE, - CreateNetLogSparseOperationCallback(offset, buf_len)); + NetLogSparseOperation(net_log_, net::NetLogEventType::SPARSE_WRITE, + net::NetLogEventPhase::BEGIN, offset, buf_len); } int result = InternalWriteSparseData(offset, buf, buf_len); if (net_log_.IsCapturing()) @@ -271,14 +256,14 @@ int MemEntryImpl::GetAvailableRange(int64_t offset, int64_t* start, CompletionOnceCallback callback) { if (net_log_.IsCapturing()) { - net_log_.BeginEvent(net::NetLogEventType::SPARSE_GET_RANGE, - CreateNetLogSparseOperationCallback(offset, len)); + NetLogSparseOperation(net_log_, net::NetLogEventType::SPARSE_GET_RANGE, + net::NetLogEventPhase::BEGIN, offset, len); } int result = InternalGetAvailableRange(offset, len, start); if (net_log_.IsCapturing()) { - net_log_.EndEvent( - net::NetLogEventType::SPARSE_GET_RANGE, - CreateNetLogGetAvailableRangeResultCallback(*start, result)); + net_log_.EndEvent(net::NetLogEventType::SPARSE_GET_RANGE, [&] { + return CreateNetLogGetAvailableRangeResultParams(*start, result); + }); } return result; } @@ -324,7 +309,7 @@ MemEntryImpl::MemEntryImpl(base::WeakPtr backend, net_log_ = net::NetLogWithSource::Make( net_log, net::NetLogSourceType::MEMORY_CACHE_ENTRY); net_log_.BeginEvent(net::NetLogEventType::DISK_CACHE_MEM_ENTRY_IMPL, - base::Bind(&NetLogEntryCreationCallback, this)); + [&] { return NetLogEntryCreationParams(this); }); } MemEntryImpl::~MemEntryImpl() { @@ -374,22 +359,14 @@ int MemEntryImpl::InternalReadData(int index, int offset, IOBuffer* buf, int MemEntryImpl::InternalWriteData(int index, int offset, IOBuffer* buf, int buf_len, bool truncate) { DCHECK(type() == PARENT_ENTRY || index == kSparseData); - if (!backend_) { - // We have to fail writes after the backend is destroyed since we can't - // ensure we wouldn't use too much memory if it's gone. - RecordWriteResult(MEM_ENTRY_WRITE_RESULT_EXCEEDED_CACHE_STORAGE_SIZE); + if (!backend_) return net::ERR_INSUFFICIENT_RESOURCES; - } - if (index < 0 || index >= kNumStreams) { - RecordWriteResult(MEM_ENTRY_WRITE_RESULT_INVALID_ARGUMENT); + if (index < 0 || index >= kNumStreams) return net::ERR_INVALID_ARGUMENT; - } - if (offset < 0 || buf_len < 0) { - RecordWriteResult(MEM_ENTRY_WRITE_RESULT_INVALID_ARGUMENT); + if (offset < 0 || buf_len < 0) return net::ERR_INVALID_ARGUMENT; - } int max_file_size = backend_->MaxFileSize(); @@ -397,7 +374,6 @@ int MemEntryImpl::InternalWriteData(int index, int offset, IOBuffer* buf, if (offset > max_file_size || buf_len > max_file_size || !base::CheckAdd(offset, buf_len).AssignIfValid(&end_offset) || end_offset > max_file_size) { - RecordWriteResult(MEM_ENTRY_WRITE_RESULT_OVER_MAX_ENTRY_SIZE); return net::ERR_FAILED; } @@ -407,7 +383,6 @@ int MemEntryImpl::InternalWriteData(int index, int offset, IOBuffer* buf, backend_->ModifyStorageSize(delta); if (backend_->HasExceededStorageSize()) { backend_->ModifyStorageSize(-delta); - RecordWriteResult(MEM_ENTRY_WRITE_RESULT_EXCEEDED_CACHE_STORAGE_SIZE); return net::ERR_INSUFFICIENT_RESOURCES; } @@ -421,7 +396,6 @@ int MemEntryImpl::InternalWriteData(int index, int offset, IOBuffer* buf, } UpdateStateOnUse(ENTRY_WAS_MODIFIED); - RecordWriteResult(MEM_ENTRY_WRITE_RESULT_SUCCESS); if (!buf_len) return 0; @@ -438,11 +412,15 @@ int MemEntryImpl::InternalReadSparseData(int64_t offset, if (!InitSparseInfo()) return net::ERR_CACHE_OPERATION_NOT_SUPPORTED; - // Check that offset + buf_len does not overflow. This ensures that - // offset + io_buf->BytesConsumed() never overflows below. - if (offset < 0 || buf_len < 0 || !base::CheckAdd(offset, buf_len).IsValid()) + if (offset < 0 || buf_len < 0) return net::ERR_INVALID_ARGUMENT; + // Ensure that offset + buf_len does not overflow. This ensures that + // offset + io_buf->BytesConsumed() never overflows below. + // The result of std::min is guaranteed to fit into int since buf_len did. + buf_len = std::min(static_cast(buf_len), + std::numeric_limits::max() - offset); + // We will keep using this buffer and adjust the offset in this buffer. scoped_refptr io_buf = base::MakeRefCounted(buf, buf_len); @@ -463,10 +441,10 @@ int MemEntryImpl::InternalReadSparseData(int64_t offset, if (child_offset < child->child_first_pos_) break; if (net_log_.IsCapturing()) { - net_log_.BeginEvent( - net::NetLogEventType::SPARSE_READ_CHILD_DATA, - CreateNetLogSparseReadWriteCallback(child->net_log_.source(), - io_buf->BytesRemaining())); + NetLogSparseReadWrite(net_log_, + net::NetLogEventType::SPARSE_READ_CHILD_DATA, + net::NetLogEventPhase::BEGIN, + child->net_log_.source(), io_buf->BytesRemaining()); } int ret = child->ReadData(kSparseData, child_offset, io_buf.get(), @@ -528,9 +506,9 @@ int MemEntryImpl::InternalWriteSparseData(int64_t offset, int data_size = child->GetDataSize(kSparseData); if (net_log_.IsCapturing()) { - net_log_.BeginEvent(net::NetLogEventType::SPARSE_WRITE_CHILD_DATA, - CreateNetLogSparseReadWriteCallback( - child->net_log_.source(), write_len)); + NetLogSparseReadWrite( + net_log_, net::NetLogEventType::SPARSE_WRITE_CHILD_DATA, + net::NetLogEventPhase::BEGIN, child->net_log_.source(), write_len); } // Always writes to the child entry. This operation may overwrite data @@ -574,7 +552,12 @@ int MemEntryImpl::InternalGetAvailableRange(int64_t offset, if (offset < 0 || len < 0 || !start) return net::ERR_INVALID_ARGUMENT; - // If offset + len overflows, this will just be the empty interval. + // Truncate |len| to make sure that |offset + len| does not overflow. + // This is OK since one can't write that far anyway. + // The result of std::min is guaranteed to fit into int since |len| did. + len = std::min(static_cast(len), + std::numeric_limits::max() - offset); + net::Interval requested(offset, offset + len); // Find the first relevant child, if any --- may have to skip over diff --git a/chromium/net/disk_cache/net_log_parameters.cc b/chromium/net/disk_cache/net_log_parameters.cc index b3e1bbbaaa8..96e99bb0b0e 100644 --- a/chromium/net/disk_cache/net_log_parameters.cc +++ b/chromium/net/disk_cache/net_log_parameters.cc @@ -6,34 +6,19 @@ #include -#include "base/bind.h" #include "base/logging.h" -#include "base/strings/string_number_conversions.h" #include "base/values.h" #include "net/base/net_errors.h" #include "net/disk_cache/disk_cache.h" -#include "net/log/net_log.h" -#include "net/log/net_log_capture_mode.h" #include "net/log/net_log_source.h" +#include "net/log/net_log_values.h" namespace { -base::Value NetLogParametersEntryCreationCallback( - const disk_cache::Entry* entry, - bool created, - net::NetLogCaptureMode /* capture_mode */) { - base::Value dict(base::Value::Type::DICTIONARY); - dict.SetStringKey("key", entry->GetKey()); - dict.SetBoolKey("created", created); - return dict; -} - -base::Value NetLogReadWriteDataCallback( - int index, - int offset, - int buf_len, - bool truncate, - net::NetLogCaptureMode /* capture_mode */) { +base::Value NetLogReadWriteDataParams(int index, + int offset, + int buf_len, + bool truncate) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetIntKey("index", index); dict.SetIntKey("offset", offset); @@ -43,9 +28,7 @@ base::Value NetLogReadWriteDataCallback( return dict; } -base::Value NetLogReadWriteCompleteCallback( - int bytes_copied, - net::NetLogCaptureMode /* capture_mode */) { +base::Value NetLogReadWriteCompleteParams(int bytes_copied) { DCHECK_NE(bytes_copied, net::ERR_IO_PENDING); base::Value dict(base::Value::Type::DICTIONARY); if (bytes_copied < 0) { @@ -56,80 +39,84 @@ base::Value NetLogReadWriteCompleteCallback( return dict; } -base::Value NetLogSparseOperationCallback( - int64_t offset, - int buf_len, - net::NetLogCaptureMode /* capture_mode */) { +base::Value NetLogSparseOperationParams(int64_t offset, int buf_len) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetKey("offset", net::NetLogNumberValue(offset)); dict.SetIntKey("buf_len", buf_len); return dict; } -base::Value NetLogSparseReadWriteCallback( - const net::NetLogSource& source, - int child_len, - net::NetLogCaptureMode /* capture_mode */) { +base::Value NetLogSparseReadWriteParams(const net::NetLogSource& source, + int child_len) { base::Value dict(base::Value::Type::DICTIONARY); source.AddToEventParameters(&dict); dict.SetIntKey("child_len", child_len); return dict; } -base::Value NetLogGetAvailableRangeResultCallback( - int64_t start, - int result, - net::NetLogCaptureMode /* capture_mode */) { - base::Value dict(base::Value::Type::DICTIONARY); - if (result > 0) { - dict.SetIntKey("length", result); - dict.SetKey("start", net::NetLogNumberValue(start)); - } else { - dict.SetIntKey("net_error", result); - } - return dict; -} - } // namespace namespace disk_cache { -net::NetLogParametersCallback CreateNetLogParametersEntryCreationCallback( - const Entry* entry, - bool created) { +base::Value CreateNetLogParametersEntryCreationParams(const Entry* entry, + bool created) { DCHECK(entry); - return base::Bind(&NetLogParametersEntryCreationCallback, entry, created); + base::Value dict(base::Value::Type::DICTIONARY); + dict.SetStringKey("key", entry->GetKey()); + dict.SetBoolKey("created", created); + return dict; } -net::NetLogParametersCallback CreateNetLogReadWriteDataCallback(int index, - int offset, - int buf_len, - bool truncate) { - return base::Bind(&NetLogReadWriteDataCallback, - index, offset, buf_len, truncate); +void NetLogReadWriteData(const net::NetLogWithSource& net_log, + net::NetLogEventType type, + net::NetLogEventPhase phase, + int index, + int offset, + int buf_len, + bool truncate) { + net_log.AddEntry(type, phase, [&] { + return NetLogReadWriteDataParams(index, offset, buf_len, truncate); + }); } -net::NetLogParametersCallback CreateNetLogReadWriteCompleteCallback( - int bytes_copied) { - return base::Bind(&NetLogReadWriteCompleteCallback, bytes_copied); +void NetLogReadWriteComplete(const net::NetLogWithSource& net_log, + net::NetLogEventType type, + net::NetLogEventPhase phase, + int bytes_copied) { + net_log.AddEntry(type, phase, + [&] { return NetLogReadWriteCompleteParams(bytes_copied); }); } -net::NetLogParametersCallback CreateNetLogSparseOperationCallback( - int64_t offset, - int buf_len) { - return base::Bind(&NetLogSparseOperationCallback, offset, buf_len); +void NetLogSparseOperation(const net::NetLogWithSource& net_log, + net::NetLogEventType type, + net::NetLogEventPhase phase, + int64_t offset, + int buf_len) { + net_log.AddEntry(type, phase, [&] { + return NetLogSparseOperationParams(offset, buf_len); + }); } -net::NetLogParametersCallback CreateNetLogSparseReadWriteCallback( - const net::NetLogSource& source, - int child_len) { - return base::Bind(&NetLogSparseReadWriteCallback, source, child_len); +void NetLogSparseReadWrite(const net::NetLogWithSource& net_log, + net::NetLogEventType type, + net::NetLogEventPhase phase, + const net::NetLogSource& source, + int child_len) { + net_log.AddEntry(type, phase, [&] { + return NetLogSparseReadWriteParams(source, child_len); + }); } -net::NetLogParametersCallback CreateNetLogGetAvailableRangeResultCallback( - int64_t start, - int result) { - return base::Bind(&NetLogGetAvailableRangeResultCallback, start, result); +base::Value CreateNetLogGetAvailableRangeResultParams(int64_t start, + int result) { + base::Value dict(base::Value::Type::DICTIONARY); + if (result > 0) { + dict.SetIntKey("length", result); + dict.SetKey("start", net::NetLogNumberValue(start)); + } else { + dict.SetIntKey("net_error", result); + } + return dict; } } // namespace disk_cache diff --git a/chromium/net/disk_cache/net_log_parameters.h b/chromium/net/disk_cache/net_log_parameters.h index 4df22f7fa2f..e753f9225fa 100644 --- a/chromium/net/disk_cache/net_log_parameters.h +++ b/chromium/net/disk_cache/net_log_parameters.h @@ -9,58 +9,64 @@ #include -#include "net/log/net_log_parameters_callback.h" +#include "net/log/net_log_with_source.h" namespace net { struct NetLogSource; } +namespace base { +class Value; +} + // This file contains a set of functions to create NetLogParametersCallbacks // shared by EntryImpls and MemEntryImpls. namespace disk_cache { class Entry; -// Creates a NetLog callback that returns parameters for the creation of an -// Entry. Contains the Entry's key and whether it was created or opened. -// |entry| can't be NULL, must support GetKey(), and must outlive the returned -// callback. -net::NetLogParametersCallback CreateNetLogParametersEntryCreationCallback( - const Entry* entry, - bool created); - -// Creates a NetLog callback that returns parameters for start of a non-sparse -// read or write of an Entry. For reads, |truncate| must be false. -net::NetLogParametersCallback CreateNetLogReadWriteDataCallback(int index, - int offset, - int buf_len, - bool truncate); - -// Creates a NetLog callback that returns parameters for when a non-sparse -// read or write completes. For reads, |truncate| must be false. -// |bytes_copied| is either the number of bytes copied or a network error -// code. |bytes_copied| must not be ERR_IO_PENDING, as it's not a valid -// result for an operation. -net::NetLogParametersCallback CreateNetLogReadWriteCompleteCallback( - int bytes_copied); - -// Creates a NetLog callback that returns parameters for when a sparse -// operation is started. -net::NetLogParametersCallback CreateNetLogSparseOperationCallback( - int64_t offset, - int buf_len); - -// Creates a NetLog callback that returns parameters for when a read or write -// for a sparse entry's child is started. -net::NetLogParametersCallback CreateNetLogSparseReadWriteCallback( - const net::NetLogSource& source, - int child_len); - -// Creates a NetLog callback that returns parameters for when a call to -// GetAvailableRange returns. -net::NetLogParametersCallback CreateNetLogGetAvailableRangeResultCallback( - int64_t start, - int result); +// Creates NetLog parameters for the creation of an Entry. Contains the Entry's +// key and whether it was created or opened. |entry| can't be nullptr, must +// support GetKey(). +base::Value CreateNetLogParametersEntryCreationParams(const Entry* entry, + bool created); + +// Logs an event for the start of a non-sparse read or write of an Entry. For +// reads, |truncate| must be false. +void NetLogReadWriteData(const net::NetLogWithSource& net_log, + net::NetLogEventType type, + net::NetLogEventPhase phase, + int index, + int offset, + int buf_len, + bool truncate); + +// Logs an event for when a non-sparse read or write completes. For reads, +// |truncate| must be false. |bytes_copied| is either the number of bytes copied +// or a network error code. |bytes_copied| must not be ERR_IO_PENDING, as it's +// not a valid result for an operation. +void NetLogReadWriteComplete(const net::NetLogWithSource& net_log, + net::NetLogEventType type, + net::NetLogEventPhase phase, + int bytes_copied); + +// Logs an event for when a sparse operation is started. +void NetLogSparseOperation(const net::NetLogWithSource& net_log, + net::NetLogEventType type, + net::NetLogEventPhase phase, + int64_t offset, + int buf_len); + +// Logs an event for when a read or write for a sparse entry's child is started. +void NetLogSparseReadWrite(const net::NetLogWithSource& net_log, + net::NetLogEventType type, + net::NetLogEventPhase phase, + const net::NetLogSource& source, + int child_len); + +// Creates NetLog parameters for when a call to GetAvailableRange returns. +base::Value CreateNetLogGetAvailableRangeResultParams(int64_t start, + int result); } // namespace disk_cache diff --git a/chromium/net/disk_cache/simple/simple_backend_impl.cc b/chromium/net/disk_cache/simple/simple_backend_impl.cc index 7235fefbddb..018d6ae4d96 100644 --- a/chromium/net/disk_cache/simple/simple_backend_impl.cc +++ b/chromium/net/disk_cache/simple/simple_backend_impl.cc @@ -23,12 +23,12 @@ #include "base/metrics/field_trial_params.h" #include "base/metrics/histogram_functions.h" #include "base/metrics/histogram_macros.h" -#include "base/single_thread_task_runner.h" +#include "base/sequenced_task_runner.h" #include "base/system/sys_info.h" #include "base/task/post_task.h" #include "base/task/thread_pool/thread_pool.h" #include "base/task_runner_util.h" -#include "base/threading/thread_task_runner_handle.h" +#include "base/threading/sequenced_task_runner_handle.h" #include "base/time/time.h" #include "base/trace_event/memory_usage_estimator.h" #include "base/trace_event/process_memory_dump.h" @@ -61,49 +61,13 @@ namespace { // Maximum fraction of the cache that one entry can consume. const int kMaxFileRatio = 8; +// Native code entries can be large. Rather than increasing the overall cache +// size, allow an individual entry to occupy up to half of the cache. +const int kMaxNativeCodeFileRatio = 2; + // Overrides the above. const int64_t kMinFileSizeLimit = 5 * 1024 * 1024; -bool g_fd_limit_histogram_has_been_populated = false; - -void MaybeHistogramFdLimit() { - if (g_fd_limit_histogram_has_been_populated) - return; - - // Used in histograms; add new entries at end. - enum FdLimitStatus { - FD_LIMIT_STATUS_UNSUPPORTED = 0, - FD_LIMIT_STATUS_FAILED = 1, - FD_LIMIT_STATUS_SUCCEEDED = 2, - FD_LIMIT_STATUS_MAX = 3 - }; - FdLimitStatus fd_limit_status = FD_LIMIT_STATUS_UNSUPPORTED; - int soft_fd_limit = 0; - int hard_fd_limit = 0; - -#if defined(OS_POSIX) - struct rlimit nofile; - if (!getrlimit(RLIMIT_NOFILE, &nofile)) { - soft_fd_limit = nofile.rlim_cur; - hard_fd_limit = nofile.rlim_max; - fd_limit_status = FD_LIMIT_STATUS_SUCCEEDED; - } else { - fd_limit_status = FD_LIMIT_STATUS_FAILED; - } -#endif - - UMA_HISTOGRAM_ENUMERATION("SimpleCache.FileDescriptorLimitStatus", - fd_limit_status, FD_LIMIT_STATUS_MAX); - if (fd_limit_status == FD_LIMIT_STATUS_SUCCEEDED) { - base::UmaHistogramSparse("SimpleCache.FileDescriptorLimitSoft", - soft_fd_limit); - base::UmaHistogramSparse("SimpleCache.FileDescriptorLimitHard", - hard_fd_limit); - } - - g_fd_limit_histogram_has_been_populated = true; -} - // Global context of all the files we have open --- this permits some to be // closed on demand if too many FDs are being used, to avoid running out. base::LazyInstance::Leaky g_simple_file_tracker = @@ -247,7 +211,8 @@ SimpleBackendImpl::SimpleBackendImpl( base::TaskShutdownBehavior::BLOCK_SHUTDOWN})), orig_max_size_(max_bytes), entry_operations_mode_((cache_type == net::DISK_CACHE || - cache_type == net::GENERATED_CODE_CACHE) + cache_type == net::GENERATED_BYTE_CODE_CACHE || + cache_type == net::GENERATED_NATIVE_CODE_CACHE) ? SimpleEntryImpl::OPTIMISTIC_OPERATIONS : SimpleEntryImpl::NON_OPTIMISTIC_OPERATIONS), net_log_(net_log) { @@ -255,7 +220,6 @@ SimpleBackendImpl::SimpleBackendImpl( // backends, as default (if first call). if (orig_max_size_ < 0) orig_max_size_ = 0; - MaybeHistogramFdLimit(); } SimpleBackendImpl::~SimpleBackendImpl() { @@ -281,7 +245,7 @@ net::Error SimpleBackendImpl::Init(CompletionOnceCallback completion_callback) { base::MakeRefCounted(worker_pool); index_ = std::make_unique( - base::ThreadTaskRunnerHandle::Get(), cleanup_tracker_.get(), this, + base::SequencedTaskRunnerHandle::Get(), cleanup_tracker_.get(), this, GetCacheType(), std::make_unique(cache_runner_, worker_pool.get(), GetCacheType(), path_)); @@ -306,8 +270,11 @@ bool SimpleBackendImpl::SetMaxSize(int64_t max_bytes) { } int64_t SimpleBackendImpl::MaxFileSize() const { + uint64_t file_size_ratio = GetCacheType() == net::GENERATED_NATIVE_CODE_CACHE + ? kMaxNativeCodeFileRatio + : kMaxFileRatio; return std::max( - base::saturated_cast(index_->max_size() / kMaxFileRatio), + base::saturated_cast(index_->max_size() / file_size_ratio), kMinFileSizeLimit); } @@ -591,9 +558,7 @@ int64_t SimpleBackendImpl::CalculateSizeOfEntriesBetween( class SimpleBackendImpl::SimpleIterator final : public Iterator { public: explicit SimpleIterator(base::WeakPtr backend) - : backend_(backend), - weak_factory_(this) { - } + : backend_(backend) {} // From Backend::Iterator: net::Error OpenNextEntry(Entry** next_entry, @@ -657,7 +622,7 @@ class SimpleBackendImpl::SimpleIterator final : public Iterator { private: base::WeakPtr backend_; std::unique_ptr> hashes_to_enumerate_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; }; std::unique_ptr SimpleBackendImpl::CreateIterator() { @@ -811,12 +776,19 @@ SimpleBackendImpl::DiskStatResult SimpleBackendImpl::InitCacheStructureOnDisk( } else { bool mtime_result = disk_cache::simple_util::GetMTime(path, &result.cache_dir_mtime); - DCHECK(mtime_result); - if (!result.max_size) { + if (!mtime_result) { + // Something deleted the directory between when we set it up and the + // mstat; this is not uncommon on some test fixtures which erase their + // tempdir while some worker threads may still be running. + LOG(ERROR) << "Simple Cache Backend: cache directory inaccessible right " + "after creation; path: " + << path.LossyDisplayName(); + result.net_error = net::ERR_FAILED; + } else if (!result.max_size) { int64_t available = base::SysInfo::AmountOfFreeDiskSpace(path); result.max_size = disk_cache::PreferredCacheSize(available); + DCHECK(result.max_size); } - DCHECK(result.max_size); } return result; } diff --git a/chromium/net/disk_cache/simple/simple_backend_impl.h b/chromium/net/disk_cache/simple/simple_backend_impl.h index 4237f85c98b..ccf99434050 100644 --- a/chromium/net/disk_cache/simple/simple_backend_impl.h +++ b/chromium/net/disk_cache/simple/simple_backend_impl.h @@ -41,15 +41,17 @@ namespace disk_cache { // SimpleBackendImpl is a new cache backend that stores entries in individual // files. -// See http://www.chromium.org/developers/design-documents/network-stack/disk-cache/very-simple-backend +// See +// http://www.chromium.org/developers/design-documents/network-stack/disk-cache/very-simple-backend // // The SimpleBackendImpl provides safe iteration; mutating entries during // iteration cannot cause a crash. It is undefined whether entries created or // destroyed during the iteration will be included in any pre-existing // iterations. // -// The non-static functions below must be called on the IO thread unless -// otherwise stated. +// The non-static functions below must be called on the source creation sequence +// unless otherwise stated. Historically the source creation sequence has been +// the IO thread, but the simple backend may now be used from other sequences. class BackendCleanupTracker; class SimpleEntryImpl; @@ -204,8 +206,8 @@ class NET_EXPORT_PRIVATE SimpleBackendImpl : public Backend, Int64CompletionOnceCallback callback, int result); - // Try to create the directory if it doesn't exist. This must run on the IO - // thread. + // Try to create the directory if it doesn't exist. This must run on the + // source creation sequence. static DiskStatResult InitCacheStructureOnDisk(const base::FilePath& path, uint64_t suggested_max_size, net::CacheType cache_type); diff --git a/chromium/net/disk_cache/simple/simple_entry_impl.cc b/chromium/net/disk_cache/simple/simple_entry_impl.cc index 4828fcfeb80..c147a4bdb3b 100644 --- a/chromium/net/disk_cache/simple/simple_entry_impl.cc +++ b/chromium/net/disk_cache/simple/simple_entry_impl.cc @@ -15,11 +15,10 @@ #include "base/callback.h" #include "base/location.h" #include "base/logging.h" -#include "base/single_thread_task_runner.h" #include "base/stl_util.h" #include "base/task_runner.h" #include "base/task_runner_util.h" -#include "base/threading/thread_task_runner_handle.h" +#include "base/threading/sequenced_task_runner_handle.h" #include "base/time/time.h" #include "base/trace_event/memory_usage_estimator.h" #include "net/base/io_buffer.h" @@ -86,14 +85,6 @@ void RecordHeaderSize(net::CacheType cache_type, int size) { SIMPLE_CACHE_UMA(COUNTS_10000, "HeaderSize", cache_type, size); } -int g_open_entry_count = 0; - -void AdjustOpenEntryCountBy(net::CacheType cache_type, int offset) { - g_open_entry_count += offset; - SIMPLE_CACHE_UMA(COUNTS_10000, - "GlobalOpenEntryCount", cache_type, g_open_entry_count); -} - void InvokeCallbackIfBackendIsAlive( const base::WeakPtr& backend, net::CompletionOnceCallback completion_callback, @@ -104,28 +95,13 @@ void InvokeCallbackIfBackendIsAlive( std::move(completion_callback).Run(result); } -void InvokeCallbackIfBackendIsAliveOrCloseEntry( - const base::WeakPtr& backend, - SimpleEntryImpl* entry, - net::CompletionOnceCallback completion_callback) { - DCHECK(!completion_callback.is_null()); - if (!backend.get()) { - // Backend got destroyed while |entry| was in process of being transferred - // to client ownership. Give up on that. - entry->Close(); - return; - } - - std::move(completion_callback).Run(net::OK); -} - // If |sync_possible| is false, and callback is available, posts rv to it and // return net::ERR_IO_PENDING; otherwise just passes through rv. int PostToCallbackIfNeeded(bool sync_possible, net::CompletionOnceCallback callback, int rv) { if (!sync_possible && !callback.is_null()) { - base::ThreadTaskRunnerHandle::Get()->PostTask( + base::SequencedTaskRunnerHandle::Get()->PostTask( FROM_HERE, base::BindOnce(std::move(callback), rv)); return net::ERR_IO_PENDING; } else { @@ -203,8 +179,9 @@ SimpleEntryImpl::SimpleEntryImpl( std::extent(), "arrays should be the same size"); ResetEntry(); - net_log_.BeginEvent(net::NetLogEventType::SIMPLE_CACHE_ENTRY, - CreateNetLogSimpleEntryConstructionCallback(this)); + NetLogSimpleEntryConstruction(net_log_, + net::NetLogEventType::SIMPLE_CACHE_ENTRY, + net::NetLogEventPhase::BEGIN, this); } void SimpleEntryImpl::SetActiveEntryProxy( @@ -374,8 +351,8 @@ void SimpleEntryImpl::NotifyDoomBeforeCreateComplete() { void SimpleEntryImpl::SetKey(const std::string& key) { key_ = key; - net_log_.AddEvent(net::NetLogEventType::SIMPLE_CACHE_ENTRY_SET_KEY, - net::NetLog::StringCallback("key", &key)); + net_log_.AddEventWithStringParams( + net::NetLogEventType::SIMPLE_CACHE_ENTRY_SET_KEY, "key", key); } void SimpleEntryImpl::Doom() { @@ -383,8 +360,8 @@ void SimpleEntryImpl::Doom() { } void SimpleEntryImpl::Close() { - DCHECK(io_thread_checker_.CalledOnValidThread()); - DCHECK_LT(0, open_count_); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + CHECK_LT(0, open_count_); net_log_.AddEvent(net::NetLogEventType::SIMPLE_CACHE_ENTRY_CLOSE_CALL); @@ -401,23 +378,23 @@ void SimpleEntryImpl::Close() { } std::string SimpleEntryImpl::GetKey() const { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return key_; } Time SimpleEntryImpl::GetLastUsed() const { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK(cache_type_ != net::APP_CACHE); return last_used_; } Time SimpleEntryImpl::GetLastModified() const { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return last_modified_; } int32_t SimpleEntryImpl::GetDataSize(int stream_index) const { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK_LE(0, data_size_[stream_index]); return data_size_[stream_index]; } @@ -427,20 +404,20 @@ int SimpleEntryImpl::ReadData(int stream_index, net::IOBuffer* buf, int buf_len, CompletionOnceCallback callback) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); if (net_log_.IsCapturing()) { - net_log_.AddEvent(net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_CALL, - CreateNetLogReadWriteDataCallback(stream_index, offset, - buf_len, false)); + NetLogReadWriteData( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_CALL, + net::NetLogEventPhase::NONE, stream_index, offset, buf_len, false); } if (stream_index < 0 || stream_index >= kSimpleEntryStreamCount || buf_len < 0) { if (net_log_.IsCapturing()) { - net_log_.AddEvent( - net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_END, - CreateNetLogReadWriteCompleteCallback(net::ERR_INVALID_ARGUMENT)); + NetLogReadWriteComplete( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_END, + net::NetLogEventPhase::NONE, net::ERR_INVALID_ARGUMENT); } RecordReadResult(cache_type_, READ_RESULT_INVALID_ARGUMENT); @@ -471,20 +448,20 @@ int SimpleEntryImpl::WriteData(int stream_index, int buf_len, CompletionOnceCallback callback, bool truncate) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); if (net_log_.IsCapturing()) { - net_log_.AddEvent(net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_CALL, - CreateNetLogReadWriteDataCallback(stream_index, offset, - buf_len, truncate)); + NetLogReadWriteData( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_CALL, + net::NetLogEventPhase::NONE, stream_index, offset, buf_len, truncate); } if (stream_index < 0 || stream_index >= kSimpleEntryStreamCount || offset < 0 || buf_len < 0) { if (net_log_.IsCapturing()) { - net_log_.AddEvent( - net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_END, - CreateNetLogReadWriteCompleteCallback(net::ERR_INVALID_ARGUMENT)); + NetLogReadWriteComplete( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_END, + net::NetLogEventPhase::NONE, net::ERR_INVALID_ARGUMENT); } RecordWriteResult(cache_type_, SIMPLE_ENTRY_WRITE_RESULT_INVALID_ARGUMENT); return net::ERR_INVALID_ARGUMENT; @@ -493,8 +470,9 @@ int SimpleEntryImpl::WriteData(int stream_index, if (!base::CheckAdd(offset, buf_len).AssignIfValid(&end_offset) || (backend_.get() && end_offset > backend_->MaxFileSize())) { if (net_log_.IsCapturing()) { - net_log_.AddEvent(net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_END, - CreateNetLogReadWriteCompleteCallback(net::ERR_FAILED)); + NetLogReadWriteComplete( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_END, + net::NetLogEventPhase::NONE, net::ERR_FAILED); } RecordWriteResult(cache_type_, SIMPLE_ENTRY_WRITE_RESULT_OVER_MAX_SIZE); return net::ERR_FAILED; @@ -535,9 +513,9 @@ int SimpleEntryImpl::WriteData(int stream_index, op_callback = CompletionOnceCallback(); ret_value = buf_len; if (net_log_.IsCapturing()) { - net_log_.AddEvent( - net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_OPTIMISTIC, - CreateNetLogReadWriteCompleteCallback(buf_len)); + NetLogReadWriteComplete( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_OPTIMISTIC, + net::NetLogEventPhase::NONE, buf_len); } } @@ -551,22 +529,29 @@ int SimpleEntryImpl::ReadSparseData(int64_t offset, net::IOBuffer* buf, int buf_len, CompletionOnceCallback callback) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); if (net_log_.IsCapturing()) { - net_log_.AddEvent(net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_SPARSE_CALL, - CreateNetLogSparseOperationCallback(offset, buf_len)); + NetLogSparseOperation( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_SPARSE_CALL, + net::NetLogEventPhase::NONE, offset, buf_len); } if (offset < 0 || buf_len < 0) { if (net_log_.IsCapturing()) { - net_log_.AddEvent( - net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_SPARSE_END, - CreateNetLogReadWriteCompleteCallback(net::ERR_INVALID_ARGUMENT)); + NetLogReadWriteComplete( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_SPARSE_END, + net::NetLogEventPhase::NONE, net::ERR_INVALID_ARGUMENT); } return net::ERR_INVALID_ARGUMENT; } + // Truncate |buf_len| to make sure that |offset + buf_len| does not overflow. + // This is OK since one can't write that far anyway. + // The result of std::min is guaranteed to fit into int since |buf_len| did. + buf_len = std::min(static_cast(buf_len), + std::numeric_limits::max() - offset); + ScopedOperationRunner operation_runner(this); pending_operations_.push(SimpleEntryOperation::ReadSparseOperation( this, offset, buf_len, buf, std::move(callback))); @@ -577,19 +562,19 @@ int SimpleEntryImpl::WriteSparseData(int64_t offset, net::IOBuffer* buf, int buf_len, CompletionOnceCallback callback) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); if (net_log_.IsCapturing()) { - net_log_.AddEvent( - net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_SPARSE_CALL, - CreateNetLogSparseOperationCallback(offset, buf_len)); + NetLogSparseOperation( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_SPARSE_CALL, + net::NetLogEventPhase::NONE, offset, buf_len); } - if (offset < 0 || buf_len < 0) { + if (offset < 0 || buf_len < 0 || !base::CheckAdd(offset, buf_len).IsValid()) { if (net_log_.IsCapturing()) { - net_log_.AddEvent( - net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_SPARSE_END, - CreateNetLogReadWriteCompleteCallback(net::ERR_INVALID_ARGUMENT)); + NetLogReadWriteComplete( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_SPARSE_END, + net::NetLogEventPhase::NONE, net::ERR_INVALID_ARGUMENT); } return net::ERR_INVALID_ARGUMENT; } @@ -604,10 +589,16 @@ int SimpleEntryImpl::GetAvailableRange(int64_t offset, int len, int64_t* start, CompletionOnceCallback callback) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); if (offset < 0 || len < 0) return net::ERR_INVALID_ARGUMENT; + // Truncate |len| to make sure that |offset + len| does not overflow. + // This is OK since one can't write that far anyway. + // The result of std::min is guaranteed to fit into int since |len| did. + len = std::min(static_cast(len), + std::numeric_limits::max() - offset); + ScopedOperationRunner operation_runner(this); pending_operations_.push(SimpleEntryOperation::GetAvailableRangeOperation( this, offset, len, start, std::move(callback))); @@ -615,20 +606,20 @@ int SimpleEntryImpl::GetAvailableRange(int64_t offset, } bool SimpleEntryImpl::CouldBeSparse() const { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); // TODO(morlovich): Actually check. return true; } void SimpleEntryImpl::CancelSparseIO() { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); // The Simple Cache does not return distinct objects for the same non-doomed // entry, so there's no need to coordinate which object is performing sparse // I/O. Therefore, CancelSparseIO and ReadyForSparseIO succeed instantly. } net::Error SimpleEntryImpl::ReadyForSparseIO(CompletionOnceCallback callback) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); // The simple Cache does not return distinct objects for the same non-doomed // entry, so there's no need to coordinate which object is performing sparse // I/O. Therefore, CancelSparseIO and ReadyForSparseIO succeed instantly. @@ -654,7 +645,7 @@ void SimpleEntryImpl::SetPriority(uint32_t entry_priority) { } SimpleEntryImpl::~SimpleEntryImpl() { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK_EQ(0U, pending_operations_.size()); // STATE_IO_PENDING is possible here in one corner case: the entry had @@ -675,7 +666,7 @@ void SimpleEntryImpl::PostClientCallback(net::CompletionOnceCallback callback, return; // Note that the callback is posted rather than directly invoked to avoid // reentrancy issues. - base::ThreadTaskRunnerHandle::Get()->PostTask( + base::SequencedTaskRunnerHandle::Get()->PostTask( FROM_HERE, base::BindOnce(&InvokeCallbackIfBackendIsAlive, backend_, std::move(callback), result)); } @@ -695,39 +686,52 @@ void SimpleEntryImpl::ResetEntry() { } void SimpleEntryImpl::ReturnEntryToCaller(Entry** out_entry) { + DCHECK(backend_); DCHECK(out_entry); ++open_count_; AddRef(); // Balanced in Close() - if (!backend_.get()) { - // This method can be called when an asynchronous operation completed. - // If the backend no longer exists, the callback won't be invoked, and so we - // must close ourselves to avoid leaking. As well, there's no guarantee the - // client-provided pointer (|out_entry|) hasn't been freed, and no point - // dereferencing it, either. - Close(); - return; - } *out_entry = this; } -void SimpleEntryImpl::ReturnEntryToCallerAndPostCallback( +void SimpleEntryImpl::ReturnEntryToCallerAsync( Entry** out_entry, + bool* out_opened, + bool opened, CompletionOnceCallback callback) { DCHECK(!callback.is_null()); - ReturnEntryToCaller(out_entry); - if (!backend_.get()) - return; // ReturnEntryToCaller takes care of case of already-dead backend_. + DCHECK(out_entry); + + // |open_count_| must be incremented immediately, so that a Close on an alias + // doesn't try to wrap things up. + ++open_count_; // Note that the callback is posted rather than directly invoked to avoid - // reentrancy issues. Unretained(this) is safe since ReturnEntryToCaller - // increments the reference count; this effect is also why this chooses to - // potentially call ReturnEntryToCaller and then roll it back rather than - // delay ReturnEntryToCaller: it protects |this| till any potential ownership - // share transfer is sorted out. - base::ThreadTaskRunnerHandle::Get()->PostTask( + // reentrancy issues. + base::SequencedTaskRunnerHandle::Get()->PostTask( FROM_HERE, - base::BindOnce(&InvokeCallbackIfBackendIsAliveOrCloseEntry, backend_, - base::Unretained(this), std::move(callback))); + base::BindOnce(&SimpleEntryImpl::FinishReturnEntryToCallerAsync, this, + out_entry, out_opened, opened, std::move(callback))); +} + +void SimpleEntryImpl::FinishReturnEntryToCallerAsync( + Entry** out_entry, + bool* out_opened, + bool opened, + CompletionOnceCallback callback) { + AddRef(); // Balanced in Close() + if (!backend_.get()) { + // With backend dead, Open/Create operations are responsible for cleaning up + // the entry --- the ownership is never transferred to the caller, and their + // callback isn't invoked. + Close(); + return; + } + + *out_entry = this; + if (out_opened) + *out_opened = opened; + + std::move(callback).Run(net::OK); } void SimpleEntryImpl::MarkAsDoomed(DoomState new_state) { @@ -740,7 +744,7 @@ void SimpleEntryImpl::MarkAsDoomed(DoomState new_state) { } void SimpleEntryImpl::RunNextOperationIfNeeded() { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); if (!pending_operations_.empty() && state_ != STATE_IO_PENDING) { SimpleEntryOperation operation = std::move(pending_operations_.front()); pending_operations_.pop(); @@ -800,16 +804,18 @@ void SimpleEntryImpl::OpenEntryInternal(net::CompletionOnceCallback callback, net_log_.AddEvent(net::NetLogEventType::SIMPLE_CACHE_ENTRY_OPEN_BEGIN); if (state_ == STATE_READY) { - ReturnEntryToCallerAndPostCallback(out_entry, std::move(callback)); - net_log_.AddEvent(net::NetLogEventType::SIMPLE_CACHE_ENTRY_OPEN_END, - CreateNetLogSimpleEntryCreationCallback(this, net::OK)); + ReturnEntryToCallerAsync(out_entry, /* out_opened = */ nullptr, + /* opened = */ true, std::move(callback)); + NetLogSimpleEntryCreation(net_log_, + net::NetLogEventType::SIMPLE_CACHE_ENTRY_OPEN_END, + net::NetLogEventPhase::NONE, this, net::OK); return; } if (state_ == STATE_FAILURE) { PostClientCallback(std::move(callback), net::ERR_FAILED); - net_log_.AddEvent( - net::NetLogEventType::SIMPLE_CACHE_ENTRY_OPEN_END, - CreateNetLogSimpleEntryCreationCallback(this, net::ERR_FAILED)); + NetLogSimpleEntryCreation( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_OPEN_END, + net::NetLogEventPhase::NONE, this, net::ERR_FAILED); return; } @@ -854,9 +860,9 @@ void SimpleEntryImpl::CreateEntryInternal(net::CompletionOnceCallback callback, if (state_ != STATE_UNINITIALIZED) { // There is already an active normal entry. - net_log_.AddEvent( - net::NetLogEventType::SIMPLE_CACHE_ENTRY_CREATE_END, - CreateNetLogSimpleEntryCreationCallback(this, net::ERR_FAILED)); + NetLogSimpleEntryCreation( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_CREATE_END, + net::NetLogEventPhase::NONE, this, net::ERR_FAILED); PostClientCallback(std::move(callback), net::ERR_FAILED); return; } @@ -900,19 +906,18 @@ void SimpleEntryImpl::OpenOrCreateEntryInternal( DCHECK(entry_struct != nullptr || state_ == STATE_UNINITIALIZED); if (state_ == STATE_READY) { - entry_struct->opened = true; - ReturnEntryToCallerAndPostCallback(&entry_struct->entry, - std::move(callback)); - net_log_.AddEvent( - net::NetLogEventType::SIMPLE_CACHE_ENTRY_OPEN_OR_CREATE_END, - CreateNetLogSimpleEntryCreationCallback(this, net::OK)); + ReturnEntryToCallerAsync(&entry_struct->entry, &entry_struct->opened, + /* opened = */ true, std::move(callback)); + NetLogSimpleEntryCreation( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_OPEN_OR_CREATE_END, + net::NetLogEventPhase::NONE, this, net::OK); return; } if (state_ == STATE_FAILURE) { PostClientCallback(std::move(callback), net::ERR_FAILED); - net_log_.AddEvent( - net::NetLogEventType::SIMPLE_CACHE_ENTRY_OPEN_OR_CREATE_END, - CreateNetLogSimpleEntryCreationCallback(this, net::ERR_FAILED)); + NetLogSimpleEntryCreation( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_OPEN_OR_CREATE_END, + net::NetLogEventPhase::NONE, this, net::ERR_FAILED); return; } @@ -953,7 +958,7 @@ void SimpleEntryImpl::OpenOrCreateEntryInternal( } void SimpleEntryImpl::CloseInternal() { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); if (open_count_ != 0) { // Entry got resurrected in between Close and CloseInternal, nothing to do @@ -1017,20 +1022,21 @@ int SimpleEntryImpl::ReadDataInternal(bool sync_possible, net::IOBuffer* buf, int buf_len, net::CompletionOnceCallback callback) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); ScopedOperationRunner operation_runner(this); if (net_log_.IsCapturing()) { - net_log_.AddEvent(net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_BEGIN, - CreateNetLogReadWriteDataCallback(stream_index, offset, - buf_len, false)); + NetLogReadWriteData( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_BEGIN, + net::NetLogEventPhase::NONE, stream_index, offset, buf_len, false); } if (state_ == STATE_FAILURE || state_ == STATE_UNINITIALIZED) { RecordReadResult(cache_type_, READ_RESULT_BAD_STATE); if (net_log_.IsCapturing()) { - net_log_.AddEvent(net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_END, - CreateNetLogReadWriteCompleteCallback(net::ERR_FAILED)); + NetLogReadWriteComplete(net_log_, + net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_END, + net::NetLogEventPhase::NONE, net::ERR_FAILED); } // Note that the API states that client-provided callbacks for entry-level // (i.e. non-backend) operations (e.g. read, write) are invoked even if @@ -1049,6 +1055,7 @@ int SimpleEntryImpl::ReadDataInternal(bool sync_possible, return PostToCallbackIfNeeded(sync_possible, std::move(callback), 0); } + // Truncate read to not go past end of stream. buf_len = std::min(buf_len, GetDataSize(stream_index) - offset); // Since stream 0 data is kept in memory, it is read immediately. @@ -1111,23 +1118,24 @@ void SimpleEntryImpl::WriteDataInternal(int stream_index, int buf_len, net::CompletionOnceCallback callback, bool truncate) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); ScopedOperationRunner operation_runner(this); if (net_log_.IsCapturing()) { - net_log_.AddEvent(net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_BEGIN, - CreateNetLogReadWriteDataCallback(stream_index, offset, - buf_len, truncate)); + NetLogReadWriteData( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_BEGIN, + net::NetLogEventPhase::NONE, stream_index, offset, buf_len, truncate); } if (state_ == STATE_FAILURE || state_ == STATE_UNINITIALIZED) { RecordWriteResult(cache_type_, SIMPLE_ENTRY_WRITE_RESULT_BAD_STATE); if (net_log_.IsCapturing()) { - net_log_.AddEvent(net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_END, - CreateNetLogReadWriteCompleteCallback(net::ERR_FAILED)); + NetLogReadWriteComplete( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_END, + net::NetLogEventPhase::NONE, net::ERR_FAILED); } if (!callback.is_null()) { - base::ThreadTaskRunnerHandle::Get()->PostTask( + base::SequencedTaskRunnerHandle::Get()->PostTask( FROM_HERE, base::BindOnce(std::move(callback), net::ERR_FAILED)); } // |this| may be destroyed after return here. @@ -1140,7 +1148,7 @@ void SimpleEntryImpl::WriteDataInternal(int stream_index, if (stream_index == 0) { int ret_value = SetStream0Data(buf, offset, buf_len, truncate); if (!callback.is_null()) { - base::ThreadTaskRunnerHandle::Get()->PostTask( + base::SequencedTaskRunnerHandle::Get()->PostTask( FROM_HERE, base::BindOnce(std::move(callback), ret_value)); } return; @@ -1153,7 +1161,7 @@ void SimpleEntryImpl::WriteDataInternal(int stream_index, RecordWriteResult(cache_type_, SIMPLE_ENTRY_WRITE_RESULT_FAST_EMPTY_RETURN); if (!callback.is_null()) { - base::ThreadTaskRunnerHandle::Get()->PostTask( + base::SequencedTaskRunnerHandle::Get()->PostTask( FROM_HERE, base::BindOnce(std::move(callback), 0)); } return; @@ -1229,23 +1237,23 @@ void SimpleEntryImpl::ReadSparseDataInternal( net::IOBuffer* buf, int buf_len, net::CompletionOnceCallback callback) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); ScopedOperationRunner operation_runner(this); if (net_log_.IsCapturing()) { - net_log_.AddEvent( - net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_SPARSE_BEGIN, - CreateNetLogSparseOperationCallback(sparse_offset, buf_len)); + NetLogSparseOperation( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_SPARSE_BEGIN, + net::NetLogEventPhase::NONE, sparse_offset, buf_len); } if (state_ == STATE_FAILURE || state_ == STATE_UNINITIALIZED) { if (net_log_.IsCapturing()) { - net_log_.AddEvent( - net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_SPARSE_END, - CreateNetLogReadWriteCompleteCallback(net::ERR_FAILED)); + NetLogReadWriteComplete( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_SPARSE_END, + net::NetLogEventPhase::NONE, net::ERR_FAILED); } if (!callback.is_null()) { - base::ThreadTaskRunnerHandle::Get()->PostTask( + base::SequencedTaskRunnerHandle::Get()->PostTask( FROM_HERE, base::BindOnce(std::move(callback), net::ERR_FAILED)); } // |this| may be destroyed after return here. @@ -1274,23 +1282,23 @@ void SimpleEntryImpl::WriteSparseDataInternal( net::IOBuffer* buf, int buf_len, net::CompletionOnceCallback callback) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); ScopedOperationRunner operation_runner(this); if (net_log_.IsCapturing()) { - net_log_.AddEvent( - net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_SPARSE_BEGIN, - CreateNetLogSparseOperationCallback(sparse_offset, buf_len)); + NetLogSparseOperation( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_SPARSE_BEGIN, + net::NetLogEventPhase::NONE, sparse_offset, buf_len); } if (state_ == STATE_FAILURE || state_ == STATE_UNINITIALIZED) { if (net_log_.IsCapturing()) { - net_log_.AddEvent( - net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_SPARSE_END, - CreateNetLogReadWriteCompleteCallback(net::ERR_FAILED)); + NetLogReadWriteComplete( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_SPARSE_END, + net::NetLogEventPhase::NONE, net::ERR_FAILED); } if (!callback.is_null()) { - base::ThreadTaskRunnerHandle::Get()->PostTask( + base::SequencedTaskRunnerHandle::Get()->PostTask( FROM_HERE, base::BindOnce(std::move(callback), net::ERR_FAILED)); } // |this| may be destroyed after return here. @@ -1330,12 +1338,12 @@ void SimpleEntryImpl::GetAvailableRangeInternal( int len, int64_t* out_start, net::CompletionOnceCallback callback) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); ScopedOperationRunner operation_runner(this); if (state_ == STATE_FAILURE || state_ == STATE_UNINITIALIZED) { if (!callback.is_null()) { - base::ThreadTaskRunnerHandle::Get()->PostTask( + base::SequencedTaskRunnerHandle::Get()->PostTask( FROM_HERE, base::BindOnce(std::move(callback), net::ERR_FAILED)); } // |this| may be destroyed after return here. @@ -1424,7 +1432,7 @@ void SimpleEntryImpl::CreationOperationComplete( Entry** out_entry, bool* out_opened, net::NetLogEventType end_event_type) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK_EQ(state_, STATE_IO_PENDING); DCHECK(in_results); ScopedOperationRunner operation_runner(this); @@ -1462,12 +1470,6 @@ void SimpleEntryImpl::CreationOperationComplete( if (backend_ && doom_state_ == DOOM_NONE) backend_->index()->Insert(entry_hash_); - // Access to out_opened must be guarded by backend_ check since there is no - // requirement to keep this alive past backend destruction, as the callback - // will not be invoked. - if (backend_ && out_opened) - *out_opened = !in_results->created; - state_ = STATE_READY; synchronous_entry_ = in_results->sync_entry; @@ -1511,7 +1513,6 @@ void SimpleEntryImpl::CreationOperationComplete( SIMPLE_CACHE_UMA(TIMES, "EntryCreationTime", cache_type_, (base::TimeTicks::Now() - start_time)); - AdjustOpenEntryCountBy(cache_type_, 1); net_log_.AddEvent(end_event_type); @@ -1519,16 +1520,17 @@ void SimpleEntryImpl::CreationOperationComplete( // out_entry is nullptr and there is no callback, or should be returned // to out_entry with callback invoked. DCHECK_EQ(out_entry == nullptr, completion_callback.is_null()); - if (out_entry) - ReturnEntryToCallerAndPostCallback(out_entry, - std::move(completion_callback)); + if (out_entry) { + ReturnEntryToCallerAsync(out_entry, out_opened, !in_results->created, + std::move(completion_callback)); + } } void SimpleEntryImpl::EntryOperationComplete( net::CompletionOnceCallback completion_callback, const SimpleEntryStat& entry_stat, int result) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK(synchronous_entry_); DCHECK_EQ(STATE_IO_PENDING, state_); if (result < 0) { @@ -1540,7 +1542,7 @@ void SimpleEntryImpl::EntryOperationComplete( } if (!completion_callback.is_null()) { - base::ThreadTaskRunnerHandle::Get()->PostTask( + base::SequencedTaskRunnerHandle::Get()->PostTask( FROM_HERE, base::BindOnce(std::move(completion_callback), result)); } RunNextOperationIfNeeded(); @@ -1552,7 +1554,7 @@ void SimpleEntryImpl::ReadOperationComplete( net::CompletionOnceCallback completion_callback, std::unique_ptr entry_stat, std::unique_ptr read_result) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK(synchronous_entry_); DCHECK_EQ(STATE_IO_PENDING, state_); DCHECK(read_result); @@ -1584,8 +1586,9 @@ void SimpleEntryImpl::ReadOperationComplete( } RecordReadResultConsideringChecksum(read_result); if (net_log_.IsCapturing()) { - net_log_.AddEvent(net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_END, - CreateNetLogReadWriteCompleteCallback(result)); + NetLogReadWriteComplete(net_log_, + net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_END, + net::NetLogEventPhase::NONE, result); } EntryOperationComplete(std::move(completion_callback), *entry_stat, result); @@ -1604,8 +1607,9 @@ void SimpleEntryImpl::WriteOperationComplete( RecordWriteResult(cache_type_, SIMPLE_ENTRY_WRITE_RESULT_SYNC_WRITE_FAILURE); if (net_log_.IsCapturing()) { - net_log_.AddEvent(net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_END, - CreateNetLogReadWriteCompleteCallback(result)); + NetLogReadWriteComplete(net_log_, + net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_END, + net::NetLogEventPhase::NONE, result); } if (result < 0) @@ -1623,13 +1627,14 @@ void SimpleEntryImpl::ReadSparseOperationComplete( net::CompletionOnceCallback completion_callback, std::unique_ptr last_used, std::unique_ptr result) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK(synchronous_entry_); DCHECK(result); if (net_log_.IsCapturing()) { - net_log_.AddEvent(net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_SPARSE_END, - CreateNetLogReadWriteCompleteCallback(*result)); + NetLogReadWriteComplete( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_READ_SPARSE_END, + net::NetLogEventPhase::NONE, *result); } SimpleEntryStat entry_stat(*last_used, last_modified_, data_size_, @@ -1641,13 +1646,14 @@ void SimpleEntryImpl::WriteSparseOperationComplete( net::CompletionOnceCallback completion_callback, std::unique_ptr entry_stat, std::unique_ptr result) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK(synchronous_entry_); DCHECK(result); if (net_log_.IsCapturing()) { - net_log_.AddEvent(net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_SPARSE_END, - CreateNetLogReadWriteCompleteCallback(*result)); + NetLogReadWriteComplete( + net_log_, net::NetLogEventType::SIMPLE_CACHE_ENTRY_WRITE_SPARSE_END, + net::NetLogEventPhase::NONE, *result); } EntryOperationComplete(std::move(completion_callback), *entry_stat, *result); @@ -1656,7 +1662,7 @@ void SimpleEntryImpl::WriteSparseOperationComplete( void SimpleEntryImpl::GetAvailableRangeOperationComplete( net::CompletionOnceCallback completion_callback, std::unique_ptr result) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK(synchronous_entry_); DCHECK(result); @@ -1681,7 +1687,7 @@ void SimpleEntryImpl::DoomOperationComplete( void SimpleEntryImpl::RecordReadResultConsideringChecksum( const std::unique_ptr& read_result) const { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK(synchronous_entry_); DCHECK_EQ(STATE_IO_PENDING, state_); @@ -1703,7 +1709,6 @@ void SimpleEntryImpl::CloseOperationComplete( DCHECK(STATE_IO_PENDING == state_ || STATE_FAILURE == state_ || STATE_UNINITIALIZED == state_); net_log_.AddEvent(net::NetLogEventType::SIMPLE_CACHE_ENTRY_CLOSE_END); - AdjustOpenEntryCountBy(cache_type_, -1); if (cache_type_ == net::APP_CACHE && in_results->estimated_trailer_prefetch_size > 0 && backend_.get() && backend_->index()) { @@ -1716,7 +1721,7 @@ void SimpleEntryImpl::CloseOperationComplete( void SimpleEntryImpl::UpdateDataFromEntryStat( const SimpleEntryStat& entry_stat) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK(synchronous_entry_); DCHECK_EQ(STATE_READY, state_); @@ -1787,7 +1792,7 @@ int SimpleEntryImpl::SetStream0Data(net::IOBuffer* buf, base::Time modification_time = base::Time::Now(); // Reset checksum; SimpleSynchronousEntry::Close will compute it for us, - // and do it off the I/O thread. + // and do it off the source creation sequence. crc32s_end_offset_[0] = 0; UpdateDataFromEntryStat( diff --git a/chromium/net/disk_cache/simple/simple_entry_impl.h b/chromium/net/disk_cache/simple/simple_entry_impl.h index dbf6098b59c..271746cbd12 100644 --- a/chromium/net/disk_cache/simple/simple_entry_impl.h +++ b/chromium/net/disk_cache/simple/simple_entry_impl.h @@ -13,7 +13,7 @@ #include "base/containers/queue.h" #include "base/files/file_path.h" #include "base/memory/ref_counted.h" -#include "base/threading/thread_checker.h" +#include "base/sequence_checker.h" #include "net/base/cache_type.h" #include "net/base/net_export.h" #include "net/base/request_priority.h" @@ -44,9 +44,9 @@ class SimpleFileTracker; class SimpleSynchronousEntry; struct SimpleEntryCreationResults; -// SimpleEntryImpl is the IO thread interface to an entry in the very simple -// disk cache. It proxies for the SimpleSynchronousEntry, which performs IO -// on the worker thread. +// SimpleEntryImpl is the source task_runner interface to an entry in the very +// simple disk cache. It proxies for the SimpleSynchronousEntry, which performs +// IO on the worker thread. class NET_EXPORT_PRIVATE SimpleEntryImpl : public Entry, public base::RefCounted { friend class base::RefCounted; @@ -214,10 +214,21 @@ class NET_EXPORT_PRIVATE SimpleEntryImpl : public Entry, // count. void ReturnEntryToCaller(Entry** out_entry); - // Like above, but also invokes the result callback (with net::OK), making - // sure to handle the backend being deleted in the interim. - void ReturnEntryToCallerAndPostCallback(Entry** out_entry, - CompletionOnceCallback callback); + // Like above, but for asynchronous return after the event loop runs again, + // also invoking the callback per the usual net convention. + // The return is cancelled if the backend is deleted in the interim. + // + // |out_opened| may be null. + void ReturnEntryToCallerAsync(Entry** out_entry, + bool* out_opened, + bool opened, + CompletionOnceCallback callback); + + // Portion of the above that runs off the event loop. + void FinishReturnEntryToCallerAsync(Entry** out_entry, + bool* out_opened, + bool opened, + CompletionOnceCallback callback); // Remove |this| from the Backend and the index, either because // SimpleSynchronousEntry has detected an error or because we are about to @@ -307,7 +318,7 @@ class NET_EXPORT_PRIVATE SimpleEntryImpl : public Entry, // Called after an asynchronous write completes. // |buf| parameter brings back a reference to net::IOBuffer to the original - // thread, so that we can reduce cross thread malloc/free pair. + // sequence, so that we can reduce cross thread malloc/free pair. // See http://crbug.com/708644 for details. void WriteOperationComplete( int stream_index, @@ -367,9 +378,10 @@ class NET_EXPORT_PRIVATE SimpleEntryImpl : public Entry, std::unique_ptr active_entry_proxy_; - // All nonstatic SimpleEntryImpl methods should always be called on the IO - // thread, in all cases. |io_thread_checker_| documents and enforces this. - base::ThreadChecker io_thread_checker_; + // All nonstatic SimpleEntryImpl methods should always be called on the + // source creation sequence, in all cases. |sequence_checker_| documents and + // enforces this. + SEQUENCE_CHECKER(sequence_checker_); const base::WeakPtr backend_; SimpleFileTracker* const file_tracker_; diff --git a/chromium/net/disk_cache/simple/simple_histogram_macros.h b/chromium/net/disk_cache/simple/simple_histogram_macros.h index d530d528dee..e10764d5dd3 100644 --- a/chromium/net/disk_cache/simple/simple_histogram_macros.h +++ b/chromium/net/disk_cache/simple/simple_histogram_macros.h @@ -35,7 +35,8 @@ SIMPLE_CACHE_THUNK(uma_type, \ ("SimpleCache.Media." uma_name, ##__VA_ARGS__)); \ break; \ - case net::GENERATED_CODE_CACHE: \ + case net::GENERATED_BYTE_CODE_CACHE: \ + case net::GENERATED_NATIVE_CODE_CACHE: \ case net::SHADER_CACHE: \ break; \ default: \ diff --git a/chromium/net/disk_cache/simple/simple_index.cc b/chromium/net/disk_cache/simple/simple_index.cc index cd12bb201b9..a4ee6f7f27d 100644 --- a/chromium/net/disk_cache/simple/simple_index.cc +++ b/chromium/net/disk_cache/simple/simple_index.cc @@ -177,7 +177,7 @@ bool EntryMetadata::Deserialize(net::CacheType cache_type, } SimpleIndex::SimpleIndex( - const scoped_refptr& io_thread, + const scoped_refptr& task_runner, scoped_refptr cleanup_tracker, SimpleIndexDelegate* delegate, net::CacheType cache_type, @@ -186,7 +186,7 @@ SimpleIndex::SimpleIndex( delegate_(delegate), cache_type_(cache_type), index_file_(std::move(index_file)), - io_thread_(io_thread), + task_runner_(task_runner), // Creating the callback once so it is reused every time // write_to_disk_timer_.Start() is called. write_to_disk_cb_(base::Bind(&SimpleIndex::WriteToDisk, @@ -194,7 +194,7 @@ SimpleIndex::SimpleIndex( INDEX_WRITE_REASON_IDLE)) {} SimpleIndex::~SimpleIndex() { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); // Fail all callbacks waiting for the index to come up. for (auto it = to_run_when_initialized_.begin(), @@ -205,7 +205,7 @@ SimpleIndex::~SimpleIndex() { } void SimpleIndex::Initialize(base::Time cache_mtime) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); #if defined(OS_ANDROID) if (app_status_listener_) { @@ -238,9 +238,9 @@ void SimpleIndex::SetMaxSize(uint64_t max_bytes) { } net::Error SimpleIndex::ExecuteWhenReady(net::CompletionOnceCallback task) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); if (initialized_) - io_thread_->PostTask(FROM_HERE, base::BindOnce(std::move(task), net::OK)); + task_runner_->PostTask(FROM_HERE, base::BindOnce(std::move(task), net::OK)); else to_run_when_initialized_.push_back(std::move(task)); return net::ERR_IO_PENDING; @@ -316,7 +316,7 @@ size_t SimpleIndex::EstimateMemoryUsage() const { } base::Time SimpleIndex::GetLastUsedTime(uint64_t entry_hash) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK_NE(cache_type_, net::APP_CACHE); auto it = entries_set_.find(entry_hash); if (it == entries_set_.end()) @@ -336,7 +336,7 @@ bool SimpleIndex::HasPendingWrite() const { } void SimpleIndex::Insert(uint64_t entry_hash) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); // Upon insert we don't know yet the size of the entry. // It will be updated later when the SimpleEntryImpl finishes opening or // creating the new entry, and then UpdateEntrySize will be called. @@ -355,7 +355,7 @@ void SimpleIndex::Insert(uint64_t entry_hash) { } void SimpleIndex::Remove(uint64_t entry_hash) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); bool need_write = false; auto it = entries_set_.find(entry_hash); if (it != entries_set_.end()) { @@ -372,13 +372,13 @@ void SimpleIndex::Remove(uint64_t entry_hash) { } bool SimpleIndex::Has(uint64_t hash) const { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); // If not initialized, always return true, forcing it to go to the disk. return !initialized_ || entries_set_.count(hash) > 0; } uint8_t SimpleIndex::GetEntryInMemoryData(uint64_t entry_hash) const { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); auto it = entries_set_.find(entry_hash); if (it == entries_set_.end()) return 0; @@ -386,7 +386,7 @@ uint8_t SimpleIndex::GetEntryInMemoryData(uint64_t entry_hash) const { } void SimpleIndex::SetEntryInMemoryData(uint64_t entry_hash, uint8_t value) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); auto it = entries_set_.find(entry_hash); if (it == entries_set_.end()) return; @@ -394,7 +394,7 @@ void SimpleIndex::SetEntryInMemoryData(uint64_t entry_hash, uint8_t value) { } bool SimpleIndex::UseIfExists(uint64_t entry_hash) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); // Always update the last used time, even if it is during initialization. // It will be merged later. auto it = entries_set_.find(entry_hash); @@ -410,7 +410,7 @@ bool SimpleIndex::UseIfExists(uint64_t entry_hash) { } void SimpleIndex::StartEvictionIfNeeded() { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); if (eviction_in_progress_ || cache_size_ <= high_watermark_) return; // Take all live key hashes from the index and sort them by time. @@ -467,7 +467,7 @@ void SimpleIndex::StartEvictionIfNeeded() { } int32_t SimpleIndex::GetTrailerPrefetchSize(uint64_t entry_hash) const { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK_EQ(cache_type_, net::APP_CACHE); auto it = entries_set_.find(entry_hash); if (it == entries_set_.end()) @@ -476,7 +476,7 @@ int32_t SimpleIndex::GetTrailerPrefetchSize(uint64_t entry_hash) const { } void SimpleIndex::SetTrailerPrefetchSize(uint64_t entry_hash, int32_t size) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK_EQ(cache_type_, net::APP_CACHE); auto it = entries_set_.find(entry_hash); if (it == entries_set_.end()) @@ -489,7 +489,7 @@ void SimpleIndex::SetTrailerPrefetchSize(uint64_t entry_hash, int32_t size) { bool SimpleIndex::UpdateEntrySize(uint64_t entry_hash, base::StrictNumeric entry_size) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); auto it = entries_set_.find(entry_hash); if (it == entries_set_.end()) return false; @@ -505,7 +505,7 @@ bool SimpleIndex::UpdateEntrySize(uint64_t entry_hash, } void SimpleIndex::EvictionDone(int result) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); // Ignore the result of eviction. We did our best. eviction_in_progress_ = false; @@ -549,7 +549,7 @@ bool SimpleIndex::UpdateEntryIteratorSize( EntrySet::iterator* it, base::StrictNumeric entry_size) { // Update the total cache size with the new entry size. - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK_GE(cache_size_, (*it)->second.GetEntrySize()); uint32_t original_size = (*it)->second.GetEntrySize(); cache_size_ -= (*it)->second.GetEntrySize(); @@ -563,7 +563,7 @@ bool SimpleIndex::UpdateEntryIteratorSize( void SimpleIndex::MergeInitializingSet( std::unique_ptr load_result) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); EntrySet* index_file_entries = &load_result->entries; @@ -619,7 +619,7 @@ void SimpleIndex::MergeInitializingSet( for (auto it = to_run_when_initialized_.begin(), end = to_run_when_initialized_.end(); it != end; ++it) { - io_thread_->PostTask(FROM_HERE, base::BindOnce(std::move(*it), net::OK)); + task_runner_->PostTask(FROM_HERE, base::BindOnce(std::move(*it), net::OK)); } to_run_when_initialized_.clear(); } @@ -627,7 +627,7 @@ void SimpleIndex::MergeInitializingSet( #if defined(OS_ANDROID) void SimpleIndex::OnApplicationStateChange( base::android::ApplicationState state) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); // For more info about android activities, see: // developer.android.com/training/basics/activity-lifecycle/pausing.html if (state == base::android::APPLICATION_STATE_HAS_RUNNING_ACTIVITIES) { @@ -641,7 +641,7 @@ void SimpleIndex::OnApplicationStateChange( #endif void SimpleIndex::WriteToDisk(IndexWriteToDiskReason reason) { - DCHECK(io_thread_checker_.CalledOnValidThread()); + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); if (!initialized_) return; diff --git a/chromium/net/disk_cache/simple/simple_index.h b/chromium/net/disk_cache/simple/simple_index.h index c3e3e028f34..f021cf1e382 100644 --- a/chromium/net/disk_cache/simple/simple_index.h +++ b/chromium/net/disk_cache/simple/simple_index.h @@ -20,8 +20,8 @@ #include "base/memory/ref_counted.h" #include "base/memory/weak_ptr.h" #include "base/numerics/safe_conversions.h" -#include "base/single_thread_task_runner.h" -#include "base/threading/thread_checker.h" +#include "base/sequence_checker.h" +#include "base/sequenced_task_runner.h" #include "base/time/time.h" #include "base/timer/timer.h" #include "build/build_config.h" @@ -134,7 +134,7 @@ class NET_EXPORT_PRIVATE SimpleIndex typedef std::vector HashList; - SimpleIndex(const scoped_refptr& io_thread, + SimpleIndex(const scoped_refptr& task_runner, scoped_refptr cleanup_tracker, SimpleIndexDelegate* delegate, net::CacheType cache_type, @@ -289,11 +289,12 @@ class NET_EXPORT_PRIVATE SimpleIndex std::unique_ptr index_file_; - scoped_refptr io_thread_; + scoped_refptr task_runner_; - // All nonstatic SimpleEntryImpl methods should always be called on the IO - // thread, in all cases. |io_thread_checker_| documents and enforces this. - base::ThreadChecker io_thread_checker_; + // All nonstatic SimpleEntryImpl methods should always be called on its + // creation sequance, in all cases. |sequence_checker_| documents and + // enforces this. + SEQUENCE_CHECKER(sequence_checker_); // Timestamp of the last time we wrote the index to disk. // PostponeWritingToDisk() may give up postponing and allow the write if it diff --git a/chromium/net/disk_cache/simple/simple_index_file.h b/chromium/net/disk_cache/simple/simple_index_file.h index b8272fb596e..14e2da49c33 100644 --- a/chromium/net/disk_cache/simple/simple_index_file.h +++ b/chromium/net/disk_cache/simple/simple_index_file.h @@ -48,7 +48,7 @@ struct NET_EXPORT_PRIVATE SimpleIndexLoadResult { // the format see |SimpleIndexFile::Serialize()| and // |SimpleIndexFile::LoadFromDisk()|. // -// The non-static methods must run on the IO thread. All the real +// The non-static methods must run on the source creation sequence. All the real // work is done in the static methods, which are run on the cache thread // or in worker threads. Synchronization between methods is the // responsibility of the caller. @@ -121,7 +121,8 @@ class NET_EXPORT_PRIVATE SimpleIndexFile { int64_t size)>; // When loading the entries from disk, add this many extra hash buckets to - // prevent reallocation on the IO thread when merging in new live entries. + // prevent reallocation on the creation sequence when merging in new live + // entries. static const int kExtraSizeForMerge = 512; // Synchronous (IO performing) implementation of LoadIndexEntries. diff --git a/chromium/net/disk_cache/simple/simple_net_log_parameters.cc b/chromium/net/disk_cache/simple/simple_net_log_parameters.cc index 63f1c14b853..ce4889b81a0 100644 --- a/chromium/net/disk_cache/simple/simple_net_log_parameters.cc +++ b/chromium/net/disk_cache/simple/simple_net_log_parameters.cc @@ -18,19 +18,17 @@ namespace { -base::Value NetLogSimpleEntryConstructionCallback( - const disk_cache::SimpleEntryImpl* entry, - net::NetLogCaptureMode capture_mode) { +base::Value NetLogSimpleEntryConstructionParams( + const disk_cache::SimpleEntryImpl* entry) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetStringKey("entry_hash", base::StringPrintf("%#016" PRIx64, entry->entry_hash())); return dict; } -base::Value NetLogSimpleEntryCreationCallback( +base::Value NetLogSimpleEntryCreationParams( const disk_cache::SimpleEntryImpl* entry, - int net_error, - net::NetLogCaptureMode /* capture_mode */) { + int net_error) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetIntKey("net_error", net_error); if (net_error == net::OK) @@ -42,19 +40,24 @@ base::Value NetLogSimpleEntryCreationCallback( namespace disk_cache { -net::NetLogParametersCallback CreateNetLogSimpleEntryConstructionCallback( - const SimpleEntryImpl* entry) { +void NetLogSimpleEntryConstruction(const net::NetLogWithSource& net_log, + net::NetLogEventType type, + net::NetLogEventPhase phase, + const SimpleEntryImpl* entry) { DCHECK(entry); - return base::Bind(&NetLogSimpleEntryConstructionCallback, - base::Unretained(entry)); + net_log.AddEntry(type, phase, + [&] { return NetLogSimpleEntryConstructionParams(entry); }); } -net::NetLogParametersCallback CreateNetLogSimpleEntryCreationCallback( - const SimpleEntryImpl* entry, - int net_error) { +void NetLogSimpleEntryCreation(const net::NetLogWithSource& net_log, + net::NetLogEventType type, + net::NetLogEventPhase phase, + const SimpleEntryImpl* entry, + int net_error) { DCHECK(entry); - return base::Bind(&NetLogSimpleEntryCreationCallback, base::Unretained(entry), - net_error); + net_log.AddEntry(type, phase, [&] { + return NetLogSimpleEntryCreationParams(entry, net_error); + }); } } // namespace disk_cache diff --git a/chromium/net/disk_cache/simple/simple_net_log_parameters.h b/chromium/net/disk_cache/simple/simple_net_log_parameters.h index 39b105a4408..443edb30377 100644 --- a/chromium/net/disk_cache/simple/simple_net_log_parameters.h +++ b/chromium/net/disk_cache/simple/simple_net_log_parameters.h @@ -5,7 +5,7 @@ #ifndef NET_DISK_CACHE_SIMPLE_SIMPLE_NET_LOG_PARAMETERS_H_ #define NET_DISK_CACHE_SIMPLE_SIMPLE_NET_LOG_PARAMETERS_H_ -#include "net/log/net_log_parameters_callback.h" +#include "net/log/net_log_with_source.h" // This file augments the functions in net/disk_cache/net_log_parameters.h to // include ones that deal with specifics of the Simple Cache backend. @@ -13,19 +13,21 @@ namespace disk_cache { class SimpleEntryImpl; -// Creates a NetLog callback that returns parameters for the construction of a -// SimpleEntryImpl. Contains the entry's hash. |entry| can't be NULL and must -// outlive the returned callback. -net::NetLogParametersCallback CreateNetLogSimpleEntryConstructionCallback( - const SimpleEntryImpl* entry); - -// Creates a NetLog callback that returns parameters for the result of calling -// |CreateEntry| or |OpenEntry| on a SimpleEntryImpl. Contains the |net_error| -// and, if successful, the entry's key. |entry| can't be NULL and must outlive -// the returned callback. -net::NetLogParametersCallback CreateNetLogSimpleEntryCreationCallback( - const SimpleEntryImpl* entry, - int net_error); +// Logs the construction of a SimpleEntryImpl. Contains the entry's hash. +// |entry| can't be nullptr. +void NetLogSimpleEntryConstruction(const net::NetLogWithSource& net_log, + net::NetLogEventType type, + net::NetLogEventPhase phase, + const SimpleEntryImpl* entry); + +// Logs a call to |CreateEntry| or |OpenEntry| on a SimpleEntryImpl. Contains +// the |net_error| and, if successful, the entry's key. |entry| can't be +// nullptr. +void NetLogSimpleEntryCreation(const net::NetLogWithSource& net_log, + net::NetLogEventType type, + net::NetLogEventPhase phase, + const SimpleEntryImpl* entry, + int net_error); } // namespace disk_cache diff --git a/chromium/net/dns/BUILD.gn b/chromium/net/dns/BUILD.gn index 472bbf37c74..efca16752d9 100644 --- a/chromium/net/dns/BUILD.gn +++ b/chromium/net/dns/BUILD.gn @@ -5,7 +5,7 @@ import("//net/features.gni") import("//testing/libfuzzer/fuzzer_test.gni") -enable_built_in_dns = !is_ios && !is_proto_quic +enable_built_in_dns = !is_ios source_set("dns") { # Due to circular dependencies, should only be depended on through //net. @@ -73,6 +73,8 @@ source_set("dns") { "record_rdata.cc", "serial_worker.cc", "serial_worker.h", + "system_dns_config_change_notifier.cc", + "system_dns_config_change_notifier.h", ] if (is_fuchsia) { @@ -386,6 +388,7 @@ source_set("tests") { "record_parsed_unittest.cc", "record_rdata_unittest.cc", "serial_worker_unittest.cc", + "system_dns_config_change_notifier_unittest.cc", ] if (is_posix) { @@ -420,10 +423,12 @@ source_set("test_support") { sources = [ "dns_test_util.cc", "mock_host_resolver.cc", + "test_dns_config_service.cc", ] public = [ "dns_test_util.h", "mock_host_resolver.h", + "test_dns_config_service.h", ] if (enable_mdns) { @@ -456,6 +461,9 @@ source_set("fuzzer_test_support") { "//base/test:test_support", "//net", ] + public_deps = [ + "//third_party/libFuzzer:fuzzed_data_provider", + ] } fuzzer_test("net_dns_hosts_parse_fuzzer") { diff --git a/chromium/net/dns/address_sorter_posix_unittest.cc b/chromium/net/dns/address_sorter_posix_unittest.cc index 9597a80603b..3a411b276c3 100644 --- a/chromium/net/dns/address_sorter_posix_unittest.cc +++ b/chromium/net/dns/address_sorter_posix_unittest.cc @@ -159,12 +159,12 @@ class TestSocketFactory : public ClientSocketFactory { return nullptr; } std::unique_ptr CreateSSLClientSocket( + SSLClientContext*, std::unique_ptr, const HostPortPair&, - const SSLConfig&, - const SSLClientSocketContext&) override { + const SSLConfig&) override { NOTIMPLEMENTED(); - return std::unique_ptr(); + return nullptr; } std::unique_ptr CreateProxyClientSocket( std::unique_ptr stream_socket, diff --git a/chromium/net/dns/context_host_resolver_unittest.cc b/chromium/net/dns/context_host_resolver_unittest.cc index 240b1273bd0..7f00e241411 100644 --- a/chromium/net/dns/context_host_resolver_unittest.cc +++ b/chromium/net/dns/context_host_resolver_unittest.cc @@ -71,13 +71,11 @@ TEST_F(ContextHostResolverTest, Resolve) { URLRequestContext context; MockDnsClientRuleList rules; - rules.emplace_back("example.com", dns_protocol::kTypeA, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("example.com", dns_protocol::kTypeA, false /* secure */, MockDnsClientRule::Result(BuildTestDnsResponse( "example.com", kEndpoint.address())), false /* delay */, &context); - rules.emplace_back("example.com", dns_protocol::kTypeAAAA, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("example.com", dns_protocol::kTypeAAAA, false /* secure */, MockDnsClientRule::Result(MockDnsClientRule::EMPTY), false /* delay */, &context); SetMockDnsRules(std::move(rules)); @@ -100,13 +98,11 @@ TEST_F(ContextHostResolverTest, Resolve) { TEST_F(ContextHostResolverTest, DestroyRequest) { // Setup delayed results for "example.com". MockDnsClientRuleList rules; - rules.emplace_back("example.com", dns_protocol::kTypeA, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("example.com", dns_protocol::kTypeA, false /* secure */, MockDnsClientRule::Result(BuildTestDnsResponse( "example.com", IPAddress(1, 2, 3, 4))), true /* delay */); - rules.emplace_back("example.com", dns_protocol::kTypeAAAA, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("example.com", dns_protocol::kTypeAAAA, false /* secure */, MockDnsClientRule::Result(MockDnsClientRule::EMPTY), false /* delay */); SetMockDnsRules(std::move(rules)); @@ -136,22 +132,18 @@ TEST_F(ContextHostResolverTest, DestroyRequest) { TEST_F(ContextHostResolverTest, DestroyResolver) { // Setup delayed results for "example.com" and "google.com". MockDnsClientRuleList rules; - rules.emplace_back("example.com", dns_protocol::kTypeA, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("example.com", dns_protocol::kTypeA, false /* secure */, MockDnsClientRule::Result(BuildTestDnsResponse( "example.com", IPAddress(2, 3, 4, 5))), true /* delay */); - rules.emplace_back("example.com", dns_protocol::kTypeAAAA, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("example.com", dns_protocol::kTypeAAAA, false /* secure */, MockDnsClientRule::Result(MockDnsClientRule::EMPTY), false /* delay */); - rules.emplace_back("google.com", dns_protocol::kTypeA, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("google.com", dns_protocol::kTypeA, false /* secure */, MockDnsClientRule::Result(BuildTestDnsResponse( "google.com", kEndpoint.address())), true /* delay */); - rules.emplace_back("google.com", dns_protocol::kTypeAAAA, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("google.com", dns_protocol::kTypeAAAA, false /* secure */, MockDnsClientRule::Result(MockDnsClientRule::EMPTY), false /* delay */); SetMockDnsRules(std::move(rules)); @@ -193,13 +185,11 @@ TEST_F(ContextHostResolverTest, DestroyResolver) { TEST_F(ContextHostResolverTest, DestroyResolver_RemainingRequests) { // Setup delayed results for "example.com". MockDnsClientRuleList rules; - rules.emplace_back("example.com", dns_protocol::kTypeA, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("example.com", dns_protocol::kTypeA, false /* secure */, MockDnsClientRule::Result(BuildTestDnsResponse( "example.com", kEndpoint.address())), true /* delay */); - rules.emplace_back("example.com", dns_protocol::kTypeAAAA, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("example.com", dns_protocol::kTypeAAAA, false /* secure */, MockDnsClientRule::Result(MockDnsClientRule::EMPTY), false /* delay */); SetMockDnsRules(std::move(rules)); @@ -240,13 +230,11 @@ TEST_F(ContextHostResolverTest, DestroyResolver_RemainingRequests) { TEST_F(ContextHostResolverTest, DestroyResolver_CompletedRequests) { MockDnsClientRuleList rules; - rules.emplace_back("example.com", dns_protocol::kTypeA, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("example.com", dns_protocol::kTypeA, false /* secure */, MockDnsClientRule::Result(BuildTestDnsResponse( "example.com", kEndpoint.address())), false /* delay */); - rules.emplace_back("example.com", dns_protocol::kTypeAAAA, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("example.com", dns_protocol::kTypeAAAA, false /* secure */, MockDnsClientRule::Result(MockDnsClientRule::EMPTY), false /* delay */); SetMockDnsRules(std::move(rules)); @@ -300,13 +288,11 @@ TEST_F(ContextHostResolverTest, ResolveFromCache) { TEST_F(ContextHostResolverTest, ResultsAddedToCache) { MockDnsClientRuleList rules; - rules.emplace_back("example.com", dns_protocol::kTypeA, - DnsConfig::DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("example.com", dns_protocol::kTypeA, false /* secure */, MockDnsClientRule::Result(BuildTestDnsResponse( "example.com", kEndpoint.address())), false /* delay */); - rules.emplace_back("example.com", dns_protocol::kTypeAAAA, - DnsConfig::DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("example.com", dns_protocol::kTypeAAAA, false /* secure */, MockDnsClientRule::Result(MockDnsClientRule::EMPTY), false /* delay */); SetMockDnsRules(std::move(rules)); diff --git a/chromium/net/dns/dns_config.cc b/chromium/net/dns/dns_config.cc index 8853d5b54f6..71e912f5d88 100644 --- a/chromium/net/dns/dns_config.cc +++ b/chromium/net/dns/dns_config.cc @@ -12,8 +12,15 @@ namespace net { // Default values are taken from glibc resolv.h except timeout which is set to // |kDnsDefaultTimeoutMs|. -DnsConfig::DnsConfig() - : unhandled_options(false), +DnsConfig::DnsConfig() : DnsConfig(std::vector()) {} + +DnsConfig::DnsConfig(const DnsConfig& other) = default; + +DnsConfig::DnsConfig(DnsConfig&& other) = default; + +DnsConfig::DnsConfig(std::vector nameservers) + : nameservers(std::move(nameservers)), + unhandled_options(false), append_to_multi_label_name(true), randomize_ports(false), ndots(1), @@ -23,10 +30,6 @@ DnsConfig::DnsConfig() use_local_ipv6(false), secure_dns_mode(SecureDnsMode::OFF) {} -DnsConfig::DnsConfig(const DnsConfig& other) = default; - -DnsConfig::DnsConfig(DnsConfig&& other) = default; - DnsConfig::~DnsConfig() = default; DnsConfig& DnsConfig::operator=(const DnsConfig& other) = default; @@ -37,6 +40,10 @@ bool DnsConfig::Equals(const DnsConfig& d) const { return EqualsIgnoreHosts(d) && (hosts == d.hosts); } +bool DnsConfig::operator==(const DnsConfig& d) const { + return Equals(d); +} + bool DnsConfig::EqualsIgnoreHosts(const DnsConfig& d) const { return (nameservers == d.nameservers) && (search == d.search) && (unhandled_options == d.unhandled_options) && diff --git a/chromium/net/dns/dns_config.h b/chromium/net/dns/dns_config.h index 3f2a85ce849..a8dbf813a80 100644 --- a/chromium/net/dns/dns_config.h +++ b/chromium/net/dns/dns_config.h @@ -28,12 +28,14 @@ struct NET_EXPORT DnsConfig { DnsConfig(); DnsConfig(const DnsConfig& other); DnsConfig(DnsConfig&& other); + explicit DnsConfig(std::vector nameservers); ~DnsConfig(); DnsConfig& operator=(const DnsConfig& other); DnsConfig& operator=(DnsConfig&& other); bool Equals(const DnsConfig& d) const; + bool operator==(const DnsConfig& d) const; bool EqualsIgnoreHosts(const DnsConfig& d) const; diff --git a/chromium/net/dns/dns_config_service.cc b/chromium/net/dns/dns_config_service.cc index 25060e68be6..1d7d0cc510a 100644 --- a/chromium/net/dns/dns_config_service.cc +++ b/chromium/net/dns/dns_config_service.cc @@ -16,7 +16,9 @@ DnsConfigService::DnsConfigService() have_config_(false), have_hosts_(false), need_update_(false), - last_sent_empty_(true) {} + last_sent_empty_(true) { + DETACH_FROM_SEQUENCE(sequence_checker_); +} DnsConfigService::~DnsConfigService() { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); @@ -39,6 +41,11 @@ void DnsConfigService::WatchConfig(const CallbackType& callback) { ReadNow(); } +void DnsConfigService::RefreshConfig() { + // Overridden on supported platforms. + NOTREACHED(); +} + void DnsConfigService::InvalidateConfig() { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); base::TimeTicks now = base::TimeTicks::Now(); diff --git a/chromium/net/dns/dns_config_service.h b/chromium/net/dns/dns_config_service.h index 97a211ee8aa..f00466ea03a 100644 --- a/chromium/net/dns/dns_config_service.h +++ b/chromium/net/dns/dns_config_service.h @@ -29,7 +29,8 @@ class NET_EXPORT_PRIVATE DnsConfigService { // ReadConfig() and WatchConfig(). typedef base::Callback CallbackType; - // Creates the platform-specific DnsConfigService. + // Creates the platform-specific DnsConfigService. May return |nullptr| if + // reading system DNS settings is not supported on the current platform. static std::unique_ptr CreateSystemService(); DnsConfigService(); @@ -45,6 +46,11 @@ class NET_EXPORT_PRIVATE DnsConfigService { // Might require MessageLoopForIO. void WatchConfig(const CallbackType& callback); + // Triggers invalidation and re-read of the current configuration (followed by + // invocation of the callback). For use only on platforms expecting + // network-stack-external notifications of DNS config changes. + virtual void RefreshConfig(); + protected: enum WatchStatus { DNS_CONFIG_WATCH_STARTED = 0, diff --git a/chromium/net/dns/dns_config_service_fuchsia.cc b/chromium/net/dns/dns_config_service_fuchsia.cc index 21d4e5526a7..1673b6d5411 100644 --- a/chromium/net/dns/dns_config_service_fuchsia.cc +++ b/chromium/net/dns/dns_config_service_fuchsia.cc @@ -17,8 +17,6 @@ DnsConfigServiceFuchsia::~DnsConfigServiceFuchsia() = default; void DnsConfigServiceFuchsia::ReadNow() { // TODO(crbug.com/950717): Implement this method. - OnConfigRead(DnsConfig()); - OnHostsRead(DnsHosts()); } bool DnsConfigServiceFuchsia::StartWatching() { diff --git a/chromium/net/dns/dns_config_service_posix.cc b/chromium/net/dns/dns_config_service_posix.cc index 48ee9253d64..ee2d5721425 100644 --- a/chromium/net/dns/dns_config_service_posix.cc +++ b/chromium/net/dns/dns_config_service_posix.cc @@ -239,8 +239,7 @@ ConfigParsePosixResult ReadDnsConfig(DnsConfig* dns_config) { class DnsConfigServicePosix::Watcher { public: - explicit Watcher(DnsConfigServicePosix* service) - : service_(service), weak_factory_(this) {} + explicit Watcher(DnsConfigServicePosix* service) : service_(service) {} ~Watcher() = default; bool Watch() { @@ -294,7 +293,7 @@ class DnsConfigServicePosix::Watcher { base::FilePathWatcher hosts_watcher_; #endif // !defined(OS_ANDROID) && !defined(OS_IOS) - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(Watcher); }; @@ -412,6 +411,12 @@ DnsConfigServicePosix::~DnsConfigServicePosix() { hosts_reader_->Cancel(); } +void DnsConfigServicePosix::RefreshConfig() { + InvalidateConfig(); + InvalidateHosts(); + ReadNow(); +} + void DnsConfigServicePosix::ReadNow() { config_reader_->WorkNow(); hosts_reader_->WorkNow(); @@ -571,8 +576,15 @@ ConfigParsePosixResult ConvertResStateToDnsConfig(const struct __res_state& res, // static std::unique_ptr DnsConfigService::CreateSystemService() { + // DnsConfigService on iOS doesn't watch the config so its result can become + // inaccurate at any time. Disable it to prevent promulgation of inaccurate + // DnsConfigs. +#ifdef OS_IOS + return nullptr; +#else // defined(OS_IOS) return std::unique_ptr( new internal::DnsConfigServicePosix()); +#endif // defined(OS_IOS) } } // namespace net diff --git a/chromium/net/dns/dns_config_service_posix.h b/chromium/net/dns/dns_config_service_posix.h index 9a8e1ba5634..342b108d02e 100644 --- a/chromium/net/dns/dns_config_service_posix.h +++ b/chromium/net/dns/dns_config_service_posix.h @@ -5,6 +5,8 @@ #ifndef NET_DNS_DNS_CONFIG_SERVICE_POSIX_H_ #define NET_DNS_DNS_CONFIG_SERVICE_POSIX_H_ +#include + #if !defined(OS_ANDROID) #include #include @@ -34,6 +36,8 @@ class NET_EXPORT_PRIVATE DnsConfigServicePosix : public DnsConfigService { DnsConfigServicePosix(); ~DnsConfigServicePosix() override; + void RefreshConfig() override; + protected: // DnsConfigService: void ReadNow() override; diff --git a/chromium/net/dns/dns_config_service_posix_unittest.cc b/chromium/net/dns/dns_config_service_posix_unittest.cc index 346fe531284..c8d09d968b4 100644 --- a/chromium/net/dns/dns_config_service_posix_unittest.cc +++ b/chromium/net/dns/dns_config_service_posix_unittest.cc @@ -256,7 +256,7 @@ TEST_F(DnsConfigServicePosixTest, ChangeConfigMultipleTimes) { scoped_task_environment_.RunUntilIdle(); for (int i = 0; i < 5; i++) { - service_->OnConfigChanged(true); + service_->RefreshConfig(); // Wait for config read after the change. OnConfigChanged() will only be // called if the new config is different from the old one, so this can't be // ExpectChange(). diff --git a/chromium/net/dns/dns_config_service_unittest.cc b/chromium/net/dns/dns_config_service_unittest.cc index 2fff61608e9..39c63de11e3 100644 --- a/chromium/net/dns/dns_config_service_unittest.cc +++ b/chromium/net/dns/dns_config_service_unittest.cc @@ -15,6 +15,7 @@ #include "base/test/test_timeouts.h" #include "base/threading/thread_task_runner_handle.h" #include "net/dns/public/dns_protocol.h" +#include "net/dns/test_dns_config_service.h" #include "net/test/test_with_scoped_task_environment.h" #include "testing/gtest/include/gtest/gtest.h" @@ -31,33 +32,6 @@ class DnsConfigServiceTest : public TestWithScopedTaskEnvironment { } protected: - class TestDnsConfigService : public DnsConfigService { - public: - void ReadNow() override {} - bool StartWatching() override { return true; } - - // Expose the protected methods to this test suite. - void InvalidateConfig() { - DnsConfigService::InvalidateConfig(); - } - - void InvalidateHosts() { - DnsConfigService::InvalidateHosts(); - } - - void OnConfigRead(const DnsConfig& config) { - DnsConfigService::OnConfigRead(config); - } - - void OnHostsRead(const DnsHosts& hosts) { - DnsConfigService::OnHostsRead(hosts); - } - - void set_watch_failed(bool value) { - DnsConfigService::set_watch_failed(value); - } - }; - void WaitForConfig(base::TimeDelta timeout) { base::RunLoop run_loop; base::ThreadTaskRunnerHandle::Get()->PostDelayedTask( diff --git a/chromium/net/dns/dns_query.cc b/chromium/net/dns/dns_query.cc index 797b8fe2dcd..90176623c05 100644 --- a/chromium/net/dns/dns_query.cc +++ b/chromium/net/dns/dns_query.cc @@ -4,10 +4,13 @@ #include "net/dns/dns_query.h" +#include + #include "base/big_endian.h" #include "base/logging.h" #include "base/memory/ptr_util.h" #include "base/numerics/safe_conversions.h" +#include "base/optional.h" #include "base/sys_byteorder.h" #include "net/base/io_buffer.h" #include "net/dns/dns_util.h" @@ -28,10 +31,63 @@ static const size_t kOptRRFixedSize = 11; // TODO(robpercival): Determine a good value for this programmatically. const uint16_t kMaxUdpPayloadSize = 4096; +size_t QuestionSize(size_t qname_size) { + // QNAME + QTYPE + QCLASS + return qname_size + sizeof(uint16_t) + sizeof(uint16_t); +} + +// Buffer size of Opt record for |rdata| (does not include Opt record or RData +// added for padding). size_t OptRecordSize(const OptRecordRdata* rdata) { return rdata == nullptr ? 0 : kOptRRFixedSize + rdata->buf().size(); } +// Padding size includes Opt header for the padding. Does not include OptRecord +// header (kOptRRFixedSize) even when added just for padding. +size_t DeterminePaddingSize(size_t unpadded_size, + DnsQuery::PaddingStrategy padding_strategy) { + switch (padding_strategy) { + case DnsQuery::PaddingStrategy::NONE: + return 0; + case DnsQuery::PaddingStrategy::BLOCK_LENGTH_128: + size_t padding_size = OptRecordRdata::Opt::kHeaderSize; + size_t remainder = (padding_size + unpadded_size) % 128; + padding_size += (128 - remainder) % 128; + DCHECK_EQ((unpadded_size + padding_size) % 128, 0u); + return padding_size; + } +} + +base::Optional AddPaddingIfNecessary( + const OptRecordRdata* opt_rdata, + DnsQuery::PaddingStrategy padding_strategy, + size_t no_opt_buffer_size) { + // If no input OPT record rdata and no padding, no OPT record rdata needed. + if (!opt_rdata && padding_strategy == DnsQuery::PaddingStrategy::NONE) + return base::nullopt; + + OptRecordRdata merged_opt_rdata; + if (opt_rdata) + merged_opt_rdata.AddOpts(*opt_rdata); + + size_t unpadded_size = no_opt_buffer_size + OptRecordSize(&merged_opt_rdata); + size_t padding_size = DeterminePaddingSize(unpadded_size, padding_strategy); + + if (padding_size > 0) { + // |opt_rdata| must not already contain padding if DnsQuery is to add + // padding. + DCHECK(!merged_opt_rdata.ContainsOptCode(dns_protocol::kEdnsPadding)); + // OPT header is the minimum amount of padding. + DCHECK(padding_size >= OptRecordRdata::Opt::kHeaderSize); + + merged_opt_rdata.AddOpt(OptRecordRdata::Opt( + dns_protocol::kEdnsPadding, + std::string(padding_size - OptRecordRdata::Opt::kHeaderSize, 0))); + } + + return merged_opt_rdata; +} + } // namespace // DNS query consists of a 12-byte header followed by a question section. @@ -41,12 +97,20 @@ size_t OptRecordSize(const OptRecordRdata* rdata) { DnsQuery::DnsQuery(uint16_t id, const base::StringPiece& qname, uint16_t qtype, - const OptRecordRdata* opt_rdata) - : qname_size_(qname.size()), - io_buffer_(base::MakeRefCounted( - kHeaderSize + question_size() + OptRecordSize(opt_rdata))), - header_(reinterpret_cast(io_buffer_->data())) { + const OptRecordRdata* opt_rdata, + PaddingStrategy padding_strategy) + : qname_size_(qname.size()) { DCHECK(!DNSDomainToString(qname).empty()); + + size_t buffer_size = kHeaderSize + QuestionSize(qname_size_); + base::Optional merged_opt_rdata = + AddPaddingIfNecessary(opt_rdata, padding_strategy, buffer_size); + if (merged_opt_rdata) + buffer_size += OptRecordSize(&merged_opt_rdata.value()); + + io_buffer_ = base::MakeRefCounted(buffer_size); + + header_ = reinterpret_cast(io_buffer_->data()); *header_ = {}; header_->id = base::HostToNet16(id); header_->flags = base::HostToNet16(dns_protocol::kFlagRD); @@ -59,7 +123,9 @@ DnsQuery::DnsQuery(uint16_t id, writer.WriteU16(qtype); writer.WriteU16(dns_protocol::kClassIN); - if (opt_rdata != nullptr) { + if (merged_opt_rdata) { + DCHECK(!merged_opt_rdata.value().opts().empty()); + header_->arcount = base::HostToNet16(1); // Write OPT pseudo-resource record. writer.WriteU8(0); // empty domain name (root domain) @@ -71,9 +137,11 @@ DnsQuery::DnsQuery(uint16_t id, // TODO(robpercival): Set "DNSSEC OK" flag if/when DNSSEC is supported: // https://tools.ietf.org/html/rfc3225#section-3 writer.WriteU16(0); // flags + // rdata - writer.WriteU16(opt_rdata->buf().size()); // rdata length - writer.WriteBytes(opt_rdata->buf().data(), opt_rdata->buf().size()); + writer.WriteU16(merged_opt_rdata.value().buf().size()); // rdata length + writer.WriteBytes(merged_opt_rdata.value().buf().data(), + merged_opt_rdata.value().buf().size()); } } @@ -140,7 +208,12 @@ uint16_t DnsQuery::qtype() const { } base::StringPiece DnsQuery::question() const { - return base::StringPiece(io_buffer_->data() + kHeaderSize, question_size()); + return base::StringPiece(io_buffer_->data() + kHeaderSize, + QuestionSize(qname_size_)); +} + +size_t DnsQuery::question_size() const { + return QuestionSize(qname_size_); } void DnsQuery::set_flags(uint16_t flags) { diff --git a/chromium/net/dns/dns_query.h b/chromium/net/dns/dns_query.h index 981cc9e8293..6ca6a1e93f0 100644 --- a/chromium/net/dns/dns_query.h +++ b/chromium/net/dns/dns_query.h @@ -9,6 +9,7 @@ #include #include +#include #include "base/macros.h" #include "base/memory/ref_counted.h" @@ -32,19 +33,31 @@ class IOBufferWithSize; // Represents on-the-wire DNS query message as an object. class NET_EXPORT_PRIVATE DnsQuery { public: + enum class PaddingStrategy { + // Query will not be padded. Recommended strategy when query will not be + // encrypted. + NONE, + + // Query will be padded to the next multiple of 128 octets. Recommended + // strategy (per RFC 8467) when query will be encrypted, e.g. through + // DNS-over-HTTPS. + BLOCK_LENGTH_128, + }; + // Constructs a query message from |qname| which *MUST* be in a valid // DNS name format, and |qtype|. The qclass is set to IN. - // If opt_rdata is not null, an OPT record will be added to the "Additional" + // If |opt_rdata| is not null, an OPT record will be added to the "Additional" // section of the query. DnsQuery(uint16_t id, const base::StringPiece& qname, uint16_t qtype, - const OptRecordRdata* opt_rdata = nullptr); + const OptRecordRdata* opt_rdata = nullptr, + PaddingStrategy padding_strategy = PaddingStrategy::NONE); // Constructs an empty query from a raw packet in |buffer|. If the raw packet // represents a valid DNS query in the wire format (RFC 1035), Parse() will // populate the empty query. - DnsQuery(scoped_refptr buffer); + explicit DnsQuery(scoped_refptr buffer); ~DnsQuery(); @@ -72,10 +85,7 @@ class NET_EXPORT_PRIVATE DnsQuery { base::StringPiece question() const; // Returns the size of the question section. - size_t question_size() const { - // QNAME + QTYPE + QCLASS - return qname_size_ + sizeof(uint16_t) + sizeof(uint16_t); - } + size_t question_size() const; // IOBuffer accessor to be used for writing out the query. The buffer has // the same byte layout as the DNS query wire format. diff --git a/chromium/net/dns/dns_query_unittest.cc b/chromium/net/dns/dns_query_unittest.cc index 40009e6e08d..3e5990887c0 100644 --- a/chromium/net/dns/dns_query_unittest.cc +++ b/chromium/net/dns/dns_query_unittest.cc @@ -4,8 +4,11 @@ #include "net/dns/dns_query.h" +#include + #include "base/stl_util.h" #include "net/base/io_buffer.h" +#include "net/dns/dns_util.h" #include "net/dns/public/dns_protocol.h" #include "net/dns/record_rdata.h" #include "testing/gmock/include/gmock/gmock.h" @@ -38,6 +41,7 @@ const char kQNameData[] = "example" "\x03" "com"; +const base::StringPiece kQName(kQNameData, sizeof(kQNameData)); TEST(DnsQueryTest, Constructor) { // This includes \0 at the end. @@ -56,11 +60,10 @@ TEST(DnsQueryTest, Constructor) { 0x00, 0x01, // QCLASS: IN class. }; - base::StringPiece qname(kQNameData, sizeof(kQNameData)); - DnsQuery q1(0xbeef, qname, dns_protocol::kTypeA); + DnsQuery q1(0xbeef, kQName, dns_protocol::kTypeA); EXPECT_EQ(dns_protocol::kTypeA, q1.qtype()); EXPECT_THAT(AsTuple(q1.io_buffer()), ElementsAreArray(query_data)); - EXPECT_EQ(qname, q1.qname()); + EXPECT_EQ(kQName, q1.qname()); base::StringPiece question(reinterpret_cast(query_data) + 12, 21); @@ -117,6 +120,42 @@ TEST(DnsQueryTest, EDNS0) { EXPECT_EQ(question, q1.question()); } +TEST(DnsQueryTest, Block128Padding) { + DnsQuery query(46 /* id */, kQName, dns_protocol::kTypeAAAA, + nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + + // Query is expected to be short and fit in a single 128-byte padded block. + EXPECT_EQ(128, query.io_buffer()->size()); + + // Ensure created query still parses as expected. + DnsQuery parsed_query(query.io_buffer()); + ASSERT_TRUE(parsed_query.Parse(query.io_buffer()->size())); + EXPECT_EQ(kQName, parsed_query.qname()); + EXPECT_EQ(dns_protocol::kTypeAAAA, parsed_query.qtype()); +} + +TEST(DnsQueryTest, Block128Padding_LongName) { + std::string qname; + DNSDomainFromDot( + "really.long.domain.name.that.will.push.us.past.the.128.byte.block.size." + "because.it.would.be.nice.to.test.something.realy.long.like.that.com", + &qname); + DnsQuery query(112 /* id */, qname, dns_protocol::kTypeAAAA, + nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + + // Query is expected to pad into a second 128-byte block. + EXPECT_EQ(256, query.io_buffer()->size()); + EXPECT_EQ(qname, query.qname()); + + // Ensure created query still parses as expected. + DnsQuery parsed_query(query.io_buffer()); + ASSERT_TRUE(parsed_query.Parse(query.io_buffer()->size())); + EXPECT_EQ(qname, parsed_query.qname()); + EXPECT_EQ(dns_protocol::kTypeAAAA, parsed_query.qtype()); +} + TEST(DnsQueryParseTest, SingleQuestionForTypeARecord) { const uint8_t query_data[] = { 0x12, 0x34, // ID diff --git a/chromium/net/dns/dns_response.cc b/chromium/net/dns/dns_response.cc index 2e7fab29f74..1f461017f45 100644 --- a/chromium/net/dns/dns_response.cc +++ b/chromium/net/dns/dns_response.cc @@ -32,10 +32,6 @@ const size_t kHeaderSize = sizeof(dns_protocol::Header); const uint8_t kRcodeMask = 0xf; -// RFC 1035, Section 4.1.3. -// TYPE (2 bytes) + CLASS (2 bytes) + TTL (4 bytes) + RDLENGTH (2 bytes) -const size_t kResourceRecordSizeInBytesWithoutNameAndRData = 10; - } // namespace DnsResourceRecord::DnsResourceRecord() = default; @@ -109,7 +105,7 @@ size_t DnsResourceRecord::CalculateRecordSize() const { // 1 byte (with dot) or 2 bytes larger in size. See RFC 1035, Section 3.1 and // DNSDomainFromDot. return name.size() + (has_final_dot ? 1 : 2) + - kResourceRecordSizeInBytesWithoutNameAndRData + + net::dns_protocol::kResourceRecordSizeInBytesWithoutNameAndRData + (owned_rdata.empty() ? rdata.size() : owned_rdata.size()); } @@ -363,9 +359,10 @@ DnsResponse::DnsResponse(const void* data, size_t length, size_t answer_offset) DnsResponse::~DnsResponse() = default; bool DnsResponse::InitParse(size_t nbytes, const DnsQuery& query) { - // Response includes query, it should be at least that size. - if (nbytes < base::checked_cast(query.io_buffer()->size()) || - nbytes > io_buffer_size_) { + const base::StringPiece question = query.question(); + + // Response includes question, it should be at least that size. + if (nbytes < kHeaderSize + question.size() || nbytes > io_buffer_size_) { return false; } @@ -382,7 +379,6 @@ bool DnsResponse::InitParse(size_t nbytes, const DnsQuery& query) { return false; // Match the question section. - const base::StringPiece question = query.question(); if (question != base::StringPiece(io_buffer_->data() + kHeaderSize, question.size())) { return false; diff --git a/chromium/net/dns/dns_session.cc b/chromium/net/dns/dns_session.cc index 7ac72703f56..6164f313199 100644 --- a/chromium/net/dns/dns_session.cc +++ b/chromium/net/dns/dns_session.cc @@ -295,8 +295,8 @@ std::unique_ptr DnsSession::AllocateSocket( if (!socket.get()) return std::unique_ptr(); - socket->NetLog().BeginEvent(NetLogEventType::SOCKET_IN_USE, - source.ToEventParametersCallback()); + socket->NetLog().BeginEventReferencingSource(NetLogEventType::SOCKET_IN_USE, + source); SocketLease* lease = new SocketLease(this, server_index, std::move(socket)); return std::unique_ptr(lease); diff --git a/chromium/net/dns/dns_session_unittest.cc b/chromium/net/dns/dns_session_unittest.cc index a3bc61d600b..4a6ae5668ce 100644 --- a/chromium/net/dns/dns_session_unittest.cc +++ b/chromium/net/dns/dns_session_unittest.cc @@ -45,12 +45,12 @@ class TestClientSocketFactory : public ClientSocketFactory { } std::unique_ptr CreateSSLClientSocket( + SSLClientContext* context, std::unique_ptr stream_socket, const HostPortPair& host_and_port, - const SSLConfig& ssl_config, - const SSLClientSocketContext& context) override { + const SSLConfig& ssl_config) override { NOTIMPLEMENTED(); - return std::unique_ptr(); + return nullptr; } std::unique_ptr CreateProxyClientSocket( diff --git a/chromium/net/dns/dns_socket_pool_unittest.cc b/chromium/net/dns/dns_socket_pool_unittest.cc index eba97494267..2138518e5a1 100644 --- a/chromium/net/dns/dns_socket_pool_unittest.cc +++ b/chromium/net/dns/dns_socket_pool_unittest.cc @@ -16,14 +16,14 @@ namespace { class DummyObject { public: - DummyObject() : weak_factory_(this) {} + DummyObject() {} base::WeakPtr GetWeakPtr() { return weak_factory_.GetWeakPtr(); } bool HasWeakPtrs() const { return weak_factory_.HasWeakPtrs(); } private: - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(DummyObject); }; diff --git a/chromium/net/dns/dns_test_util.cc b/chromium/net/dns/dns_test_util.cc index 8394244aeaa..1910a8000cd 100644 --- a/chromium/net/dns/dns_test_util.cc +++ b/chromium/net/dns/dns_test_util.cc @@ -186,29 +186,26 @@ class MockTransaction : public DnsTransaction, MockTransaction(const MockDnsClientRuleList& rules, const std::string& hostname, uint16_t qtype, - DnsConfig::SecureDnsMode secure_dns_mode, + bool secure, URLRequestContext* url_request_context, DnsTransactionFactory::CallbackType callback) : result_(MockDnsClientRule::FAIL), hostname_(hostname), qtype_(qtype), callback_(std::move(callback)), - secure_(false), started_(false), delayed_(false) { - // Find the relevant rule which matches |qtype|, |secure_dns_mode|, prefix - // of |hostname|, and |url_request_context| (iff the rule context is not + // Find the relevant rule which matches |qtype|, |secure|, prefix of + // |hostname|, and |url_request_context| (iff the rule context is not // null). for (size_t i = 0; i < rules.size(); ++i) { const std::string& prefix = rules[i].prefix; - if ((rules[i].qtype == qtype) && - rules[i].secure_dns_mode == secure_dns_mode && + if ((rules[i].qtype == qtype) && (rules[i].secure == secure) && (hostname.size() >= prefix.size()) && (hostname.compare(0, prefix.size(), prefix) == 0) && (!rules[i].context || rules[i].context == url_request_context)) { const MockDnsClientRule::Result* result = &rules[i].result; result_ = MockDnsClientRule::Result(result->type); - secure_ = result->secure; delayed_ = rules[i].delay; // Generate a DnsResponse when not provided with the rule. @@ -294,15 +291,15 @@ class MockTransaction : public DnsTransaction, case MockDnsClientRule::NODOMAIN: case MockDnsClientRule::FAIL: std::move(callback_).Run(this, ERR_NAME_NOT_RESOLVED, - result_.response.get(), secure_); + result_.response.get()); break; case MockDnsClientRule::EMPTY: case MockDnsClientRule::OK: case MockDnsClientRule::MALFORMED: - std::move(callback_).Run(this, OK, result_.response.get(), secure_); + std::move(callback_).Run(this, OK, result_.response.get()); break; case MockDnsClientRule::TIMEOUT: - std::move(callback_).Run(this, ERR_DNS_TIMED_OUT, nullptr, secure_); + std::move(callback_).Run(this, ERR_DNS_TIMED_OUT, nullptr); break; } } @@ -313,7 +310,6 @@ class MockTransaction : public DnsTransaction, const std::string hostname_; const uint16_t qtype_; DnsTransactionFactory::CallbackType callback_; - bool secure_; bool started_; bool delayed_; }; @@ -439,24 +435,16 @@ MockDnsClientRule::Result::~Result() = default; MockDnsClientRule::Result& MockDnsClientRule::Result::operator=( Result&& result) = default; -// static -MockDnsClientRule::Result MockDnsClientRule::CreateSecureResult( - std::unique_ptr response) { - auto result = Result(std::move(response)); - result.secure = true; - return result; -} - MockDnsClientRule::MockDnsClientRule(const std::string& prefix, uint16_t qtype, - DnsConfig::SecureDnsMode secure_dns_mode, + bool secure, Result result, bool delay, URLRequestContext* context) : result(std::move(result)), prefix(prefix), qtype(qtype), - secure_dns_mode(secure_dns_mode), + secure(secure), delay(delay), context(context) {} @@ -475,11 +463,11 @@ class MockDnsClient::MockTransactionFactory : public DnsTransactionFactory { uint16_t qtype, DnsTransactionFactory::CallbackType callback, const NetLogWithSource&, - DnsConfig::SecureDnsMode secure_dns_mode, + bool secure, URLRequestContext* url_request_context) override { std::unique_ptr transaction = - std::make_unique(rules_, hostname, qtype, - secure_dns_mode, url_request_context, + std::make_unique(rules_, hostname, qtype, secure, + url_request_context, std::move(callback)); if (transaction->delayed()) delayed_transactions_.push_back(transaction->AsWeakPtr()); diff --git a/chromium/net/dns/dns_test_util.h b/chromium/net/dns/dns_test_util.h index 179a679ed6f..b5f73d4d53a 100644 --- a/chromium/net/dns/dns_test_util.h +++ b/chromium/net/dns/dns_test_util.h @@ -216,18 +216,14 @@ struct MockDnsClientRule { ResultType type; std::unique_ptr response; - // Whether the mock result was obtained securely or not. - bool secure = false; }; - static Result CreateSecureResult(std::unique_ptr response); - // If |delay| is true, matching transactions will be delayed until triggered // by the consumer. If |context| is non-null, it will only match transactions // with the same context. MockDnsClientRule(const std::string& prefix, uint16_t qtype, - DnsConfig::SecureDnsMode secure_dns_mode, + bool secure, Result result, bool delay, URLRequestContext* context = nullptr); @@ -236,7 +232,7 @@ struct MockDnsClientRule { Result result; std::string prefix; uint16_t qtype; - DnsConfig::SecureDnsMode secure_dns_mode; + bool secure; bool delay; URLRequestContext* context; }; diff --git a/chromium/net/dns/dns_transaction.cc b/chromium/net/dns/dns_transaction.cc index 3003df2b79e..97d6b8501e8 100644 --- a/chromium/net/dns/dns_transaction.cc +++ b/chromium/net/dns/dns_transaction.cc @@ -46,6 +46,7 @@ #include "net/dns/dns_session.h" #include "net/dns/dns_util.h" #include "net/dns/public/dns_protocol.h" +#include "net/http/http_request_headers.h" #include "net/log/net_log.h" #include "net/log/net_log_capture_mode.h" #include "net/log/net_log_event_type.h" @@ -107,11 +108,9 @@ bool IsIPLiteral(const std::string& hostname) { return ip.AssignFromIPLiteral(hostname); } -base::Value NetLogStartCallback(const std::string* hostname, - uint16_t qtype, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogStartParams(const std::string& hostname, uint16_t qtype) { base::DictionaryValue dict; - dict.SetString("hostname", *hostname); + dict.SetString("hostname", hostname); dict.SetInteger("query_type", qtype); return std::move(dict); } @@ -141,17 +140,13 @@ class DnsAttempt { // Returns the net log bound to the source of the socket. virtual const NetLogWithSource& GetSocketNetLog() const = 0; - // Returns true if a secure transport was used for the attempt. This method - // should be overridden for subclasses using a secure transport. - virtual bool secure() const { return false; } - // Returns the index of the destination server within DnsConfig::nameservers. unsigned server_index() const { return server_index_; } // Returns a Value representing the received response, along with a reference // to the NetLog source source of the UDP socket used. The request must have // completed before this is called. - base::Value NetLogResponseCallback(NetLogCaptureMode capture_mode) const { + base::Value NetLogResponseParams() const { DCHECK(GetResponse()->IsValid()); base::DictionaryValue dict; @@ -333,9 +328,7 @@ class DnsHTTPAttempt : public DnsAttempt, public URLRequest::Delegate { bool use_post, URLRequestContext* url_request_context, RequestPriority request_priority_) - : DnsAttempt(server_index), - query_(std::move(query)), - weak_factory_(this) { + : DnsAttempt(server_index), query_(std::move(query)) { GURL url; if (use_post) { // Set url for a POST request @@ -356,6 +349,9 @@ class DnsHTTPAttempt : public DnsAttempt, public URLRequest::Delegate { HttpRequestHeaders extra_request_headers; extra_request_headers.SetHeader("Accept", kDnsOverHttpResponseContentType); + // Send minimal request headers where possible. + extra_request_headers.SetHeader(HttpRequestHeaders::kAcceptLanguage, "*"); + extra_request_headers.SetHeader(HttpRequestHeaders::kUserAgent, "Chrome"); DCHECK(url_request_context); request_ = url_request_context->CreateRequest( @@ -416,7 +412,6 @@ class DnsHTTPAttempt : public DnsAttempt, public URLRequest::Delegate { return (resp != nullptr && resp->IsValid()) ? resp : nullptr; } const NetLogWithSource& GetSocketNetLog() const override { return net_log_; } - bool secure() const override { return true; } // URLRequest::Delegate overrides @@ -536,7 +531,7 @@ class DnsHTTPAttempt : public DnsAttempt, public URLRequest::Delegate { std::unique_ptr request_; NetLogWithSource net_log_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(DnsHTTPAttempt); }; @@ -795,13 +790,13 @@ class DnsTransactionImpl : public DnsTransaction, DnsTransactionFactory::CallbackType callback, const NetLogWithSource& net_log, const OptRecordRdata* opt_rdata, - DnsConfig::SecureDnsMode secure_dns_mode, + bool secure, URLRequestContext* url_request_context) : session_(session), hostname_(hostname), qtype_(qtype), opt_rdata_(opt_rdata), - secure_dns_mode_(secure_dns_mode), + secure_(secure), callback_(std::move(callback)), net_log_(net_log), qnames_initial_size_(0), @@ -840,7 +835,7 @@ class DnsTransactionImpl : public DnsTransaction, DCHECK(!callback_.is_null()); DCHECK(attempts_.empty()); net_log_.BeginEvent(NetLogEventType::DNS_TRANSACTION, - base::Bind(&NetLogStartCallback, &hostname_, qtype_)); + [&] { return NetLogStartParams(hostname_, qtype_); }); AttemptResult result(PrepareSearch(), nullptr); if (result.rv == OK) { qnames_initial_size_ = qnames_.size(); @@ -932,28 +927,21 @@ class DnsTransactionImpl : public DnsTransaction, result.attempt ? result.attempt->GetResponse() : nullptr; CHECK(result.rv != OK || response != nullptr); - bool secure = result.attempt ? result.attempt->secure() : false; - timer_.Stop(); net_log_.EndEventWithNetErrorCode(NetLogEventType::DNS_TRANSACTION, result.rv); - std::move(callback_).Run(this, result.rv, response, secure); + std::move(callback_).Run(this, result.rv, response); } AttemptResult MakeAttempt() { DnsConfig config = session_->config(); - // In AUTOMATIC and SECURE mode, make an HTTP attempt unless we have already - // made more attempts than we have configured servers. - if (secure_dns_mode_ != DnsConfig::SecureDnsMode::OFF && - doh_attempts_ < config.dns_over_https_servers.size()) { + if (secure_) { + DCHECK_GT(config.dns_over_https_servers.size(), 0u); return MakeHTTPAttempt(config.dns_over_https_servers); } - // In AUTOMATIC mode, insecure attempts are allowed after HTTP attempts are - // exhausted. In OFF mode, only insecure attempts are allowed. It should - // not be possible to reach this point in SECURE mode. - DCHECK_NE(secure_dns_mode_, DnsConfig::SecureDnsMode::SECURE); + DCHECK_GT(config.nameservers.size(), 0u); return MakeUDPAttempt(); } @@ -961,6 +949,7 @@ class DnsTransactionImpl : public DnsTransaction, // Makes another attempt at the current name, |qnames_.front()|, using the // next nameserver. AttemptResult MakeUDPAttempt() { + DCHECK(!secure_); doh_attempt_ = false; unsigned attempt_number = attempts_.size(); @@ -975,8 +964,7 @@ class DnsTransactionImpl : public DnsTransaction, const DnsConfig& config = session_->config(); unsigned non_doh_server_index = - (first_server_index_ + attempt_number - doh_attempts_) % - config.nameservers.size(); + (first_server_index_ + attempt_number) % config.nameservers.size(); // Skip over known failed servers. non_doh_server_index = session_->NextGoodServerIndex(non_doh_server_index); @@ -994,9 +982,8 @@ class DnsTransactionImpl : public DnsTransaction, if (!got_socket) return AttemptResult(ERR_CONNECTION_REFUSED, nullptr); - net_log_.AddEvent( - NetLogEventType::DNS_TRANSACTION_ATTEMPT, - attempt->GetSocketNetLog().source().ToEventParametersCallback()); + net_log_.AddEventReferencingSource(NetLogEventType::DNS_TRANSACTION_ATTEMPT, + attempt->GetSocketNetLog().source()); int rv = attempt->Start(base::Bind( &DnsTransactionImpl::OnUdpAttemptComplete, base::Unretained(this), @@ -1011,12 +998,14 @@ class DnsTransactionImpl : public DnsTransaction, AttemptResult MakeHTTPAttempt( const std::vector& servers) { + DCHECK(secure_); doh_attempt_ = true; unsigned attempt_number = attempts_.size(); uint16_t id = session_->NextQueryId(); std::unique_ptr query; if (attempts_.empty()) { - query.reset(new DnsQuery(id, qnames_.front(), qtype_, opt_rdata_)); + query.reset(new DnsQuery(id, qnames_.front(), qtype_, opt_rdata_, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128)); } else { query = attempts_[0]->GetQuery()->CloneWithNewId(id); } @@ -1048,6 +1037,7 @@ class DnsTransactionImpl : public DnsTransaction, } AttemptResult MakeTCPAttempt(const DnsAttempt* previous_attempt) { + DCHECK(!secure_); DCHECK(previous_attempt); DCHECK(!had_tcp_attempt_); @@ -1074,9 +1064,9 @@ class DnsTransactionImpl : public DnsTransaction, ++attempts_count_; had_tcp_attempt_ = true; - net_log_.AddEvent( + net_log_.AddEventReferencingSource( NetLogEventType::DNS_TRANSACTION_TCP_ATTEMPT, - attempt->GetSocketNetLog().source().ToEventParametersCallback()); + attempt->GetSocketNetLog().source()); int rv = attempt->Start(base::Bind(&DnsTransactionImpl::OnAttemptComplete, base::Unretained(this), attempt_number)); @@ -1091,8 +1081,8 @@ class DnsTransactionImpl : public DnsTransaction, // Begins query for the current name. Makes the first attempt. AttemptResult StartQuery() { std::string dotted_qname = DNSDomainToString(qnames_.front()); - net_log_.BeginEvent(NetLogEventType::DNS_TRANSACTION_QUERY, - NetLog::StringCallback("qname", &dotted_qname)); + net_log_.BeginEventWithStringParams(NetLogEventType::DNS_TRANSACTION_QUERY, + "qname", dotted_qname); first_server_index_ = session_->config().nameservers.empty() ? 0 @@ -1127,28 +1117,19 @@ class DnsTransactionImpl : public DnsTransaction, void LogResponse(const DnsAttempt* attempt) { if (attempt && attempt->GetResponse()) { net_log_.AddEvent(NetLogEventType::DNS_TRANSACTION_RESPONSE, - base::Bind(&DnsAttempt::NetLogResponseCallback, - base::Unretained(attempt))); + [&] { return attempt->NetLogResponseParams(); }); } } bool MoreAttemptsAllowed() const { if (had_tcp_attempt_) return false; + const DnsConfig& config = session_->config(); - unsigned insecure_attempts_possible = - config.attempts * config.nameservers.size(); - unsigned secure_attempts_possible = config.dns_over_https_servers.size(); - - switch (secure_dns_mode_) { - case DnsConfig::SecureDnsMode::SECURE: - return attempts_.size() < secure_attempts_possible; - case DnsConfig::SecureDnsMode::AUTOMATIC: - return attempts_.size() < - secure_attempts_possible + insecure_attempts_possible; - case DnsConfig::SecureDnsMode::OFF: - return attempts_.size() < insecure_attempts_possible; - } + if (secure_) + return attempts_.size() < config.dns_over_https_servers.size(); + + return attempts_.size() < config.attempts * config.nameservers.size(); } // Resolves the result of a DnsAttempt until a terminal result is reached @@ -1239,7 +1220,7 @@ class DnsTransactionImpl : public DnsTransaction, std::string hostname_; uint16_t qtype_; const OptRecordRdata* opt_rdata_; - const DnsConfig::SecureDnsMode secure_dns_mode_; + const bool secure_; // Cleared in DoCallback. DnsTransactionFactory::CallbackType callback_; @@ -1285,11 +1266,11 @@ class DnsTransactionFactoryImpl : public DnsTransactionFactory { uint16_t qtype, CallbackType callback, const NetLogWithSource& net_log, - DnsConfig::SecureDnsMode secure_dns_mode, + bool secure, URLRequestContext* url_request_context) override { return std::make_unique( session_.get(), hostname, qtype, std::move(callback), net_log, - opt_rdata_.get(), secure_dns_mode, url_request_context); + opt_rdata_.get(), secure, url_request_context); } void AddEDNSOption(const OptRecordRdata::Opt& opt) override { diff --git a/chromium/net/dns/dns_transaction.h b/chromium/net/dns/dns_transaction.h index 446d1fdd9d5..ec6a3bbe8c3 100644 --- a/chromium/net/dns/dns_transaction.h +++ b/chromium/net/dns/dns_transaction.h @@ -53,12 +53,10 @@ class NET_EXPORT_PRIVATE DnsTransactionFactory { public: // Called with the response or NULL if no matching response was received. // Note that the |GetDottedName()| of the response may be different than the - // original |hostname| as a result of suffix search. |secure| is true if the - // response was obtained using secure DNS. + // original |hostname| as a result of suffix search. typedef base::OnceCallback + const DnsResponse* response)> CallbackType; virtual ~DnsTransactionFactory() {} @@ -71,17 +69,14 @@ class NET_EXPORT_PRIVATE DnsTransactionFactory { // The transaction will run |callback| upon asynchronous completion. // The |net_log| is used as the parent log. // - // The |secure_dns_mode| specifies the order in which secure and/or insecure - // DNS lookups will be performed. In SECURE mode, only secure lookups will be - // perfomed. In AUTOMATIC mode, secure lookups will be performed first when - // possible, and insecure lookups will be performed as a fallback. In OFF - // mode, only insecure lookups will be performed. + // |secure| specifies whether DNS lookups should be performed using DNS-over- + // HTTPS (DoH) or using plaintext DNS. virtual std::unique_ptr CreateTransaction( const std::string& hostname, uint16_t qtype, CallbackType callback, const NetLogWithSource& net_log, - DnsConfig::SecureDnsMode secure_dns_mode, + bool secure, URLRequestContext* url_request_context) WARN_UNUSED_RESULT = 0; // The given EDNS0 option will be included in all DNS queries performed by diff --git a/chromium/net/dns/dns_transaction_unittest.cc b/chromium/net/dns/dns_transaction_unittest.cc index 368e0385871..250d32d8518 100644 --- a/chromium/net/dns/dns_transaction_unittest.cc +++ b/chromium/net/dns/dns_transaction_unittest.cc @@ -77,8 +77,14 @@ class DnsSocketData { uint16_t qtype, IoMode mode, Transport transport, - const OptRecordRdata* opt_rdata = nullptr) - : query_(new DnsQuery(id, DomainFromDot(dotted_name), qtype, opt_rdata)), + const OptRecordRdata* opt_rdata = nullptr, + DnsQuery::PaddingStrategy padding_strategy = + DnsQuery::PaddingStrategy::NONE) + : query_(new DnsQuery(id, + DomainFromDot(dotted_name), + qtype, + opt_rdata, + padding_strategy)), transport_(transport) { if (Transport::TCP == transport_) { std::unique_ptr length(new uint16_t); @@ -277,33 +283,27 @@ class TransactionHelper { // If |expected_answer_count| < 0 then it is the expected net error. TransactionHelper(const char* hostname, uint16_t qtype, - int expected_answer_count, - bool expected_secure) + bool secure, + int expected_answer_count) : hostname_(hostname), qtype_(qtype), - secure_dns_mode_(DnsConfig::SecureDnsMode::AUTOMATIC), + secure_(secure), response_(nullptr), expected_answer_count_(expected_answer_count), - expected_secure_(expected_secure), cancel_in_callback_(false), completed_(false) {} // Mark that the transaction shall be destroyed immediately upon callback. void set_cancel_in_callback() { cancel_in_callback_ = true; } - // Set the secure DNS mode for the transaction. - void set_secure_dns_mode(DnsConfig::SecureDnsMode secure_dns_mode) { - secure_dns_mode_ = secure_dns_mode; - } - void StartTransaction(DnsTransactionFactory* factory) { EXPECT_EQ(NULL, transaction_.get()); transaction_ = factory->CreateTransaction( hostname_, qtype_, base::Bind(&TransactionHelper::OnTransactionComplete, base::Unretained(this)), - NetLogWithSource::Make(&net_log_, net::NetLogSourceType::NONE), - secure_dns_mode_, &request_context_); + NetLogWithSource::Make(&net_log_, net::NetLogSourceType::NONE), secure_, + &request_context_); transaction_->SetRequestPriority(DEFAULT_PRIORITY); EXPECT_EQ(hostname_, transaction_->GetHostname()); EXPECT_EQ(qtype_, transaction_->GetType()); @@ -317,8 +317,7 @@ class TransactionHelper { void OnTransactionComplete(DnsTransaction* t, int rv, - const DnsResponse* response, - bool secure) { + const DnsResponse* response) { EXPECT_FALSE(completed_); EXPECT_EQ(transaction_.get(), t); @@ -351,8 +350,6 @@ class TransactionHelper { } else { EXPECT_EQ(expected_answer_count_, rv); } - - EXPECT_EQ(expected_secure_, secure); } bool has_completed() const { return completed_; } @@ -382,11 +379,10 @@ class TransactionHelper { private: std::string hostname_; uint16_t qtype_; - DnsConfig::SecureDnsMode secure_dns_mode_; + bool secure_; std::unique_ptr transaction_; const DnsResponse* response_; int expected_answer_count_; - bool expected_secure_; bool cancel_in_callback_; TestURLRequestContext request_context_; std::unique_ptr transaction_complete_run_loop_; @@ -422,8 +418,7 @@ class URLRequestMockDohJob : public URLRequestJob, public AsyncSocket { content_length_(0), leftover_data_len_(0), data_provider_(data_provider), - response_modifier_(response_modifier), - weak_factory_(this) { + response_modifier_(response_modifier) { data_provider_->Initialize(this); MatchQueryData(request, data_provider); } @@ -563,7 +558,7 @@ class URLRequestMockDohJob : public URLRequestJob, public AsyncSocket { IOBuffer* pending_buf_; int pending_buf_size_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(URLRequestMockDohJob); }; @@ -612,10 +607,12 @@ class DnsTransactionTestBase : public testing::Test { size_t response_length, IoMode mode, Transport transport, - const OptRecordRdata* opt_rdata = nullptr) { + const OptRecordRdata* opt_rdata = nullptr, + DnsQuery::PaddingStrategy padding_strategy = + DnsQuery::PaddingStrategy::NONE) { CHECK(socket_factory_.get()); - std::unique_ptr data( - new DnsSocketData(id, dotted_name, qtype, mode, transport, opt_rdata)); + std::unique_ptr data(new DnsSocketData( + id, dotted_name, qtype, mode, transport, opt_rdata, padding_strategy)); data->AddResponseData(response_data, response_length, mode); AddSocketData(std::move(data)); } @@ -625,10 +622,13 @@ class DnsTransactionTestBase : public testing::Test { uint16_t qtype, int error, IoMode mode, - Transport transport) { + Transport transport, + const OptRecordRdata* opt_rdata = nullptr, + DnsQuery::PaddingStrategy padding_strategy = + DnsQuery::PaddingStrategy::NONE) { CHECK(socket_factory_.get()); - std::unique_ptr data( - new DnsSocketData(id, dotted_name, qtype, mode, transport)); + std::unique_ptr data(new DnsSocketData( + id, dotted_name, qtype, mode, transport, opt_rdata, padding_strategy)); data->AddReadError(error, mode); AddSocketData(std::move(data)); } @@ -654,10 +654,14 @@ class DnsTransactionTestBase : public testing::Test { } // Add expected query of |dotted_name| and |qtype| and no response. - void AddQueryAndTimeout(const char* dotted_name, uint16_t qtype) { + void AddQueryAndTimeout(const char* dotted_name, + uint16_t qtype, + DnsQuery::PaddingStrategy padding_strategy = + DnsQuery::PaddingStrategy::NONE) { uint16_t id = base::RandInt(0, std::numeric_limits::max()); std::unique_ptr data( - new DnsSocketData(id, dotted_name, qtype, ASYNC, Transport::UDP)); + new DnsSocketData(id, dotted_name, qtype, ASYNC, Transport::UDP, + nullptr /* opt_rdata */, padding_strategy)); AddSocketData(std::move(data)); } @@ -667,11 +671,14 @@ class DnsTransactionTestBase : public testing::Test { uint16_t qtype, int rcode, IoMode mode, - Transport trans) { + Transport trans, + DnsQuery::PaddingStrategy padding_strategy = + DnsQuery::PaddingStrategy::NONE) { CHECK_NE(dns_protocol::kRcodeNOERROR, rcode); uint16_t id = base::RandInt(0, std::numeric_limits::max()); std::unique_ptr data( - new DnsSocketData(id, dotted_name, qtype, mode, trans)); + new DnsSocketData(id, dotted_name, qtype, mode, trans, + nullptr /* opt_rdata */, padding_strategy)); data->AddRcode(rcode, mode); AddSocketData(std::move(data)); } @@ -765,15 +772,10 @@ class DnsTransactionTest : public DnsTransactionTestBase, } // Configures the DnsConfig with one dns over https server, which either - // accepts GET or POST requests based on use_post. If |clear_udp| is true, - // existing IP name servers are removed from the DnsConfig. If a + // accepts GET or POST requests based on use_post. If a // ResponseModifierCallback is provided it will be called to contruct the // HTTPResponse. - void ConfigDohServers(bool clear_udp, - bool use_post, - int num_doh_servers = 1) { - if (clear_udp) - ConfigureNumServers(0); + void ConfigDohServers(bool use_post, int num_doh_servers = 1) { GURL url(URLRequestMockDohJob::GetMockHttpsUrl("doh_test")); URLRequestFilter* filter = URLRequestFilter::GetInstance(); filter->AddHostnameInterceptor(url.scheme(), url.host(), @@ -821,6 +823,16 @@ class DnsTransactionTest : public DnsTransactionTestBase, EXPECT_TRUE(request->extra_request_headers().GetHeader("Accept", &accept)); EXPECT_EQ(accept, "application/dns-message"); + std::string language; + EXPECT_TRUE(request->extra_request_headers().GetHeader("Accept-Language", + &language)); + EXPECT_EQ(language, "*"); + + std::string user_agent; + EXPECT_TRUE( + request->extra_request_headers().GetHeader("User-Agent", &user_agent)); + EXPECT_EQ(user_agent, "Chrome"); + SocketDataProvider* provider = socket_factory_->mock_data().GetNext(); if (doh_job_maker_) @@ -871,7 +883,7 @@ class DnsTransactionTestWithMockTime : public DnsTransactionTestBase, protected: DnsTransactionTestWithMockTime() : WithScopedTaskEnvironment( - base::test::ScopedTaskEnvironment::MainThreadType::MOCK_TIME) {} + base::test::ScopedTaskEnvironment::TimeSource::MOCK_TIME) {} ~DnsTransactionTestWithMockTime() override = default; }; @@ -880,8 +892,8 @@ TEST_F(DnsTransactionTest, Lookup) { kT0ResponseDatagram, base::size(kT0ResponseDatagram)); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + kT0RecordCount); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -896,8 +908,8 @@ TEST_F(DnsTransactionTest, LookupWithEDNSOption) { kT0ResponseDatagram, base::size(kT0ResponseDatagram), &expected_opt_rdata); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + kT0RecordCount); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -919,8 +931,8 @@ TEST_F(DnsTransactionTest, LookupWithMultipleEDNSOptions) { kT0ResponseDatagram, base::size(kT0ResponseDatagram), &expected_opt_rdata); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + kT0RecordCount); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -934,11 +946,11 @@ TEST_F(DnsTransactionTest, ConcurrentLookup) { kT1ResponseDatagram, base::size(kT1ResponseDatagram)); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + kT0RecordCount); helper0.StartTransaction(transaction_factory_.get()); - TransactionHelper helper1(kT1HostName, kT1Qtype, kT1RecordCount, - false /* expected_secure */); + TransactionHelper helper1(kT1HostName, kT1Qtype, false /* secure */, + kT1RecordCount); helper1.StartTransaction(transaction_factory_.get()); base::RunLoop().RunUntilIdle(); @@ -955,11 +967,11 @@ TEST_F(DnsTransactionTest, CancelLookup) { kT1ResponseDatagram, base::size(kT1ResponseDatagram)); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + kT0RecordCount); helper0.StartTransaction(transaction_factory_.get()); - TransactionHelper helper1(kT1HostName, kT1Qtype, kT1RecordCount, - false /* expected_secure */); + TransactionHelper helper1(kT1HostName, kT1Qtype, false /* secure */, + kT1RecordCount); helper1.StartTransaction(transaction_factory_.get()); helper0.Cancel(); @@ -975,8 +987,8 @@ TEST_F(DnsTransactionTest, DestroyFactory) { kT0ResponseDatagram, base::size(kT0ResponseDatagram)); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + kT0RecordCount); helper0.StartTransaction(transaction_factory_.get()); // Destroying the client does not affect running requests. @@ -992,8 +1004,8 @@ TEST_F(DnsTransactionTest, CancelFromCallback) { kT0ResponseDatagram, base::size(kT0ResponseDatagram)); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + kT0RecordCount); helper0.set_cancel_in_callback(); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -1016,8 +1028,8 @@ TEST_F(DnsTransactionTest, MismatchedResponseSync) { SYNCHRONOUS); AddSocketData(std::move(data1)); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + kT0RecordCount); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -1039,8 +1051,8 @@ TEST_F(DnsTransactionTest, MismatchedResponseAsync) { ASYNC); AddSocketData(std::move(data1)); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + kT0RecordCount); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -1053,8 +1065,8 @@ TEST_F(DnsTransactionTest, MismatchedResponseFail) { kT0ResponseDatagram, base::size(kT0ResponseDatagram)); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_DNS_MALFORMED_RESPONSE, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + ERR_DNS_MALFORMED_RESPONSE); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -1073,16 +1085,16 @@ TEST_F(DnsTransactionTest, MismatchedResponseNxdomain) { AddSocketData(std::move(data)); AddSyncQueryAndRcode(kT0HostName, kT0Qtype, dns_protocol::kRcodeNXDOMAIN); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_NAME_NOT_RESOLVED, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + ERR_NAME_NOT_RESOLVED); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } TEST_F(DnsTransactionTest, ServerFail) { AddAsyncQueryAndRcode(kT0HostName, kT0Qtype, dns_protocol::kRcodeSERVFAIL); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_DNS_SERVER_FAILED, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + ERR_DNS_SERVER_FAILED); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); ASSERT_NE(helper0.response(), nullptr); EXPECT_EQ(helper0.response()->rcode(), dns_protocol::kRcodeSERVFAIL); @@ -1091,8 +1103,8 @@ TEST_F(DnsTransactionTest, ServerFail) { TEST_F(DnsTransactionTest, NoDomain) { AddAsyncQueryAndRcode(kT0HostName, kT0Qtype, dns_protocol::kRcodeNXDOMAIN); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_NAME_NOT_RESOLVED, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + ERR_NAME_NOT_RESOLVED); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -1104,8 +1116,8 @@ TEST_F(DnsTransactionTestWithMockTime, Timeout) { AddQueryAndTimeout(kT0HostName, kT0Qtype); AddQueryAndTimeout(kT0HostName, kT0Qtype); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_DNS_TIMED_OUT, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + ERR_DNS_TIMED_OUT); // Finish when the third attempt times out. EXPECT_FALSE(helper0.Run(transaction_factory_.get())); @@ -1136,10 +1148,10 @@ TEST_F(DnsTransactionTestWithMockTime, ServerFallbackAndRotate) { AddAsyncQueryAndRcode(kT1HostName, kT1Qtype, dns_protocol::kRcodeSERVFAIL); AddAsyncQueryAndRcode(kT1HostName, kT1Qtype, dns_protocol::kRcodeNXDOMAIN); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_NAME_NOT_RESOLVED, - false /* expected_secure */); - TransactionHelper helper1(kT1HostName, kT1Qtype, ERR_NAME_NOT_RESOLVED, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + ERR_NAME_NOT_RESOLVED); + TransactionHelper helper1(kT1HostName, kT1Qtype, false /* secure */, + ERR_NAME_NOT_RESOLVED); EXPECT_FALSE(helper0.Run(transaction_factory_.get())); FastForwardUntilNoTasksRemain(); @@ -1171,8 +1183,8 @@ TEST_F(DnsTransactionTest, SuffixSearchAboveNdots) { AddAsyncQueryAndRcode("x.y.z.c", dns_protocol::kTypeA, dns_protocol::kRcodeNXDOMAIN); - TransactionHelper helper0("x.y.z", dns_protocol::kTypeA, - ERR_NAME_NOT_RESOLVED, false /* expected_secure */); + TransactionHelper helper0("x.y.z", dns_protocol::kTypeA, false /* secure */, + ERR_NAME_NOT_RESOLVED); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); @@ -1208,20 +1220,20 @@ TEST_F(DnsTransactionTest, SuffixSearchBelowNdots) { AddAsyncQueryAndRcode("x", dns_protocol::kTypeAAAA, dns_protocol::kRcodeNXDOMAIN); - TransactionHelper helper0("x.y", dns_protocol::kTypeA, ERR_NAME_NOT_RESOLVED, - false /* expected_secure */); + TransactionHelper helper0("x.y", dns_protocol::kTypeA, false /* secure */, + ERR_NAME_NOT_RESOLVED); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); // A single-label name. - TransactionHelper helper1("x", dns_protocol::kTypeA, ERR_NAME_NOT_RESOLVED, - false /* expected_secure */); + TransactionHelper helper1("x", dns_protocol::kTypeA, false /* secure */, + ERR_NAME_NOT_RESOLVED); EXPECT_TRUE(helper1.Run(transaction_factory_.get())); // A fully-qualified name. - TransactionHelper helper2("x.", dns_protocol::kTypeAAAA, - ERR_NAME_NOT_RESOLVED, false /* expected_secure */); + TransactionHelper helper2("x.", dns_protocol::kTypeAAAA, false /* secure */, + ERR_NAME_NOT_RESOLVED); EXPECT_TRUE(helper2.Run(transaction_factory_.get())); } @@ -1232,14 +1244,14 @@ TEST_F(DnsTransactionTest, EmptySuffixSearch) { dns_protocol::kRcodeNXDOMAIN); // A fully-qualified name. - TransactionHelper helper0("x.", dns_protocol::kTypeA, ERR_NAME_NOT_RESOLVED, - false /* expected_secure */); + TransactionHelper helper0("x.", dns_protocol::kTypeA, false /* secure */, + ERR_NAME_NOT_RESOLVED); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); // A single label name is not even attempted. TransactionHelper helper1("singlelabel", dns_protocol::kTypeA, - ERR_DNS_SEARCH_EMPTY, false /* expected_secure */); + false /* secure */, ERR_DNS_SEARCH_EMPTY); helper1.Run(transaction_factory_.get()); EXPECT_TRUE(helper1.has_completed()); @@ -1266,16 +1278,16 @@ TEST_F(DnsTransactionTest, DontAppendToMultiLabelName) { AddAsyncQueryAndRcode("x.c", dns_protocol::kTypeA, dns_protocol::kRcodeNXDOMAIN); - TransactionHelper helper0("x.y.z", dns_protocol::kTypeA, - ERR_NAME_NOT_RESOLVED, false /* expected_secure */); + TransactionHelper helper0("x.y.z", dns_protocol::kTypeA, false /* secure */, + ERR_NAME_NOT_RESOLVED); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); - TransactionHelper helper1("x.y", dns_protocol::kTypeA, ERR_NAME_NOT_RESOLVED, - false /* expected_secure */); + TransactionHelper helper1("x.y", dns_protocol::kTypeA, false /* secure */, + ERR_NAME_NOT_RESOLVED); EXPECT_TRUE(helper1.Run(transaction_factory_.get())); - TransactionHelper helper2("x", dns_protocol::kTypeA, ERR_NAME_NOT_RESOLVED, - false /* expected_secure */); + TransactionHelper helper2("x", dns_protocol::kTypeA, false /* secure */, + ERR_NAME_NOT_RESOLVED); EXPECT_TRUE(helper2.Run(transaction_factory_.get())); } @@ -1304,8 +1316,8 @@ TEST_F(DnsTransactionTest, SuffixSearchStop) { AddAsyncQueryAndResponse(0 /* id */, "x.y.z.b", dns_protocol::kTypeA, kResponseNoData, base::size(kResponseNoData)); - TransactionHelper helper0("x.y.z", dns_protocol::kTypeA, 0 /* answers */, - false /* expected_secure */); + TransactionHelper helper0("x.y.z", dns_protocol::kTypeA, false /* secure */, + 0 /* answers */); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -1318,8 +1330,8 @@ TEST_F(DnsTransactionTest, SyncFirstQuery) { AddSyncQueryAndResponse(0 /* id */, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram)); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + kT0RecordCount); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -1335,8 +1347,8 @@ TEST_F(DnsTransactionTest, SyncFirstQueryWithSearch) { kT2ResponseDatagram, base::size(kT2ResponseDatagram)); - TransactionHelper helper0("www", kT2Qtype, kT2RecordCount, - false /* expected_secure */); + TransactionHelper helper0("www", kT2Qtype, false /* secure */, + kT2RecordCount); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -1350,8 +1362,8 @@ TEST_F(DnsTransactionTest, SyncSearchQuery) { AddSyncQueryAndResponse(2 /* id */, kT2HostName, kT2Qtype, kT2ResponseDatagram, base::size(kT2ResponseDatagram)); - TransactionHelper helper0("www", kT2Qtype, kT2RecordCount, - false /* expected_secure */); + TransactionHelper helper0("www", kT2Qtype, false /* secure */, + kT2RecordCount); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -1359,8 +1371,7 @@ TEST_F(DnsTransactionTest, ConnectFailure) { socket_factory_->fail_next_socket_ = true; transaction_ids_.push_back(0); // Needed to make a DnsUDPAttempt. TransactionHelper helper0("www.chromium.org", dns_protocol::kTypeA, - ERR_CONNECTION_REFUSED, - false /* expected_secure */); + false /* secure */, ERR_CONNECTION_REFUSED); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -1375,82 +1386,90 @@ TEST_F(DnsTransactionTest, ConnectFailureFollowedBySuccess) { AddAsyncQueryAndResponse(0 /* id */, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram)); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + kT0RecordCount); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } TEST_F(DnsTransactionTest, HttpsGetLookup) { - ConfigDohServers(true /* clear_udp */, false /* use_post */); + ConfigDohServers(false /* use_post */); AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - true /* expected_secure */); + Transport::HTTPS, nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + kT0RecordCount); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } TEST_F(DnsTransactionTest, HttpsGetFailure) { - ConfigDohServers(true /* clear_udp */, false /* use_post */); + ConfigDohServers(false /* use_post */); AddQueryAndRcode(kT0HostName, kT0Qtype, dns_protocol::kRcodeSERVFAIL, - SYNCHRONOUS, Transport::HTTPS); + SYNCHRONOUS, Transport::HTTPS, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_DNS_SERVER_FAILED, - true /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + ERR_DNS_SERVER_FAILED); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); ASSERT_NE(helper0.response(), nullptr); EXPECT_EQ(helper0.response()->rcode(), dns_protocol::kRcodeSERVFAIL); } TEST_F(DnsTransactionTest, HttpsGetMalformed) { - ConfigDohServers(true /* clear_udp */, false /* use_post */); + ConfigDohServers(false /* use_post */); AddQueryAndResponse(1 /* id */, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_DNS_MALFORMED_RESPONSE, - true /* expected_secure */); + Transport::HTTPS, nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + ERR_DNS_MALFORMED_RESPONSE); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } TEST_F(DnsTransactionTest, HttpsPostLookup) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - true /* expected_secure */); + Transport::HTTPS, nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + kT0RecordCount); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } TEST_F(DnsTransactionTest, HttpsPostFailure) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); AddQueryAndRcode(kT0HostName, kT0Qtype, dns_protocol::kRcodeSERVFAIL, - SYNCHRONOUS, Transport::HTTPS); + SYNCHRONOUS, Transport::HTTPS, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_DNS_SERVER_FAILED, - true /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + ERR_DNS_SERVER_FAILED); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); ASSERT_NE(helper0.response(), nullptr); EXPECT_EQ(helper0.response()->rcode(), dns_protocol::kRcodeSERVFAIL); } TEST_F(DnsTransactionTest, HttpsPostMalformed) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); AddQueryAndResponse(1 /* id */, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); + Transport::HTTPS, nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_DNS_MALFORMED_RESPONSE, - true /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + ERR_DNS_MALFORMED_RESPONSE); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } TEST_F(DnsTransactionTest, HttpsPostLookupAsync) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, - base::size(kT0ResponseDatagram), ASYNC, Transport::HTTPS); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - true /* expected_secure */); + base::size(kT0ResponseDatagram), ASYNC, Transport::HTTPS, + nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + kT0RecordCount); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } @@ -1463,12 +1482,13 @@ URLRequestJob* DohJobMakerCallbackFailStart(URLRequest* request, } TEST_F(DnsTransactionTest, HttpsPostLookupFailStart) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_FAILED, - true /* expected_secure */); + Transport::HTTPS, nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + ERR_FAILED); SetDohJobMakerCallback(base::BindRepeating(DohJobMakerCallbackFailStart)); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } @@ -1482,13 +1502,14 @@ URLRequestJob* DohJobMakerCallbackFailSync(URLRequest* request, } TEST_F(DnsTransactionTest, HttpsPostLookupFailSync) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); std::unique_ptr data(new DnsSocketData( - 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS)); + 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS, + nullptr /* opt_rdata */, DnsQuery::PaddingStrategy::BLOCK_LENGTH_128)); data->AddResponseWithLength(std::make_unique(), SYNCHRONOUS, 0); AddSocketData(std::move(data)); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_DNS_MALFORMED_RESPONSE, - true /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + ERR_DNS_MALFORMED_RESPONSE); SetDohJobMakerCallback(base::BindRepeating(DohJobMakerCallbackFailSync)); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } @@ -1502,273 +1523,170 @@ URLRequestJob* DohJobMakerCallbackFailAsync(URLRequest* request, } TEST_F(DnsTransactionTest, HttpsPostLookupFailAsync) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_DNS_MALFORMED_RESPONSE, - true /* expected_secure */); + Transport::HTTPS, nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + ERR_DNS_MALFORMED_RESPONSE); SetDohJobMakerCallback(base::BindRepeating(DohJobMakerCallbackFailAsync)); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } TEST_F(DnsTransactionTest, HttpsPostLookup2Sync) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); std::unique_ptr data(new DnsSocketData( - 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS)); + 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS, + nullptr /* opt_rdata */, DnsQuery::PaddingStrategy::BLOCK_LENGTH_128)); data->AddResponseData(kT0ResponseDatagram, 20, SYNCHRONOUS); data->AddResponseData(kT0ResponseDatagram + 20, base::size(kT0ResponseDatagram) - 20, SYNCHRONOUS); AddSocketData(std::move(data)); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - true /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + kT0RecordCount); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } TEST_F(DnsTransactionTest, HttpsPostLookup2Async) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); std::unique_ptr data(new DnsSocketData( - 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS)); + 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS, + nullptr /* opt_rdata */, DnsQuery::PaddingStrategy::BLOCK_LENGTH_128)); data->AddResponseData(kT0ResponseDatagram, 20, ASYNC); data->AddResponseData(kT0ResponseDatagram + 20, base::size(kT0ResponseDatagram) - 20, ASYNC); AddSocketData(std::move(data)); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - true /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + kT0RecordCount); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } TEST_F(DnsTransactionTest, HttpsPostLookupAsyncWithAsyncZeroRead) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); std::unique_ptr data(new DnsSocketData( - 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS)); + 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS, + nullptr /* opt_rdata */, DnsQuery::PaddingStrategy::BLOCK_LENGTH_128)); data->AddResponseData(kT0ResponseDatagram, base::size(kT0ResponseDatagram), ASYNC); data->AddResponseData(kT0ResponseDatagram, 0, ASYNC); AddSocketData(std::move(data)); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - true /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + kT0RecordCount); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } TEST_F(DnsTransactionTest, HttpsPostLookupSyncWithAsyncZeroRead) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); std::unique_ptr data(new DnsSocketData( - 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS)); + 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS, + nullptr /* opt_rdata */, DnsQuery::PaddingStrategy::BLOCK_LENGTH_128)); data->AddResponseData(kT0ResponseDatagram, base::size(kT0ResponseDatagram), SYNCHRONOUS); data->AddResponseData(kT0ResponseDatagram, 0, ASYNC); AddSocketData(std::move(data)); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - true /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + kT0RecordCount); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } TEST_F(DnsTransactionTest, HttpsPostLookupAsyncThenSync) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); std::unique_ptr data(new DnsSocketData( - 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS)); + 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS, + nullptr /* opt_rdata */, DnsQuery::PaddingStrategy::BLOCK_LENGTH_128)); data->AddResponseData(kT0ResponseDatagram, 20, ASYNC); data->AddResponseData(kT0ResponseDatagram + 20, base::size(kT0ResponseDatagram) - 20, SYNCHRONOUS); AddSocketData(std::move(data)); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - true /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + kT0RecordCount); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } TEST_F(DnsTransactionTest, HttpsPostLookupAsyncThenSyncError) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); std::unique_ptr data(new DnsSocketData( - 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS)); + 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS, + nullptr /* opt_rdata */, DnsQuery::PaddingStrategy::BLOCK_LENGTH_128)); data->AddResponseData(kT0ResponseDatagram, 20, ASYNC); data->AddReadError(ERR_FAILED, SYNCHRONOUS); AddSocketData(std::move(data)); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_FAILED, - true /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + ERR_FAILED); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } TEST_F(DnsTransactionTest, HttpsPostLookupAsyncThenAsyncError) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); std::unique_ptr data(new DnsSocketData( - 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS)); + 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS, + nullptr /* opt_rdata */, DnsQuery::PaddingStrategy::BLOCK_LENGTH_128)); data->AddResponseData(kT0ResponseDatagram, 20, ASYNC); data->AddReadError(ERR_FAILED, ASYNC); AddSocketData(std::move(data)); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_FAILED, - true /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + ERR_FAILED); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } TEST_F(DnsTransactionTest, HttpsPostLookupSyncThenAsyncError) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); std::unique_ptr data(new DnsSocketData( - 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS)); + 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS, + nullptr /* opt_rdata */, DnsQuery::PaddingStrategy::BLOCK_LENGTH_128)); data->AddResponseData(kT0ResponseDatagram, 20, SYNCHRONOUS); data->AddReadError(ERR_FAILED, ASYNC); AddSocketData(std::move(data)); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_FAILED, - true /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + ERR_FAILED); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } TEST_F(DnsTransactionTest, HttpsPostLookupSyncThenSyncError) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); std::unique_ptr data(new DnsSocketData( - 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS)); + 0, kT0HostName, kT0Qtype, SYNCHRONOUS, Transport::HTTPS, + nullptr /* opt_rdata */, DnsQuery::PaddingStrategy::BLOCK_LENGTH_128)); data->AddResponseData(kT0ResponseDatagram, 20, SYNCHRONOUS); data->AddReadError(ERR_FAILED, SYNCHRONOUS); AddSocketData(std::move(data)); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_FAILED, - true /* expected_secure */); - EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); -} - -TEST_F(DnsTransactionTest, HttpsPostFailThenUDPFallback) { - config_.attempts = 2; - ConfigDohServers(false /* clear_udp */, true /* use_post */); - AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, - base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); - AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, - base::size(kT0ResponseDatagram), ASYNC, Transport::UDP); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - false /* expected_secure */); - SetDohJobMakerCallback(base::BindRepeating(DohJobMakerCallbackFailStart)); - EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); - unsigned kOrder0[] = {1, 0}; - CheckServerOrder(kOrder0, base::size(kOrder0)); -} - -TEST_F(DnsTransactionTest, HttpsPostFailNoUDPFallbackInSecureMode) { - config_.attempts = 1; - ConfigureNumServers(2); - ConfigDohServers(false /* clear_udp */, true /* use_post */, 2); - AddQueryAndErrorResponse(0, kT0HostName, kT0Qtype, ERR_CONNECTION_REFUSED, - SYNCHRONOUS, Transport::HTTPS); - AddQueryAndErrorResponse(0, kT0HostName, kT0Qtype, ERR_CONNECTION_REFUSED, - SYNCHRONOUS, Transport::HTTPS); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_FAILED, - true /* expected_secure */); - helper0.set_secure_dns_mode(DnsConfig::SecureDnsMode::SECURE); - SetDohJobMakerCallback(base::BindRepeating(DohJobMakerCallbackFailStart)); - EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); - unsigned kOrder0[] = {2, 3}; - CheckServerOrder(kOrder0, base::size(kOrder0)); -} - -TEST_F(DnsTransactionTest, NoHttpsAttemptInOffMode) { - config_.attempts = 2; - ConfigureNumServers(2); - ConfigDohServers(false /* clear_udp */, true /* use_post */, 2); - AddQueryAndErrorResponse(0, kT0HostName, kT0Qtype, ERR_CONNECTION_REFUSED, - SYNCHRONOUS, Transport::UDP); - AddQueryAndErrorResponse(0, kT0HostName, kT0Qtype, ERR_CONNECTION_REFUSED, - SYNCHRONOUS, Transport::UDP); - AddQueryAndErrorResponse(0, kT0HostName, kT0Qtype, ERR_CONNECTION_REFUSED, - SYNCHRONOUS, Transport::UDP); - AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, - base::size(kT0ResponseDatagram), ASYNC, Transport::UDP); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - false /* expected_secure */); - helper0.set_secure_dns_mode(DnsConfig::SecureDnsMode::OFF); - EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); - unsigned kOrder0[] = {0, 1, 0, 1}; - CheckServerOrder(kOrder0, base::size(kOrder0)); -} - -TEST_F(DnsTransactionTest, HttpsPostFailThenUDPFailThenUDPFallback) { - ConfigureNumServers(3); - ConfigDohServers(false /* clear_udp */, true /* use_post */); - SetDohJobMakerCallback(base::BindRepeating(DohJobMakerCallbackFailStart)); - - AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, - base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); - AddQueryAndTimeout(kT0HostName, kT0Qtype); - AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, - base::size(kT0ResponseDatagram), ASYNC, Transport::UDP); - - transaction_ids_.push_back(0); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + ERR_FAILED); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); - - // Servers 3 (HTTP) and 0 (UDP) should be marked as bad. 1 and 2 should be - // good. - EXPECT_EQ(session_->NextGoodServerIndex(0), 1u); - EXPECT_EQ(session_->NextGoodServerIndex(1), 1u); - EXPECT_EQ(session_->NextGoodServerIndex(2), 2u); - unsigned kOrder0[] = {3, 0, 1}; - CheckServerOrder(kOrder0, base::size(kOrder0)); -} - -TEST_F(DnsTransactionTest, HttpsMarkUdpBad) { - config_.attempts = 1; - ConfigureNumServers(2); - ConfigDohServers(false /* clear_udp */, true /* use_post */); - AddQueryAndErrorResponse(0, kT0HostName, kT0Qtype, ERR_CONNECTION_REFUSED, - SYNCHRONOUS, Transport::HTTPS); - AddQueryAndErrorResponse(0, kT0HostName, kT0Qtype, ERR_CONNECTION_REFUSED, - SYNCHRONOUS, Transport::UDP); - AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, - base::size(kT0ResponseDatagram), ASYNC, Transport::UDP); - - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - false /* expected_secure */); - EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); - // Server 0 (UDP) should be marked bad. Server 1 (UDP) should be good - // and since 2 is our only Doh server, it will be good. - EXPECT_EQ(session_->NextGoodServerIndex(0), 1u); - EXPECT_EQ(session_->NextGoodServerIndex(1), 1u); - EXPECT_EQ(session_->NextGoodDnsOverHttpsServerIndex(2), 2u); - unsigned kOrder0[] = {2, 0, 1}; - CheckServerOrder(kOrder0, base::size(kOrder0)); - - AddQueryAndErrorResponse(1, kT1HostName, kT1Qtype, ERR_CONNECTION_REFUSED, - SYNCHRONOUS, Transport::HTTPS); - AddQueryAndErrorResponse(1, kT1HostName, kT1Qtype, ERR_CONNECTION_REFUSED, - SYNCHRONOUS, Transport::UDP); - - AddQueryAndResponse(1, kT1HostName, kT1Qtype, kT1ResponseDatagram, - base::size(kT1ResponseDatagram), ASYNC, Transport::UDP); - - TransactionHelper helper1(kT1HostName, kT1Qtype, kT1RecordCount, - false /* expected_secure */); - EXPECT_TRUE(helper1.RunUntilDone(transaction_factory_.get())); - // Since 0 was bad to start, we started with 1 which will now be the - // most recent failure, so Server 1 (UDP) should be marked bad. - // Server 0 (UDP) should be good and since 2 is our only Doh server. - EXPECT_EQ(session_->NextGoodServerIndex(0), 0u); - EXPECT_EQ(session_->NextGoodServerIndex(1), 0u); - EXPECT_EQ(session_->NextGoodDnsOverHttpsServerIndex(2), 2u); - unsigned kOrder1[] = { - 2, 0, 1, /* transaction0 */ - 2, 1, 0 /* transaction1 */ - }; - CheckServerOrder(kOrder1, base::size(kOrder1)); } TEST_F(DnsTransactionTest, HttpsMarkHttpsBad) { config_.attempts = 1; - ConfigDohServers(false /* clear_udp */, true /* use_post */, 3); + ConfigDohServers(true /* use_post */, 3); AddQueryAndErrorResponse(0, kT0HostName, kT0Qtype, ERR_CONNECTION_REFUSED, - SYNCHRONOUS, Transport::HTTPS); + SYNCHRONOUS, Transport::HTTPS, + nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); AddQueryAndErrorResponse(0, kT0HostName, kT0Qtype, ERR_CONNECTION_REFUSED, - SYNCHRONOUS, Transport::HTTPS); + SYNCHRONOUS, Transport::HTTPS, + nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, - base::size(kT0ResponseDatagram), ASYNC, Transport::HTTPS); + base::size(kT0ResponseDatagram), ASYNC, Transport::HTTPS, + nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); AddQueryAndErrorResponse(1, kT1HostName, kT1Qtype, ERR_CONNECTION_REFUSED, - SYNCHRONOUS, Transport::HTTPS); + SYNCHRONOUS, Transport::HTTPS, + nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); AddQueryAndErrorResponse(1, kT1HostName, kT1Qtype, ERR_CONNECTION_REFUSED, - SYNCHRONOUS, Transport::HTTPS); + SYNCHRONOUS, Transport::HTTPS, + nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); AddQueryAndResponse(1, kT1HostName, kT1Qtype, kT1ResponseDatagram, - base::size(kT1ResponseDatagram), ASYNC, Transport::HTTPS); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - true /* expected_secure */); - TransactionHelper helper1(kT1HostName, kT1Qtype, kT1RecordCount, - true /* expected_secure */); + base::size(kT1ResponseDatagram), ASYNC, Transport::HTTPS, + nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + kT0RecordCount); + TransactionHelper helper1(kT1HostName, kT1Qtype, true /* secure */, + kT1RecordCount); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); // Server 0 is our only UDP server, so it will be good. HTTPS // servers 1 and 2 failed and will be marked bad. Server 3 succeeded @@ -1798,52 +1716,37 @@ TEST_F(DnsTransactionTest, HttpsMarkHttpsBad) { } TEST_F(DnsTransactionTest, HttpsPostFailThenHTTPFallback) { - ConfigDohServers(true /* clear_udp */, true /* use_post */, 2); + ConfigDohServers(true /* use_post */, 2); AddQueryAndRcode(kT0HostName, kT0Qtype, dns_protocol::kRcodeSERVFAIL, ASYNC, - Transport::HTTPS); + Transport::HTTPS, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - true /* expected_secure */); + Transport::HTTPS, nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + kT0RecordCount); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); - unsigned kOrder0[] = {0, 1}; - CheckServerOrder(kOrder0, base::size(kOrder0)); -} - -TEST_F(DnsTransactionTest, HttpsPostFailTwiceThenUDPFallback) { - config_.attempts = 3; - ConfigDohServers(false /* clear_udp */, true /* use_post */, 2); - AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, - base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); - AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, - base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); - AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, - base::size(kT0ResponseDatagram), ASYNC, Transport::UDP); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - false /* expected_secure */); - SetDohJobMakerCallback(base::BindRepeating(DohJobMakerCallbackFailStart)); - EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); - unsigned kOrder0[] = {1, 2, 0}; + unsigned kOrder0[] = {1, 2}; CheckServerOrder(kOrder0, base::size(kOrder0)); } TEST_F(DnsTransactionTest, HttpsPostFailTwice) { - config_.attempts = 2; - ConfigDohServers(true /* clear_udp */, true /* use_post */, 2); + config_.attempts = 3; + ConfigDohServers(true /* use_post */, 2); AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); + Transport::HTTPS, nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_FAILED, - true /* expected_secure */); + Transport::HTTPS, nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + ERR_FAILED); SetDohJobMakerCallback(base::BindRepeating(DohJobMakerCallbackFailStart)); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); - unsigned kOrder0[] = {0, 1}; + unsigned kOrder0[] = {1, 2}; CheckServerOrder(kOrder0, base::size(kOrder0)); } @@ -1881,17 +1784,19 @@ class CookieCallback { }; TEST_F(DnsTransactionTest, HttpsPostTestNoCookies) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); + Transport::HTTPS, nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); AddQueryAndResponse(1, kT1HostName, kT1Qtype, kT1ResponseDatagram, base::size(kT1ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - true /* expected_secure */); - TransactionHelper helper1(kT1HostName, kT1Qtype, kT1RecordCount, - true /* expected_secure */); + Transport::HTTPS, nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + kT0RecordCount); + TransactionHelper helper1(kT1HostName, kT1Qtype, true /* secure */, + kT1RecordCount); SetResponseModifierCallback(base::BindRepeating(MakeResponseWithCookie)); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); @@ -1919,12 +1824,13 @@ void MakeResponseWithoutLength(URLRequest* request, HttpResponseInfo* info) { } TEST_F(DnsTransactionTest, HttpsPostNoContentLength) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - true /* expected_secure */); + Transport::HTTPS, nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + kT0RecordCount); SetResponseModifierCallback(base::BindRepeating(MakeResponseWithoutLength)); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } @@ -1935,12 +1841,13 @@ void MakeResponseWithBadRequestResponse(URLRequest* request, } TEST_F(DnsTransactionTest, HttpsPostWithBadRequestResponse) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_DNS_MALFORMED_RESPONSE, - true /* expected_secure */); + Transport::HTTPS, nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + ERR_DNS_MALFORMED_RESPONSE); SetResponseModifierCallback( base::BindRepeating(MakeResponseWithBadRequestResponse)); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); @@ -1952,12 +1859,13 @@ void MakeResponseWrongType(URLRequest* request, HttpResponseInfo* info) { } TEST_F(DnsTransactionTest, HttpsPostWithWrongType) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_DNS_MALFORMED_RESPONSE, - true /* expected_secure */); + Transport::HTTPS, nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + ERR_DNS_MALFORMED_RESPONSE); SetResponseModifierCallback(base::BindRepeating(MakeResponseWrongType)); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } @@ -1971,15 +1879,17 @@ void MakeResponseRedirect(URLRequest* request, HttpResponseInfo* info) { } TEST_F(DnsTransactionTest, HttpsGetRedirect) { - ConfigDohServers(true /* clear_udp */, false /* use_post */); + ConfigDohServers(false /* use_post */); AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); + Transport::HTTPS, nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - true /* expected_secure */); + Transport::HTTPS, nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + kT0RecordCount); SetResponseModifierCallback(base::BindRepeating(MakeResponseRedirect)); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } @@ -1989,24 +1899,26 @@ void MakeResponseNoType(URLRequest* request, HttpResponseInfo* info) { } TEST_F(DnsTransactionTest, HttpsPostWithNoType) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_DNS_MALFORMED_RESPONSE, - true /* expected_secure */); + Transport::HTTPS, nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + ERR_DNS_MALFORMED_RESPONSE); SetResponseModifierCallback(base::BindRepeating(MakeResponseNoType)); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } TEST_F(DnsTransactionTest, CanLookupDohServerName) { config_.search.push_back("http"); - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); AddQueryAndErrorResponse(0, kMockHostname, dns_protocol::kTypeA, - ERR_NAME_NOT_RESOLVED, SYNCHRONOUS, - Transport::HTTPS); - TransactionHelper helper0("mock", dns_protocol::kTypeA, ERR_NAME_NOT_RESOLVED, - true /* expected_secure */); + ERR_NAME_NOT_RESOLVED, SYNCHRONOUS, Transport::HTTPS, + nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + TransactionHelper helper0("mock", dns_protocol::kTypeA, true /* secure */, + ERR_NAME_NOT_RESOLVED); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); } @@ -2021,8 +1933,7 @@ class CountingObserver : public net::NetLog::ThreadSafeObserver { void OnAddEntry(const NetLogEntry& entry) override { ++count_; - base::Value value = entry.ParametersToValue(); - if (!value.is_none() && value.is_dict()) + if (!entry.params.is_none() && entry.params.is_dict()) dict_count_++; } @@ -2036,15 +1947,15 @@ class CountingObserver : public net::NetLog::ThreadSafeObserver { }; TEST_F(DnsTransactionTest, HttpsPostLookupWithLog) { - ConfigDohServers(true /* clear_udp */, true /* use_post */); + ConfigDohServers(true /* use_post */); AddQueryAndResponse(0, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram), SYNCHRONOUS, - Transport::HTTPS); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - true /* expected_secure */); + Transport::HTTPS, nullptr /* opt_rdata */, + DnsQuery::PaddingStrategy::BLOCK_LENGTH_128); + TransactionHelper helper0(kT0HostName, kT0Qtype, true /* secure */, + kT0RecordCount); CountingObserver observer; - helper0.net_log()->AddObserver(&observer, - NetLogCaptureMode::IncludeSocketBytes()); + helper0.net_log()->AddObserver(&observer, NetLogCaptureMode::kEverything); EXPECT_TRUE(helper0.RunUntilDone(transaction_factory_.get())); base::RunLoop().RunUntilIdle(); EXPECT_EQ(observer.count(), 5); @@ -2057,8 +1968,8 @@ TEST_F(DnsTransactionTest, TCPLookup) { AddQueryAndResponse(0 /* id */, kT0HostName, kT0Qtype, kT0ResponseDatagram, base::size(kT0ResponseDatagram), ASYNC, Transport::TCP); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + kT0RecordCount); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -2068,8 +1979,8 @@ TEST_F(DnsTransactionTest, TCPFailure) { AddQueryAndRcode(kT0HostName, kT0Qtype, dns_protocol::kRcodeSERVFAIL, ASYNC, Transport::TCP); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_DNS_SERVER_FAILED, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + ERR_DNS_SERVER_FAILED); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); ASSERT_NE(helper0.response(), nullptr); EXPECT_EQ(helper0.response()->rcode(), dns_protocol::kRcodeSERVFAIL); @@ -2091,8 +2002,8 @@ TEST_F(DnsTransactionTest, TCPMalformed) { ASYNC, static_cast(kT0QuerySize - 1)); AddSocketData(std::move(data)); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_DNS_MALFORMED_RESPONSE, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + ERR_DNS_MALFORMED_RESPONSE); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -2103,8 +2014,8 @@ TEST_F(DnsTransactionTestWithMockTime, TCPTimeout) { AddSocketData(std::make_unique( 1 /* id */, kT0HostName, kT0Qtype, ASYNC, Transport::TCP)); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_DNS_TIMED_OUT, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + ERR_DNS_TIMED_OUT); EXPECT_FALSE(helper0.Run(transaction_factory_.get())); FastForwardUntilNoTasksRemain(); EXPECT_TRUE(helper0.has_completed()); @@ -2125,8 +2036,8 @@ TEST_F(DnsTransactionTest, TCPReadReturnsZeroAsync) { data->AddReadError(0, ASYNC); AddSocketData(std::move(data)); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_CONNECTION_CLOSED, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + ERR_CONNECTION_CLOSED); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -2145,8 +2056,8 @@ TEST_F(DnsTransactionTest, TCPReadReturnsZeroSynchronous) { data->AddReadError(0, SYNCHRONOUS); AddSocketData(std::move(data)); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_CONNECTION_CLOSED, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + ERR_CONNECTION_CLOSED); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -2158,8 +2069,8 @@ TEST_F(DnsTransactionTest, TCPConnectionClosedAsync) { data->AddReadError(ERR_CONNECTION_CLOSED, ASYNC); AddSocketData(std::move(data)); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_CONNECTION_CLOSED, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + ERR_CONNECTION_CLOSED); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -2171,8 +2082,8 @@ TEST_F(DnsTransactionTest, TCPConnectionClosedSynchronous) { data->AddReadError(ERR_CONNECTION_CLOSED, SYNCHRONOUS); AddSocketData(std::move(data)); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_CONNECTION_CLOSED, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + ERR_CONNECTION_CLOSED); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -2194,8 +2105,8 @@ TEST_F(DnsTransactionTest, MismatchedThenNxdomainThenTCP) { tcp_data->AddReadError(ERR_CONNECTION_CLOSED, SYNCHRONOUS); AddSocketData(std::move(tcp_data)); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_NAME_NOT_RESOLVED, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + ERR_NAME_NOT_RESOLVED); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -2219,8 +2130,8 @@ TEST_F(DnsTransactionTest, MismatchedThenOkThenTCP) { tcp_data->AddReadError(ERR_CONNECTION_CLOSED, SYNCHRONOUS); AddSocketData(std::move(tcp_data)); - TransactionHelper helper0(kT0HostName, kT0Qtype, kT0RecordCount, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + kT0RecordCount); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } @@ -2261,20 +2172,20 @@ TEST_F(DnsTransactionTest, MismatchedThenRefusedThenTCP) { AddQueryAndErrorResponse(0 /* id */, kT0HostName, kT0Qtype, ERR_CONNECTION_REFUSED, SYNCHRONOUS, Transport::UDP); - TransactionHelper helper0(kT0HostName, kT0Qtype, ERR_CONNECTION_REFUSED, - false /* expected_secure */); + TransactionHelper helper0(kT0HostName, kT0Qtype, false /* secure */, + ERR_CONNECTION_REFUSED); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); } TEST_F(DnsTransactionTest, InvalidQuery) { ConfigureFactory(); - TransactionHelper helper0(".", dns_protocol::kTypeA, ERR_INVALID_ARGUMENT, - false /* expected_secure */); + TransactionHelper helper0(".", dns_protocol::kTypeA, false /* secure */, + ERR_INVALID_ARGUMENT); EXPECT_TRUE(helper0.Run(transaction_factory_.get())); TransactionHelper helper1("foo,bar.com", dns_protocol::kTypeA, - ERR_INVALID_ARGUMENT, false /* expected_secure */); + false /* secure */, ERR_INVALID_ARGUMENT); EXPECT_TRUE(helper1.Run(transaction_factory_.get())); } diff --git a/chromium/net/dns/fuzzed_host_resolver_util.cc b/chromium/net/dns/fuzzed_host_resolver_util.cc index ab59eef49a5..c384abf4ead 100644 --- a/chromium/net/dns/fuzzed_host_resolver_util.cc +++ b/chromium/net/dns/fuzzed_host_resolver_util.cc @@ -18,7 +18,6 @@ #include "base/memory/ref_counted.h" #include "base/memory/weak_ptr.h" #include "base/single_thread_task_runner.h" -#include "base/test/fuzzed_data_provider.h" #include "base/threading/thread_task_runner_handle.h" #include "net/base/address_list.h" #include "net/base/completion_once_callback.h" @@ -39,18 +38,19 @@ #include "net/log/net_log_with_source.h" #include "net/socket/datagram_server_socket.h" #include "net/socket/fuzzed_socket_factory.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" namespace net { namespace { // Returns a fuzzed non-zero port number. -uint16_t FuzzPort(base::FuzzedDataProvider* data_provider) { +uint16_t FuzzPort(FuzzedDataProvider* data_provider) { return data_provider->ConsumeIntegral(); } // Returns a fuzzed IPv4 address. Can return invalid / reserved addresses. -IPAddress FuzzIPv4Address(base::FuzzedDataProvider* data_provider) { +IPAddress FuzzIPv4Address(FuzzedDataProvider* data_provider) { return IPAddress(data_provider->ConsumeIntegral(), data_provider->ConsumeIntegral(), data_provider->ConsumeIntegral(), @@ -58,7 +58,7 @@ IPAddress FuzzIPv4Address(base::FuzzedDataProvider* data_provider) { } // Returns a fuzzed IPv6 address. Can return invalid / reserved addresses. -IPAddress FuzzIPv6Address(base::FuzzedDataProvider* data_provider) { +IPAddress FuzzIPv6Address(FuzzedDataProvider* data_provider) { return IPAddress(data_provider->ConsumeIntegral(), data_provider->ConsumeIntegral(), data_provider->ConsumeIntegral(), @@ -79,7 +79,7 @@ IPAddress FuzzIPv6Address(base::FuzzedDataProvider* data_provider) { // Returns a fuzzed address, which can be either IPv4 or IPv6. Can return // invalid / reserved addresses. -IPAddress FuzzIPAddress(base::FuzzedDataProvider* data_provider) { +IPAddress FuzzIPAddress(FuzzedDataProvider* data_provider) { if (data_provider->ConsumeBool()) return FuzzIPv4Address(data_provider); return FuzzIPv6Address(data_provider); @@ -93,7 +93,7 @@ class FuzzedHostResolverProc : public HostResolverProc { // happen if a request is issued but the code never waits for the result // before the test ends. explicit FuzzedHostResolverProc( - base::WeakPtr data_provider) + base::WeakPtr data_provider) : HostResolverProc(nullptr), data_provider_(data_provider), network_task_runner_(base::ThreadTaskRunnerHandle::Get()) {} @@ -151,7 +151,7 @@ class FuzzedHostResolverProc : public HostResolverProc { private: ~FuzzedHostResolverProc() override = default; - base::WeakPtr data_provider_; + base::WeakPtr data_provider_; // Just used for thread-safety checks. scoped_refptr network_task_runner_; @@ -172,10 +172,9 @@ const Error kMdnsErrors[] = {ERR_FAILED, // RecvFrom calls. class FuzzedMdnsSocket : public DatagramServerSocket { public: - explicit FuzzedMdnsSocket(base::FuzzedDataProvider* data_provider) + explicit FuzzedMdnsSocket(FuzzedDataProvider* data_provider) : data_provider_(data_provider), - local_address_(FuzzIPAddress(data_provider_), 5353), - weak_factory_(this) {} + local_address_(FuzzIPAddress(data_provider_), 5353) {} int Listen(const IPEndPoint& address) override { return OK; } @@ -277,16 +276,16 @@ class FuzzedMdnsSocket : public DatagramServerSocket { std::move(callback).Run(data_provider_->PickValueInArray(kMdnsErrors)); } - base::FuzzedDataProvider* const data_provider_; + FuzzedDataProvider* const data_provider_; const IPEndPoint local_address_; const NetLogWithSource net_log_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; }; class FuzzedMdnsSocketFactory : public MDnsSocketFactory { public: - explicit FuzzedMdnsSocketFactory(base::FuzzedDataProvider* data_provider) + explicit FuzzedMdnsSocketFactory(FuzzedDataProvider* data_provider) : data_provider_(data_provider) {} void CreateSockets( @@ -297,7 +296,7 @@ class FuzzedMdnsSocketFactory : public MDnsSocketFactory { } private: - base::FuzzedDataProvider* const data_provider_; + FuzzedDataProvider* const data_provider_; }; class FuzzedHostResolverManager : public HostResolverManager { @@ -305,7 +304,7 @@ class FuzzedHostResolverManager : public HostResolverManager { // |data_provider| and |net_log| must outlive the FuzzedHostResolver. FuzzedHostResolverManager(const HostResolver::ManagerOptions& options, NetLog* net_log, - base::FuzzedDataProvider* data_provider) + FuzzedDataProvider* data_provider) : HostResolverManager(options, net_log), data_provider_(data_provider), is_ipv6_reachable_(data_provider->ConsumeBool()), @@ -348,7 +347,7 @@ class FuzzedHostResolverManager : public HostResolverManager { SetHaveOnlyLoopbackAddresses(data_provider_->ConsumeBool()); } - base::FuzzedDataProvider* const data_provider_; + FuzzedDataProvider* const data_provider_; // Fixed value to be returned by IsIPv6Reachable. const bool is_ipv6_reachable_; @@ -358,7 +357,7 @@ class FuzzedHostResolverManager : public HostResolverManager { NetLog* const net_log_; - base::WeakPtrFactory data_provider_weak_factory_; + base::WeakPtrFactory data_provider_weak_factory_; DISALLOW_COPY_AND_ASSIGN(FuzzedHostResolverManager); }; @@ -424,7 +423,7 @@ void FuzzedHostResolverManager::SetDnsClientEnabled(bool enabled) { std::unique_ptr dns_client = DnsClient::CreateClientForTesting( net_log_, &socket_factory_, - base::Bind(&base::FuzzedDataProvider::ConsumeIntegralInRange, + base::Bind(&FuzzedDataProvider::ConsumeIntegralInRange, base::Unretained(data_provider_))); dns_client->SetConfig(config); HostResolverManager::SetDnsClientForTesting(std::move(dns_client)); @@ -435,7 +434,7 @@ void FuzzedHostResolverManager::SetDnsClientEnabled(bool enabled) { std::unique_ptr CreateFuzzedContextHostResolver( const HostResolver::ManagerOptions& options, NetLog* net_log, - base::FuzzedDataProvider* data_provider, + FuzzedDataProvider* data_provider, bool enable_caching) { // FuzzedHostResolverManager only handles fuzzing DnsClient when enabled // through SetDnsClientEnabled(). diff --git a/chromium/net/dns/fuzzed_host_resolver_util.h b/chromium/net/dns/fuzzed_host_resolver_util.h index 5f6fbb12738..11ac006f040 100644 --- a/chromium/net/dns/fuzzed_host_resolver_util.h +++ b/chromium/net/dns/fuzzed_host_resolver_util.h @@ -9,9 +9,7 @@ #include "net/dns/host_resolver.h" -namespace base { class FuzzedDataProvider; -} namespace net { @@ -38,7 +36,7 @@ class NetLog; std::unique_ptr CreateFuzzedContextHostResolver( const HostResolver::ManagerOptions& options, NetLog* net_log, - base::FuzzedDataProvider* data_provider, + FuzzedDataProvider* data_provider, bool enable_caching); } // namespace net diff --git a/chromium/net/dns/host_cache.cc b/chromium/net/dns/host_cache.cc index 1c33f8232cd..69b2be5d523 100644 --- a/chromium/net/dns/host_cache.cc +++ b/chromium/net/dns/host_cache.cc @@ -201,11 +201,6 @@ HostCache::Entry HostCache::Entry::MergeEntries(Entry front, Entry back) { return front; } -NetLogParametersCallback HostCache::Entry::CreateNetLogCallback() const { - return base::BindRepeating(&HostCache::Entry::NetLogCallback, - base::Unretained(this)); -} - HostCache::Entry HostCache::Entry::CopyWithDefaultPort(uint16_t port) const { Entry copy(*this); @@ -295,8 +290,7 @@ void HostCache::Entry::GetStaleness(base::TimeTicks now, out->stale_hits = stale_hits_; } -base::Value HostCache::Entry::NetLogCallback( - NetLogCaptureMode capture_mode) const { +base::Value HostCache::Entry::NetLogParams() const { return GetAsValue(false /* include_staleness */); } diff --git a/chromium/net/dns/host_cache.h b/chromium/net/dns/host_cache.h index e6616521277..6ab3f2bbdf3 100644 --- a/chromium/net/dns/host_cache.h +++ b/chromium/net/dns/host_cache.h @@ -34,7 +34,6 @@ #include "net/dns/host_resolver_source.h" #include "net/dns/public/dns_query_type.h" #include "net/log/net_log_capture_mode.h" -#include "net/log/net_log_parameters_callback.h" namespace base { class ListValue; @@ -142,6 +141,10 @@ class NET_EXPORT HostCache { Entry& operator=(Entry&& entry); int error() const { return error_; } + bool did_complete() const { + return error_ != ERR_NETWORK_CHANGED && + error_ != ERR_HOST_RESOLVER_QUEUE_TOO_LARGE; + } void set_error(int error) { error_ = error; } const base::Optional& addresses() const { return addresses_; } void set_addresses(const base::Optional& addresses) { @@ -177,10 +180,8 @@ class NET_EXPORT HostCache { // from |back|. Fields that cannot be merged take precedence from |front|. static Entry MergeEntries(Entry front, Entry back); - // Creates a callback for use with the NetLog that returns a Value - // representation of the entry. The callback must be destroyed before - // |this| is. - NetLogParametersCallback CreateNetLogCallback() const; + // Creates a value representation of the entry for use with NetLog. + base::Value NetLogParams() const; // Creates a copy of |this| with the port of all address and hostname values // set to |port| if the current port is 0. Preserves any non-zero ports. @@ -219,7 +220,6 @@ class NET_EXPORT HostCache { int network_changes, EntryStaleness* out) const; - base::Value NetLogCallback(NetLogCaptureMode capture_mode) const; base::DictionaryValue GetAsValue(bool include_staleness) const; // The resolve results for this entry. diff --git a/chromium/net/dns/host_resolver.cc b/chromium/net/dns/host_resolver.cc index d09904be480..9eb7b2c1aa1 100644 --- a/chromium/net/dns/host_resolver.cc +++ b/chromium/net/dns/host_resolver.cc @@ -22,6 +22,9 @@ namespace net { +const size_t HostResolver::ManagerOptions::kDefaultRetryAttempts = + static_cast(-1); + std::unique_ptr HostResolver::Factory::CreateResolver( HostResolverManager* manager, base::StringPiece host_mapping_rules, diff --git a/chromium/net/dns/host_resolver.h b/chromium/net/dns/host_resolver.h index f4cd24f2fdc..46550c38013 100644 --- a/chromium/net/dns/host_resolver.h +++ b/chromium/net/dns/host_resolver.h @@ -120,7 +120,7 @@ class NET_EXPORT HostResolver { static const size_t kDefaultParallelism = 0; // Set |max_system_retry_attempts| to this to select a default retry value. - static const size_t kDefaultRetryAttempts = static_cast(-1); + static const size_t kDefaultRetryAttempts; // How many resolve requests will be allowed to run in parallel. // |kDefaultParallelism| for the resolver to choose a default value. @@ -192,7 +192,9 @@ class NET_EXPORT HostResolver { ALLOWED, // Results may come from the host cache even if stale (by expiration or - // network changes). + // network changes). In secure dns AUTOMATIC mode, the cache is checked + // for both secure and insecure results prior to any secure DNS lookups to + // minimize response time. STALE_ALLOWED, // Results will not come from the host cache. diff --git a/chromium/net/dns/host_resolver_manager.cc b/chromium/net/dns/host_resolver_manager.cc index bfccb8b0041..b629c8b9663 100644 --- a/chromium/net/dns/host_resolver_manager.cc +++ b/chromium/net/dns/host_resolver_manager.cc @@ -80,7 +80,6 @@ #include "net/log/net_log.h" #include "net/log/net_log_capture_mode.h" #include "net/log/net_log_event_type.h" -#include "net/log/net_log_parameters_callback.h" #include "net/log/net_log_source.h" #include "net/log/net_log_source_type.h" #include "net/log/net_log_with_source.h" @@ -271,10 +270,9 @@ bool HaveOnlyLoopbackAddresses() { } // Creates NetLog parameters when the resolve failed. -base::Value NetLogProcTaskFailedCallback(uint32_t attempt_number, - int net_error, - int os_error, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogProcTaskFailedParams(uint32_t attempt_number, + int net_error, + int os_error) { base::DictionaryValue dict; if (attempt_number) dict.SetInteger("attempt_number", attempt_number); @@ -304,24 +302,19 @@ base::Value NetLogProcTaskFailedCallback(uint32_t attempt_number, } // Creates NetLog parameters when the DnsTask failed. -base::Value NetLogDnsTaskFailedCallback( - int net_error, - int dns_error, - NetLogParametersCallback results_callback, - NetLogCaptureMode capture_mode) { +base::Value NetLogDnsTaskFailedParams(const HostCache::Entry& results, + int dns_error) { base::DictionaryValue dict; - dict.SetInteger("net_error", net_error); + dict.SetInteger("net_error", results.error()); if (dns_error) dict.SetInteger("dns_error", dns_error); - if (results_callback) - dict.SetKey("resolve_results", results_callback.Run(capture_mode)); + dict.SetKey("resolve_results", results.NetLogParams()); return std::move(dict); } // Creates NetLog parameters containing the information of the request. Use // NetLogRequestInfoCallback if the request is specified via RequestInfo. -base::Value NetLogRequestCallback(const HostPortPair& host, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogRequestParams(const HostPortPair& host) { base::DictionaryValue dict; dict.SetString("host", host.ToString()); @@ -333,19 +326,17 @@ base::Value NetLogRequestCallback(const HostPortPair& host, } // Creates NetLog parameters for the creation of a HostResolverManager::Job. -base::Value NetLogJobCreationCallback(const NetLogSource& source, - const std::string* host, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogJobCreationParams(const NetLogSource& source, + const std::string& host) { base::DictionaryValue dict; source.AddToEventParameters(&dict); - dict.SetString("host", *host); + dict.SetString("host", host); return std::move(dict); } // Creates NetLog parameters for HOST_RESOLVER_IMPL_JOB_ATTACH/DETACH events. -base::Value NetLogJobAttachCallback(const NetLogSource& source, - RequestPriority priority, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogJobAttachParams(const NetLogSource& source, + RequestPriority priority) { base::DictionaryValue dict; source.AddToEventParameters(&dict); dict.SetString("priority", RequestPriorityToString(priority)); @@ -353,14 +344,11 @@ base::Value NetLogJobAttachCallback(const NetLogSource& source, } // Creates NetLog parameters for the DNS_CONFIG_CHANGED event. -base::Value NetLogDnsConfigCallback(const DnsConfig* config, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogDnsConfigParams(const DnsConfig* config) { return base::Value::FromUniquePtrValue(config->ToValue()); } -base::Value NetLogIPv6AvailableCallback(bool ipv6_available, - bool cached, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogIPv6AvailableParams(bool ipv6_available, bool cached) { base::DictionaryValue dict; dict.SetBoolean("ipv6_available", ipv6_available); dict.SetBoolean("cached", cached); @@ -375,7 +363,7 @@ base::Value NetLogIPv6AvailableCallback(bool ipv6_available, void LogStartRequest(const NetLogWithSource& source_net_log, const HostPortPair& host) { source_net_log.BeginEvent(NetLogEventType::HOST_RESOLVER_IMPL_REQUEST, - base::BindRepeating(&NetLogRequestCallback, host)); + [&] { return NetLogRequestParams(host); }); } // Logs when a request has just completed (before its callback is run). @@ -521,6 +509,13 @@ bool DnsServerSupportsDoh(const IPAddress& dns_server) { upgradable_servers->end(); } +void NetLogHostCacheEntry(const NetLogWithSource& net_log, + NetLogEventType type, + NetLogEventPhase phase, + const HostCache::Entry& results) { + net_log.AddEntry(type, phase, [&] { return results.NetLogParams(); }); +} + } // namespace //----------------------------------------------------------------------------- @@ -573,7 +568,30 @@ class HostResolverManager::RequestImpl priority_(parameters_.initial_priority), job_(nullptr), resolver_(resolver), - complete_(false) {} + complete_(false) { + // If the query name matches one of the DoH server names, set the + // secure_dns_mode_override field in ResolveHostParameters to OFF to avoid + // infinite recursion. + // TODO(crbug.com/878582): Add a URLRequest-level parameter to skip DoH that + // can be set when a URLRequest to a DoH server is built. This will avoid + // unnecessarily skipping DoH when a connection to the DoH server has been + // established but the query happens to be for a DoH server hostname. + DCHECK(resolver_); + if (resolver_->HaveDnsConfig()) { + std::unique_ptr dns_config = + resolver_->GetDnsConfigAsValue(); + for (const base::Value& doh_server : + dns_config->FindKey("doh_servers")->GetList()) { + if (request_host_.host().compare( + GURL(GetURLFromTemplateWithoutParameters( + doh_server.FindKey("server_template")->GetString())) + .host()) == 0) { + parameters_.secure_dns_mode_override = DnsConfig::SecureDnsMode::OFF; + break; + } + } + } + } ~RequestImpl() override { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); @@ -722,7 +740,7 @@ class HostResolverManager::RequestImpl const NetLogWithSource source_net_log_; const HostPortPair request_host_; - const ResolveHostParameters parameters_; + ResolveHostParameters parameters_; URLRequestContext* const request_context_; HostCache* const host_cache_; const HostResolverFlags host_resolver_flags_; @@ -784,8 +802,7 @@ class HostResolverManager::ProcTask { proc_task_runner_(std::move(proc_task_runner)), attempt_number_(0), net_log_(job_net_log), - tick_clock_(tick_clock), - weak_ptr_factory_(this) { + tick_clock_(tick_clock) { DCHECK(callback_); if (!params_.resolver_proc.get()) params_.resolver_proc = HostResolverProc::GetDefault(); @@ -837,8 +854,9 @@ class HostResolverManager::ProcTask { params_.resolver_proc, network_task_runner_, std::move(completion_callback))); - net_log_.AddEvent(NetLogEventType::HOST_RESOLVER_IMPL_ATTEMPT_STARTED, - NetLog::IntCallback("attempt_number", attempt_number_)); + net_log_.AddEventWithIntParams( + NetLogEventType::HOST_RESOLVER_IMPL_ATTEMPT_STARTED, "attempt_number", + attempt_number_); // If the results aren't received within a given time, RetryIfNotComplete // will start a new attempt if none of the outstanding attempts have @@ -918,22 +936,21 @@ class HostResolverManager::ProcTask { // and retries. weak_ptr_factory_.InvalidateWeakPtrs(); - NetLogParametersCallback net_log_callback; - NetLogParametersCallback attempt_net_log_callback; if (error != OK) { - net_log_callback = base::BindRepeating(&NetLogProcTaskFailedCallback, 0, - error, os_error); - attempt_net_log_callback = base::BindRepeating( - &NetLogProcTaskFailedCallback, attempt_number, error, os_error); + net_log_.EndEvent(NetLogEventType::HOST_RESOLVER_IMPL_PROC_TASK, [&] { + return NetLogProcTaskFailedParams(0, error, os_error); + }); + net_log_.AddEvent( + NetLogEventType::HOST_RESOLVER_IMPL_ATTEMPT_FINISHED, [&] { + return NetLogProcTaskFailedParams(attempt_number, error, os_error); + }); } else { - net_log_callback = results.CreateNetLogCallback(); - attempt_net_log_callback = - NetLog::IntCallback("attempt_number", attempt_number); + net_log_.EndEvent(NetLogEventType::HOST_RESOLVER_IMPL_PROC_TASK, + [&] { return results.NetLogParams(); }); + net_log_.AddEventWithIntParams( + NetLogEventType::HOST_RESOLVER_IMPL_ATTEMPT_FINISHED, + "attempt_number", attempt_number); } - net_log_.EndEvent(NetLogEventType::HOST_RESOLVER_IMPL_PROC_TASK, - net_log_callback); - net_log_.AddEvent(NetLogEventType::HOST_RESOLVER_IMPL_ATTEMPT_FINISHED, - attempt_net_log_callback); std::move(callback_).Run(error, results); } @@ -968,7 +985,7 @@ class HostResolverManager::ProcTask { // Used to loop back from the blocking lookup attempt tasks as well as from // delayed retry tasks. Invalidate WeakPtrs on completion and cancellation to // cancel handling of such posted tasks. - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(ProcTask); }; @@ -1005,7 +1022,7 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr { base::StringPiece hostname, DnsQueryType query_type, URLRequestContext* request_context, - bool allow_fallback_resolution, + bool secure, Delegate* delegate, const NetLogWithSource& job_net_log, const base::TickClock* tick_clock) @@ -1013,7 +1030,7 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr { hostname_(hostname), query_type_(query_type), request_context_(request_context), - allow_fallback_resolution_(allow_fallback_resolution), + secure_(secure), delegate_(delegate), net_log_(job_net_log), num_completed_transactions_(0), @@ -1022,8 +1039,6 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr { DCHECK(delegate_); } - bool allow_fallback_resolution() const { return allow_fallback_resolution_; } - bool needs_two_transactions() const { return query_type_ == DnsQueryType::UNSPECIFIED; } @@ -1038,11 +1053,9 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr { DCHECK(!transaction1_); net_log_.BeginEvent(NetLogEventType::HOST_RESOLVER_IMPL_DNS_TASK); - if (query_type_ == DnsQueryType::UNSPECIFIED) { - transaction1_ = CreateTransaction(DnsQueryType::A); - } else { - transaction1_ = CreateTransaction(query_type_); - } + transaction1_ = CreateTransaction(query_type_ == DnsQueryType::UNSPECIFIED + ? DnsQueryType::A + : query_type_); transaction1_->Start(); } @@ -1064,25 +1077,13 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr { DnsQueryType dns_query_type) { DCHECK(client_); DCHECK_NE(DnsQueryType::UNSPECIFIED, dns_query_type); - DnsConfig::SecureDnsMode secure_dns_mode = - DnsConfig::SecureDnsMode::AUTOMATIC; - // Downgrade to OFF mode if the query name for this attempt matches one of - // the DoH server names. This is needed to prevent infinite recursion. - DCHECK(client_->GetConfig()); - for (auto& doh_server : client_->GetConfig()->dns_over_https_servers) { - if (hostname_.compare(GURL(GetURLFromTemplateWithoutParameters( - doh_server.server_template)) - .host()) == 0) { - secure_dns_mode = DnsConfig::SecureDnsMode::OFF; - } - } std::unique_ptr trans = client_->GetTransactionFactory()->CreateTransaction( hostname_, DnsQueryTypeToQtype(dns_query_type), base::BindOnce(&DnsTask::OnTransactionComplete, base::Unretained(this), tick_clock_->NowTicks(), dns_query_type), - net_log_, secure_dns_mode, request_context_); + net_log_, secure_, request_context_); trans->SetRequestPriority(delegate_->priority()); return trans; } @@ -1091,12 +1092,11 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr { DnsQueryType dns_query_type, DnsTransaction* transaction, int net_error, - const DnsResponse* response, - bool secure) { + const DnsResponse* response) { DCHECK(transaction); if (net_error != OK && !(net_error == ERR_NAME_NOT_RESOLVED && response && response->IsValid())) { - OnFailure(net_error, DnsResponse::DNS_PARSE_OK, base::nullopt, secure); + OnFailure(net_error, DnsResponse::DNS_PARSE_OK, base::nullopt); return; } @@ -1124,13 +1124,11 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr { DCHECK_LT(parse_result, DnsResponse::DNS_PARSE_RESULT_MAX); if (results.error() != OK && results.error() != ERR_NAME_NOT_RESOLVED) { - OnFailure(results.error(), parse_result, results.GetOptionalTtl(), - secure); + OnFailure(results.error(), parse_result, results.GetOptionalTtl()); return; } // Merge results with saved results from previous transactions. - DCHECK_EQ(saved_results_.has_value(), saved_secure_.has_value()); if (saved_results_) { DCHECK(needs_two_transactions()); DCHECK_GE(1u, num_completed_transactions_); @@ -1152,10 +1150,6 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr { // Only expect address query types with multiple transactions. NOTREACHED(); } - // If the earlier result was retrieved insecurely, the merged result - // should be stored accordingly. - if (!saved_secure_.value()) - secure = false; } // If not all transactions are complete, the task cannot yet be completed @@ -1163,7 +1157,6 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr { ++num_completed_transactions_; if (needs_two_transactions() && num_completed_transactions_ == 1) { saved_results_ = std::move(results); - saved_secure_ = secure; delegate_->OnFirstDnsTransactionComplete(); return; } @@ -1177,11 +1170,11 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr { client_->GetAddressSorter()->Sort( results.addresses().value(), base::BindOnce(&DnsTask::OnSortComplete, AsWeakPtr(), - tick_clock_->NowTicks(), std::move(results), secure)); + tick_clock_->NowTicks(), std::move(results), secure_)); return; } - OnSuccess(results, secure); + OnSuccess(results); } DnsResponse::Result ParseAddressDnsResponse(const DnsResponse* response, @@ -1392,7 +1385,7 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr { if (!success) { OnFailure(ERR_DNS_SORT_ERROR, DnsResponse::DNS_PARSE_OK, - results.GetOptionalTtl(), secure); + results.GetOptionalTtl()); return; } @@ -1402,27 +1395,24 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr { results.hostnames().value_or(std::vector()).empty()) { LOG(WARNING) << "Address list empty after RFC3484 sort"; OnFailure(ERR_NAME_NOT_RESOLVED, DnsResponse::DNS_PARSE_OK, - results.GetOptionalTtl(), secure); + results.GetOptionalTtl()); return; } - OnSuccess(results, secure); + OnSuccess(results); } void OnFailure(int net_error, DnsResponse::Result parse_result, - base::Optional ttl, - bool secure) { + base::Optional ttl) { DCHECK_NE(OK, net_error); - HostCache::Entry results(net_error, HostCache::Entry::SOURCE_UNKNOWN); - net_log_.EndEvent(NetLogEventType::HOST_RESOLVER_IMPL_DNS_TASK, - base::Bind(&NetLogDnsTaskFailedCallback, results.error(), - parse_result, results.CreateNetLogCallback())); + net_log_.EndEvent(NetLogEventType::HOST_RESOLVER_IMPL_DNS_TASK, [&] { + return NetLogDnsTaskFailedParams(results, parse_result); + }); // If we have a TTL from a previously completed transaction, use it. - DCHECK_EQ(saved_results_.has_value(), saved_secure_.has_value()); base::TimeDelta previous_transaction_ttl; if (saved_results_ && saved_results_.value().has_ttl() && saved_results_.value().ttl() < @@ -1436,18 +1426,14 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr { } else if (ttl) { results.set_ttl(ttl.value()); } - // If the earlier result was retrieved insecurely, any entry stored in the - // cache for this transaction should be stored with an insecure key. - if (saved_secure_ && !saved_secure_.value()) - secure = false; - delegate_->OnDnsTaskComplete(task_start_time_, results, secure); + delegate_->OnDnsTaskComplete(task_start_time_, results, secure_); } - void OnSuccess(const HostCache::Entry& results, bool secure) { - net_log_.EndEvent(NetLogEventType::HOST_RESOLVER_IMPL_DNS_TASK, - results.CreateNetLogCallback()); - delegate_->OnDnsTaskComplete(task_start_time_, results, secure); + void OnSuccess(const HostCache::Entry& results) { + NetLogHostCacheEntry(net_log_, NetLogEventType::HOST_RESOLVER_IMPL_DNS_TASK, + NetLogEventPhase::END, results); + delegate_->OnDnsTaskComplete(task_start_time_, results, secure_); } DnsClient* client_; @@ -1455,9 +1441,8 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr { const DnsQueryType query_type_; URLRequestContext* const request_context_; - // Whether resolution may fallback to other task types (e.g. ProcTask) on - // failure of this task. - bool allow_fallback_resolution_; + // Whether lookups in this DnsTask should occur using DoH or plaintext. + const bool secure_; // The listener to the results of this DnsTask. Delegate* delegate_; @@ -1471,10 +1456,6 @@ class HostResolverManager::DnsTask : public base::SupportsWeakPtr { // Result from previously completed transactions. Only set if a transaction // has completed while others are still in progress. base::Optional saved_results_; - // Whether the result from the previously completed transaction was retrieved - // securely. Only set if a transaction has completed while others are still - // in progress. - base::Optional saved_secure_; const base::TickClock* tick_clock_; base::TimeTicks task_start_time_; @@ -1509,7 +1490,10 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, DnsQueryType query_type, HostResolverFlags host_resolver_flags, HostResolverSource requested_source, + ResolveHostParameters::CacheUsage cache_usage, URLRequestContext* request_context, + HostCache* host_cache, + std::deque tasks, RequestPriority priority, scoped_refptr proc_task_runner, const NetLogWithSource& source_net_log, @@ -1519,7 +1503,11 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, query_type_(query_type), host_resolver_flags_(host_resolver_flags), requested_source_(requested_source), + cache_usage_(cache_usage), request_context_(request_context), + host_cache_(host_cache), + tasks_(tasks), + job_running_(false), priority_tracker_(priority), proc_task_runner_(std::move(proc_task_runner)), had_non_speculative_request_(false), @@ -1528,13 +1516,12 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, tick_clock_(tick_clock), net_log_( NetLogWithSource::Make(source_net_log.net_log(), - NetLogSourceType::HOST_RESOLVER_IMPL_JOB)), - weak_ptr_factory_(this) { + NetLogSourceType::HOST_RESOLVER_IMPL_JOB)) { source_net_log.AddEvent(NetLogEventType::HOST_RESOLVER_IMPL_CREATE_JOB); - net_log_.BeginEvent(NetLogEventType::HOST_RESOLVER_IMPL_JOB, - base::Bind(&NetLogJobCreationCallback, - source_net_log.source(), &hostname_)); + net_log_.BeginEvent(NetLogEventType::HOST_RESOLVER_IMPL_JOB, [&] { + return NetLogJobCreationParams(source_net_log.source(), hostname_); + }); } ~Job() override { @@ -1583,20 +1570,24 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, } void AddRequest(RequestImpl* request) { + // Job currently assumes a 1:1 correspondence between URLRequestContext and + // HostCache. Since the URLRequestContext is part of the JobKey, any request + // added to any existing Job should share the same HostCache. + DCHECK_EQ(host_cache_, request->host_cache()); DCHECK_EQ(hostname_, request->request_host().host()); request->AssignJob(this); priority_tracker_.Add(request->priority()); - request->source_net_log().AddEvent( - NetLogEventType::HOST_RESOLVER_IMPL_JOB_ATTACH, - net_log_.source().ToEventParametersCallback()); + request->source_net_log().AddEventReferencingSource( + NetLogEventType::HOST_RESOLVER_IMPL_JOB_ATTACH, net_log_.source()); - net_log_.AddEvent( - NetLogEventType::HOST_RESOLVER_IMPL_JOB_REQUEST_ATTACH, - base::Bind(&NetLogJobAttachCallback, request->source_net_log().source(), - priority())); + net_log_.AddEvent(NetLogEventType::HOST_RESOLVER_IMPL_JOB_REQUEST_ATTACH, + [&] { + return NetLogJobAttachParams( + request->source_net_log().source(), priority()); + }); if (!request->parameters().is_speculative) had_non_speculative_request_ = true; @@ -1624,10 +1615,11 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, LogCancelRequest(request->source_net_log()); priority_tracker_.Remove(request->priority()); - net_log_.AddEvent( - NetLogEventType::HOST_RESOLVER_IMPL_JOB_REQUEST_DETACH, - base::Bind(&NetLogJobAttachCallback, request->source_net_log().source(), - priority())); + net_log_.AddEvent(NetLogEventType::HOST_RESOLVER_IMPL_JOB_REQUEST_DETACH, + [&] { + return NetLogJobAttachParams( + request->source_net_log().source(), priority()); + }); if (num_active_requests() > 0) { UpdatePriority(); @@ -1640,11 +1632,10 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, } } - // Called from AbortAllInProgressJobs. Completes all requests and destroys + // Called from AbortAllJobs. Completes all requests and destroys // the job. This currently assumes the abort is due to a network change. // TODO This should not delete |this|. void Abort() { - DCHECK(is_running()); CompleteRequestsWithError(ERR_NETWORK_CHANGED); } @@ -1656,19 +1647,26 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, error, fallback_only); } - // If DnsTask present, abort it. Depending on task settings, either fall back - // to ProcTask or abort the job entirely. Warning, aborting a job may cause - // other jobs to be aborted, thus |jobs_| may be unpredictably changed by - // calling this method. - // - // |error| is the net error that will be returned to requests if this method - // results in completely aborting the job. + // Aborts or removes any current/future DnsTasks if a ProcTask is available + // for fallback. If no fallback is available and |fallback_only| is false, a + // job that is currently running a DnsTask will be completed with |error|. void AbortDnsTask(int error, bool fallback_only) { + bool has_proc_fallback = + std::find(tasks_.begin(), tasks_.end(), TaskType::PROC) != tasks_.end(); + if (has_proc_fallback) { + for (auto it = tasks_.begin(); it != tasks_.end();) { + if (*it == TaskType::DNS || *it == TaskType::SECURE_DNS) + it = tasks_.erase(it); + else + ++it; + } + } + if (dns_task_) { - if (dns_task_->allow_fallback_resolution()) { + if (has_proc_fallback) { KillDnsTask(); dns_task_error_ = OK; - StartProcTask(); + RunNextTask(); } else if (!fallback_only) { CompleteRequestsWithError(error); } @@ -1732,9 +1730,7 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, bool is_queued() const { return !handle_.is_null(); } - bool is_running() const { - return is_dns_running() || is_mdns_running() || is_proc_running(); - } + bool is_running() const { return job_running_; } private: HostCache::Key GenerateCacheKey(bool secure) const { @@ -1772,6 +1768,58 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, handle_ = resolver_->dispatcher_->ChangePriority(handle_, priority()); } + void RunNextTask() { + // If there are no tasks left to try, cache any stored results and complete + // the request with the last stored result. All stored results should be + // errors. + if (tasks_.empty()) { + // If there are no stored results, complete with an error. + if (completion_results_.size() == 0) { + CompleteRequestsWithError(ERR_NAME_NOT_RESOLVED); + return; + } + + // Cache all but the last result here. The last result will be cached + // as part of CompleteRequests. + for (size_t i = 0; i < completion_results_.size() - 1; ++i) { + const auto& result = completion_results_[i]; + DCHECK_NE(OK, result.entry.error()); + MaybeCacheResult(result.entry, result.ttl, result.secure); + } + const auto& last_result = completion_results_.back(); + DCHECK_NE(OK, last_result.entry.error()); + CompleteRequests(last_result.entry, last_result.ttl, + true /* allow_cache */, last_result.secure); + return; + } + + TaskType next_task = tasks_.front(); + tasks_.pop_front(); + switch (next_task) { + case TaskType::PROC: + StartProcTask(); + break; + case TaskType::DNS: + StartDnsTask(false /* secure */); + break; + case TaskType::SECURE_DNS: + StartDnsTask(true /* secure */); + break; + case TaskType::MDNS: + StartMdnsTask(); + break; + case TaskType::INSECURE_CACHE_LOOKUP: + InsecureCacheLookup(); + break; + case TaskType::SECURE_CACHE_LOOKUP: + case TaskType::CACHE_LOOKUP: + // These task types should have been handled synchronously in + // ResolveLocally() prior to Job creation. + NOTREACHED(); + break; + } + } + // PriorityDispatch::Job: void Start() override { DCHECK_LE(num_occupied_job_slots_, 1u); @@ -1785,47 +1833,12 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, } DCHECK(!is_running()); + job_running_ = true; net_log_.AddEvent(NetLogEventType::HOST_RESOLVER_IMPL_JOB_STARTED); - start_time_ = tick_clock_->NowTicks(); - - switch (requested_source_) { - case HostResolverSource::ANY: - // Force address queries with canonname to use ProcTask to counter poor - // CNAME support in DnsTask. See https://crbug.com/872665 - // - // Otherwise, default to DnsTask (with allowed fallback to ProcTask for - // address queries). But if hostname appears to be an MDNS name (ends in - // *.local), go with ProcTask for address queries and MdnsTask for non- - // address queries. - if ((host_resolver_flags_ & HOST_RESOLVER_CANONNAME) && - IsAddressType(query_type_)) { - StartProcTask(); - } else if (!ResemblesMulticastDNSName(hostname_)) { - StartDnsTask( - IsAddressType(query_type_) /* allow_fallback_resolution */); - } else if (IsAddressType(query_type_)) { - StartProcTask(); - } else { - StartMdnsTask(); - } - break; - case HostResolverSource::SYSTEM: - StartProcTask(); - break; - case HostResolverSource::DNS: - StartDnsTask(false /* allow_fallback_resolution */); - break; - case HostResolverSource::MULTICAST_DNS: - StartMdnsTask(); - break; - case HostResolverSource::LOCAL_ONLY: - // If no external source allowed, a job should not be created or started - NOTREACHED(); - break; - } - + DCHECK(!tasks_.empty()); + RunNextTask(); // Caution: Job::Start must not complete synchronously. } @@ -1834,7 +1847,6 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, // ThreadPool threads low, we will need to use an "inner" // PrioritizedDispatcher with tighter limits. void StartProcTask() { - DCHECK(!is_running()); DCHECK(IsAddressType(query_type_)); proc_task_ = std::make_unique( @@ -1853,7 +1865,7 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, void OnProcTaskComplete(base::TimeTicks start_time, int net_error, const AddressList& addr_list) { - DCHECK(is_proc_running()); + DCHECK(proc_task_); if (dns_task_error_ != OK) { // This ProcTask was a fallback resolution after a failed DnsTask. @@ -1882,20 +1894,31 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, ttl, true /* allow_cache */, false /* secure */); } - void StartDnsTask(bool allow_fallback_resolution) { - if ((!resolver_->HaveDnsConfig() || resolver_->use_proctask_by_default_) && - allow_fallback_resolution) { - // DnsClient or config is not available, but we're allowed to switch to - // ProcTask instead. - StartProcTask(); - return; + void InsecureCacheLookup() { + // Insecure cache lookups for requests allowing stale results should have + // occurred prior to Job creation. + DCHECK(cache_usage_ != ResolveHostParameters::CacheUsage::STALE_ALLOWED); + base::Optional stale_info; + base::Optional resolved = resolver_->MaybeServeFromCache( + host_cache_, GenerateCacheKey(false), cache_usage_, + false /* ignore_secure */, net_log_, &stale_info); + + if (resolved) { + DCHECK(stale_info); + DCHECK(!stale_info.value().is_stale()); + CompleteRequestsWithoutCache(resolved.value(), std::move(stale_info)); + } else { + RunNextTask(); } + } + void StartDnsTask(bool secure) { + DCHECK_EQ(1u, num_occupied_job_slots_); // Need to create the task even if we're going to post a failure instead of // running it, as a "started" job needs a task to be properly cleaned up. - dns_task_.reset(new DnsTask( - resolver_->dns_client_.get(), hostname_, query_type_, request_context_, - allow_fallback_resolution, this, net_log_, tick_clock_)); + dns_task_.reset(new DnsTask(resolver_->dns_client_.get(), hostname_, + query_type_, request_context_, secure, this, + net_log_, tick_clock_)); if (resolver_->HaveDnsConfig()) { dns_task_->StartFirstTransaction(); @@ -1911,11 +1934,12 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, &Job::OnDnsTaskFailure, weak_ptr_factory_.GetWeakPtr(), dns_task_->AsWeakPtr(), base::TimeDelta(), HostCache::Entry(ERR_FAILED, HostCache::Entry::SOURCE_UNKNOWN), - false /* secure */)); + secure)); } } void StartSecondDnsTransaction() { + DCHECK(dns_task_); DCHECK(dns_task_->needs_two_transactions()); dns_task_->StartSecondTransaction(); } @@ -1935,29 +1959,27 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, return; if (duration < base::TimeDelta::FromMilliseconds(10)) { - base::UmaHistogramSparse("Net.DNS.DnsTask.ErrorBeforeFallback.Fast", - std::abs(failure_results.error())); + base::UmaHistogramSparse( + secure ? "Net.DNS.SecureDnsTask.ErrorBeforeFallback.Fast" + : "Net.DNS.DnsTask.ErrorBeforeFallback.Fast", + std::abs(failure_results.error())); } else { - base::UmaHistogramSparse("Net.DNS.DnsTask.ErrorBeforeFallback.Slow", - std::abs(failure_results.error())); + base::UmaHistogramSparse( + secure ? "Net.DNS.SecureDnsTask.ErrorBeforeFallback.Slow" + : "Net.DNS.DnsTask.ErrorBeforeFallback.Slow", + std::abs(failure_results.error())); } - dns_task_error_ = failure_results.error(); - // TODO(szym): Run ServeFromHosts now if nsswitch.conf says so. - // http://crbug.com/117655 + // If one of the fallback tasks doesn't complete the request, store a result + // to use during request completion. + base::TimeDelta ttl = failure_results.has_ttl() + ? failure_results.ttl() + : base::TimeDelta::FromSeconds(0); + completion_results_.push_back({failure_results, ttl, secure}); - // TODO(szym): Some net errors indicate lack of connectivity. Starting - // ProcTask in that case is a waste of time. - if (resolver_->allow_fallback_to_proctask_ && - dns_task->allow_fallback_resolution()) { - KillDnsTask(); - StartProcTask(); - } else { - base::TimeDelta ttl = failure_results.has_ttl() - ? failure_results.ttl() - : base::TimeDelta::FromSeconds(0); - CompleteRequests(failure_results, ttl, true /* allow_cache */, secure); - } + dns_task_error_ = failure_results.error(); + KillDnsTask(); + RunNextTask(); } // HostResolverManager::DnsTask::Delegate implementation: @@ -1965,7 +1987,7 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, void OnDnsTaskComplete(base::TimeTicks start_time, const HostCache::Entry& results, bool secure) override { - DCHECK(is_dns_running()); + DCHECK(dns_task_); base::TimeDelta duration = tick_clock_->NowTicks() - start_time; if (results.error() != OK) { @@ -2003,8 +2025,6 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, } void StartMdnsTask() { - DCHECK(!is_running()); - // No flags are supported for MDNS except // HOST_RESOLVER_DEFAULT_FAMILY_SET_DUE_TO_NO_IPV6 (which is not actually an // input flag). @@ -2037,7 +2057,7 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, } void OnMdnsTaskComplete() { - DCHECK(is_mdns_running()); + DCHECK(mdns_task_); // TODO(crbug.com/846423): Consider adding MDNS-specific logging. HostCache::Entry results = mdns_task_->GetResults(); @@ -2047,12 +2067,12 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, } else { // MDNS uses a separate cache, so skip saving result to cache. // TODO(crbug.com/926300): Consider merging caches. - CompleteRequestsWithoutCache(results); + CompleteRequestsWithoutCache(results, base::nullopt /* stale_info */); } } void OnMdnsImmediateFailure(int rv) { - DCHECK(is_mdns_running()); + DCHECK(mdns_task_); DCHECK_NE(OK, rv); CompleteRequestsWithError(rv); @@ -2138,6 +2158,16 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, } } + void MaybeCacheResult(const HostCache::Entry& results, + base::TimeDelta ttl, + bool secure) { + // If the request did not complete, don't cache it. + if (!results.did_complete()) + return; + HostCache::Key cache_key = GenerateCacheKey(secure); + resolver_->CacheResult(host_cache_, cache_key, results, ttl); + } + // Performs Job's last rites. Completes all Requests. Deletes this. // // If not |allow_cache|, result will not be stored in the host cache, even if @@ -2163,6 +2193,7 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, mdns_task_ = nullptr; // Signal dispatcher that a slot has opened. + DCHECK_EQ(1u, num_occupied_job_slots_); resolver_->dispatcher_->OnJobFinished(); } else if (is_queued()) { resolver_->dispatcher_->Cancel(handle_); @@ -2181,24 +2212,10 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, DCHECK(!requests_.empty()); - bool did_complete = (results.error() != ERR_NETWORK_CHANGED) && - (results.error() != ERR_HOST_RESOLVER_QUEUE_TOO_LARGE); - // Handle all caching before completing requests as completing requests may // start new requests that rely on cached results. - if (did_complete && allow_cache) { - // Multiple requests will usually share caches, so avoid duplicate cache - // adds. - std::set caches; - for (auto* node = requests_.head(); node != requests_.end(); - node = node->next()) { - if (node->value()->host_cache()) - caches.insert(node->value()->host_cache()); - } - HostCache::Key cache_key = GenerateCacheKey(secure); - for (HostCache* cache : caches) - resolver_->CacheResult(cache, cache_key, results, ttl); - } + if (allow_cache) + MaybeCacheResult(results, ttl, secure); RecordJobHistograms(results.error()); @@ -2210,7 +2227,7 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, DCHECK_EQ(this, req->job()); // Update the net log and notify registered observers. LogFinishRequest(req->source_net_log(), results.error()); - if (did_complete) { + if (results.did_complete()) { // Record effective total time from creation to completion. resolver_->RecordTotalTime( req->parameters().is_speculative, false /* from_cache */, @@ -2229,7 +2246,17 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, } } - void CompleteRequestsWithoutCache(const HostCache::Entry& results) { + void CompleteRequestsWithoutCache( + const HostCache::Entry& results, + base::Optional stale_info) { + // Record the stale_info for all non-speculative requests, if it exists. + if (stale_info) { + for (auto* node = requests_.head(); node != requests_.end(); + node = node->next()) { + if (!node->value()->parameters().is_speculative) + node->value()->set_stale_info(std::move(stale_info).value()); + } + } CompleteRequests(results, base::TimeDelta(), false /* allow_cache */, false /* secure */); } @@ -2249,19 +2276,34 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, // Number of non-canceled requests in |requests_|. size_t num_active_requests() const { return priority_tracker_.total_count(); } - bool is_dns_running() const { return !!dns_task_; } - - bool is_mdns_running() const { return !!mdns_task_; } - - bool is_proc_running() const { return !!proc_task_; } - base::WeakPtr resolver_; const std::string hostname_; const DnsQueryType query_type_; const HostResolverFlags host_resolver_flags_; const HostResolverSource requested_source_; + const ResolveHostParameters::CacheUsage cache_usage_; URLRequestContext* const request_context_; + // TODO(crbug.com/969847): Consider allowing requests within a single Job to + // have different HostCaches. + HostCache* const host_cache_; + + struct CompletionResult { + const HostCache::Entry entry; + base::TimeDelta ttl; + bool secure; + }; + + // Results to use in last-ditch attempt to complete request. + std::vector completion_results_; + + // The sequence of tasks to run in this Job. Tasks may be aborted and removed + // from the sequence, but otherwise the tasks will run in order until a + // successful result is found. + std::deque tasks_; + + // Whether the job is running. + bool job_running_; // Tracks the highest priority across |requests_|. PriorityTracker priority_tracker_; @@ -2300,7 +2342,7 @@ class HostResolverManager::Job : public PrioritizedDispatcher::Job, // Iterator to |this| in the JobMap. |nullopt| if not owned by the JobMap. base::Optional self_iterator_; - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; }; //----------------------------------------------------------------------------- @@ -2324,9 +2366,7 @@ HostResolverManager::HostResolverManager( use_proctask_by_default_(false), allow_fallback_to_proctask_(true), tick_clock_(base::DefaultTickClock::GetInstance()), - invalidation_in_progress_(false), - weak_ptr_factory_(this), - probe_weak_ptr_factory_(this) { + invalidation_in_progress_(false) { PrioritizedDispatcher::Limits job_limits = GetDispatcherLimits(options); dispatcher_.reset(new PrioritizedDispatcher(job_limits)); max_queued_jobs_ = job_limits.total_jobs * 100u; @@ -2556,13 +2596,15 @@ int HostResolverManager::Resolve(RequestImpl* request) { DnsQueryType effective_query_type; HostResolverFlags effective_host_resolver_flags; + std::deque tasks; base::Optional stale_info; HostCache::Entry results = ResolveLocally( request->request_host().host(), request->parameters().dns_query_type, request->parameters().source, request->host_resolver_flags(), + request->parameters().secure_dns_mode_override, request->parameters().cache_usage, request->source_net_log(), request->host_cache(), &effective_query_type, - &effective_host_resolver_flags, &stale_info); + &effective_host_resolver_flags, &tasks, &stale_info); if (results.error() != ERR_DNS_CACHE_MISS || request->parameters().source == HostResolverSource::LOCAL_ONLY) { if (results.error() == OK && !request->parameters().is_speculative) { @@ -2577,8 +2619,9 @@ int HostResolverManager::Resolve(RequestImpl* request) { return results.error(); } - int rv = CreateAndStartJob(effective_query_type, - effective_host_resolver_flags, request); + int rv = + CreateAndStartJob(effective_query_type, effective_host_resolver_flags, + std::move(tasks), request); // At this point, expect only async or errors. DCHECK_NE(OK, rv); @@ -2590,11 +2633,13 @@ HostCache::Entry HostResolverManager::ResolveLocally( DnsQueryType dns_query_type, HostResolverSource source, HostResolverFlags flags, + base::Optional secure_dns_mode_override, ResolveHostParameters::CacheUsage cache_usage, const NetLogWithSource& source_net_log, HostCache* cache, DnsQueryType* out_effective_query_type, HostResolverFlags* out_effective_host_resolver_flags, + std::deque* out_tasks, base::Optional* out_stale_info) { DCHECK(out_stale_info); *out_stale_info = base::nullopt; @@ -2617,9 +2662,11 @@ HostCache::Entry HostResolverManager::ResolveLocally( } } - GetEffectiveParametersForRequest(dns_query_type, flags, ip_address_ptr, - source_net_log, out_effective_query_type, - out_effective_host_resolver_flags); + GetEffectiveParametersForRequest( + hostname, dns_query_type, source, flags, secure_dns_mode_override, + cache_usage, ip_address_ptr, source_net_log, out_effective_query_type, + out_effective_host_resolver_flags, out_tasks); + bool resolve_canonname = *out_effective_host_resolver_flags & HOST_RESOLVER_CANONNAME; bool default_family_due_to_no_ipv6 = @@ -2646,19 +2693,32 @@ HostCache::Entry HostResolverManager::ResolveLocally( if (resolved) return resolved.value(); - if (cache_usage == ResolveHostParameters::CacheUsage::ALLOWED || - cache_usage == ResolveHostParameters::CacheUsage::STALE_ALLOWED) { + // Do initial cache lookup. + if (!out_tasks->empty() && + (out_tasks->front() == TaskType::SECURE_CACHE_LOOKUP || + out_tasks->front() == TaskType::INSECURE_CACHE_LOOKUP || + out_tasks->front() == TaskType::CACHE_LOOKUP)) { HostCache::Key key(hostname, *out_effective_query_type, *out_effective_host_resolver_flags, source); - resolved = ServeFromCache( - cache, key, - cache_usage == ResolveHostParameters::CacheUsage::STALE_ALLOWED, - out_stale_info); + + if (out_tasks->front() == TaskType::SECURE_CACHE_LOOKUP) + key.secure = true; + + bool ignore_secure = false; + if (out_tasks->front() == TaskType::CACHE_LOOKUP) + ignore_secure = true; + + out_tasks->pop_front(); + + resolved = MaybeServeFromCache(cache, key, cache_usage, ignore_secure, + source_net_log, out_stale_info); if (resolved) { + // |MaybeServeFromCache()| will update |*out_stale_info| as needed. DCHECK(out_stale_info->has_value()); - source_net_log.AddEvent(NetLogEventType::HOST_RESOLVER_IMPL_CACHE_HIT, - resolved.value().CreateNetLogCallback()); - // |ServeFromCache()| will update |*stale_info| as needed. + NetLogHostCacheEntry(source_net_log, + NetLogEventType::HOST_RESOLVER_IMPL_CACHE_HIT, + NetLogEventPhase::NONE, resolved.value()); + return resolved.value(); } DCHECK(!out_stale_info->has_value()); @@ -2669,8 +2729,9 @@ HostCache::Entry HostResolverManager::ResolveLocally( resolved = ServeFromHosts(hostname, *out_effective_query_type, default_family_due_to_no_ipv6); if (resolved) { - source_net_log.AddEvent(NetLogEventType::HOST_RESOLVER_IMPL_HOSTS_HIT, - resolved.value().CreateNetLogCallback()); + NetLogHostCacheEntry(source_net_log, + NetLogEventType::HOST_RESOLVER_IMPL_HOSTS_HIT, + NetLogEventPhase::NONE, resolved.value()); return resolved.value(); } @@ -2680,7 +2741,9 @@ HostCache::Entry HostResolverManager::ResolveLocally( int HostResolverManager::CreateAndStartJob( DnsQueryType effective_query_type, HostResolverFlags effective_host_resolver_flags, + std::deque tasks, RequestImpl* request) { + DCHECK(!tasks.empty()); JobKey key = {request->request_host().host(), effective_query_type, effective_host_resolver_flags, request->parameters().source, request->request_context()}; @@ -2691,7 +2754,8 @@ int HostResolverManager::CreateAndStartJob( auto new_job = std::make_unique( weak_ptr_factory_.GetWeakPtr(), request->request_host().host(), effective_query_type, effective_host_resolver_flags, - request->parameters().source, request->request_context(), + request->parameters().source, request->parameters().cache_usage, + request->request_context(), request->host_cache(), std::move(tasks), request->priority(), proc_task_runner_, request->source_net_log(), tick_clock_); job = new_job.get(); @@ -2749,10 +2813,12 @@ base::Optional HostResolverManager::ResolveAsIP( HostCache::Entry::SOURCE_UNKNOWN); } -base::Optional HostResolverManager::ServeFromCache( +base::Optional HostResolverManager::MaybeServeFromCache( HostCache* cache, const HostCache::Key& key, - bool allow_stale, + ResolveHostParameters::CacheUsage cache_usage, + bool ignore_secure, + const NetLogWithSource& source_net_log, base::Optional* out_stale_info) { DCHECK(out_stale_info); *out_stale_info = base::nullopt; @@ -2760,6 +2826,9 @@ base::Optional HostResolverManager::ServeFromCache( if (!cache) return base::nullopt; + if (cache_usage == ResolveHostParameters::CacheUsage::DISALLOWED) + return base::nullopt; + // Local-only requests search the cache for non-local-only results. HostCache::Key effective_key = key; if (effective_key.host_resolver_source == HostResolverSource::LOCAL_ONLY) @@ -2767,19 +2836,23 @@ base::Optional HostResolverManager::ServeFromCache( const std::pair* cache_result; HostCache::EntryStaleness staleness; - if (allow_stale) { + if (cache_usage == ResolveHostParameters::CacheUsage::STALE_ALLOWED) { cache_result = cache->LookupStale(effective_key, tick_clock_->NowTicks(), - &staleness, true /* ignore_secure */); + &staleness, ignore_secure); } else { - cache_result = cache->Lookup(effective_key, tick_clock_->NowTicks(), - true /* ignore_secure */); + DCHECK(cache_usage == ResolveHostParameters::CacheUsage::ALLOWED); + cache_result = + cache->Lookup(effective_key, tick_clock_->NowTicks(), ignore_secure); staleness = HostCache::kNotStale; } - if (!cache_result) - return base::nullopt; - - *out_stale_info = std::move(staleness); - return cache_result->second; + if (cache_result) { + *out_stale_info = std::move(staleness); + NetLogHostCacheEntry(source_net_log, + NetLogEventType::HOST_RESOLVER_IMPL_CACHE_HIT, + NetLogEventPhase::NONE, cache_result->second); + return cache_result->second; + } + return base::nullopt; } base::Optional HostResolverManager::ServeFromHosts( @@ -2915,17 +2988,166 @@ std::unique_ptr HostResolverManager::RemoveJob( return job; } +bool HostResolverManager::HasAvailableDohServer() { + // TODO(crbug.com/878582): Once DoH probes are sent, update this such that a + // DoH server is considered successful if it has a successful probe state. + return dns_client_->GetConfig()->dns_over_https_servers.size() > 0; +} + +DnsConfig::SecureDnsMode HostResolverManager::GetEffectiveSecureDnsMode( + base::Optional secure_dns_mode_override) { + DnsConfig::SecureDnsMode secure_dns_mode = DnsConfig::SecureDnsMode::OFF; + if (secure_dns_mode_override) { + secure_dns_mode = secure_dns_mode_override.value(); + } else if (HaveDnsConfig()) { + secure_dns_mode = dns_client_->GetConfig()->secure_dns_mode; + } + return secure_dns_mode; +} + +void HostResolverManager::PushDnsTasks( + bool allow_proc_fallback, + DnsConfig::SecureDnsMode secure_dns_mode, + ResolveHostParameters::CacheUsage cache_usage, + std::deque* out_tasks) { + bool allow_cache = + cache_usage != ResolveHostParameters::CacheUsage::DISALLOWED; + // Upgrade the insecure DnsTask depending on the secure dns mode. + switch (secure_dns_mode) { + case DnsConfig::SecureDnsMode::SECURE: + DCHECK(dns_client_->GetConfig()->dns_over_https_servers.size() != 0); + // Replace the insecure DnsTask with a secure cache lookup followed + // by a secure DnsTask. + if (allow_cache) + out_tasks->push_back(TaskType::SECURE_CACHE_LOOKUP); + out_tasks->push_back(TaskType::SECURE_DNS); + break; + case DnsConfig::SecureDnsMode::AUTOMATIC: + // TODO(crbug.com/878582): For a DnsTask in AUTOMATIC mode, the async + // resolver should only send insecure requests if it is enabled on this + // platform. + if (!HasAvailableDohServer()) { + // Don't run a secure DnsTask if there are no available DoH servers. + if (allow_cache) + out_tasks->push_back(TaskType::CACHE_LOOKUP); + out_tasks->push_back(TaskType::DNS); + } else if (cache_usage == HostResolver::ResolveHostParameters:: + CacheUsage::STALE_ALLOWED) { + // If stale results are allowed, the cache should be checked for both + // secure and insecure results prior to running a secure DnsTask. + out_tasks->push_back(TaskType::CACHE_LOOKUP); + out_tasks->push_back(TaskType::SECURE_DNS); + out_tasks->push_back(TaskType::DNS); + } else { + if (allow_cache) + out_tasks->push_back(TaskType::SECURE_CACHE_LOOKUP); + out_tasks->push_back(TaskType::SECURE_DNS); + if (allow_cache) + out_tasks->push_back(TaskType::INSECURE_CACHE_LOOKUP); + out_tasks->push_back(TaskType::DNS); + } + break; + case DnsConfig::SecureDnsMode::OFF: + if (allow_cache) + out_tasks->push_back(TaskType::CACHE_LOOKUP); + out_tasks->push_back(TaskType::DNS); + break; + default: + NOTREACHED(); + break; + } + + // The system resolver can be used as a fallback if allowed by the request + // parameters. + if (allow_proc_fallback && allow_fallback_to_proctask_) + out_tasks->push_back(TaskType::PROC); +} + +void HostResolverManager::CreateTaskSequence( + const std::string& hostname, + DnsQueryType dns_query_type, + HostResolverSource source, + HostResolverFlags flags, + base::Optional secure_dns_mode_override, + ResolveHostParameters::CacheUsage cache_usage, + std::deque* out_tasks) { + DCHECK(out_tasks->empty()); + DnsConfig::SecureDnsMode secure_dns_mode = + GetEffectiveSecureDnsMode(secure_dns_mode_override); + + // A cache lookup should generally be performed first. For jobs involving a + // DnsTask, this task will be removed before DnsTasks and other related tasks + // are added to the sequence. + if (cache_usage != ResolveHostParameters::CacheUsage::DISALLOWED) + out_tasks->push_front(TaskType::CACHE_LOOKUP); + + // Determine what type of task a future Job should start. + switch (source) { + case HostResolverSource::ANY: + // Force address queries with canonname to use ProcTask to counter poor + // CNAME support in DnsTask. See https://crbug.com/872665 + // + // Otherwise, default to DnsTask (with allowed fallback to ProcTask for + // address queries). But if hostname appears to be an MDNS name (ends in + // *.local), go with ProcTask for address queries and MdnsTask for non- + // address queries. + if ((flags & HOST_RESOLVER_CANONNAME) && IsAddressType(dns_query_type)) { + out_tasks->push_back(TaskType::PROC); + } else if (!ResemblesMulticastDNSName(hostname)) { + bool allow_proc_fallback = + IsAddressType(dns_query_type) && + secure_dns_mode != DnsConfig::SecureDnsMode::SECURE; + // DnsClient or config is not available, but we're allowed to switch to + // ProcTask instead. + if ((!HaveDnsConfig() || use_proctask_by_default_) && + allow_proc_fallback) { + out_tasks->push_back(TaskType::PROC); + } else { + // Remove the initial cache lookup task. + if (!out_tasks->empty()) + out_tasks->pop_front(); + PushDnsTasks(allow_proc_fallback, secure_dns_mode, cache_usage, + out_tasks); + } + } else if (IsAddressType(dns_query_type)) { + out_tasks->push_back(TaskType::PROC); + } else { + out_tasks->push_back(TaskType::MDNS); + } + break; + case HostResolverSource::SYSTEM: + out_tasks->push_back(TaskType::PROC); + break; + case HostResolverSource::DNS: + // Remove the initial cache lookup task. + if (!out_tasks->empty()) + out_tasks->pop_front(); + PushDnsTasks(false /* allow_proc_fallback */, secure_dns_mode, + cache_usage, out_tasks); + break; + case HostResolverSource::MULTICAST_DNS: + out_tasks->push_back(TaskType::MDNS); + break; + case HostResolverSource::LOCAL_ONLY: + // If no external source allowed, a job should not be created or started + break; + } +} + void HostResolverManager::GetEffectiveParametersForRequest( + const std::string& hostname, DnsQueryType dns_query_type, + HostResolverSource source, HostResolverFlags flags, + base::Optional secure_dns_mode_override, + ResolveHostParameters::CacheUsage cache_usage, const IPAddress* ip_address, const NetLogWithSource& net_log, DnsQueryType* out_effective_type, - HostResolverFlags* out_effective_flags) { + HostResolverFlags* out_effective_flags, + std::deque* out_tasks) { *out_effective_flags = flags | additional_resolver_flags_; - *out_effective_type = dns_query_type; - if (*out_effective_type == DnsQueryType::UNSPECIFIED && // When resolving IPv4 literals, there's no need to probe for IPv6. // When resolving IPv6 literals, there's no benefit to artificially @@ -2937,6 +3159,10 @@ void HostResolverManager::GetEffectiveParametersForRequest( *out_effective_type = DnsQueryType::A; *out_effective_flags |= HOST_RESOLVER_DEFAULT_FAMILY_SET_DUE_TO_NO_IPV6; } + + CreateTaskSequence(hostname, *out_effective_type, source, + *out_effective_flags, secure_dns_mode_override, + cache_usage, out_tasks); } bool HostResolverManager::IsIPv6Reachable(const NetLogWithSource& net_log) { @@ -2957,9 +3183,10 @@ bool HostResolverManager::IsIPv6Reachable(const NetLogWithSource& net_log) { last_ipv6_probe_time_ = tick_clock_->NowTicks(); cached = false; } - net_log.AddEvent(NetLogEventType::HOST_RESOLVER_IMPL_IPV6_REACHABILITY_CHECK, - base::Bind(&NetLogIPv6AvailableCallback, - last_ipv6_probe_result_, cached)); + net_log.AddEvent( + NetLogEventType::HOST_RESOLVER_IMPL_IPV6_REACHABILITY_CHECK, [&] { + return NetLogIPv6AvailableParams(last_ipv6_probe_result_, cached); + }); return last_ipv6_probe_result_; } @@ -3001,16 +3228,15 @@ void HostResolverManager::RunLoopbackProbeJob() { weak_ptr_factory_.GetWeakPtr())); } -void HostResolverManager::AbortAllInProgressJobs() { +void HostResolverManager::AbortAllJobs(bool in_progress_only) { // In Abort, a Request callback could spawn new Jobs with matching keys, so // first collect and remove all running jobs from |jobs_|. std::vector> jobs_to_abort; for (auto it = jobs_.begin(); it != jobs_.end();) { Job* job = it->second.get(); - if (job->is_running()) { + if (!in_progress_only || job->is_running()) { jobs_to_abort.push_back(RemoveJob(it++)); } else { - DCHECK(job->is_queued()); ++it; } } @@ -3106,8 +3332,8 @@ void HostResolverManager::OnIPAddressChanged() { defined(OS_FUCHSIA) RunLoopbackProbeJob(); #endif - AbortAllInProgressJobs(); - // |this| may be deleted inside AbortAllInProgressJobs(). + AbortAllJobs(true /* in_progress_only */); + // |this| may be deleted inside AbortAllJobs(). } void HostResolverManager::OnConnectionTypeChanged( @@ -3143,9 +3369,9 @@ DnsConfig HostResolverManager::GetBaseDnsConfig(bool log_to_net_log) { } if (log_to_net_log && net_log_) { - net_log_->AddGlobalEntry( - NetLogEventType::DNS_CONFIG_CHANGED, - base::BindRepeating(&NetLogDnsConfigCallback, &dns_config)); + net_log_->AddGlobalEntry(NetLogEventType::DNS_CONFIG_CHANGED, [&] { + return NetLogDnsConfigParams(&dns_config); + }); } // TODO(szym): Remove once http://crbug.com/137914 is resolved. @@ -3180,11 +3406,11 @@ void HostResolverManager::UpdateDNSConfig(bool config_changed) { // Life check to bail once |this| is deleted. base::WeakPtr self = weak_ptr_factory_.GetWeakPtr(); - // Existing jobs will have been sent to the original server so they need to - // be aborted. - AbortAllInProgressJobs(); + // Existing jobs that were set up using the nameservers and secure dns mode + // from the original config need to be aborted. + AbortAllJobs(false /* in_progress_only */); - // |this| may be deleted inside AbortAllInProgressJobs(). + // |this| may be deleted inside AbortAllJobs(). if (self.get()) TryServingAllJobsFromHosts(); } diff --git a/chromium/net/dns/host_resolver_manager.h b/chromium/net/dns/host_resolver_manager.h index 15828f70f12..8f9044912bd 100644 --- a/chromium/net/dns/host_resolver_manager.h +++ b/chromium/net/dns/host_resolver_manager.h @@ -91,6 +91,7 @@ class NET_EXPORT HostResolverManager using ResolveHostParameters = HostResolver::ResolveHostParameters; using DnsClientFactory = base::RepeatingCallback(NetLog*)>; + using SecureDnsMode = DnsConfig::SecureDnsMode; class CancellableRequest : public ResolveHostRequest { public: @@ -126,7 +127,10 @@ class NET_EXPORT HostResolverManager ~HostResolverManager() override; // If |host_cache| is non-null, its HostCache::Invalidator must have already - // been added (via AddHostCacheInvalidator()). + // been added (via AddHostCacheInvalidator()). If |optional_parameters| + // specifies any cache usage other than LOCAL_ONLY, there must be a 1:1 + // correspondence between |request_context| and |host_cache|, and both should + // come from the same ContextHostResolver. std::unique_ptr CreateRequest( const HostPortPair& host, const NetLogWithSource& net_log, @@ -238,6 +242,17 @@ class NET_EXPORT HostResolverManager MODE_FOR_HISTOGRAM_ASYNC_DNS_PRIVATE_SUPPORTS_DOH, }; + // Task types that a Job might run. + enum class TaskType { + PROC, + DNS, + SECURE_DNS, + MDNS, + CACHE_LOOKUP, + INSECURE_CACHE_LOOKUP, + SECURE_CACHE_LOOKUP, + }; + // Number of consecutive failures of DnsTask (with successful fallback to // ProcTask) before the DnsClient is disabled until the next DNS change. static const unsigned kMaximumDnsFailures; @@ -254,6 +269,8 @@ class NET_EXPORT HostResolverManager // // On ERR_DNS_CACHE_MISS and OK, effective request parameters are written to // |out_effective_query_type| and |out_effective_host_resolver_flags|. + // |out_tasks| contains the tentative sequence of tasks that a future job + // should run. // // If results are returned from the host cache, |out_stale_info| will be // filled in with information on how stale or fresh the result is. Otherwise, @@ -266,11 +283,13 @@ class NET_EXPORT HostResolverManager DnsQueryType requested_address_family, HostResolverSource source, HostResolverFlags flags, + base::Optional secure_dns_mode_override, ResolveHostParameters::CacheUsage cache_usage, const NetLogWithSource& request_net_log, HostCache* cache, DnsQueryType* out_effective_query_type, HostResolverFlags* out_effective_host_resolver_flags, + std::deque* out_tasks, base::Optional* out_stale_info); // Attempts to create and start a Job to asynchronously attempt to resolve @@ -278,6 +297,7 @@ class NET_EXPORT HostResolverManager // |request|. On error, marks |request| completed and returns the error. int CreateAndStartJob(DnsQueryType effective_query_type, HostResolverFlags effective_host_resolver_flags, + std::deque tasks, RequestImpl* request); // Tries to resolve |key| and its possible IP address representation, @@ -286,16 +306,16 @@ class NET_EXPORT HostResolverManager bool resolve_canonname, const IPAddress* ip_address); - // Returns the result iff a positive match is found for |key| in the cache. - // |out_stale_info| must be non-null, and will be filled in with details of - // the entry's staleness if an entry is returned, otherwise it will be set to - // |base::nullopt|. - // - // If |allow_stale| is true, then stale cache entries can be returned. - base::Optional ServeFromCache( + // Returns the result iff |cache_usage| permits cache lookups and a positive + // match is found for |key| in |cache|. |out_stale_info| must be non-null, and + // will be filled in with details of the entry's staleness if an entry is + // returned, otherwise it will be set to |base::nullopt|. + base::Optional MaybeServeFromCache( HostCache* cache, const HostCache::Key& key, - bool allow_stale, + ResolveHostParameters::CacheUsage cache_usage, + bool ignore_secure, + const NetLogWithSource& source_net_log, base::Optional* out_stale_info); // Iff we have a DnsClient with a valid DnsConfig, and |key| can be resolved @@ -312,14 +332,47 @@ class NET_EXPORT HostResolverManager DnsQueryType query_type, bool default_family_due_to_no_ipv6); + // When no DoH servers are in an "available" state, no DoH requests should + // be sent. + bool HasAvailableDohServer(); + + // Returns the secure dns mode to use for a job, taking into account the + // global DnsConfig mode and any per-request override. + SecureDnsMode GetEffectiveSecureDnsMode( + base::Optional secure_dns_mode_override); + + // Helper method to add DnsTasks and related tasks based on the SecureDnsMode + // and fallback parameters. + void PushDnsTasks(bool allow_proc_fallback, + SecureDnsMode secure_dns_mode, + ResolveHostParameters::CacheUsage cache_usage, + std::deque* out_tasks); + + // Initialized the sequence of tasks to run to resolve a request. The sequence + // may be adjusted later and not all tasks need to be run. + void CreateTaskSequence( + const std::string& hostname, + DnsQueryType dns_query_type, + HostResolverSource source, + HostResolverFlags flags, + base::Optional secure_dns_mode_override, + ResolveHostParameters::CacheUsage cache_usage, + std::deque* out_tasks); + // Determines "effective" request parameters using manager properties and IPv6 // reachability. - void GetEffectiveParametersForRequest(DnsQueryType dns_query_type, - HostResolverFlags flags, - const IPAddress* ip_address, - const NetLogWithSource& net_log, - DnsQueryType* out_effective_type, - HostResolverFlags* out_effective_flags); + void GetEffectiveParametersForRequest( + const std::string& hostname, + DnsQueryType dns_query_type, + HostResolverSource source, + HostResolverFlags flags, + base::Optional secure_dns_mode_override, + ResolveHostParameters::CacheUsage cache_usage, + const IPAddress* ip_address, + const NetLogWithSource& net_log, + DnsQueryType* out_effective_type, + HostResolverFlags* out_effective_flags, + std::deque* out_tasks); // Probes IPv6 support and returns true if IPv6 support is enabled. // Results are cached, i.e. when called repeatedly this method returns result @@ -347,9 +400,10 @@ class NET_EXPORT HostResolverManager // Removes |job_it| from |jobs_| and return. std::unique_ptr RemoveJob(JobMap::iterator job_it); - // Aborts all in progress jobs with ERR_NETWORK_CHANGED and notifies their - // requests. Might start new jobs. - void AbortAllInProgressJobs(); + // Aborts both scheduled and running jobs with ERR_NETWORK_CHANGED and + // notifies their requests. Aborts only running jobs if |in_progress_only| is + // true. Might start new jobs. + void AbortAllJobs(bool in_progress_only); void SetDnsClient(std::unique_ptr dns_client); @@ -480,9 +534,9 @@ class NET_EXPORT HostResolverManager THREAD_CHECKER(thread_checker_); - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; - base::WeakPtrFactory probe_weak_ptr_factory_; + base::WeakPtrFactory probe_weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(HostResolverManager); }; diff --git a/chromium/net/dns/host_resolver_manager_fuzzer.cc b/chromium/net/dns/host_resolver_manager_fuzzer.cc index ca19d4fa310..0606e0aac8c 100644 --- a/chromium/net/dns/host_resolver_manager_fuzzer.cc +++ b/chromium/net/dns/host_resolver_manager_fuzzer.cc @@ -11,7 +11,6 @@ #include "base/bind.h" #include "base/logging.h" #include "base/run_loop.h" -#include "base/test/fuzzed_data_provider.h" #include "base/test/scoped_task_environment.h" #include "net/base/address_family.h" #include "net/base/address_list.h" @@ -23,6 +22,7 @@ #include "net/log/net_log_with_source.h" #include "net/log/test_net_log.h" #include "net/net_buildflags.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" namespace { @@ -32,7 +32,7 @@ const char* kHostNames[] = {"foo", "foo.com", "a.foo.com", class DnsRequest { public: DnsRequest(net::HostResolver* host_resolver, - base::FuzzedDataProvider* data_provider, + FuzzedDataProvider* data_provider, std::vector>* dns_requests) : host_resolver_(host_resolver), data_provider_(data_provider), @@ -44,7 +44,7 @@ class DnsRequest { // doesn't complete synchronously, adds it to |dns_requests|. static void CreateRequest( net::HostResolver* host_resolver, - base::FuzzedDataProvider* data_provider, + FuzzedDataProvider* data_provider, std::vector>* dns_requests) { std::unique_ptr dns_request( new DnsRequest(host_resolver, data_provider, dns_requests)); @@ -56,7 +56,7 @@ class DnsRequest { // If |dns_requests| is non-empty, waits for a randomly chosen one of the // requests to complete and removes it from |dns_requests|. static void WaitForRequestComplete( - base::FuzzedDataProvider* data_provider, + FuzzedDataProvider* data_provider, std::vector>* dns_requests) { if (dns_requests->empty()) return; @@ -75,7 +75,7 @@ class DnsRequest { // complete, just removes it from the list. static void CancelRequest( net::HostResolver* host_resolver, - base::FuzzedDataProvider* data_provider, + FuzzedDataProvider* data_provider, std::vector>* dns_requests) { if (dns_requests->empty()) return; @@ -176,7 +176,7 @@ class DnsRequest { void Cancel() { request_.reset(); } net::HostResolver* host_resolver_; - base::FuzzedDataProvider* data_provider_; + FuzzedDataProvider* data_provider_; std::vector>* dns_requests_; // Non-null only while running. @@ -199,7 +199,7 @@ class DnsRequest { // async resolver while lookups are active as a result of the change. extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { { - base::FuzzedDataProvider data_provider(data, size); + FuzzedDataProvider data_provider(data, size); net::TestNetLog net_log; net::HostResolver::ManagerOptions options; diff --git a/chromium/net/dns/host_resolver_manager_unittest.cc b/chromium/net/dns/host_resolver_manager_unittest.cc index 3b78948d367..f332b9c630b 100644 --- a/chromium/net/dns/host_resolver_manager_unittest.cc +++ b/chromium/net/dns/host_resolver_manager_unittest.cc @@ -5,6 +5,7 @@ #include "net/dns/host_resolver_manager.h" #include +#include #include #include #include @@ -23,6 +24,7 @@ #include "base/strings/stringprintf.h" #include "base/synchronization/condition_variable.h" #include "base/synchronization/lock.h" +#include "base/task/thread_pool/thread_pool.h" #include "base/test/bind_test_util.h" #include "base/test/simple_test_clock.h" #include "base/test/test_mock_time_task_runner.h" @@ -50,6 +52,7 @@ #include "net/log/net_log_source_type.h" #include "net/log/net_log_with_source.h" #include "net/log/test_net_log.h" +#include "net/log/test_net_log_util.h" #include "net/test/gtest_util.h" #include "net/test/test_with_scoped_task_environment.h" #include "net/url_request/url_request_context.h" @@ -338,13 +341,19 @@ class LookupAttemptHostResolverProc : public HostResolverProc { } // Returns the number of attempts that have finished the Resolve() method. - int total_attempts_resolved() { return total_attempts_resolved_; } - - // Returns the first attempt that that has resolved the host. - int resolved_attempt_number() { return resolved_attempt_number_; } + int GetTotalAttemptsResolved() { + base::AutoLock auto_lock(lock_); + return total_attempts_resolved_; + } - // Returns the current number of blocked attempts. - int num_attempts_waiting() { return num_attempts_waiting_; } + // Sets the resolved attempt number and unblocks waiting + // attempts. + void SetResolvedAttemptNumber(int n) { + base::AutoLock auto_lock(lock_); + EXPECT_EQ(0, resolved_attempt_number_); + resolved_attempt_number_ = n; + all_done_.Broadcast(); + } // HostResolverProc methods. int Resolve(const std::string& host, @@ -563,6 +572,13 @@ class HostResolverManagerTest : public TestWithScopedTaskEnvironment { return resolver_->IsIPv6Reachable(net_log); } + void PopulateCache(HostCache::Key& key, IPEndPoint endpoint) { + resolver_->CacheResult(host_cache_.get(), key, + HostCache::Entry(OK, AddressList(endpoint), + HostCache::Entry::SOURCE_UNKNOWN), + base::TimeDelta::FromSeconds(1)); + } + const std::pair* GetCacheHit( const HostCache::Key& key) { DCHECK(host_cache_); @@ -2175,8 +2191,69 @@ TEST_F(HostResolverManagerTest, MultipleAttempts) { // We should be done with retries, but make sure none erroneously happen. test_task_runner->FastForwardUntilNoTasksRemain(); - EXPECT_EQ(resolver_proc->total_attempts_resolved(), kTotalAttempts); - EXPECT_EQ(resolver_proc->resolved_attempt_number(), kAttemptNumberToResolve); + EXPECT_EQ(resolver_proc->GetTotalAttemptsResolved(), kTotalAttempts); +} + +// Regression test for https://crbug.com/976948. +// +// Tests that when the maximum number of retries is set to +// |HostResolver::ManagerOptions::kDefaultRetryAttempts| the +// number of retries used is 4 rather than something higher. +TEST_F(HostResolverManagerTest, DefaultMaxRetryAttempts) { + auto test_task_runner = base::MakeRefCounted(); + base::ScopedClosureRunner task_runner_override_scoped_cleanup = + base::ThreadTaskRunnerHandle::OverrideForTesting(test_task_runner); + + // Instantiate a ResolverProc that will block all incoming requests. + auto resolver_proc = base::MakeRefCounted( + nullptr, std::numeric_limits::max(), + std::numeric_limits::max()); + + // This corresponds to kDefaultMaxRetryAttempts in + // ProcTaskParams::ProcTaskParams(). The correspondence is verified below, + // since that symbol is not exported. + const size_t expected_max_retries = 4; + + // Use the special value |ManagerOptions::kDefaultRetryAttempts|, which is + // expected to translate into |expected_num_retries|. + ASSERT_NE(HostResolver::ManagerOptions::kDefaultRetryAttempts, + expected_max_retries); + ProcTaskParams params(resolver_proc.get(), + HostResolver::ManagerOptions::kDefaultRetryAttempts); + ASSERT_EQ(params.max_retry_attempts, expected_max_retries); + + CreateResolverWithLimitsAndParams(kMaxJobs, params, + false /* ipv6_reachable */, + false /* check_ipv6_on_wifi */); + + // Resolve "host1". The resolver proc will hang all requests so this + // resolution should remain stalled until calling SetResolvedAttemptNumber(). + ResolveHostResponseHelper response(resolver_->CreateRequest( + HostPortPair("host1", 70), NetLogWithSource(), base::nullopt, + request_context_.get(), host_cache_.get())); + EXPECT_FALSE(response.complete()); + + // Simulate running the main thread (network task runner) for a long + // time. Because none of the attempts posted to worker pool can complete, this + // should cause all of the retry attempts to get posted, according to the + // exponential backoff schedule. + test_task_runner->FastForwardBy(base::TimeDelta::FromMinutes(20)); + + // Unblock the resolver proc, then wait for all the worker pool and main + // thread tasks to complete. Note that the call to SetResolvedAttemptNumber(1) + // will cause all the blocked resolver procs tasks fail with -2. + resolver_proc->SetResolvedAttemptNumber(1); + const int kExpectedError = -2; + base::ThreadPoolInstance::Get()->FlushForTesting(); + test_task_runner->RunUntilIdle(); + + ASSERT_TRUE(response.complete()); + EXPECT_EQ(kExpectedError, response.result_error()); + + // Ensure that the original attempt was executed on the worker pool, as well + // as the maximum number of allowed retries, and no more. + EXPECT_EQ(static_cast(expected_max_retries + 1), + resolver_proc->GetTotalAttemptsResolved()); } // If a host resolves to a list that includes 127.0.53.53, this is treated as @@ -2261,23 +2338,13 @@ TEST_F(HostResolverManagerTest, IsIPv6Reachable) { EXPECT_EQ(result1, result2); // Filter reachability check events and verify that there are two of them. - TestNetLogEntry::List event_list; - test_net_log.GetEntries(&event_list); - TestNetLogEntry::List probe_event_list; - for (const auto& event : event_list) { - if (event.type == - NetLogEventType::HOST_RESOLVER_IMPL_IPV6_REACHABILITY_CHECK) { - probe_event_list.push_back(event); - } - } + auto probe_event_list = test_net_log.GetEntriesWithType( + NetLogEventType::HOST_RESOLVER_IMPL_IPV6_REACHABILITY_CHECK); ASSERT_EQ(2U, probe_event_list.size()); // Verify that the first request was not cached and the second one was. - bool cached; - EXPECT_TRUE(probe_event_list[0].GetBooleanValue("cached", &cached)); - EXPECT_FALSE(cached); - EXPECT_TRUE(probe_event_list[1].GetBooleanValue("cached", &cached)); - EXPECT_TRUE(cached); + EXPECT_FALSE(GetBooleanValueFromParams(probe_event_list[0], "cached")); + EXPECT_TRUE(GetBooleanValueFromParams(probe_event_list[1], "cached")); } TEST_F(HostResolverManagerTest, IncludeCanonicalName) { @@ -2355,52 +2422,6 @@ TEST_F(HostResolverManagerTest, IsSpeculative) { EXPECT_EQ(1u, proc_->GetCaptureList().size()); // No increase. } -// Test that if a Job with multiple requests, each with its own different -// HostCache, completes, the result is cached in all request HostCaches. -TEST_F(HostResolverManagerTest, MultipleCachesForMultipleRequests) { - proc_->AddRuleForAllFamilies("just.testing", "192.168.1.42"); - - std::unique_ptr cache2 = HostCache::CreateDefaultCache(); - resolver_->AddHostCacheInvalidator(cache2->invalidator()); - - ResolveHostResponseHelper response1(resolver_->CreateRequest( - HostPortPair("just.testing", 80), NetLogWithSource(), base::nullopt, - request_context_.get(), host_cache_.get())); - ResolveHostResponseHelper response2(resolver_->CreateRequest( - HostPortPair("just.testing", 85), NetLogWithSource(), base::nullopt, - request_context_.get(), cache2.get())); - ASSERT_EQ(1u, resolver_->num_jobs_for_testing()); - - proc_->SignalMultiple(1u); - EXPECT_THAT(response1.result_error(), IsOk()); - EXPECT_THAT(response2.result_error(), IsOk()); - - HostResolver::ResolveHostParameters local_resolve_parameters; - local_resolve_parameters.source = HostResolverSource::LOCAL_ONLY; - - // Confirm |host_cache_| contains the result. - ResolveHostResponseHelper cached_response1(resolver_->CreateRequest( - HostPortPair("just.testing", 81), NetLogWithSource(), - local_resolve_parameters, request_context_.get(), host_cache_.get())); - EXPECT_THAT(cached_response1.result_error(), IsOk()); - EXPECT_THAT( - cached_response1.request()->GetAddressResults().value().endpoints(), - testing::ElementsAre(CreateExpected("192.168.1.42", 81))); - EXPECT_TRUE(cached_response1.request()->GetStaleInfo()); - - // Confirm |cache2| contains the result. - ResolveHostResponseHelper cached_response2(resolver_->CreateRequest( - HostPortPair("just.testing", 82), NetLogWithSource(), - local_resolve_parameters, request_context_.get(), cache2.get())); - EXPECT_THAT(cached_response2.result_error(), IsOk()); - EXPECT_THAT( - cached_response2.request()->GetAddressResults().value().endpoints(), - testing::ElementsAre(CreateExpected("192.168.1.42", 82))); - EXPECT_TRUE(cached_response2.request()->GetStaleInfo()); - - resolver_->RemoveHostCacheInvalidator(cache2->invalidator()); -} - #if BUILDFLAG(ENABLE_MDNS) const uint8_t kMdnsResponseA[] = { // Header @@ -3363,6 +3384,9 @@ DnsConfig CreateValidDnsConfig() { IPAddress dns_ip(192, 168, 1, 0); DnsConfig config; config.nameservers.push_back(IPEndPoint(dns_ip, dns_protocol::kDefaultPort)); + config.dns_over_https_servers.push_back({DnsConfig::DnsOverHttpsServerConfig( + "https://dns.example.com/", true /* use_post */)}); + config.secure_dns_mode = DnsConfig::SecureDnsMode::OFF; EXPECT_TRUE(config.IsValid()); return config; } @@ -3492,6 +3516,27 @@ class HostResolverManagerDnsTest : public HostResolverManagerTest { IPAddress(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 127, 0, 53, 53), false /* delay */); + AddSecureDnsRule(&rules, "automatic_nodomain", dns_protocol::kTypeA, + MockDnsClientRule::NODOMAIN, false /* delay */); + AddSecureDnsRule(&rules, "automatic_nodomain", dns_protocol::kTypeAAAA, + MockDnsClientRule::NODOMAIN, false /* delay */); + AddDnsRule(&rules, "automatic_nodomain", dns_protocol::kTypeA, + MockDnsClientRule::NODOMAIN, false /* delay */); + AddDnsRule(&rules, "automatic_nodomain", dns_protocol::kTypeAAAA, + MockDnsClientRule::NODOMAIN, false /* delay */); + AddSecureDnsRule(&rules, "automatic", dns_protocol::kTypeA, + MockDnsClientRule::OK, false /* delay */); + AddSecureDnsRule(&rules, "automatic", dns_protocol::kTypeAAAA, + MockDnsClientRule::OK, false /* delay */); + AddDnsRule(&rules, "automatic", dns_protocol::kTypeA, MockDnsClientRule::OK, + false /* delay */); + AddDnsRule(&rules, "automatic", dns_protocol::kTypeAAAA, + MockDnsClientRule::OK, false /* delay */); + AddDnsRule(&rules, "insecure_automatic", dns_protocol::kTypeA, + MockDnsClientRule::OK, false /* delay */); + AddDnsRule(&rules, "insecure_automatic", dns_protocol::kTypeAAAA, + MockDnsClientRule::OK, false /* delay */); + return rules; } @@ -3501,7 +3546,7 @@ class HostResolverManagerDnsTest : public HostResolverManagerTest { uint16_t qtype, MockDnsClientRule::ResultType result_type, bool delay) { - rules->emplace_back(prefix, qtype, DnsConfig::SecureDnsMode::AUTOMATIC, + rules->emplace_back(prefix, qtype, false /* secure */, MockDnsClientRule::Result(result_type), delay); } @@ -3510,7 +3555,7 @@ class HostResolverManagerDnsTest : public HostResolverManagerTest { uint16_t qtype, const IPAddress& result_ip, bool delay) { - rules->emplace_back(prefix, qtype, DnsConfig::SecureDnsMode::AUTOMATIC, + rules->emplace_back(prefix, qtype, false /* secure */, MockDnsClientRule::Result( BuildTestDnsResponse(prefix, std::move(result_ip))), delay); @@ -3523,7 +3568,7 @@ class HostResolverManagerDnsTest : public HostResolverManagerTest { std::string cannonname, bool delay) { rules->emplace_back( - prefix, qtype, DnsConfig::SecureDnsMode::AUTOMATIC, + prefix, qtype, false /* secure */, MockDnsClientRule::Result(BuildTestDnsResponseWithCname( prefix, std::move(result_ip), std::move(cannonname))), delay); @@ -3534,21 +3579,19 @@ class HostResolverManagerDnsTest : public HostResolverManagerTest { uint16_t qtype, MockDnsClientRule::ResultType result_type, bool delay) { - MockDnsClientRule::Result result(result_type); - result.secure = true; - rules->emplace_back(prefix, qtype, DnsConfig::SecureDnsMode::AUTOMATIC, - std::move(result), delay); + rules->emplace_back(prefix, qtype, true /* secure */, + MockDnsClientRule::Result(result_type), delay); } void ChangeDnsConfig(const DnsConfig& config) { - NetworkChangeNotifier::SetDnsConfig(config); + NetworkChangeNotifier::SetDnsConfigForTesting(config); // Notification is delivered asynchronously. base::RunLoop().RunUntilIdle(); } void SetInitialDnsConfig(const DnsConfig& config) { NetworkChangeNotifier::ClearDnsConfigForTesting(); - NetworkChangeNotifier::SetDnsConfig(config); + NetworkChangeNotifier::SetDnsConfigForTesting(config); // Notification is delivered asynchronously. base::RunLoop().RunUntilIdle(); } @@ -4034,53 +4077,6 @@ TEST_F(HostResolverManagerDnsTest, ServeFromHosts) { testing::ElementsAre(CreateExpected("127.0.0.1", 80))); } -TEST_F(HostResolverManagerDnsTest, CacheHostsLookupOnConfigChange) { - // Only allow 1 resolution at a time, so that the second lookup is queued and - // occurs when the DNS config changes. - CreateResolverWithLimitsAndParams(1u, DefaultParams(proc_.get()), - true /* ipv6_reachable */, - true /* check_ipv6_on_wifi */); - DnsConfig config = CreateValidDnsConfig(); - ChangeDnsConfig(config); - - proc_->AddRuleForAllFamilies(std::string(), - std::string()); // Default to failures. - proc_->SignalMultiple(1u); // For the first request which fails. - - ResolveHostResponseHelper failure_response(resolver_->CreateRequest( - HostPortPair("nx_ipv4", 80), NetLogWithSource(), base::nullopt, - request_context_.get(), host_cache_.get())); - ResolveHostResponseHelper queued_response(resolver_->CreateRequest( - HostPortPair("nx_ipv6", 80), NetLogWithSource(), base::nullopt, - request_context_.get(), host_cache_.get())); - - DnsHosts hosts; - hosts[DnsHostsKey("nx_ipv4", ADDRESS_FAMILY_IPV4)] = - IPAddress::IPv4Localhost(); - hosts[DnsHostsKey("nx_ipv6", ADDRESS_FAMILY_IPV6)] = - IPAddress::IPv6Localhost(); - - config.hosts = hosts; - ChangeDnsConfig(config); - - EXPECT_THAT(failure_response.result_error(), IsError(ERR_NETWORK_CHANGED)); - EXPECT_THAT(queued_response.result_error(), IsOk()); - EXPECT_THAT( - queued_response.request()->GetAddressResults().value().endpoints(), - testing::ElementsAre(CreateExpected("::1", 80))); - - // Resolutions done by consulting the HOSTS file when the DNS config changes - // should result in a secure cache entry with SOURCE_HOSTS. - HostCache::Key key = - HostCache::Key("nx_ipv6", DnsQueryType::UNSPECIFIED, - 0 /* host_resolver_flags */, HostResolverSource::ANY); - key.secure = true; - const std::pair* cache_result = - GetCacheHit(key); - ASSERT_THAT(cache_result, NotNull()); - EXPECT_EQ(HostCache::Entry::SOURCE_HOSTS, cache_result->second.source()); -} - // Test that hosts ending in ".local" or ".local." are resolved using the system // resolver. TEST_F(HostResolverManagerDnsTest, BypassDnsTask) { @@ -4127,10 +4123,9 @@ TEST_F(HostResolverManagerDnsTest, BypassDnsTask) { TEST_F(HostResolverManagerDnsTest, BypassDnsToMdnsWithNonAddress) { // Ensure DNS task and system (proc) requests will fail. MockDnsClientRuleList rules; - rules.emplace_back("myhello.local", dns_protocol::kTypeTXT, - DnsConfig::SecureDnsMode::AUTOMATIC, - MockDnsClientRule::Result(MockDnsClientRule::FAIL), - false /* delay */); + rules.emplace_back( + "myhello.local", dns_protocol::kTypeTXT, false /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::FAIL), false /* delay */); CreateResolver(); UseMockDnsClient(CreateValidDnsConfig(), std::move(rules)); proc_->AddRuleForAllFamilies(std::string(), std::string()); @@ -4516,6 +4511,73 @@ TEST_F(HostResolverManagerDnsTest, CancelWithIPv4TransactionPending) { EXPECT_FALSE(response.complete()); } +TEST_F(HostResolverManagerDnsTest, CancelWithAutomaticModeTransactionPending) { + MockDnsClientRuleList rules; + rules.emplace_back("secure_6slow_6nx_insecure_6slow_ok", dns_protocol::kTypeA, + true /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::OK), + false /* delay */); + rules.emplace_back("secure_6slow_6nx_insecure_6slow_ok", + dns_protocol::kTypeAAAA, true /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::FAIL), + true /* delay */); + rules.emplace_back("secure_6slow_6nx_insecure_6slow_ok", dns_protocol::kTypeA, + false /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::OK), + false /* delay */); + rules.emplace_back("secure_6slow_6nx_insecure_6slow_ok", + dns_protocol::kTypeAAAA, false /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::OK), + true /* delay */); + UseMockDnsClient(CreateValidDnsConfig(), std::move(rules)); + + DnsConfigOverrides overrides; + overrides.secure_dns_mode = DnsConfig::SecureDnsMode::AUTOMATIC; + resolver_->SetDnsConfigOverrides(overrides); + + ResolveHostResponseHelper response0(resolver_->CreateRequest( + HostPortPair("secure_6slow_6nx_insecure_6slow_ok", 80), + NetLogWithSource(), base::nullopt, request_context_.get(), + host_cache_.get())); + EXPECT_EQ(2u, num_running_dispatcher_jobs()); + + // The secure IPv4 request should complete, the secure IPv6 request is still + // pending. + base::RunLoop().RunUntilIdle(); + EXPECT_EQ(1u, num_running_dispatcher_jobs()); + + response0.CancelRequest(); + base::RunLoop().RunUntilIdle(); + EXPECT_FALSE(response0.complete()); + EXPECT_EQ(0u, num_running_dispatcher_jobs()); + + ResolveHostResponseHelper response1(resolver_->CreateRequest( + HostPortPair("secure_6slow_6nx_insecure_6slow_ok", 80), + NetLogWithSource(), base::nullopt, request_context_.get(), + host_cache_.get())); + EXPECT_EQ(2u, num_running_dispatcher_jobs()); + + // The secure IPv4 request should complete, the secure IPv6 request is still + // pending. + base::RunLoop().RunUntilIdle(); + EXPECT_EQ(1u, num_running_dispatcher_jobs()); + + // Let the secure IPv6 request complete and start the insecure requests. + dns_client_->CompleteDelayedTransactions(); + EXPECT_EQ(2u, num_running_dispatcher_jobs()); + + // The insecure IPv4 request should complete, the insecure IPv6 request is + // still pending. + base::RunLoop().RunUntilIdle(); + EXPECT_EQ(1u, num_running_dispatcher_jobs()); + + response1.CancelRequest(); + base::RunLoop().RunUntilIdle(); + EXPECT_FALSE(response1.complete()); + + // Dispatcher state checked in TearDown. +} + // Test cases where AAAA completes first. TEST_F(HostResolverManagerDnsTest, AAAACompletesFirst) { set_allow_fallback_to_proctask(false); @@ -4561,133 +4623,289 @@ TEST_F(HostResolverManagerDnsTest, AAAACompletesFirst) { EXPECT_THAT(responses[2]->result_error(), IsError(ERR_DNS_TIMED_OUT)); } -// Test cases where transactions return secure or mixed secure/insecure results. -TEST_F(HostResolverManagerDnsTest, SecureOrMixedSecurityResults) { +TEST_F(HostResolverManagerDnsTest, AAAACompletesFirst_AutomaticMode) { MockDnsClientRuleList rules; - AddSecureDnsRule(&rules, "secure", dns_protocol::kTypeA, - MockDnsClientRule::OK, false /* delay */); - AddSecureDnsRule(&rules, "secure", dns_protocol::kTypeAAAA, - MockDnsClientRule::OK, false /* delay */); - AddDnsRule(&rules, "4insecure_6slowsecure", dns_protocol::kTypeA, - MockDnsClientRule::OK, false /* delay */); - AddSecureDnsRule(&rules, "4insecure_6slowsecure", dns_protocol::kTypeAAAA, - MockDnsClientRule::OK, true /* delay */); - AddDnsRule(&rules, "4insecure_6slowemptysecure", dns_protocol::kTypeA, - MockDnsClientRule::OK, false /* delay */); - AddSecureDnsRule(&rules, "4insecure_6slowemptysecure", - dns_protocol::kTypeAAAA, MockDnsClientRule::EMPTY, - true /* delay */); - AddDnsRule(&rules, "4insecureempty_6slowsecure", dns_protocol::kTypeA, - MockDnsClientRule::EMPTY, false /* delay */); - AddSecureDnsRule(&rules, "4insecureempty_6slowsecure", - dns_protocol::kTypeAAAA, MockDnsClientRule::OK, - true /* delay */); - AddDnsRule(&rules, "4insecure_6slowfailsecure", dns_protocol::kTypeA, - MockDnsClientRule::OK, false /* delay */); - AddSecureDnsRule(&rules, "4insecure_6slowfailsecure", dns_protocol::kTypeAAAA, - MockDnsClientRule::FAIL, true /* delay */); - AddSecureDnsRule(&rules, "4secure_6slowinsecure", dns_protocol::kTypeA, - MockDnsClientRule::OK, false /* delay */); - AddDnsRule(&rules, "4secure_6slowinsecure", dns_protocol::kTypeAAAA, - MockDnsClientRule::OK, true /* delay */); - - CreateResolver(); + rules.emplace_back("secure_slow_nx_insecure_4slow_ok", dns_protocol::kTypeA, + true /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::FAIL), + true /* delay */); + rules.emplace_back("secure_slow_nx_insecure_4slow_ok", + dns_protocol::kTypeAAAA, true /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::FAIL), + true /* delay */); + rules.emplace_back("secure_slow_nx_insecure_4slow_ok", dns_protocol::kTypeA, + false /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::OK), + true /* delay */); + rules.emplace_back("secure_slow_nx_insecure_4slow_ok", + dns_protocol::kTypeAAAA, false /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::EMPTY), + false /* delay */); UseMockDnsClient(CreateValidDnsConfig(), std::move(rules)); - set_allow_fallback_to_proctask(false); - - std::vector> responses; - responses.emplace_back( - std::make_unique(resolver_->CreateRequest( - HostPortPair("secure", 80), NetLogWithSource(), base::nullopt, - request_context_.get(), host_cache_.get()))); - responses.emplace_back( - std::make_unique(resolver_->CreateRequest( - HostPortPair("4insecure_6slowsecure", 80), NetLogWithSource(), - base::nullopt, request_context_.get(), host_cache_.get()))); - responses.emplace_back( - std::make_unique(resolver_->CreateRequest( - HostPortPair("4insecure_6slowemptysecure", 80), NetLogWithSource(), - base::nullopt, request_context_.get(), host_cache_.get()))); - responses.emplace_back( - std::make_unique(resolver_->CreateRequest( - HostPortPair("4insecureempty_6slowsecure", 80), NetLogWithSource(), - base::nullopt, request_context_.get(), host_cache_.get()))); - responses.emplace_back( - std::make_unique(resolver_->CreateRequest( - HostPortPair("4insecure_6slowfailsecure", 80), NetLogWithSource(), - base::nullopt, request_context_.get(), host_cache_.get()))); - responses.emplace_back( - std::make_unique(resolver_->CreateRequest( - HostPortPair("4secure_6slowinsecure", 80), NetLogWithSource(), - base::nullopt, request_context_.get(), host_cache_.get()))); + DnsConfigOverrides overrides; + overrides.secure_dns_mode = DnsConfig::SecureDnsMode::AUTOMATIC; + resolver_->SetDnsConfigOverrides(overrides); + ResolveHostResponseHelper response(resolver_->CreateRequest( + HostPortPair("secure_slow_nx_insecure_4slow_ok", 80), NetLogWithSource(), + base::nullopt, request_context_.get(), host_cache_.get())); base::RunLoop().RunUntilIdle(); - EXPECT_TRUE(responses[0]->complete()); - EXPECT_FALSE(responses[1]->complete()); - EXPECT_FALSE(responses[2]->complete()); - EXPECT_FALSE(responses[3]->complete()); - EXPECT_FALSE(responses[4]->complete()); - EXPECT_FALSE(responses[5]->complete()); - + EXPECT_FALSE(response.complete()); + // Complete the secure transactions. + dns_client_->CompleteDelayedTransactions(); + base::RunLoop().RunUntilIdle(); + EXPECT_FALSE(response.complete()); + // Complete the insecure transactions. dns_client_->CompleteDelayedTransactions(); + ASSERT_THAT(response.result_error(), IsOk()); + EXPECT_THAT(response.request()->GetAddressResults().value().endpoints(), + testing::ElementsAre(CreateExpected("127.0.0.1", 80))); + HostCache::Key insecure_key = HostCache::Key( + "secure_slow_nx_insecure_4slow_ok", DnsQueryType::UNSPECIFIED, + 0 /* host_resolver_flags */, HostResolverSource::ANY); + const std::pair* cache_result = + GetCacheHit(insecure_key); + EXPECT_TRUE(!!cache_result); +} + +TEST_F(HostResolverManagerDnsTest, SecureDnsMode_Automatic) { + proc_->AddRuleForAllFamilies("nx_succeed", "192.168.1.100"); + set_allow_fallback_to_proctask(true); + + ChangeDnsConfig(CreateValidDnsConfig()); + DnsConfigOverrides overrides; + overrides.secure_dns_mode = DnsConfig::SecureDnsMode::AUTOMATIC; + resolver_->SetDnsConfigOverrides(overrides); const std::pair* cache_result; - EXPECT_THAT(responses[0]->result_error(), IsOk()); - EXPECT_THAT(responses[0]->request()->GetAddressResults().value().endpoints(), + // A successful DoH request should result in a secure cache entry. + ResolveHostResponseHelper response_secure(resolver_->CreateRequest( + HostPortPair("automatic", 80), NetLogWithSource(), base::nullopt, + request_context_.get(), host_cache_.get())); + ASSERT_THAT(response_secure.result_error(), IsOk()); + EXPECT_THAT( + response_secure.request()->GetAddressResults().value().endpoints(), + testing::UnorderedElementsAre(CreateExpected("127.0.0.1", 80), + CreateExpected("::1", 80))); + HostCache::Key secure_key = + HostCache::Key("automatic", DnsQueryType::UNSPECIFIED, + 0 /* host_resolver_flags */, HostResolverSource::ANY); + secure_key.secure = true; + cache_result = GetCacheHit(secure_key); + EXPECT_TRUE(!!cache_result); + + // A successful plaintext DNS request should result in an insecure cache + // entry. + ResolveHostResponseHelper response_insecure(resolver_->CreateRequest( + HostPortPair("insecure_automatic", 80), NetLogWithSource(), base::nullopt, + request_context_.get(), host_cache_.get())); + ASSERT_THAT(response_insecure.result_error(), IsOk()); + EXPECT_THAT( + response_insecure.request()->GetAddressResults().value().endpoints(), + testing::UnorderedElementsAre(CreateExpected("127.0.0.1", 80), + CreateExpected("::1", 80))); + HostCache::Key insecure_key = + HostCache::Key("insecure_automatic", DnsQueryType::UNSPECIFIED, + 0 /* host_resolver_flags */, HostResolverSource::ANY); + cache_result = GetCacheHit(insecure_key); + EXPECT_TRUE(!!cache_result); + + // Fallback to ProcTask allowed in AUTOMATIC mode. + ResolveHostResponseHelper response_proc(resolver_->CreateRequest( + HostPortPair("nx_succeed", 80), NetLogWithSource(), base::nullopt, + request_context_.get(), host_cache_.get())); + proc_->SignalMultiple(1u); + EXPECT_THAT(response_proc.result_error(), IsOk()); + EXPECT_THAT(response_proc.request()->GetAddressResults().value().endpoints(), + testing::ElementsAre(CreateExpected("192.168.1.100", 80))); +} + +TEST_F(HostResolverManagerDnsTest, SecureDnsMode_Automatic_SecureCache) { + ChangeDnsConfig(CreateValidDnsConfig()); + DnsConfigOverrides overrides; + overrides.secure_dns_mode = DnsConfig::SecureDnsMode::AUTOMATIC; + resolver_->SetDnsConfigOverrides(overrides); + + // Populate cache with a secure entry. + HostCache::Key cached_secure_key = + HostCache::Key("automatic_cached", DnsQueryType::UNSPECIFIED, + 0 /* host_resolver_flags */, HostResolverSource::ANY); + cached_secure_key.secure = true; + IPEndPoint kExpectedSecureIP = CreateExpected("192.168.1.102", 80); + PopulateCache(cached_secure_key, kExpectedSecureIP); + + // The secure cache should be checked prior to any DoH request being sent. + ResolveHostResponseHelper response_secure_cached(resolver_->CreateRequest( + HostPortPair("automatic_cached", 80), NetLogWithSource(), base::nullopt, + request_context_.get(), host_cache_.get())); + EXPECT_THAT(response_secure_cached.result_error(), IsOk()); + EXPECT_THAT( + response_secure_cached.request()->GetAddressResults().value().endpoints(), + testing::ElementsAre(kExpectedSecureIP)); + EXPECT_FALSE( + response_secure_cached.request()->GetStaleInfo().value().is_stale()); +} + +TEST_F(HostResolverManagerDnsTest, SecureDnsMode_Automatic_InsecureCache) { + ChangeDnsConfig(CreateValidDnsConfig()); + DnsConfigOverrides overrides; + overrides.secure_dns_mode = DnsConfig::SecureDnsMode::AUTOMATIC; + resolver_->SetDnsConfigOverrides(overrides); + + // Populate cache with an insecure entry. + HostCache::Key cached_insecure_key = + HostCache::Key("insecure_automatic_cached", DnsQueryType::UNSPECIFIED, + 0 /* host_resolver_flags */, HostResolverSource::ANY); + IPEndPoint kExpectedInsecureIP = CreateExpected("192.168.1.103", 80); + PopulateCache(cached_insecure_key, kExpectedInsecureIP); + + // The insecure cache should be checked after DoH requests fail. + ResolveHostResponseHelper response_insecure_cached(resolver_->CreateRequest( + HostPortPair("insecure_automatic_cached", 80), NetLogWithSource(), + base::nullopt, request_context_.get(), host_cache_.get())); + EXPECT_THAT(response_insecure_cached.result_error(), IsOk()); + EXPECT_THAT(response_insecure_cached.request() + ->GetAddressResults() + .value() + .endpoints(), + testing::ElementsAre(kExpectedInsecureIP)); + EXPECT_FALSE( + response_insecure_cached.request()->GetStaleInfo().value().is_stale()); +} + +TEST_F(HostResolverManagerDnsTest, SecureDnsMode_Automatic_Downgrade) { + ChangeDnsConfig(CreateValidDnsConfig()); + // Remove all DoH servers from the config so there is no DoH server available. + DnsConfigOverrides overrides; + std::vector doh_servers; + overrides.dns_over_https_servers = doh_servers; + overrides.secure_dns_mode = DnsConfig::SecureDnsMode::AUTOMATIC; + resolver_->SetDnsConfigOverrides(overrides); + const std::pair* cache_result; + + // Populate cache with both secure and insecure entries. + HostCache::Key cached_secure_key = + HostCache::Key("automatic_cached", DnsQueryType::UNSPECIFIED, + 0 /* host_resolver_flags */, HostResolverSource::ANY); + cached_secure_key.secure = true; + IPEndPoint kExpectedSecureIP = CreateExpected("192.168.1.102", 80); + PopulateCache(cached_secure_key, kExpectedSecureIP); + HostCache::Key cached_insecure_key = + HostCache::Key("insecure_automatic_cached", DnsQueryType::UNSPECIFIED, + 0 /* host_resolver_flags */, HostResolverSource::ANY); + IPEndPoint kExpectedInsecureIP = CreateExpected("192.168.1.103", 80); + PopulateCache(cached_insecure_key, kExpectedInsecureIP); + + // The secure cache should still be checked first. + ResolveHostResponseHelper response_cached(resolver_->CreateRequest( + HostPortPair("automatic_cached", 80), NetLogWithSource(), base::nullopt, + request_context_.get(), host_cache_.get())); + EXPECT_THAT(response_cached.result_error(), IsOk()); + EXPECT_THAT( + response_cached.request()->GetAddressResults().value().endpoints(), + testing::ElementsAre(kExpectedSecureIP)); + + // The insecure cache should be checked before any insecure requests are sent. + ResolveHostResponseHelper insecure_response_cached(resolver_->CreateRequest( + HostPortPair("insecure_automatic_cached", 80), NetLogWithSource(), + base::nullopt, request_context_.get(), host_cache_.get())); + EXPECT_THAT(insecure_response_cached.result_error(), IsOk()); + EXPECT_THAT(insecure_response_cached.request() + ->GetAddressResults() + .value() + .endpoints(), + testing::ElementsAre(kExpectedInsecureIP)); + + // The DnsConfig doesn't contain DoH servers so AUTOMATIC mode will be + // downgraded to OFF. A successful plaintext DNS request should result in an + // insecure cache entry. + ResolveHostResponseHelper response(resolver_->CreateRequest( + HostPortPair("automatic", 80), NetLogWithSource(), base::nullopt, + request_context_.get(), host_cache_.get())); + ASSERT_THAT(response.result_error(), IsOk()); + EXPECT_THAT(response.request()->GetAddressResults().value().endpoints(), testing::UnorderedElementsAre(CreateExpected("127.0.0.1", 80), CreateExpected("::1", 80))); HostCache::Key key = - HostCache::Key("secure", DnsQueryType::UNSPECIFIED, + HostCache::Key("automatic", DnsQueryType::UNSPECIFIED, 0 /* host_resolver_flags */, HostResolverSource::ANY); - key.secure = true; cache_result = GetCacheHit(key); EXPECT_TRUE(!!cache_result); +} - EXPECT_TRUE(responses[1]->complete()); - EXPECT_THAT(responses[1]->result_error(), IsOk()); - EXPECT_THAT(responses[1]->request()->GetAddressResults().value().endpoints(), - testing::UnorderedElementsAre(CreateExpected("127.0.0.1", 80), - CreateExpected("::1", 80))); - cache_result = GetCacheHit( - HostCache::Key("4insecure_6slowsecure", DnsQueryType::UNSPECIFIED, - 0 /* host_resolver_flags */, HostResolverSource::ANY)); - EXPECT_TRUE(!!cache_result); +TEST_F(HostResolverManagerDnsTest, SecureDnsMode_Automatic_Stale) { + ChangeDnsConfig(CreateValidDnsConfig()); + DnsConfigOverrides overrides; + overrides.secure_dns_mode = DnsConfig::SecureDnsMode::AUTOMATIC; + resolver_->SetDnsConfigOverrides(overrides); - EXPECT_TRUE(responses[2]->complete()); - EXPECT_THAT(responses[2]->result_error(), IsOk()); - EXPECT_THAT(responses[2]->request()->GetAddressResults().value().endpoints(), - testing::ElementsAre(CreateExpected("127.0.0.1", 80))); - cache_result = GetCacheHit( - HostCache::Key("4insecure_6slowemptysecure", DnsQueryType::UNSPECIFIED, - 0 /* host_resolver_flags */, HostResolverSource::ANY)); - EXPECT_TRUE(!!cache_result); + // Populate cache with insecure entry. + HostCache::Key cached_stale_key = + HostCache::Key("automatic_stale", DnsQueryType::UNSPECIFIED, + 0 /* host_resolver_flags */, HostResolverSource::ANY); + IPEndPoint kExpectedStaleIP = CreateExpected("192.168.1.102", 80); + PopulateCache(cached_stale_key, kExpectedStaleIP); + MakeCacheStale(); - EXPECT_TRUE(responses[3]->complete()); - EXPECT_THAT(responses[3]->result_error(), IsOk()); - EXPECT_THAT(responses[3]->request()->GetAddressResults().value().endpoints(), - testing::ElementsAre(CreateExpected("::1", 80))); - cache_result = GetCacheHit( - HostCache::Key("4insecureempty_6slowsecure", DnsQueryType::UNSPECIFIED, - 0 /* host_resolver_flags */, HostResolverSource::ANY)); - EXPECT_TRUE(!!cache_result); + HostResolver::ResolveHostParameters stale_allowed_parameters; + stale_allowed_parameters.cache_usage = + HostResolver::ResolveHostParameters::CacheUsage::STALE_ALLOWED; - EXPECT_TRUE(responses[4]->complete()); - EXPECT_THAT(responses[4]->result_error(), IsError(ERR_NAME_NOT_RESOLVED)); - EXPECT_FALSE(responses[4]->request()->GetAddressResults()); - cache_result = GetCacheHit( - HostCache::Key("4insecure_6slowfailsecure", DnsQueryType::UNSPECIFIED, - 0 /* host_resolver_flags */, HostResolverSource::ANY)); - EXPECT_TRUE(!!cache_result); + // The insecure cache should be checked before secure requests are made since + // stale results are allowed. + ResolveHostResponseHelper response_stale(resolver_->CreateRequest( + HostPortPair("automatic_stale", 80), NetLogWithSource(), + stale_allowed_parameters, request_context_.get(), host_cache_.get())); + EXPECT_THAT(response_stale.result_error(), IsOk()); + EXPECT_THAT(response_stale.request()->GetAddressResults().value().endpoints(), + testing::ElementsAre(kExpectedStaleIP)); + EXPECT_TRUE(response_stale.request()->GetStaleInfo()->is_stale()); +} - EXPECT_TRUE(responses[5]->complete()); - EXPECT_THAT(responses[5]->result_error(), IsOk()); - EXPECT_THAT(responses[5]->request()->GetAddressResults().value().endpoints(), - testing::UnorderedElementsAre(CreateExpected("127.0.0.1", 80), - CreateExpected("::1", 80))); - cache_result = GetCacheHit( - HostCache::Key("4secure_6slowinsecure", DnsQueryType::UNSPECIFIED, - 0 /* host_resolver_flags */, HostResolverSource::ANY)); +TEST_F(HostResolverManagerDnsTest, SecureDnsMode_Secure) { + proc_->AddRuleForAllFamilies("nx_succeed", "192.168.1.100"); + set_allow_fallback_to_proctask(true); + + MockDnsClientRuleList rules; + rules.emplace_back("secure", dns_protocol::kTypeA, true /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::OK), + false /* delay */); + rules.emplace_back("secure", dns_protocol::kTypeAAAA, true /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::OK), + false /* delay */); + UseMockDnsClient(CreateValidDnsConfig(), std::move(rules)); + DnsConfigOverrides overrides; + overrides.secure_dns_mode = DnsConfig::SecureDnsMode::SECURE; + resolver_->SetDnsConfigOverrides(overrides); + const std::pair* cache_result; + + ResolveHostResponseHelper response_secure(resolver_->CreateRequest( + HostPortPair("secure", 80), NetLogWithSource(), base::nullopt, + request_context_.get(), host_cache_.get())); + ASSERT_THAT(response_secure.result_error(), IsOk()); + HostCache::Key secure_key = + HostCache::Key("secure", DnsQueryType::UNSPECIFIED, + 0 /* host_resolver_flags */, HostResolverSource::ANY); + secure_key.secure = true; + cache_result = GetCacheHit(secure_key); EXPECT_TRUE(!!cache_result); + + ResolveHostResponseHelper response_insecure(resolver_->CreateRequest( + HostPortPair("ok", 80), NetLogWithSource(), base::nullopt, + request_context_.get(), host_cache_.get())); + ASSERT_THAT(response_insecure.result_error(), IsError(ERR_NAME_NOT_RESOLVED)); + HostCache::Key insecure_key = + HostCache::Key("ok", DnsQueryType::UNSPECIFIED, + 0 /* host_resolver_flags */, HostResolverSource::ANY); + cache_result = GetCacheHit(insecure_key); + EXPECT_FALSE(!!cache_result); + + // Fallback to ProcTask not allowed in SECURE mode. + ResolveHostResponseHelper response_proc(resolver_->CreateRequest( + HostPortPair("nx_succeed", 80), NetLogWithSource(), base::nullopt, + request_context_.get(), host_cache_.get())); + proc_->SignalMultiple(1u); + EXPECT_THAT(response_proc.result_error(), IsError(ERR_NAME_NOT_RESOLVED)); } // Test the case where only a single transaction slot is available. @@ -4710,6 +4928,33 @@ TEST_F(HostResolverManagerDnsTest, SerialResolver) { CreateExpected("::1", 80))); } +TEST_F(HostResolverManagerDnsTest, SerialResolver_AutomaticMode) { + CreateSerialResolver(); + ChangeDnsConfig(CreateValidDnsConfig()); + DnsConfigOverrides overrides; + overrides.secure_dns_mode = DnsConfig::SecureDnsMode::AUTOMATIC; + resolver_->SetDnsConfigOverrides(overrides); + + ResolveHostResponseHelper response(resolver_->CreateRequest( + HostPortPair("insecure_automatic", 80), NetLogWithSource(), base::nullopt, + request_context_.get(), host_cache_.get())); + EXPECT_FALSE(response.complete()); + EXPECT_EQ(1u, num_running_dispatcher_jobs()); + + base::RunLoop().RunUntilIdle(); + EXPECT_TRUE(response.complete()); + EXPECT_THAT(response.result_error(), IsOk()); + EXPECT_THAT(response.request()->GetAddressResults().value().endpoints(), + testing::UnorderedElementsAre(CreateExpected("127.0.0.1", 80), + CreateExpected("::1", 80))); + HostCache::Key insecure_key = + HostCache::Key("insecure_automatic", DnsQueryType::UNSPECIFIED, + 0 /* host_resolver_flags */, HostResolverSource::ANY); + const std::pair* cache_result = + GetCacheHit(insecure_key); + EXPECT_TRUE(!!cache_result); +} + // Test the case where subsequent transactions are handled on transaction // completion when only part of a multi-transaction request could be initially // started. @@ -4819,21 +5064,12 @@ TEST_F(HostResolverManagerDnsTest, InvalidDnsConfigWithPendingRequests) { EXPECT_FALSE(response->complete()); } - // Clear DNS config. Request: - // 0 fully in-progress should be aborted. - // 1 partially in-progress should be fully aborted. - // 2 queued up should run using ProcTask. + // Clear DNS config. Fully in-progress, partially in-progress, and queued + // requests should all be aborted. ChangeDnsConfig(DnsConfig()); - EXPECT_THAT(responses[0]->result_error(), IsError(ERR_NETWORK_CHANGED)); - EXPECT_THAT(responses[1]->result_error(), IsError(ERR_NETWORK_CHANGED)); - EXPECT_FALSE(responses[2]->complete()); - - // Finish up the third job. Should bypass the DnsClient, and get its - // results from MockHostResolverProc. - proc_->SignalMultiple(1u); - EXPECT_THAT(responses[2]->result_error(), IsOk()); - EXPECT_THAT(responses[2]->request()->GetAddressResults().value().endpoints(), - testing::ElementsAre(CreateExpected("192.168.0.3", 80))); + for (auto& response : responses) { + EXPECT_THAT(response->result_error(), IsError(ERR_NETWORK_CHANGED)); + } } // Test that initial DNS config read signals do not abort pending requests @@ -5178,19 +5414,42 @@ TEST_F(HostResolverManagerDnsTest, NotFoundTTL) { } TEST_F(HostResolverManagerDnsTest, CachedError) { + proc_->AddRuleForAllFamilies(std::string(), + "0.0.0.0"); // Default to failures. + proc_->SignalMultiple(1u); + CreateResolver(); - set_allow_fallback_to_proctask(false); + set_allow_fallback_to_proctask(true); ChangeDnsConfig(CreateValidDnsConfig()); HostResolver::ResolveHostParameters cache_only_parameters; cache_only_parameters.source = HostResolverSource::LOCAL_ONLY; // Expect cache initially empty. - ResolveHostResponseHelper cache_miss_response(resolver_->CreateRequest( + ResolveHostResponseHelper cache_miss_response0(resolver_->CreateRequest( HostPortPair("nodomain", 80), NetLogWithSource(), cache_only_parameters, request_context_.get(), host_cache_.get())); - EXPECT_THAT(cache_miss_response.result_error(), IsError(ERR_DNS_CACHE_MISS)); - EXPECT_FALSE(cache_miss_response.request()->GetStaleInfo()); + EXPECT_THAT(cache_miss_response0.result_error(), IsError(ERR_DNS_CACHE_MISS)); + EXPECT_FALSE(cache_miss_response0.request()->GetStaleInfo()); + + // The cache should not be populate with an error because fallback to ProcTask + // was available. + ResolveHostResponseHelper no_domain_response_with_fallback( + resolver_->CreateRequest(HostPortPair("nodomain", 80), NetLogWithSource(), + base::nullopt, request_context_.get(), + host_cache_.get())); + EXPECT_THAT(no_domain_response_with_fallback.result_error(), + IsError(ERR_NAME_NOT_RESOLVED)); + + // Expect cache still empty. + ResolveHostResponseHelper cache_miss_response1(resolver_->CreateRequest( + HostPortPair("nodomain", 80), NetLogWithSource(), cache_only_parameters, + request_context_.get(), host_cache_.get())); + EXPECT_THAT(cache_miss_response1.result_error(), IsError(ERR_DNS_CACHE_MISS)); + EXPECT_FALSE(cache_miss_response1.request()->GetStaleInfo()); + + // Disable fallback to proctask + set_allow_fallback_to_proctask(false); // Populate cache with an error. ResolveHostResponseHelper no_domain_response(resolver_->CreateRequest( @@ -5208,6 +5467,84 @@ TEST_F(HostResolverManagerDnsTest, CachedError) { EXPECT_FALSE(cache_hit_response.request()->GetStaleInfo().value().is_stale()); } +TEST_F(HostResolverManagerDnsTest, CachedError_AutomaticMode) { + CreateResolver(); + set_allow_fallback_to_proctask(false); + ChangeDnsConfig(CreateValidDnsConfig()); + + // Switch to automatic mode. + DnsConfigOverrides overrides; + overrides.secure_dns_mode = DnsConfig::SecureDnsMode::AUTOMATIC; + resolver_->SetDnsConfigOverrides(overrides); + + HostCache::Key insecure_key = + HostCache::Key("automatic_nodomain", DnsQueryType::UNSPECIFIED, + 0 /* host_resolver_flags */, HostResolverSource::ANY); + HostCache::Key secure_key = + HostCache::Key("automatic_nodomain", DnsQueryType::UNSPECIFIED, + 0 /* host_resolver_flags */, HostResolverSource::ANY); + secure_key.secure = true; + + // Expect cache initially empty. + const std::pair* cache_result; + cache_result = GetCacheHit(secure_key); + EXPECT_FALSE(!!cache_result); + cache_result = GetCacheHit(insecure_key); + EXPECT_FALSE(!!cache_result); + + // Populate both secure and insecure caches with an error. + ResolveHostResponseHelper no_domain_response(resolver_->CreateRequest( + HostPortPair("automatic_nodomain", 80), NetLogWithSource(), base::nullopt, + request_context_.get(), host_cache_.get())); + EXPECT_THAT(no_domain_response.result_error(), + IsError(ERR_NAME_NOT_RESOLVED)); + + // Expect both secure and insecure caches to have the error result. + cache_result = GetCacheHit(secure_key); + EXPECT_TRUE(!!cache_result); + cache_result = GetCacheHit(insecure_key); + EXPECT_TRUE(!!cache_result); +} + +TEST_F(HostResolverManagerDnsTest, CachedError_SecureMode) { + CreateResolver(); + set_allow_fallback_to_proctask(false); + ChangeDnsConfig(CreateValidDnsConfig()); + + // Switch to secure mode. + DnsConfigOverrides overrides; + overrides.secure_dns_mode = DnsConfig::SecureDnsMode::SECURE; + resolver_->SetDnsConfigOverrides(overrides); + + HostCache::Key insecure_key = + HostCache::Key("automatic_nodomain", DnsQueryType::UNSPECIFIED, + 0 /* host_resolver_flags */, HostResolverSource::ANY); + HostCache::Key secure_key = + HostCache::Key("automatic_nodomain", DnsQueryType::UNSPECIFIED, + 0 /* host_resolver_flags */, HostResolverSource::ANY); + secure_key.secure = true; + + // Expect cache initially empty. + const std::pair* cache_result; + cache_result = GetCacheHit(secure_key); + EXPECT_FALSE(!!cache_result); + cache_result = GetCacheHit(insecure_key); + EXPECT_FALSE(!!cache_result); + + // Populate secure cache with an error. + ResolveHostResponseHelper no_domain_response(resolver_->CreateRequest( + HostPortPair("automatic_nodomain", 80), NetLogWithSource(), base::nullopt, + request_context_.get(), host_cache_.get())); + EXPECT_THAT(no_domain_response.result_error(), + IsError(ERR_NAME_NOT_RESOLVED)); + + // Expect only the secure cache to have the error result. + cache_result = GetCacheHit(secure_key); + EXPECT_TRUE(!!cache_result); + cache_result = GetCacheHit(insecure_key); + EXPECT_FALSE(!!cache_result); +} + TEST_F(HostResolverManagerDnsTest, NoCanonicalName) { MockDnsClientRuleList rules; AddDnsRule(&rules, "alias", dns_protocol::kTypeA, IPAddress::IPv4Localhost(), @@ -5368,20 +5705,22 @@ TEST_F(HostResolverManagerTest, ResolveLocalHostname) { TEST_F(HostResolverManagerDnsTest, ResolveDnsOverHttpsServerName) { MockDnsClientRuleList rules; rules.emplace_back( - "dns.example2.com", dns_protocol::kTypeA, DnsConfig::SecureDnsMode::OFF, + "dns.example2.com", dns_protocol::kTypeA, false /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::OK), false /* delay */); + rules.emplace_back( + "dns.example2.com", dns_protocol::kTypeAAAA, false /* secure */, MockDnsClientRule::Result(MockDnsClientRule::OK), false /* delay */); - rules.emplace_back("dns.example2.com", dns_protocol::kTypeAAAA, - DnsConfig::SecureDnsMode::OFF, - MockDnsClientRule::Result(MockDnsClientRule::OK), - false /* delay */); CreateResolver(); UseMockDnsClient(CreateValidDnsConfig(), std::move(rules)); DnsConfigOverrides overrides; - overrides.dns_over_https_servers.emplace({DnsConfig::DnsOverHttpsServerConfig( - "https://dns.example.com/", true /* use_post */)}); - overrides.dns_over_https_servers.emplace({DnsConfig::DnsOverHttpsServerConfig( - "https://dns.example2.com/dns-query{?dns}", false /* use_post */)}); + std::vector doh_servers = { + DnsConfig::DnsOverHttpsServerConfig("https://dns.example.com/", + true /* use_post */), + DnsConfig::DnsOverHttpsServerConfig( + "https://dns.example2.com/dns-query{?dns}", false /* use_post */)}; + overrides.dns_over_https_servers = doh_servers; + overrides.secure_dns_mode = DnsConfig::SecureDnsMode::SECURE; resolver_->SetDnsConfigOverrides(overrides); ResolveHostResponseHelper response(resolver_->CreateRequest( @@ -5398,7 +5737,6 @@ TEST_F(HostResolverManagerDnsTest, AddDnsOverHttpsServerAfterConfig) { NetworkChangeNotifier::CONNECTION_WIFI); ChangeDnsConfig(CreateValidDnsConfig()); - resolver_->SetDnsClientEnabled(true); std::string server("https://dnsserver.example.net/dns-query{?dns}"); DnsConfigOverrides overrides; overrides.dns_over_https_servers.emplace( @@ -5431,7 +5769,6 @@ TEST_F(HostResolverManagerDnsTest, AddDnsOverHttpsServerBeforeConfig) { DestroyResolver(); test::ScopedMockNetworkChangeNotifier notifier; CreateSerialResolver(); // To guarantee order of resolutions. - resolver_->SetDnsClientEnabled(true); std::string server("https://dnsserver.example.net/dns-query{?dns}"); DnsConfigOverrides overrides; overrides.dns_over_https_servers.emplace( @@ -5478,8 +5815,6 @@ TEST_F(HostResolverManagerDnsTest, AddDnsOverHttpsServerBeforeClient) { NetworkChangeNotifier::CONNECTION_WIFI); ChangeDnsConfig(CreateValidDnsConfig()); - resolver_->SetDnsClientEnabled(true); - base::DictionaryValue* config; auto value = resolver_->GetDnsConfigAsValue(); EXPECT_TRUE(value); @@ -5514,9 +5849,9 @@ TEST_F(HostResolverManagerDnsTest, AddDnsOverHttpsServerAndThenRemove) { notifier.mock_network_change_notifier()->SetConnectionType( NetworkChangeNotifier::CONNECTION_WIFI); - ChangeDnsConfig(CreateValidDnsConfig()); - - resolver_->SetDnsClientEnabled(true); + DnsConfig network_dns_config = CreateValidDnsConfig(); + network_dns_config.dns_over_https_servers.clear(); + ChangeDnsConfig(network_dns_config); base::DictionaryValue* config; auto value = resolver_->GetDnsConfigAsValue(); @@ -5908,8 +6243,7 @@ TEST_F(HostResolverManagerDnsTest, TxtQuery) { bar_records}; MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypeTXT, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypeTXT, false /* secure */, MockDnsClientRule::Result(BuildTestDnsTextResponse( "host", std::move(text_records))), false /* delay */); @@ -5947,8 +6281,7 @@ TEST_F(HostResolverManagerDnsTest, TxtQuery_NonexistentDomain) { proc_->SignalMultiple(1u); MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypeTXT, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypeTXT, false /* secure */, MockDnsClientRule::Result(MockDnsClientRule::NODOMAIN), false /* delay */); @@ -5974,9 +6307,9 @@ TEST_F(HostResolverManagerDnsTest, TxtQuery_Failure) { proc_->SignalMultiple(1u); MockDnsClientRuleList rules; - rules.emplace_back( - "host", dns_protocol::kTypeTXT, DnsConfig::SecureDnsMode::AUTOMATIC, - MockDnsClientRule::Result(MockDnsClientRule::FAIL), false /* delay */); + rules.emplace_back("host", dns_protocol::kTypeTXT, false /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::FAIL), + false /* delay */); CreateResolver(); UseMockDnsClient(CreateValidDnsConfig(), std::move(rules)); @@ -6000,9 +6333,9 @@ TEST_F(HostResolverManagerDnsTest, TxtQuery_Timeout) { proc_->SignalMultiple(1u); MockDnsClientRuleList rules; - rules.emplace_back( - "host", dns_protocol::kTypeTXT, DnsConfig::SecureDnsMode::AUTOMATIC, - MockDnsClientRule::Result(MockDnsClientRule::TIMEOUT), false /* delay */); + rules.emplace_back("host", dns_protocol::kTypeTXT, false /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::TIMEOUT), + false /* delay */); CreateResolver(); UseMockDnsClient(CreateValidDnsConfig(), std::move(rules)); @@ -6026,9 +6359,9 @@ TEST_F(HostResolverManagerDnsTest, TxtQuery_Empty) { proc_->SignalMultiple(1u); MockDnsClientRuleList rules; - rules.emplace_back( - "host", dns_protocol::kTypeTXT, DnsConfig::SecureDnsMode::AUTOMATIC, - MockDnsClientRule::Result(MockDnsClientRule::EMPTY), false /* delay */); + rules.emplace_back("host", dns_protocol::kTypeTXT, false /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::EMPTY), + false /* delay */); CreateResolver(); UseMockDnsClient(CreateValidDnsConfig(), std::move(rules)); @@ -6052,8 +6385,7 @@ TEST_F(HostResolverManagerDnsTest, TxtQuery_Malformed) { proc_->SignalMultiple(1u); MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypeTXT, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypeTXT, false /* secure */, MockDnsClientRule::Result(MockDnsClientRule::MALFORMED), false /* delay */); @@ -6075,8 +6407,7 @@ TEST_F(HostResolverManagerDnsTest, TxtQuery_Malformed) { TEST_F(HostResolverManagerDnsTest, TxtQuery_MismatchedName) { std::vector> text_records = {{"text"}}; MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypeTXT, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypeTXT, false /* secure */, MockDnsClientRule::Result(BuildTestDnsTextResponse( "host", std::move(text_records), "not.host")), false /* delay */); @@ -6099,8 +6430,7 @@ TEST_F(HostResolverManagerDnsTest, TxtQuery_MismatchedName) { TEST_F(HostResolverManagerDnsTest, TxtQuery_WrongType) { // Respond to a TXT query with an A response. MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypeTXT, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypeTXT, false /* secure */, MockDnsClientRule::Result( BuildTestDnsResponse("host", IPAddress(1, 2, 3, 4))), false /* delay */); @@ -6133,8 +6463,7 @@ TEST_F(HostResolverManagerDnsTest, TxtDnsQuery) { bar_records}; MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypeTXT, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypeTXT, false /* secure */, MockDnsClientRule::Result(BuildTestDnsTextResponse( "host", std::move(text_records))), false /* delay */); @@ -6168,8 +6497,7 @@ TEST_F(HostResolverManagerDnsTest, TxtDnsQuery) { TEST_F(HostResolverManagerDnsTest, PtrQuery) { MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypePTR, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypePTR, false /* secure */, MockDnsClientRule::Result(BuildTestDnsPointerResponse( "host", {"foo.com", "bar.com"})), false /* delay */); @@ -6195,8 +6523,7 @@ TEST_F(HostResolverManagerDnsTest, PtrQuery) { TEST_F(HostResolverManagerDnsTest, PtrQuery_Ip) { MockDnsClientRuleList rules; - rules.emplace_back("8.8.8.8", dns_protocol::kTypePTR, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("8.8.8.8", dns_protocol::kTypePTR, false /* secure */, MockDnsClientRule::Result(BuildTestDnsPointerResponse( "8.8.8.8", {"foo.com", "bar.com"})), false /* delay */); @@ -6227,8 +6554,7 @@ TEST_F(HostResolverManagerDnsTest, PtrQuery_NonexistentDomain) { proc_->SignalMultiple(1u); MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypePTR, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypePTR, false /* secure */, MockDnsClientRule::Result(MockDnsClientRule::NODOMAIN), false /* delay */); @@ -6254,9 +6580,9 @@ TEST_F(HostResolverManagerDnsTest, PtrQuery_Failure) { proc_->SignalMultiple(1u); MockDnsClientRuleList rules; - rules.emplace_back( - "host", dns_protocol::kTypePTR, DnsConfig::SecureDnsMode::AUTOMATIC, - MockDnsClientRule::Result(MockDnsClientRule::FAIL), false /* delay */); + rules.emplace_back("host", dns_protocol::kTypePTR, false /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::FAIL), + false /* delay */); CreateResolver(); UseMockDnsClient(CreateValidDnsConfig(), std::move(rules)); @@ -6280,9 +6606,9 @@ TEST_F(HostResolverManagerDnsTest, PtrQuery_Timeout) { proc_->SignalMultiple(1u); MockDnsClientRuleList rules; - rules.emplace_back( - "host", dns_protocol::kTypePTR, DnsConfig::SecureDnsMode::AUTOMATIC, - MockDnsClientRule::Result(MockDnsClientRule::TIMEOUT), false /* delay */); + rules.emplace_back("host", dns_protocol::kTypePTR, false /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::TIMEOUT), + false /* delay */); CreateResolver(); UseMockDnsClient(CreateValidDnsConfig(), std::move(rules)); @@ -6306,9 +6632,9 @@ TEST_F(HostResolverManagerDnsTest, PtrQuery_Empty) { proc_->SignalMultiple(1u); MockDnsClientRuleList rules; - rules.emplace_back( - "host", dns_protocol::kTypePTR, DnsConfig::SecureDnsMode::AUTOMATIC, - MockDnsClientRule::Result(MockDnsClientRule::EMPTY), false /* delay */); + rules.emplace_back("host", dns_protocol::kTypePTR, false /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::EMPTY), + false /* delay */); CreateResolver(); UseMockDnsClient(CreateValidDnsConfig(), std::move(rules)); @@ -6332,8 +6658,7 @@ TEST_F(HostResolverManagerDnsTest, PtrQuery_Malformed) { proc_->SignalMultiple(1u); MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypePTR, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypePTR, false /* secure */, MockDnsClientRule::Result(MockDnsClientRule::MALFORMED), false /* delay */); @@ -6355,8 +6680,7 @@ TEST_F(HostResolverManagerDnsTest, PtrQuery_Malformed) { TEST_F(HostResolverManagerDnsTest, PtrQuery_MismatchedName) { std::vector ptr_records = {{"foo.com"}}; MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypePTR, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypePTR, false /* secure */, MockDnsClientRule::Result(BuildTestDnsPointerResponse( "host", std::move(ptr_records), "not.host")), false /* delay */); @@ -6379,8 +6703,7 @@ TEST_F(HostResolverManagerDnsTest, PtrQuery_MismatchedName) { TEST_F(HostResolverManagerDnsTest, PtrQuery_WrongType) { // Respond to a TXT query with an A response. MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypePTR, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypePTR, false /* secure */, MockDnsClientRule::Result( BuildTestDnsResponse("host", IPAddress(1, 2, 3, 4))), false /* delay */); @@ -6407,8 +6730,7 @@ TEST_F(HostResolverManagerDnsTest, PtrQuery_WrongType) { // involved. TEST_F(HostResolverManagerDnsTest, PtrDnsQuery) { MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypePTR, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypePTR, false /* secure */, MockDnsClientRule::Result(BuildTestDnsPointerResponse( "host", {"foo.com", "bar.com"})), false /* delay */); @@ -6439,8 +6761,7 @@ TEST_F(HostResolverManagerDnsTest, SrvQuery) { const TestServiceRecord kRecord3 = {5, 1, 5, "google.com"}; const TestServiceRecord kRecord4 = {2, 100, 12345, "chromium.org"}; MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypeSRV, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypeSRV, false /* secure */, MockDnsClientRule::Result(BuildTestDnsServiceResponse( "host", {kRecord1, kRecord2, kRecord3, kRecord4})), false /* delay */); @@ -6484,8 +6805,7 @@ TEST_F(HostResolverManagerDnsTest, SrvQuery_ZeroWeight) { const TestServiceRecord kRecord1 = {5, 0, 80, "bar.com"}; const TestServiceRecord kRecord2 = {5, 0, 5, "google.com"}; MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypeSRV, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypeSRV, false /* secure */, MockDnsClientRule::Result(BuildTestDnsServiceResponse( "host", {kRecord1, kRecord2})), false /* delay */); @@ -6516,8 +6836,7 @@ TEST_F(HostResolverManagerDnsTest, SrvQuery_NonexistentDomain) { proc_->SignalMultiple(1u); MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypeSRV, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypeSRV, false /* secure */, MockDnsClientRule::Result(MockDnsClientRule::NODOMAIN), false /* delay */); @@ -6543,9 +6862,9 @@ TEST_F(HostResolverManagerDnsTest, SrvQuery_Failure) { proc_->SignalMultiple(1u); MockDnsClientRuleList rules; - rules.emplace_back( - "host", dns_protocol::kTypeSRV, DnsConfig::SecureDnsMode::AUTOMATIC, - MockDnsClientRule::Result(MockDnsClientRule::FAIL), false /* delay */); + rules.emplace_back("host", dns_protocol::kTypeSRV, false /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::FAIL), + false /* delay */); CreateResolver(); UseMockDnsClient(CreateValidDnsConfig(), std::move(rules)); @@ -6569,9 +6888,9 @@ TEST_F(HostResolverManagerDnsTest, SrvQuery_Timeout) { proc_->SignalMultiple(1u); MockDnsClientRuleList rules; - rules.emplace_back( - "host", dns_protocol::kTypeSRV, DnsConfig::SecureDnsMode::AUTOMATIC, - MockDnsClientRule::Result(MockDnsClientRule::TIMEOUT), false /* delay */); + rules.emplace_back("host", dns_protocol::kTypeSRV, false /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::TIMEOUT), + false /* delay */); CreateResolver(); UseMockDnsClient(CreateValidDnsConfig(), std::move(rules)); @@ -6595,9 +6914,9 @@ TEST_F(HostResolverManagerDnsTest, SrvQuery_Empty) { proc_->SignalMultiple(1u); MockDnsClientRuleList rules; - rules.emplace_back( - "host", dns_protocol::kTypeSRV, DnsConfig::SecureDnsMode::AUTOMATIC, - MockDnsClientRule::Result(MockDnsClientRule::EMPTY), false /* delay */); + rules.emplace_back("host", dns_protocol::kTypeSRV, false /* secure */, + MockDnsClientRule::Result(MockDnsClientRule::EMPTY), + false /* delay */); CreateResolver(); UseMockDnsClient(CreateValidDnsConfig(), std::move(rules)); @@ -6621,8 +6940,7 @@ TEST_F(HostResolverManagerDnsTest, SrvQuery_Malformed) { proc_->SignalMultiple(1u); MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypeSRV, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypeSRV, false /* secure */, MockDnsClientRule::Result(MockDnsClientRule::MALFORMED), false /* delay */); @@ -6644,8 +6962,7 @@ TEST_F(HostResolverManagerDnsTest, SrvQuery_Malformed) { TEST_F(HostResolverManagerDnsTest, SrvQuery_MismatchedName) { std::vector srv_records = {{1, 2, 3, "foo.com"}}; MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypeSRV, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypeSRV, false /* secure */, MockDnsClientRule::Result(BuildTestDnsServiceResponse( "host", std::move(srv_records), "not.host")), false /* delay */); @@ -6668,8 +6985,7 @@ TEST_F(HostResolverManagerDnsTest, SrvQuery_MismatchedName) { TEST_F(HostResolverManagerDnsTest, SrvQuery_WrongType) { // Respond to a SRV query with an A response. MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypeSRV, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypeSRV, false /* secure */, MockDnsClientRule::Result( BuildTestDnsResponse("host", IPAddress(1, 2, 3, 4))), false /* delay */); @@ -6700,8 +7016,7 @@ TEST_F(HostResolverManagerDnsTest, SrvDnsQuery) { const TestServiceRecord kRecord3 = {5, 1, 5, "google.com"}; const TestServiceRecord kRecord4 = {2, 100, 12345, "chromium.org"}; MockDnsClientRuleList rules; - rules.emplace_back("host", dns_protocol::kTypeSRV, - DnsConfig::SecureDnsMode::AUTOMATIC, + rules.emplace_back("host", dns_protocol::kTypeSRV, false /* secure */, MockDnsClientRule::Result(BuildTestDnsServiceResponse( "host", {kRecord1, kRecord2, kRecord3, kRecord4})), false /* delay */); diff --git a/chromium/net/dns/host_resolver_mdns_task.cc b/chromium/net/dns/host_resolver_mdns_task.cc index cc5c3647101..356278b5721 100644 --- a/chromium/net/dns/host_resolver_mdns_task.cc +++ b/chromium/net/dns/host_resolver_mdns_task.cc @@ -128,7 +128,7 @@ HostResolverMdnsTask::HostResolverMdnsTask( MDnsClient* mdns_client, const std::string& hostname, const std::vector& query_types) - : mdns_client_(mdns_client), hostname_(hostname), weak_ptr_factory_(this) { + : mdns_client_(mdns_client), hostname_(hostname) { DCHECK(!query_types.empty()); for (DnsQueryType query_type : query_types) { transactions_.emplace_back(query_type, this); diff --git a/chromium/net/dns/host_resolver_mdns_task.h b/chromium/net/dns/host_resolver_mdns_task.h index 5a1c8294176..e0e408afdf0 100644 --- a/chromium/net/dns/host_resolver_mdns_task.h +++ b/chromium/net/dns/host_resolver_mdns_task.h @@ -63,7 +63,7 @@ class HostResolverMdnsTask { SEQUENCE_CHECKER(sequence_checker_); - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(HostResolverMdnsTask); }; diff --git a/chromium/net/dns/host_resolver_proc.cc b/chromium/net/dns/host_resolver_proc.cc index 4f4bce2f04e..0824540a63a 100644 --- a/chromium/net/dns/host_resolver_proc.cc +++ b/chromium/net/dns/host_resolver_proc.cc @@ -280,9 +280,9 @@ const base::TimeDelta ProcTaskParams::kDnsDefaultUnresponsiveDelay = base::TimeDelta::FromSeconds(6); ProcTaskParams::ProcTaskParams(HostResolverProc* resolver_proc, - size_t max_retry_attempts) + size_t in_max_retry_attempts) : resolver_proc(resolver_proc), - max_retry_attempts(max_retry_attempts), + max_retry_attempts(in_max_retry_attempts), unresponsive_delay(kDnsDefaultUnresponsiveDelay), retry_factor(2) { // Maximum of 4 retry attempts for host resolution. diff --git a/chromium/net/dns/mdns_client_impl.cc b/chromium/net/dns/mdns_client_impl.cc index 4d3ce6c53f2..9ac0592fdcf 100644 --- a/chromium/net/dns/mdns_client_impl.cc +++ b/chromium/net/dns/mdns_client_impl.cc @@ -131,8 +131,7 @@ void MDnsConnection::SocketHandler::SendDone(int rv) { } MDnsConnection::MDnsConnection(MDnsConnection::Delegate* delegate) - : delegate_(delegate), weak_ptr_factory_(this) { -} + : delegate_(delegate) {} MDnsConnection::~MDnsConnection() = default; diff --git a/chromium/net/dns/mdns_client_impl.h b/chromium/net/dns/mdns_client_impl.h index fd911dcd12f..0efda0b9a42 100644 --- a/chromium/net/dns/mdns_client_impl.h +++ b/chromium/net/dns/mdns_client_impl.h @@ -111,7 +111,7 @@ class NET_EXPORT_PRIVATE MDnsConnection { Delegate* delegate_; - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(MDnsConnection); }; diff --git a/chromium/net/dns/public/dns_protocol.h b/chromium/net/dns/public/dns_protocol.h index 401dd92a2c1..29582d7b50a 100644 --- a/chromium/net/dns/public/dns_protocol.h +++ b/chromium/net/dns/public/dns_protocol.h @@ -122,10 +122,20 @@ static const int kMaxUDPSize = 512; // medium's MTU, and must be under 9000 bytes static const int kMaxMulticastSize = 9000; +// RFC 1035, Section 4.1.3. +// TYPE (2 bytes) + CLASS (2 bytes) + TTL (4 bytes) + RDLENGTH (2 bytes) +static const int kResourceRecordSizeInBytesWithoutNameAndRData = 10; + // DNS class types. // // https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-2 static const uint16_t kClassIN = 1; +// RFC 6762, Section 10.2. +// +// For resource records sent through mDNS, the top bit of the class field in a +// resource record is repurposed to the cache-flush bit. This bit should only be +// used in mDNS transactions. +static const uint16_t kFlagCacheFlush = 0x8000; // DNS resource record types. // @@ -151,6 +161,11 @@ static const uint8_t kRcodeNXDOMAIN = 3; static const uint8_t kRcodeNOTIMP = 4; static const uint8_t kRcodeREFUSED = 5; +// DNS EDNS(0) option codes (OPT) +// +// https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-11 +static const uint16_t kEdnsPadding = 12; + // DNS header flags. // // https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-12 diff --git a/chromium/net/dns/record_rdata.cc b/chromium/net/dns/record_rdata.cc index 87c707ef3f8..e6366702b7e 100644 --- a/chromium/net/dns/record_rdata.cc +++ b/chromium/net/dns/record_rdata.cc @@ -4,6 +4,7 @@ #include "net/dns/record_rdata.h" +#include #include #include "base/big_endian.h" @@ -14,8 +15,6 @@ namespace net { static const size_t kSrvRecordMinimumSize = 6; -RecordRdata::RecordRdata() = default; - bool RecordRdata::HasValidSize(const base::StringPiece& data, uint16_t type) { switch (type) { case dns_protocol::kTypeSRV: @@ -288,8 +287,12 @@ bool NsecRecordRdata::GetBit(unsigned i) const { OptRecordRdata::OptRecordRdata() = default; +OptRecordRdata::OptRecordRdata(OptRecordRdata&& other) = default; + OptRecordRdata::~OptRecordRdata() = default; +OptRecordRdata& OptRecordRdata::operator=(OptRecordRdata&& other) = default; + // static std::unique_ptr OptRecordRdata::Create( const base::StringPiece& data, @@ -340,6 +343,17 @@ void OptRecordRdata::AddOpt(const Opt& opt) { opts_.push_back(opt); } +void OptRecordRdata::AddOpts(const OptRecordRdata& other) { + buf_.insert(buf_.end(), other.buf_.begin(), other.buf_.end()); + opts_.insert(opts_.end(), other.opts_.begin(), other.opts_.end()); +} + +bool OptRecordRdata::ContainsOptCode(uint16_t opt_code) const { + return std::any_of( + opts_.begin(), opts_.end(), + [=](const OptRecordRdata::Opt& opt) { return opt.code() == opt_code; }); +} + OptRecordRdata::Opt::Opt(uint16_t code, base::StringPiece data) : code_(code) { data.CopyToString(&data_); } diff --git a/chromium/net/dns/record_rdata.h b/chromium/net/dns/record_rdata.h index 8347d8adf12..e6864ae4fc5 100644 --- a/chromium/net/dns/record_rdata.h +++ b/chromium/net/dns/record_rdata.h @@ -36,11 +36,6 @@ class NET_EXPORT RecordRdata { virtual bool IsEqual(const RecordRdata* other) const = 0; virtual uint16_t Type() const = 0; - - protected: - RecordRdata(); - - DISALLOW_COPY_AND_ASSIGN(RecordRdata); }; // SRV record format (http://www.ietf.org/rfc/rfc2782.txt): @@ -228,7 +223,7 @@ class NET_EXPORT_PRIVATE OptRecordRdata : public RecordRdata { public: class NET_EXPORT_PRIVATE Opt { public: - static const size_t kHeaderSize = 4; // sizeof(code) + sizeof(size) + static constexpr size_t kHeaderSize = 4; // sizeof(code) + sizeof(size) Opt(uint16_t code, base::StringPiece data); @@ -245,7 +240,11 @@ class NET_EXPORT_PRIVATE OptRecordRdata : public RecordRdata { static const uint16_t kType = dns_protocol::kTypeOPT; OptRecordRdata(); + OptRecordRdata(OptRecordRdata&& other); ~OptRecordRdata() override; + + OptRecordRdata& operator=(OptRecordRdata&& other); + static std::unique_ptr Create(const base::StringPiece& data, const DnsRecordParser& parser); bool IsEqual(const RecordRdata* other) const override; @@ -256,6 +255,11 @@ class NET_EXPORT_PRIVATE OptRecordRdata : public RecordRdata { const std::vector& opts() const { return opts_; } void AddOpt(const Opt& opt); + // Add all Opts from |other| to |this|. + void AddOpts(const OptRecordRdata& other); + + bool ContainsOptCode(uint16_t opt_code) const; + private: std::vector opts_; std::vector buf_; diff --git a/chromium/net/dns/serial_worker.cc b/chromium/net/dns/serial_worker.cc index 520bd3a64b9..f66abb17207 100644 --- a/chromium/net/dns/serial_worker.cc +++ b/chromium/net/dns/serial_worker.cc @@ -15,8 +15,7 @@ namespace net { SerialWorker::SerialWorker() : base::RefCountedDeleteOnSequence( base::SequencedTaskRunnerHandle::Get()), - state_(IDLE), - weak_factory_(this) {} + state_(IDLE) {} SerialWorker::~SerialWorker() = default; diff --git a/chromium/net/dns/serial_worker.h b/chromium/net/dns/serial_worker.h index b647b69e599..a16e8461291 100644 --- a/chromium/net/dns/serial_worker.h +++ b/chromium/net/dns/serial_worker.h @@ -76,7 +76,7 @@ class NET_EXPORT_PRIVATE SerialWorker State state_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(SerialWorker); }; diff --git a/chromium/net/dns/system_dns_config_change_notifier.cc b/chromium/net/dns/system_dns_config_change_notifier.cc new file mode 100644 index 00000000000..c636f54c313 --- /dev/null +++ b/chromium/net/dns/system_dns_config_change_notifier.cc @@ -0,0 +1,225 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/dns/system_dns_config_change_notifier.h" + +#include +#include + +#include "base/bind.h" +#include "base/location.h" +#include "base/logging.h" +#include "base/memory/weak_ptr.h" +#include "base/sequence_checker.h" +#include "base/sequenced_task_runner.h" +#include "base/synchronization/lock.h" +#include "base/task/post_task.h" +#include "base/task/task_traits.h" +#include "base/threading/sequenced_task_runner_handle.h" +#include "net/dns/dns_config_service.h" + +namespace net { + +namespace { + +// Internal information and handling for a registered Observer. Handles +// posting to and DCHECKing the correct sequence for the Observer. +class WrappedObserver { + public: + explicit WrappedObserver(SystemDnsConfigChangeNotifier::Observer* observer) + : task_runner_(base::SequencedTaskRunnerHandle::Get()), + observer_(observer) {} + + ~WrappedObserver() { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); } + + void OnNotifyThreadsafe(base::Optional config) { + task_runner_->PostTask( + FROM_HERE, + base::BindOnce(&WrappedObserver::OnNotify, + weak_ptr_factory_.GetWeakPtr(), std::move(config))); + } + + void OnNotify(base::Optional config) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + DCHECK(!config || config.value().IsValid()); + + observer_->OnSystemDnsConfigChanged(std::move(config)); + } + + private: + scoped_refptr task_runner_; + SystemDnsConfigChangeNotifier::Observer* const observer_; + + SEQUENCE_CHECKER(sequence_checker_); + base::WeakPtrFactory weak_ptr_factory_{this}; + + DISALLOW_COPY_AND_ASSIGN(WrappedObserver); +}; + +} // namespace + +// Internal core to be destroyed via base::OnTaskRunnerDeleter to ensure +// sequence safety. +class SystemDnsConfigChangeNotifier::Core { + public: + Core(scoped_refptr task_runner, + std::unique_ptr dns_config_service) + : task_runner_(std::move(task_runner)) { + DCHECK(task_runner_); + DCHECK(dns_config_service); + + DETACH_FROM_SEQUENCE(sequence_checker_); + + task_runner_->PostTask(FROM_HERE, + base::BindOnce(&Core::SetAndStartDnsConfigService, + weak_ptr_factory_.GetWeakPtr(), + std::move(dns_config_service))); + } + + ~Core() { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + DCHECK(wrapped_observers_.empty()); + } + + void AddObserver(Observer* observer) { + // Create wrapped observer outside locking in case construction requires + // complex side effects. + auto wrapped_observer = std::make_unique(observer); + + { + base::AutoLock lock(lock_); + + if (config_) { + // Even though this is the same sequence as the observer, use the + // threadsafe OnNotify to post the notification for both lock and + // reentrancy safety. + wrapped_observer->OnNotifyThreadsafe(config_); + } + + DCHECK_EQ(0u, wrapped_observers_.count(observer)); + wrapped_observers_.emplace(observer, std::move(wrapped_observer)); + } + } + + void RemoveObserver(Observer* observer) { + // Destroy wrapped observer outside locking in case destruction requires + // complex side effects. + std::unique_ptr removed_wrapped_observer; + + { + base::AutoLock lock(lock_); + auto it = wrapped_observers_.find(observer); + DCHECK(it != wrapped_observers_.end()); + removed_wrapped_observer = std::move(it->second); + wrapped_observers_.erase(it); + } + } + + void RefreshConfig() { + task_runner_->PostTask(FROM_HERE, + base::BindOnce(&Core::TriggerRefreshConfig, + weak_ptr_factory_.GetWeakPtr())); + } + + void SetDnsConfigServiceForTesting( + std::unique_ptr dns_config_service) { + DCHECK(dns_config_service); + task_runner_->PostTask(FROM_HERE, + base::BindOnce(&Core::SetAndStartDnsConfigService, + weak_ptr_factory_.GetWeakPtr(), + std::move(dns_config_service))); + } + + private: + void SetAndStartDnsConfigService( + std::unique_ptr dns_config_service) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + + dns_config_service_ = std::move(dns_config_service); + dns_config_service_->WatchConfig(base::BindRepeating( + &Core::OnConfigChanged, weak_ptr_factory_.GetWeakPtr())); + } + + void OnConfigChanged(const DnsConfig& config) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + base::AutoLock lock(lock_); + + // |config_| is |base::nullopt| if most recent config was invalid (or no + // valid config has yet been read), so convert |config| to a similar form + // before comparing for change. + base::Optional new_config; + if (config.IsValid()) + new_config = config; + + if (config_ == new_config) + return; + + config_ = std::move(new_config); + + for (auto& wrapped_observer : wrapped_observers_) { + wrapped_observer.second->OnNotifyThreadsafe(config_); + } + } + + void TriggerRefreshConfig() { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + dns_config_service_->RefreshConfig(); + } + + // Fields that may be accessed from any sequence. Must protect access using + // |lock_|. + mutable base::Lock lock_; + // Only stores valid configs. |base::nullopt| if most recent config was + // invalid (or no valid config has yet been read). + base::Optional config_; + std::map> wrapped_observers_; + + // Fields valid only on |task_runner_|. + scoped_refptr task_runner_; + SEQUENCE_CHECKER(sequence_checker_); + std::unique_ptr dns_config_service_; + base::WeakPtrFactory weak_ptr_factory_{this}; + + DISALLOW_COPY_AND_ASSIGN(Core); +}; + +SystemDnsConfigChangeNotifier::SystemDnsConfigChangeNotifier() + : SystemDnsConfigChangeNotifier( + base::CreateSequencedTaskRunnerWithTraits({base::MayBlock()}), + DnsConfigService::CreateSystemService()) {} + +SystemDnsConfigChangeNotifier::SystemDnsConfigChangeNotifier( + scoped_refptr task_runner, + std::unique_ptr dns_config_service) + : core_(nullptr, base::OnTaskRunnerDeleter(task_runner)) { + if (dns_config_service) + core_.reset(new Core(task_runner, std::move(dns_config_service))); +} + +SystemDnsConfigChangeNotifier::~SystemDnsConfigChangeNotifier() = default; + +void SystemDnsConfigChangeNotifier::AddObserver(Observer* observer) { + if (core_) + core_->AddObserver(observer); +} + +void SystemDnsConfigChangeNotifier::RemoveObserver(Observer* observer) { + if (core_) + core_->RemoveObserver(observer); +} + +void SystemDnsConfigChangeNotifier::RefreshConfig() { + if (core_) + core_->RefreshConfig(); +} + +void SystemDnsConfigChangeNotifier::SetDnsConfigServiceForTesting( + std::unique_ptr dns_config_service) { + DCHECK(core_); + DCHECK(dns_config_service); + + core_->SetDnsConfigServiceForTesting(std::move(dns_config_service)); +} + +} // namespace net diff --git a/chromium/net/dns/system_dns_config_change_notifier.h b/chromium/net/dns/system_dns_config_change_notifier.h new file mode 100644 index 00000000000..447a8d8c244 --- /dev/null +++ b/chromium/net/dns/system_dns_config_change_notifier.h @@ -0,0 +1,86 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_DNS_SYSTEM_DNS_CONFIG_CHANGE_NOTIFIER_H_ +#define NET_DNS_SYSTEM_DNS_CONFIG_CHANGE_NOTIFIER_H_ + +#include + +#include "base/macros.h" +#include "base/memory/scoped_refptr.h" +#include "base/optional.h" +#include "base/sequenced_task_runner.h" +#include "net/base/net_export.h" +#include "net/dns/dns_config.h" + +namespace net { + +class DnsConfigService; + +// Notifier that can be subscribed to to listen for changes to system DNS +// configuration. Expected to only be used internally to HostResolverManager and +// NetworkChangeNotifier. Other classes are expected to subscribe to +// NetworkChangeNotifier::AddDNSObserver() to subscribe to listen to both system +// config changes and configuration applied on top by Chrome. +// +// This class is thread and sequence safe except that RemoveObserver() must be +// called on the same sequence as the matched AddObserver() call. +// +// TODO(crbug.com/971411): Use this class in HostResolverManager. +class NET_EXPORT_PRIVATE SystemDnsConfigChangeNotifier { + public: + class Observer { + public: + // Called on loading new config, including the initial read once the first + // valid config has been read. If a config read encounters errors or an + // invalid config is read, will be invoked with |base::nullopt|. Only + // invoked when |config| changes. + virtual void OnSystemDnsConfigChanged(base::Optional config) = 0; + }; + + SystemDnsConfigChangeNotifier(); + // Alternate constructor allowing specifying the underlying DnsConfigService. + // |dns_config_service| will only be interacted with and destroyed using + // |task_runner|. As required by DnsConfigService, blocking I/O may be + // performed on |task_runner|, so it must support blocking (i.e. + // base::MayBlock). + // + // |dns_config_service| may be null if system DNS config is disabled for the + // current platform. Calls against the created object will noop, and no + // notifications will ever be sent. + SystemDnsConfigChangeNotifier( + scoped_refptr task_runner, + std::unique_ptr dns_config_service); + ~SystemDnsConfigChangeNotifier(); + + // An added Observer will receive notifications on the sequence where + // AddObserver() was called. If the config has been successfully read before + // calling this method, a notification will be sent for that current config + // before any other notifications. + void AddObserver(Observer* observer); + + // In order to ensure notifications immediately stop on calling + // RemoveObserver(), must be called on the same sequence where the associated + // AddObserver() was called. + void RemoveObserver(Observer* observer); + + // Triggers invalidation and re-read of the current configuration (followed by + // notifications to registered Observers). For use only on platforms + // expecting network-stack-external notifications of DNS config changes. + void RefreshConfig(); + + void SetDnsConfigServiceForTesting( + std::unique_ptr dns_config_service); + + private: + class Core; + + std::unique_ptr core_; + + DISALLOW_COPY_AND_ASSIGN(SystemDnsConfigChangeNotifier); +}; + +} // namespace net + +#endif // NET_DNS_SYSTEM_DNS_CONFIG_CHANGE_NOTIFIER_H_ diff --git a/chromium/net/dns/system_dns_config_change_notifier_unittest.cc b/chromium/net/dns/system_dns_config_change_notifier_unittest.cc new file mode 100644 index 00000000000..9c3c705025b --- /dev/null +++ b/chromium/net/dns/system_dns_config_change_notifier_unittest.cc @@ -0,0 +1,327 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/dns/system_dns_config_change_notifier.h" + +#include +#include + +#include "base/bind.h" +#include "base/run_loop.h" +#include "base/task/post_task.h" +#include "base/task/task_traits.h" +#include "net/base/ip_address.h" +#include "net/base/ip_endpoint.h" +#include "net/dns/dns_hosts.h" +#include "net/dns/test_dns_config_service.h" +#include "net/test/test_with_scoped_task_environment.h" +#include "testing/gmock/include/gmock/gmock.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { + +namespace { +const std::vector kNameservers = { + IPEndPoint(IPAddress(1, 2, 3, 4), 95)}; +const std::vector kNameservers2 = { + IPEndPoint(IPAddress(2, 3, 4, 5), 195)}; +const DnsConfig kConfig(kNameservers); +const DnsConfig kConfig2(kNameservers2); +} // namespace + +class SystemDnsConfigChangeNotifierTest : public TestWithScopedTaskEnvironment { + public: + // Set up a change notifier, owned on a dedicated blockable task runner, with + // a faked underlying DnsConfigService. + SystemDnsConfigChangeNotifierTest() + : notifier_task_runner_( + base::CreateSequencedTaskRunnerWithTraits({base::MayBlock()})) { + auto test_service = std::make_unique(); + notifier_task_runner_->PostTask( + FROM_HERE, + base::BindOnce(&TestDnsConfigService::OnHostsRead, + base::Unretained(test_service.get()), DnsHosts())); + test_config_service_ = test_service.get(); + + notifier_ = std::make_unique( + notifier_task_runner_, std::move(test_service)); + } + + protected: + // Test observer implementation that records all notifications received in a + // vector, and also validates that all notifications are received on the + // expected sequence. + class TestObserver : public SystemDnsConfigChangeNotifier::Observer { + public: + void OnSystemDnsConfigChanged(base::Optional config) override { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + configs_received_.push_back(std::move(config)); + + DCHECK_GT(notifications_remaining_, 0); + if (--notifications_remaining_ == 0) + run_loop_->Quit(); + } + + void WaitForNotification() { WaitForNotifications(1); } + void WaitForNotifications(int num_notifications) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + + notifications_remaining_ = num_notifications; + run_loop_->Run(); + run_loop_ = std::make_unique(); + } + + void ExpectNoMoreNotifications() { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + configs_received_.clear(); + base::RunLoop().RunUntilIdle(); + EXPECT_TRUE(configs_received_.empty()); + } + + std::vector>& configs_received() { + return configs_received_; + } + + private: + int notifications_remaining_ = 0; + std::unique_ptr run_loop_ = + std::make_unique(); + std::vector> configs_received_; + SEQUENCE_CHECKER(sequence_checker_); + }; + + // Load a config and wait for it to be received by the notifier. + void LoadConfig(const DnsConfig& config, bool already_loaded = false) { + TestObserver observer; + notifier_->AddObserver(&observer); + + // If |notifier_| already has a config loaded, |observer| will first get a + // notification for that initial config. + if (already_loaded) + observer.WaitForNotification(); + + notifier_task_runner_->PostTask( + FROM_HERE, + base::BindOnce(&TestDnsConfigService::OnConfigRead, + base::Unretained(test_config_service_), config)); + observer.WaitForNotification(); + + notifier_->RemoveObserver(&observer); + } + + scoped_refptr notifier_task_runner_; + std::unique_ptr notifier_; + // Owned by |notifier_|. + TestDnsConfigService* test_config_service_; +}; + +TEST_F(SystemDnsConfigChangeNotifierTest, ReceiveNotification) { + TestObserver observer; + + notifier_->AddObserver(&observer); + notifier_task_runner_->PostTask( + FROM_HERE, + base::BindOnce(&TestDnsConfigService::OnConfigRead, + base::Unretained(test_config_service_), kConfig)); + observer.WaitForNotification(); + + EXPECT_THAT(observer.configs_received(), + testing::ElementsAre(testing::Optional(kConfig))); + observer.ExpectNoMoreNotifications(); + + notifier_->RemoveObserver(&observer); +} + +TEST_F(SystemDnsConfigChangeNotifierTest, ReceiveNotification_Multiple) { + TestObserver observer; + + notifier_->AddObserver(&observer); + notifier_task_runner_->PostTask( + FROM_HERE, + base::BindOnce(&TestDnsConfigService::OnConfigRead, + base::Unretained(test_config_service_), kConfig)); + notifier_task_runner_->PostTask( + FROM_HERE, + base::BindOnce(&TestDnsConfigService::OnConfigRead, + base::Unretained(test_config_service_), kConfig2)); + observer.WaitForNotifications(2); + + EXPECT_THAT(observer.configs_received(), + testing::ElementsAre(testing::Optional(kConfig), + testing::Optional(kConfig2))); + observer.ExpectNoMoreNotifications(); + + notifier_->RemoveObserver(&observer); +} + +// If the notifier already has a config loaded, a new observer should receive an +// initial notification for that config. +TEST_F(SystemDnsConfigChangeNotifierTest, ReceiveInitialNotification) { + LoadConfig(kConfig); + + TestObserver observer; + notifier_->AddObserver(&observer); + observer.WaitForNotification(); + + EXPECT_THAT(observer.configs_received(), + testing::ElementsAre(testing::Optional(kConfig))); + observer.ExpectNoMoreNotifications(); + + notifier_->RemoveObserver(&observer); +} + +// If multiple configs have been read before adding an Observer, should notify +// it only of the most recent. +TEST_F(SystemDnsConfigChangeNotifierTest, ReceiveInitialNotification_Multiple) { + LoadConfig(kConfig); + LoadConfig(kConfig2, true /* already_loaded */); + + TestObserver observer; + notifier_->AddObserver(&observer); + observer.WaitForNotification(); + + EXPECT_THAT(observer.configs_received(), + testing::ElementsAre(testing::Optional(kConfig2))); + observer.ExpectNoMoreNotifications(); + + notifier_->RemoveObserver(&observer); +} + +TEST_F(SystemDnsConfigChangeNotifierTest, NotificationsStopAfterRemoval) { + TestObserver observer; + notifier_->AddObserver(&observer); + notifier_->RemoveObserver(&observer); + + LoadConfig(kConfig); + LoadConfig(kConfig2, true /* already_loaded */); + + EXPECT_TRUE(observer.configs_received().empty()); + observer.ExpectNoMoreNotifications(); +} + +TEST_F(SystemDnsConfigChangeNotifierTest, UnchangedConfigs) { + LoadConfig(kConfig); + + TestObserver observer; + notifier_->AddObserver(&observer); + observer.WaitForNotification(); + + // Expect no notifications from duplicate configs. + notifier_task_runner_->PostTask( + FROM_HERE, + base::BindOnce(&TestDnsConfigService::OnConfigRead, + base::Unretained(test_config_service_), kConfig)); + notifier_task_runner_->PostTask( + FROM_HERE, + base::BindOnce(&TestDnsConfigService::OnConfigRead, + base::Unretained(test_config_service_), kConfig)); + observer.ExpectNoMoreNotifications(); + + // Notification on new config. + notifier_task_runner_->PostTask( + FROM_HERE, + base::BindOnce(&TestDnsConfigService::OnConfigRead, + base::Unretained(test_config_service_), kConfig2)); + observer.WaitForNotification(); + EXPECT_THAT(observer.configs_received(), + testing::ElementsAre(testing::Optional(kConfig2))); + observer.ExpectNoMoreNotifications(); + + notifier_->RemoveObserver(&observer); +} + +TEST_F(SystemDnsConfigChangeNotifierTest, UnloadedConfig) { + LoadConfig(kConfig); + + TestObserver observer; + notifier_->AddObserver(&observer); + // Initial config. + observer.WaitForNotification(); + + notifier_task_runner_->PostTask( + FROM_HERE, base::BindOnce(&TestDnsConfigService::InvalidateConfig, + base::Unretained(test_config_service_))); + observer.WaitForNotification(); + + EXPECT_THAT(observer.configs_received(), + testing::ElementsAre(testing::Optional(kConfig), base::nullopt)); + observer.ExpectNoMoreNotifications(); + + notifier_->RemoveObserver(&observer); +} + +// All invalid configs are considered the same for notifications, so only expect +// a single notification on multiple config invalidations. +TEST_F(SystemDnsConfigChangeNotifierTest, UnloadedConfig_Multiple) { + LoadConfig(kConfig); + + TestObserver observer; + notifier_->AddObserver(&observer); + // Initial config. + observer.WaitForNotification(); + + notifier_task_runner_->PostTask( + FROM_HERE, base::BindOnce(&TestDnsConfigService::InvalidateConfig, + base::Unretained(test_config_service_))); + notifier_task_runner_->PostTask( + FROM_HERE, base::BindOnce(&TestDnsConfigService::InvalidateConfig, + base::Unretained(test_config_service_))); + observer.WaitForNotification(); // Only 1 notification expected. + + EXPECT_THAT(observer.configs_received(), + testing::ElementsAre(testing::Optional(kConfig), base::nullopt)); + observer.ExpectNoMoreNotifications(); + + notifier_->RemoveObserver(&observer); +} + +TEST_F(SystemDnsConfigChangeNotifierTest, InitialConfigInvalid) { + // Add and invalidate a config (using an extra observer to wait for + // invalidation to complete). + LoadConfig(kConfig); + TestObserver setup_observer; + notifier_->AddObserver(&setup_observer); + setup_observer.WaitForNotification(); + notifier_task_runner_->PostTask( + FROM_HERE, base::BindOnce(&TestDnsConfigService::InvalidateConfig, + base::Unretained(test_config_service_))); + setup_observer.WaitForNotification(); + notifier_->RemoveObserver(&setup_observer); + + TestObserver observer; + notifier_->AddObserver(&observer); + + // No notification expected until first valid config. + observer.ExpectNoMoreNotifications(); + + // Notification on new config. + notifier_task_runner_->PostTask( + FROM_HERE, + base::BindOnce(&TestDnsConfigService::OnConfigRead, + base::Unretained(test_config_service_), kConfig)); + observer.WaitForNotification(); + EXPECT_THAT(observer.configs_received(), + testing::ElementsAre(testing::Optional(kConfig))); + observer.ExpectNoMoreNotifications(); + + notifier_->RemoveObserver(&observer); +} + +TEST_F(SystemDnsConfigChangeNotifierTest, RefreshConfig) { + test_config_service_->SetConfigForRefresh(kConfig); + + TestObserver observer; + notifier_->AddObserver(&observer); + + notifier_->RefreshConfig(); + observer.WaitForNotification(); + + EXPECT_THAT(observer.configs_received(), + testing::ElementsAre(testing::Optional(kConfig))); + observer.ExpectNoMoreNotifications(); + + notifier_->RemoveObserver(&observer); +} + +} // namespace net diff --git a/chromium/net/dns/test_dns_config_service.cc b/chromium/net/dns/test_dns_config_service.cc new file mode 100644 index 00000000000..af928627f4d --- /dev/null +++ b/chromium/net/dns/test_dns_config_service.cc @@ -0,0 +1,26 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/dns/test_dns_config_service.h" + +namespace net { + +TestDnsConfigService::TestDnsConfigService() = default; + +TestDnsConfigService::~TestDnsConfigService() = default; + +bool TestDnsConfigService::StartWatching() { + return true; +} + +void TestDnsConfigService::RefreshConfig() { + DCHECK(config_for_refresh_); + InvalidateConfig(); + InvalidateHosts(); + OnConfigRead(config_for_refresh_.value()); + OnHostsRead(config_for_refresh_.value().hosts); + config_for_refresh_ = base::nullopt; +} + +} // namespace net diff --git a/chromium/net/dns/test_dns_config_service.h b/chromium/net/dns/test_dns_config_service.h new file mode 100644 index 00000000000..3b61c361c6c --- /dev/null +++ b/chromium/net/dns/test_dns_config_service.h @@ -0,0 +1,56 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_DNS_TEST_DNS_CONFIG_SERVICE_H_ +#define NET_DNS_TEST_DNS_CONFIG_SERVICE_H_ + +#include + +#include "base/logging.h" +#include "base/optional.h" +#include "net/dns/dns_config_service.h" + +namespace net { + +// Simple test implementation of DnsConfigService that will trigger +// notifications only on explicitly calling On...() methods. +class TestDnsConfigService : public DnsConfigService { + public: + TestDnsConfigService(); + ~TestDnsConfigService() override; + + void ReadNow() override {} + bool StartWatching() override; + + // Expose the protected methods to this test suite. + void InvalidateConfig() { DnsConfigService::InvalidateConfig(); } + + void InvalidateHosts() { DnsConfigService::InvalidateHosts(); } + + void OnConfigRead(const DnsConfig& config) { + DnsConfigService::OnConfigRead(config); + } + + void OnHostsRead(const DnsHosts& hosts) { + DnsConfigService::OnHostsRead(hosts); + } + + void set_watch_failed(bool value) { + DnsConfigService::set_watch_failed(value); + } + + void RefreshConfig() override; + + void SetConfigForRefresh(DnsConfig config) { + DCHECK(!config_for_refresh_); + config_for_refresh_ = std::move(config); + } + + private: + base::Optional config_for_refresh_; +}; + +} // namespace net + +#endif // NET_DNS_TEST_DNS_CONFIG_SERVICE_H_ diff --git a/chromium/net/docs/crash-course-in-net-internals.md b/chromium/net/docs/crash-course-in-net-internals.md index 8c1fbbb392e..1a120fb0381 100644 --- a/chromium/net/docs/crash-course-in-net-internals.md +++ b/chromium/net/docs/crash-course-in-net-internals.md @@ -19,7 +19,7 @@ Events view, which will be all this document covers. The top level network stack object is the URLRequestContext. The Events view has information for all Chrome URLRequestContexts that are hooked up to the -single, global, ChromeNetLog object. This includes both incognito and +single, global, NetLog object. This includes both incognito and non-incognito profiles, among other things. The Events view only shows events for the period that net-internals was open and running, and is incrementally updated as events occur. The code attempts to add a top level event for diff --git a/chromium/net/docs/proxy.md b/chromium/net/docs/proxy.md index 9524db0d41e..967f79aa894 100644 --- a/chromium/net/docs/proxy.md +++ b/chromium/net/docs/proxy.md @@ -1,45 +1,47 @@ # Proxy support in Chrome -This document establishes basic proxy terminology, as well as describing -behaviors specific to Chrome. +This document establishes basic proxy terminology and describes Chrome-specific +proxy behaviors. -## Proxy Server +[TOC] -A proxy server is an intermediary used for network requests. It can be -identified by the 3-tuple (scheme, host, port) where: +## Proxy server identifiers -* scheme - protocol used to communicate with the proxy (ex: SOCKSv5, HTTPS). -* host - IP or hostname of the proxy server (ex: 192.168.0.1) -* port - TCP/UDP port number (ex: 443) +A proxy server is an intermediary used for network requests. A proxy server can +be described by its address, along with the proxy scheme that should be used to +communicate with it. -There are a variety of proxy server schemes supported by Chrome. When using an -explicit proxy in the browser, multiple layers of the network request are -impacted. +This can be written as a string using either the "PAC format" or the "URI +format". -Difference between proxy server schemes include: +The PAC format is how one names a proxy server in [Proxy +auto-config](https://en.wikipedia.org/wiki/Proxy_auto-config) scripts. For +example: +* `PROXY foo:2138` +* `SOCKS5 foo:1080` +* `DIRECT` -* Is communication to the proxy done over a secure channel? -* Is name resolution (ex: DNS) done client side, or proxy side? -* What authentication schemes to the proxy server are supported? -* What network traffic can be sent through the proxy? - -Identifiers for proxy servers are often written as strings, using either the -PAC format (ex: `PROXY foo`) or Chrome's URI format (ex: `http://foo`). +The "URI format" instead encodes the information as a URL. For example: +* `foo:2138` +* `http://foo:2138` +* `socks5://foo:1080` +* `direct://` -When a proxy server's scheme is not stated, it's assumed to be HTTP in most -contexts. +The port number is optional in both formats. When omitted, a per-scheme default +is used. -This can lead to some confusion, particularly when discussing system proxy -settings. Major platform UIs have converged on the term "Secure proxy" to mean -the host:port for an (insecure) HTTP proxy to use for proxying https:// URLs. +See the [Proxy server schemes](#Proxy-server-schemes) section for details on +what schemes Chrome supports, and how to write them in the PAC and URI formats. -So when someone refers to their "HTTPS proxy" be aware of this ambiguity. The -intended meaning could be either "an HTTP proxy for https:// URLs", or "a proxy -using the HTTPS scheme". +Most UI surfaces in Chrome (including command lines and policy) expect URI +formatted proxy server identifiers. However outside of Chrome, proxy servers +are generally identified less precisely by just an address -- the proxy +scheme is assumed based on context. -In this document when we say "an HTTPS proxy", we always mean "a proxy -that the browser speaks HTTPS to", and not "an (HTTP) proxy used to proxy -https:// URLs". +In Windows' proxy settings there are host and port fields for the +"HTTP", "Secure", "FTP", and "SOCKS" proxy. With the exception of "SOCKS", +those are all identifiers for insecure HTTP proxy servers (proxy scheme is +assumed as HTTP). ## Proxy resolution @@ -49,31 +51,42 @@ When the browser is asked to fetch a URL, it needs to decide which IP endpoint to send the request to. This can be either a proxy server, or the target host. This is called proxy resolution. The input to proxy resolution is a URL, and -the output is an ordered list of proxy server options. +the output is an ordered list of [proxy server +identifiers](#Proxy-server-identifiers). What proxies to use can be described using either: -* Manual proxy settings - proxy resolution is defined using a declarative set - of rules. These rules are expressed as a mapping from URL scheme to proxy - server(s), and a list of proxy bypass rules for when to go DIRECT instead of - using the mapped proxy. +* [Manual proxy settings](#Manual-proxy-settings) - proxy resolution is defined + using a declarative set of rules. These rules are expressed as a mapping from + URL scheme to proxy server identifier(s), and a list of proxy bypass rules for + when to go DIRECT instead of using the mapped proxy. * PAC script - proxy resolution is defined using a JavaScript program, that is - invoked whenever fetching a URL to get the list of proxy servers to use. + invoked whenever fetching a URL to get the list of proxy server identifiers + to use. * Auto-detect - the WPAD protocol is used to probe the network (using DHCP/DNS) and possibly discover the URL of a PAC script. ## Proxy server schemes -Chrome supports the following proxy server schemes: +When using an explicit proxy in the browser, multiple layers of the network +request are impacted, depending on the scheme that is used. Some implications +of the proxy scheme are: + +* Is communication to the proxy done over a secure channel? +* Is name resolution (ex: DNS) done client side, or proxy side? +* What authentication schemes to the proxy server are supported? +* What network traffic can be sent through the proxy? + +Chrome supports these proxy server schemes: -* DIRECT -* HTTP -* HTTPS -* SOCKSv4 -* SOCKSv5 -* QUIC +* [DIRECT](#DIRECT-proxy-scheme) +* [HTTP](#HTTP-proxy-scheme) +* [HTTPS](#HTTPS-proxy-scheme) +* [SOCKSv4](#SOCKSv4-proxy-scheme) +* [SOCKSv5](#SOCKSv5-proxy-scheme) +* [QUIC](#QUIC-proxy-scheme) ### DIRECT proxy scheme @@ -107,7 +120,7 @@ tunnel, the hostname of the target URL is sent to the proxy server in the clear. HTTP proxies in Chrome support the same HTTP authentiation schemes as for -target servers: Basic, Digest, Negotiate/NTLM. +target servers: Basic, Digest, Negotiate, NTLM. ### HTTPS proxy scheme @@ -115,12 +128,32 @@ target servers: Basic, Digest, Negotiate/NTLM. * Example identifier (PAC): `HTTPS proxy:8080` * Example identifier (URI): `https://proxy:8080` -This works exactly like an HTTP proxy, except the communication to the proxy -server is protected by TLS. Hence `http://` requests, and hostnames for -`https://` requests are not sent in the clear as with HTTP proxies. +This works like an [HTTP proxy](#HTTP-proxy-scheme), except the +communication to the proxy server is protected by TLS, and may negotiate +HTTP/2 (but not QUIC). -In addition to HTTP authentication methods, one can also use client -certificates to authenticate to HTTPS proxies. +Because the connection to the proxy server is secure, https:// requests +sent through the proxy are not sent in the clear as with an HTTP proxy. +Similarly, since CONNECT requests are sent over a protected channel, the +hostnames for proxied https:// URLs is also not revealed. + +In addition to the usual HTTP authentication methods, HTTPS proxies also +support client certificates. + +HTTPS proxies using HTTP/2 can offer better performance in Chrome than a +regular HTTP proxy due to higher connection limits (HTTP/1.1 proxies in Chrome +are limited to 32 simultaneous connections across all domains). + +Chrome, Firefox, and Opera support HTTPS proxies; however, most older HTTP +stacks do not. + +Specifying an HTTPS proxy is generally not possible through system proxy +settings. Instead, one must use either a PAC script or a Chrome proxy setting +(command line, extension, or policy). + +See the dev.chromium.org document on [secure web +proxies](http://dev.chromium.org/developers/design-documents/secure-web-proxy) +for tips on how to run and test against an HTTPS proxy. ### SOCKSv4 proxy scheme @@ -176,25 +209,37 @@ used to relay UDP traffic. * Example identifier (PAC): `QUIC proxy:8080` * Example identifier (URI): `quic://proxy:8080` -TODO +A QUIC proxy uses QUIC (UDP) as the underlying transport, but otherwise +behaves as an HTTP proxy. It has similar properties to an [HTTPS +proxy](#HTTPS-proxy-scheme), in that the connection to the proxy server +is secure, and connection limits are less restrictive. + +Support for QUIC proxies in Chrome is currently experimental and not +ready for production use. In particular, sending https:// and wss:// +URLs through a QUIC proxy is [disabled by +default](https://bugs.chromium.org/p/chromium/issues/detail?id=969859). + +Another caveat is that QUIC does not currently support +client certificates since it does not use a TLS +handshake. This may change in future versions. ## Manual proxy settings The simplest way to configure proxy resolution is by providing a static list of rules comprised of: -1. A mapping of URL schemes to proxy servers -2. A list of proxy bypass rules +1. A mapping of URL schemes to [proxy server identifiers](#Proxy-server-identifiers). +2. A list of [proxy bypass rules](#Proxy-bypass-rules) We refer to this mode of configuration as "manual proxy settings". Manual proxy settings can succinctly describe setups like: -* Use HTTPS proxy `foo:8080` for all requests -* Use HTTP proxy `foo:8080` for all requests except those to a `google.com` +* Use proxy `http://foo:8080` for all requests +* Use proxy `http://foo:8080` for all requests except those to a `google.com` subdomain. -* Use HTTP proxy `foo:8080` for all `https://` requests, and the SOCKSv5 proxy - `mysocks:90` for everything else +* Use proxy `http://foo:8080` for all `https://` requests, and proxy + `socsk5://mysocks:90` for everything else Although manual proxy settings are a ubiquituous way to configure proxies across platforms, there is no standard representation or feature set. @@ -205,14 +250,14 @@ reversing the bypass list, or Gnome's interpretation of bypass patterns as suffix matches. When defining manual proxy settings in Chrome, we specify three (possibly -empty) lists of proxy servers: +empty) lists of [proxy server identifiers](#Proxy-server-identifiers). - * proxies for HTTP - A list of proxy servers to use for `http://` requests, - if non-empty. - * proxies for HTTPS - A list of proxy servers to use for `https://` requests, - if non-empty. - * other proxies - A list of proxy servers to use for everything else - (whatever isn't matched by the other two lists) + * proxies for HTTP - A list of proxy server identifiers to use for `http://` + requests, if non-empty. + * proxies for HTTPS - A list of proxy server identifiers to use for + `https://` requests, if non-empty. + * other proxies - A list of proxy server identifiers to use for everything + else (whatever isn't matched by the other two lists) There are a lot of ways to end up with manual proxy settings in Chrome (discussed in other sections). @@ -220,8 +265,8 @@ There are a lot of ways to end up with manual proxy settings in Chrome The following examples will use the command line method. Launching Chrome with `--proxy-server=XXX` (and optionally `--proxy-bypass-list=YYY`) -Example: To use the HTTP proxy `foo:8080` for all requests we can launch -Chrome with `--proxy-server="http://foo:8080"`. This translates into: +Example: To use proxy `http://foo:8080` for all requests we can launch +Chrome with `--proxy-server="http://foo:8080"`. This translates to: * proxies for HTTP - *empty* * proxies for HTTPS - *empty* @@ -238,8 +283,8 @@ This command line means: * other proxies - `http://foo:8080`, `direct://` If instead we wanted to proxy only `http://` URLs through the -HTTPS proxy `foo:443`, and have everything else use the SOCKSv5 proxy -`mysocks:1080` we could launch Chrome with +HTTPS proxy `https://foo:443`, and have everything else use the SOCKSv5 proxy +`socks5://mysocks:1080` we could launch Chrome with `--proxy-server="http=https://foo:443;socks=socks5://mysocks:1080"`. This now expands to: @@ -247,18 +292,20 @@ expands to: * proxies for HTTPS - *empty* * other proxies - `socks5://mysocks:1080` -The command line above uses WinInet's proxy map format, with two modifications: +The command line above uses WinInet's proxy map format, with some additional +features: -* Proxy servers can be optionally prefixed with a scheme (i.e. Chrome's "URI - format" for proxy server identifiers) -* The `socks=` mapping is understood as "other proxies". The subsequent proxy - list can include proxies of any scheme, however if the scheme is unspecified - it is understood to be `socks4://`. +* Instead of naming proxy servers by just a hostname:port, you can use Chrome's + URI format for proxy server identifiers. In other words, you can prefix the + proxy scheme so it doesn't default to HTTP. +* The `socks=` mapping is understood more broadly as "other proxies". The + subsequent proxy list can include proxies of any scheme, however if the + scheme is omitted it will be understood as SOCKSv4 rather than HTTP. -## Mapping WebSockets URLs to a proxy +### Mapping WebSockets URLs to a proxy -Manual proxy settings don't have mappings for `ws://` or `wss://` URLs - you -can't specify a separate proxy to use for those schemes. +[Manual proxy settings](#Manual-proxy-settings) don't have mappings for `ws://` +or `wss://` URLs. Selecting a proxy for these URL schemes is a bit different from other URL schemes. The algorithm that Chrome uses is: @@ -272,19 +319,22 @@ This is per the recommendation in section 4.1.3 of [RFC It is possible to route `ws://` and `wss://` separately using a PAC script. -## Proxy credentials in manual proxy settings +### Proxy credentials in manual proxy settings -Most platforms' manual proxy settings allow specifying a cleartext -username/password for proxy sign in. Chrome does not implement this, and will -not use any credentials embedded in the proxy settings. +Most platforms' [manual proxy settings](#Manual-proxy-settings) allow +specifying a cleartext username/password for proxy sign in. Chrome does not +implement this, and will not use any credentials embedded in the proxy +settings. Proxy authentication will instead go through the ordinary flow to find credentials. ## Proxy bypass rules -In addition to specifying three lists of proxy servers, Chrome's manual proxy -settings also lets you specify a list of "proxy bypass rules". +In addition to specifying three lists of [proxy server +identifiers](#proxy-server-identifiers), Chrome's [manual proxy +settings](#Manual-proxy-settings) lets you specify a list of "proxy bypass +rules". This ruleset determines whether a given URL should skip use of a proxy all together, even when a proxy is otherwise defined for it. @@ -369,8 +419,8 @@ IPV4_LITERAL "/" PREFIX_LENGTH_IN_BITS Matches any URL whose hostname is an IPv4 literal, and falls between the given address range. -Only applies to URLs that are IP literals - see "Meaning of IP address range -bypass rules". +Note this [only applies to URLs that are IP +literals](#Meaning-of-IP-address-range-bypass-rules). Examples: @@ -385,8 +435,8 @@ IPV6_LITERAL "/" PREFIX_LENGTH_IN_BITS Matches any URL that is an IPv6 literal that falls between the given range. Note that IPv6 literals must *not* be bracketed. -Only applies to URLs that are IP literals - see "Meaning of IP address range -bypass rules". +Note this [only applies to URLs that are IP +literals](#Meaning-of-IP-address-range-bypass-rules). Examples: @@ -408,8 +458,8 @@ the "Don't use proxy server for local (intranet) addresses" on Windows. The rule name comes from WinInet, and can easily be confused with the concept of localhost. However the two concepts are completely orthogonal. In practice -one wouldn't add rules to bypass localhost, as it is already done implicitly -(see "Implicit bypass rules"). +one wouldn't add rules to bypass localhost, as it is [already done +implicitly](#Implicit-bypass-rules). ### Bypass rule: Subtract implicit rules @@ -417,10 +467,9 @@ one wouldn't add rules to bypass localhost, as it is already done implicitly <-loopback> ``` -*Subtracts* the implicit proxy bypass rules (localhost and link local -addresses). See the "Implicit bypass rules" section for details on when/why to -use this, and the security caveats to doing so. Generally this is used for test -setups. +*Subtracts* the [implicit proxy bypass rules](#Implicit-bypass-rules) +(localhost and link local addresses). This is generally only needed for test +setupe. Beware of the security implications to proxying localhost. Whereas regular bypass rules instruct the browser about URLs that should *not* use the proxy, this rule has the opposite effect and tells the browser to @@ -432,8 +481,8 @@ than `127.0.0.1;<-loopback>`. ### Meaning of IP address range bypass rules -The IP address range bypass rules in manual proxy settings applies ONLY TO URL -LITERALS. This is not what one would intuitively expect! +The IP address range bypass rules in manual proxy settings applies only to URL +literals. This is not what one would intuitively expect. Example: @@ -497,7 +546,7 @@ Historical support in Chrome: * In M72 Chrome generalized the implicit proxy bypass rules to manually configured proxies -## Overriding the implicit bypass rules +### Overriding the implicit bypass rules If you want traffic to `localhost` to be sent through a proxy despite the security concerns, it can be done by adding the special proxy bypass rule @@ -516,8 +565,9 @@ proxy for localhost URLs. ## Evaluating proxy lists (proxy fallback) -Proxy resolution results in a _list_ of proxy servers to use for a given -request, not just a single proxy server. +Proxy resolution results in a _list_ of [proxy server +identifiers](#Proxy-server-identifiers) to use for a +given request, not just a single proxy server identifier. For instance, consider this PAC script: @@ -532,12 +582,13 @@ function FindProxyForURL(url, host) { ``` What proxy will Chrome use for connections to `www.example.com`, given that -we have a choice of 3 separate proxies, each of different type? +we have a choice of three separate proxy server identifiers to choose from +{`http://proxy1:80`, `https://proxy2:443`, `socks5://proxy3:1080`}? -Initially, Chrome will try the proxies in order. This means first attempting the -request through the HTTP WebProxy `proxy1`. If that "fails", the request is -next attempted through the HTTPS proxy `proxy2`. Lastly if that fails, the -request is attempted through the SOCKSv5 proxy `proxy3`. +Initially, Chrome will try the proxies in order. This means first attempting +the request through `http://proxy1:80`. If that "fails", the request is +next attempted through `https://proxy2:443`. Lastly if that fails, the +request is attempted through `socks5://proxy3:1080`. This process is referred to as _proxy fallback_. What constitutes a "failure" is described later. @@ -546,26 +597,24 @@ Proxy fallback is stateful. The actual order of proxy attempts made be Chrome is influenced by the past responsiveness of proxy servers. Let's say we request `http://www.example.com/`. Per the PAC script this -resolves to: +resolves to a list of three proxy server identifiers: -``` -"PROXY proxy1; HTTPS proxy2; SOCKS5 proxy3" -``` +{`http://proxy1:80`, `https://proxy2:443`, `socks5://proxy3:1080`} Chrome will first attempt to issue the request through these proxies in the -left-to-right order (`proxy1`, `proxy2`, `proxy3`). +left-to-right order. -Let's say that the attempt through `proxy1` fails, but then the attempt through -`proxy2` succeeds. Chrome will mark `proxy1` as _bad_ for the next 5 minutes. -Being marked as _bad_ means that `proxy1` is de-prioritized with respect to -other proxies options (including DIRECT) that are not marked as bad. +Let's say that the attempt through `http://proxy1:80` fails, but then the +attempt through `https://proxy2:443` succeeds. Chrome will mark +`http://proxy1:80` as _bad_ for the next 5 minutes. Being marked as _bad_ +means that `http://proxy1:80` is de-prioritized with respect to +other proxy server identifiers (including `direct://`) that are not marked as +bad. That means the next time `http://www.example.com/` is requested, the effective order for proxies to attempt will be: -``` -HTTPS proxy2; SOCKS5 proxy3; "PROXY proxy1" -``` +{`https://proxy2:443`, `socks5://proxy3:1080`, `http://proxy1:80`} Conceptually, _bad_ proxies are moved to the end of the list, rather than being removed from consideration all together. @@ -615,7 +664,7 @@ button on will not give feedback that the bad proxies were cleared, however capturing a new NetLog dump can confirm it was cleared. -## Arguments passed to `FindProxyForURL(url, host)` in PAC scripts +## Arguments passed to FindProxyForURL() in PAC scripts PAC scripts in Chrome are expected to define a JavaScript function `FindProxyForURL`. @@ -668,7 +717,7 @@ type, since future versions of Chrome may [deprecate that capability](https://bugs.chromium.org/p/chromium/issues/detail?id=882536) in favor of a consistent policy. -## Resolving client's IP address within a PAC script using `myIpAddress()` +## Resolving client's IP address within a PAC script using myIpAddress() PAC scripts can invoke `myIpAddress()` to obtain the client's IP address. This function returns a single IP literal, or `"127.0.0.1"` on failure. @@ -705,10 +754,10 @@ This sequence of steps explicitly favors IPv4 over IPv6 results. *Historical note*: Prior to M72, Chrome's implementation of `myIpAddress()` was effectively just `getaddrinfo(gethostname)`. This is now step 2 of the heuristic. -### What about `var pacUseMultihomedDNS`? +### What about pacUseMultihomedDNS? -In Firefox, if you define a global named `pacUseMultihomedDNS` in your PAC -script, it causes `myIpAddress()` to report the IP address of the interface +In Firefox, if you define a global variable named `pacUseMultihomedDNS` in your +PAC script, it causes `myIpAddress()` to report the IP address of the interface that would (likely) have been used had we connected to it DIRECT. In particular, it will do a DNS resolution of the target host (the hostname of @@ -720,7 +769,7 @@ meaning. A PAC script is free to define such a global, and it won't have side-effects. Chrome has no APIs or settings to change `myIpAddress()`'s algorithm. -## Resolving client's IP address within a PAC script using `myIpAddressEx()` +## Resolving client's IP address within a PAC script using myIpAddressEx() Chrome supports the [Microsoft PAC extension](https://docs.microsoft.com/en-us/windows/desktop/winhttp/myipaddressex) diff --git a/chromium/net/extras/preload_data/decoder.cc b/chromium/net/extras/preload_data/decoder.cc index b91cc48e4c5..75b48249ddc 100644 --- a/chromium/net/extras/preload_data/decoder.cc +++ b/chromium/net/extras/preload_data/decoder.cc @@ -51,13 +51,73 @@ bool PreloadDecoder::BitReader::Read(unsigned num_bits, uint32_t* out) { return true; } -// Unary sets |*out| to the result of decoding a unary value from the input. -// It returns false if there were insufficient bits in the input and true -// otherwise. -bool PreloadDecoder::BitReader::Unary(size_t* out) { - size_t ret = 0; +namespace { - for (;;) { +// Reads one bit from |reader|, shifts |*bits| left by 1, and adds the read bit +// to the end of |*bits|. +bool ReadBit(PreloadDecoder::BitReader* reader, uint8_t* bits) { + bool bit; + if (!reader->Next(&bit)) { + return false; + } + *bits <<= 1; + if (bit) { + (*bits)++; + } + return true; +} + +} // namespace + +bool PreloadDecoder::BitReader::DecodeSize(size_t* out) { + uint8_t bits = 0; + if (!ReadBit(this, &bits) || !ReadBit(this, &bits)) { + return false; + } + if (bits == 0) { + *out = 0; + return true; + } + if (!ReadBit(this, &bits)) { + return false; + } + // We've parsed 3 bits so far. Check all possible combinations: + bool is_even; + switch (bits) { + case 0b000: + case 0b001: + // This should have been handled in the if (bits == 0) check. + NOTREACHED(); + return false; + case 0b010: + // A specialization of the 0b01 prefix for unary-like even numbers. + *out = 4; + return true; + case 0b011: + // This will be handled with the prefixes for unary-like encoding below. + is_even = true; + break; + case 0b100: + *out = 1; + return true; + case 0b101: + *out = 2; + return true; + case 0b110: + *out = 3; + return true; + case 0b111: + // This will be handled with the prefixes for unary-like encoding below. + is_even = false; + break; + default: + // All cases should be covered above. + NOTREACHED(); + return false; + } + size_t bit_length = 3; + while (true) { + bit_length++; bool bit; if (!Next(&bit)) { return false; @@ -65,9 +125,11 @@ bool PreloadDecoder::BitReader::Unary(size_t* out) { if (!bit) { break; } - ret++; } - + size_t ret = (bit_length - 2) * 2; + if (!is_even) { + ret--; + } *out = ret; return true; } @@ -142,9 +204,9 @@ bool PreloadDecoder::Decode(const std::string& search, bool* out_found) { return false; } - // Decode the unary length of the common prefix. + // Decode the length of the common prefix. size_t prefix_length; - if (!bit_reader_.Unary(&prefix_length)) { + if (!bit_reader_.DecodeSize(&prefix_length)) { return false; } diff --git a/chromium/net/extras/preload_data/decoder.h b/chromium/net/extras/preload_data/decoder.h index 6afa7a7eaa7..68d7ea686d9 100644 --- a/chromium/net/extras/preload_data/decoder.h +++ b/chromium/net/extras/preload_data/decoder.h @@ -37,10 +37,36 @@ class PreloadDecoder { // insufficient bits in the input or true otherwise. bool Read(unsigned num_bits, uint32_t* out); - // Unary sets |*out| to the result of decoding a unary value from the input. - // It returns false if there were insufficient bits in the input and true - // otherwise. - bool Unary(size_t* out); + // Decodes a size_t from the reader, putting the resulting value in |*out|. + // Returns false if there are insufficient bits to read and true otherwise. + // + // This function's inverse is TrieBitBuffer::WriteSize. + // + // The encoding is a prefix code optimized for small values (less than 4). + // It is designed for the lengths of prefixes in the HSTS Preload list trie. + // Compared to the unary encoding that was previously used (where the number + // of bits used is one plus the value being encoded), this uses one more bit + // for encoding 0 and 1, and the same number of bits for encoding 2, and + // fewer bits for encoding values greater than 2. At the time of writing, + // 35% of the lengths encoded in the trie were 0 or 1, 11% were 2, and the + // remaining 54% were greater than 2. + // + // This encoding scheme uses a variable number of bits to encode each value. + // There are fixed values for 0, 1, 2, and 3, and then a simple rule is used + // for 4 and greater. 0 uses 2 bits; 1 through 3 use 3 bits. The fixed + // values are as follows: + // + // 0: 0b00 + // 1: 0b100 + // 2: 0b101 + // 3: 0b110 + // + // Note that none of the fixed values are prefixed with 0b01 or 0b111. These + // prefixes are used with a unary-like encoding for values 4 and above. + // Zero or more 1s, followed by a 0, are appended to one of those prefixes. + // Even values use the prefix 0b01, and odd values use the prefix 0b111. The + // number of 1s to append is half the value (rounded down) minus 1. + bool DecodeSize(size_t* out); // Seek sets the current offest in the input to bit number |offset|. It // returns true if |offset| is within the range of the input and false diff --git a/chromium/net/extras/sqlite/sqlite_persistent_cookie_store.cc b/chromium/net/extras/sqlite/sqlite_persistent_cookie_store.cc index a1b65f371ce..dcc0bd1a4ca 100644 --- a/chromium/net/extras/sqlite/sqlite_persistent_cookie_store.cc +++ b/chromium/net/extras/sqlite/sqlite_persistent_cookie_store.cc @@ -35,6 +35,7 @@ #include "net/extras/sqlite/cookie_crypto_delegate.h" #include "net/extras/sqlite/sqlite_persistent_store_backend_base.h" #include "net/log/net_log.h" +#include "net/log/net_log_values.h" #include "sql/error_delegate_util.h" #include "sql/meta_table.h" #include "sql/statement.h" @@ -45,9 +46,9 @@ using base::Time; namespace { -base::Value CookieKeyedLoadNetLogCallback(const std::string& key, - net::NetLogCaptureMode capture_mode) { - if (!capture_mode.include_cookies_and_credentials()) +base::Value CookieKeyedLoadNetLogParams(const std::string& key, + net::NetLogCaptureMode capture_mode) { + if (!net::NetLogCaptureIncludesSensitive(capture_mode)) return base::Value(); base::DictionaryValue dict; dict.SetString("key", key); @@ -257,7 +258,6 @@ class SQLitePersistentCookieStore::Backend std::move(client_task_runner)), num_pending_(0), restore_old_session_cookies_(restore_old_session_cookies), - num_cookies_read_(0), num_priority_waiting_(0), total_priority_requests_(0), crypto_(crypto_delegate) {} @@ -271,7 +271,6 @@ class SQLitePersistentCookieStore::Backend // Steps through all results of |smt|, makes a cookie from each, and adds the // cookie to |cookies|. Returns true if everything loaded successfully. - // Always updates |num_cookies_read_|. bool MakeCookiesFromSQLStatement( std::vector>* cookies, sql::Statement* statement); @@ -415,11 +414,6 @@ class SQLitePersistentCookieStore::Backend // Incremented and reported from the background runner. base::TimeDelta cookie_load_duration_; - // The total number of cookies read. Incremented and reported on the - // background runner. Includes those that were malformed, not decrypted - // correctly, etc. - int num_cookies_read_; - // Guards the following metrics-related properties (only accessed when // starting/completing priority loads or completing the total load). base::Lock metrics_lock_; @@ -724,9 +718,6 @@ void SQLitePersistentCookieStore::Backend::ReportMetrics() { UMA_HISTOGRAM_COUNTS_100("Cookie.PriorityLoadCount", total_priority_requests_); - - UMA_HISTOGRAM_COUNTS_10000("Cookie.NumberOfLoadedCookies", - num_cookies_read_); } } @@ -765,8 +756,6 @@ bool SQLitePersistentCookieStore::Backend::CreateDatabaseSchema() { bool SQLitePersistentCookieStore::Backend::DoInitializeDatabase() { DCHECK(db()); - base::Time start = base::Time::Now(); - // Retrieve all the domains sql::Statement smt( db()->GetUniqueStatement("SELECT DISTINCT host_key FROM cookies")); @@ -780,13 +769,6 @@ bool SQLitePersistentCookieStore::Backend::DoInitializeDatabase() { while (smt.Step()) host_keys.push_back(smt.ColumnString(0)); - UMA_HISTOGRAM_CUSTOM_TIMES("Cookie.TimeLoadDomains", - base::Time::Now() - start, - base::TimeDelta::FromMilliseconds(1), - base::TimeDelta::FromMinutes(1), 50); - - base::Time start_parse = base::Time::Now(); - // Build a map of domain keys (always eTLD+1) to domains. for (size_t idx = 0; idx < host_keys.size(); ++idx) { const std::string& domain = host_keys[idx]; @@ -794,16 +776,6 @@ bool SQLitePersistentCookieStore::Backend::DoInitializeDatabase() { keys_to_load_[key].insert(domain); } - UMA_HISTOGRAM_CUSTOM_TIMES("Cookie.TimeParseDomains", - base::Time::Now() - start_parse, - base::TimeDelta::FromMilliseconds(1), - base::TimeDelta::FromMinutes(1), 50); - - UMA_HISTOGRAM_CUSTOM_TIMES("Cookie.TimeInitializeDomainMap", - base::Time::Now() - start, - base::TimeDelta::FromMilliseconds(1), - base::TimeDelta::FromMinutes(1), 50); - if (!restore_old_session_cookies_) DeleteSessionCookiesOnStartup(); @@ -913,7 +885,6 @@ bool SQLitePersistentCookieStore::Backend::MakeCookiesFromSQLStatement( sql::Statement& smt = *statement; bool ok = true; while (smt.Step()) { - ++num_cookies_read_; std::string value; std::string encrypted_value = smt.ColumnString(4); if (!encrypted_value.empty() && crypto_) { @@ -1386,7 +1357,9 @@ void SQLitePersistentCookieStore::LoadCookiesForKey( LoadedCallback loaded_callback) { DCHECK(!loaded_callback.is_null()); net_log_.AddEvent(NetLogEventType::COOKIE_PERSISTENT_STORE_KEY_LOAD_STARTED, - base::BindRepeating(CookieKeyedLoadNetLogCallback, key)); + [&](NetLogCaptureMode capture_mode) { + return CookieKeyedLoadNetLogParams(key, capture_mode); + }); // Note that |backend_| keeps |this| alive by keeping a reference count. // If this class is ever converted over to a WeakPtr<> pattern (as TODO it // should be) this will need to be replaced by a more complex pattern that @@ -1428,9 +1401,9 @@ size_t SQLitePersistentCookieStore::GetQueueLengthForTesting() { } SQLitePersistentCookieStore::~SQLitePersistentCookieStore() { - net_log_.AddEvent( - NetLogEventType::COOKIE_PERSISTENT_STORE_CLOSED, - NetLog::StringCallback("type", "SQLitePersistentCookieStore")); + net_log_.AddEventWithStringParams( + NetLogEventType::COOKIE_PERSISTENT_STORE_CLOSED, "type", + "SQLitePersistentCookieStore"); backend_->Close(); } @@ -1445,8 +1418,9 @@ void SQLitePersistentCookieStore::CompleteKeyedLoad( const std::string& key, LoadedCallback callback, std::vector> cookie_list) { - net_log_.AddEvent(NetLogEventType::COOKIE_PERSISTENT_STORE_KEY_LOAD_COMPLETED, - NetLog::StringCallback("domain", &key)); + net_log_.AddEventWithStringParams( + NetLogEventType::COOKIE_PERSISTENT_STORE_KEY_LOAD_COMPLETED, "domain", + key); std::move(callback).Run(std::move(cookie_list)); } diff --git a/chromium/net/extras/sqlite/sqlite_persistent_cookie_store_unittest.cc b/chromium/net/extras/sqlite/sqlite_persistent_cookie_store_unittest.cc index dc3612a49fc..793bdd90540 100644 --- a/chromium/net/extras/sqlite/sqlite_persistent_cookie_store_unittest.cc +++ b/chromium/net/extras/sqlite/sqlite_persistent_cookie_store_unittest.cc @@ -392,7 +392,7 @@ TEST_F(SQLitePersistentCookieStoreTest, TestLoadCookiesForKey) { base::Unretained(this)), net_log.bound()); base::RunLoop run_loop; - net_log.SetCaptureMode(NetLogCaptureMode::Default()); + net_log.SetObserverCaptureMode(NetLogCaptureMode::kDefault); store_->LoadCookiesForKey( "aaa.com", base::Bind(&SQLitePersistentCookieStoreTest::OnKeyLoaded, base::Unretained(this), run_loop.QuitClosure())); @@ -439,8 +439,7 @@ TEST_F(SQLitePersistentCookieStoreTest, TestLoadCookiesForKey) { cookies_.clear(); store_ = nullptr; - TestNetLogEntry::List entries; - net_log.GetEntries(&entries); + auto entries = net_log.GetEntries(); size_t pos = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::COOKIE_PERSISTENT_STORE_LOAD, NetLogEventPhase::BEGIN); @@ -453,8 +452,7 @@ TEST_F(SQLitePersistentCookieStoreTest, TestLoadCookiesForKey) { pos = ExpectLogContainsSomewhere( entries, pos, NetLogEventType::COOKIE_PERSISTENT_STORE_KEY_LOAD_STARTED, NetLogEventPhase::NONE); - std::string key; - EXPECT_FALSE(entries[pos].GetStringValue("key", &key)); + EXPECT_FALSE(GetOptionalStringValueFromParams(entries[pos], "key")); pos = ExpectLogContainsSomewhere( entries, pos, NetLogEventType::COOKIE_PERSISTENT_STORE_KEY_LOAD_COMPLETED, NetLogEventPhase::NONE); diff --git a/chromium/net/extras/sqlite/sqlite_persistent_reporting_and_nel_store.cc b/chromium/net/extras/sqlite/sqlite_persistent_reporting_and_nel_store.cc index e0f6f156831..f67e487ca50 100644 --- a/chromium/net/extras/sqlite/sqlite_persistent_reporting_and_nel_store.cc +++ b/chromium/net/extras/sqlite/sqlite_persistent_reporting_and_nel_store.cc @@ -1257,8 +1257,7 @@ SQLitePersistentReportingAndNelStore::SQLitePersistentReportingAndNelStore( const base::FilePath& path, const scoped_refptr& client_task_runner, const scoped_refptr& background_task_runner) - : backend_(new Backend(path, client_task_runner, background_task_runner)), - weak_factory_(this) {} + : backend_(new Backend(path, client_task_runner, background_task_runner)) {} SQLitePersistentReportingAndNelStore::~SQLitePersistentReportingAndNelStore() { backend_->Close(); diff --git a/chromium/net/extras/sqlite/sqlite_persistent_reporting_and_nel_store.h b/chromium/net/extras/sqlite/sqlite_persistent_reporting_and_nel_store.h index 1a6a7fb25c6..cbd8646ce8b 100644 --- a/chromium/net/extras/sqlite/sqlite_persistent_reporting_and_nel_store.h +++ b/chromium/net/extras/sqlite/sqlite_persistent_reporting_and_nel_store.h @@ -77,7 +77,8 @@ class COMPONENT_EXPORT(NET_EXTRAS) SQLitePersistentReportingAndNelStore const scoped_refptr backend_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{ + this}; DISALLOW_COPY_AND_ASSIGN(SQLitePersistentReportingAndNelStore); }; diff --git a/chromium/net/features.gni b/chromium/net/features.gni index 86598e8a095..f9ae69ae193 100644 --- a/chromium/net/features.gni +++ b/chromium/net/features.gni @@ -5,9 +5,6 @@ import("//build/config/features.gni") declare_args() { - # If true, prune things down as needed for proto-quic build. - is_proto_quic = false - # Disables support for file URLs. File URL support requires use of icu. disable_file_support = false @@ -42,4 +39,11 @@ declare_args() { # Platforms where the cert verifier comparison trial is supported. # See https://crbug.com/649026. trial_comparison_cert_verifier_supported = is_desktop_linux || is_mac + + # Platforms where both the builtin cert verifier and a platform verifier are + # supported and may be switched between using the CertVerifierBuiltin feature + # flag. This does not include platforms where the builtin cert verifier is + # the only verifier supported. + builtin_cert_verifier_feature_supported = + is_desktop_linux || is_mac || is_chromeos } diff --git a/chromium/net/filter/brotli_source_stream_fuzzer.cc b/chromium/net/filter/brotli_source_stream_fuzzer.cc index ef3f4a0994b..7305a18aef0 100644 --- a/chromium/net/filter/brotli_source_stream_fuzzer.cc +++ b/chromium/net/filter/brotli_source_stream_fuzzer.cc @@ -6,18 +6,18 @@ #include "base/logging.h" #include "base/memory/ref_counted.h" -#include "base/test/fuzzed_data_provider.h" #include "net/base/io_buffer.h" #include "net/base/test_completion_callback.h" #include "net/filter/fuzzed_source_stream.h" #include "net/filter/source_stream.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" // Fuzzer for BrotliSourceStream. // // |data| is used to create a FuzzedSourceStream. extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { net::TestCompletionCallback callback; - base::FuzzedDataProvider data_provider(data, size); + FuzzedDataProvider data_provider(data, size); std::unique_ptr fuzzed_source_stream( new net::FuzzedSourceStream(&data_provider)); std::unique_ptr brotli_stream = diff --git a/chromium/net/filter/filter_source_stream.cc b/chromium/net/filter/filter_source_stream.cc index 3802dcacaea..7df6219df44 100644 --- a/chromium/net/filter/filter_source_stream.cc +++ b/chromium/net/filter/filter_source_stream.cc @@ -89,10 +89,6 @@ FilterSourceStream::SourceType FilterSourceStream::ParseEncodingType( } } -void FilterSourceStream::ReportContentDecodingFailed(SourceType type) { - UMA_HISTOGRAM_ENUMERATION("Net.ContentDecodingFailed2", type, TYPE_MAX); -} - int FilterSourceStream::DoLoop(int result) { DCHECK_NE(STATE_NONE, next_state_); @@ -161,9 +157,6 @@ int FilterSourceStream::DoFilterData() { DCHECK(bytes_output != 0 || consumed_bytes == drainable_input_buffer_->BytesRemaining()); - if (bytes_output == ERR_CONTENT_DECODING_FAILED) { - ReportContentDecodingFailed(type()); - } // FilterData() is not allowed to return ERR_IO_PENDING. DCHECK_NE(ERR_IO_PENDING, bytes_output); diff --git a/chromium/net/filter/filter_source_stream.h b/chromium/net/filter/filter_source_stream.h index be55a508cb2..75cddc165b9 100644 --- a/chromium/net/filter/filter_source_stream.h +++ b/chromium/net/filter/filter_source_stream.h @@ -40,8 +40,6 @@ class NET_EXPORT_PRIVATE FilterSourceStream : public SourceStream { static SourceType ParseEncodingType(const std::string& encoding); - static void ReportContentDecodingFailed(SourceType type); - private: enum State { STATE_NONE, diff --git a/chromium/net/filter/fuzzed_source_stream.cc b/chromium/net/filter/fuzzed_source_stream.cc index 6a711d0e476..bfe9c986600 100644 --- a/chromium/net/filter/fuzzed_source_stream.cc +++ b/chromium/net/filter/fuzzed_source_stream.cc @@ -9,10 +9,10 @@ #include #include "base/bind.h" -#include "base/test/fuzzed_data_provider.h" #include "base/threading/thread_task_runner_handle.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" namespace net { @@ -23,7 +23,7 @@ const Error kReadErrors[] = {OK, ERR_FAILED, ERR_CONTENT_DECODING_FAILED}; } // namespace -FuzzedSourceStream::FuzzedSourceStream(base::FuzzedDataProvider* data_provider) +FuzzedSourceStream::FuzzedSourceStream(FuzzedDataProvider* data_provider) : SourceStream(SourceStream::TYPE_NONE), data_provider_(data_provider), read_pending_(false), diff --git a/chromium/net/filter/fuzzed_source_stream.h b/chromium/net/filter/fuzzed_source_stream.h index 4b26829c744..fea1ee3b218 100644 --- a/chromium/net/filter/fuzzed_source_stream.h +++ b/chromium/net/filter/fuzzed_source_stream.h @@ -12,9 +12,7 @@ #include "net/base/completion_once_callback.h" #include "net/filter/source_stream.h" -namespace base { class FuzzedDataProvider; -} // namespace base namespace net { @@ -26,7 +24,7 @@ class FuzzedSourceStream : public SourceStream { public: // |data_provider| is used to determine behavior of the FuzzedSourceStream. // It must remain valid until after the FuzzedSocket is destroyed. - explicit FuzzedSourceStream(base::FuzzedDataProvider* data_provider); + explicit FuzzedSourceStream(FuzzedDataProvider* data_provider); ~FuzzedSourceStream() override; // SourceStream implementation @@ -41,7 +39,7 @@ class FuzzedSourceStream : public SourceStream { scoped_refptr read_buf, int result); - base::FuzzedDataProvider* data_provider_; + FuzzedDataProvider* data_provider_; // Whether there is a pending Read(). bool read_pending_; diff --git a/chromium/net/filter/gzip_source_stream_fuzzer.cc b/chromium/net/filter/gzip_source_stream_fuzzer.cc index 1fde1d8a527..a6dd834a56a 100644 --- a/chromium/net/filter/gzip_source_stream_fuzzer.cc +++ b/chromium/net/filter/gzip_source_stream_fuzzer.cc @@ -8,17 +8,17 @@ #include "base/logging.h" #include "base/memory/ref_counted.h" -#include "base/test/fuzzed_data_provider.h" #include "net/base/io_buffer.h" #include "net/base/test_completion_callback.h" #include "net/filter/fuzzed_source_stream.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" // Fuzzer for GzipSourceStream. // // |data| is used to create a FuzzedSourceStream. extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { net::TestCompletionCallback callback; - base::FuzzedDataProvider data_provider(data, size); + FuzzedDataProvider data_provider(data, size); std::unique_ptr fuzzed_source_stream( new net::FuzzedSourceStream(&data_provider)); diff --git a/chromium/net/ftp/ftp_ctrl_response_buffer.cc b/chromium/net/ftp/ftp_ctrl_response_buffer.cc index 997c2c62abd..b1bd27336a8 100644 --- a/chromium/net/ftp/ftp_ctrl_response_buffer.cc +++ b/chromium/net/ftp/ftp_ctrl_response_buffer.cc @@ -6,15 +6,13 @@ #include -#include "base/bind.h" -#include "base/callback.h" #include "base/logging.h" #include "base/strings/string_piece.h" #include "base/values.h" #include "net/base/net_errors.h" #include "net/base/parse_number.h" -#include "net/log/net_log.h" #include "net/log/net_log_event_type.h" +#include "net/log/net_log_values.h" namespace net { @@ -84,8 +82,7 @@ int FtpCtrlResponseBuffer::ConsumeData(const char* data, int data_length) { namespace { -base::Value NetLogFtpCtrlResponseCallback(const FtpCtrlResponse* response, - NetLogCaptureMode capture_mode) { +base::Value NetLogFtpCtrlResponseParams(const FtpCtrlResponse* response) { base::ListValue lines; for (const auto& line : response->lines) lines.GetList().push_back(NetLogStringValue(line)); @@ -103,7 +100,7 @@ FtpCtrlResponse FtpCtrlResponseBuffer::PopResponse() { responses_.pop(); net_log_.AddEvent(NetLogEventType::FTP_CONTROL_RESPONSE, - base::Bind(&NetLogFtpCtrlResponseCallback, &result)); + [&] { return NetLogFtpCtrlResponseParams(&result); }); return result; } diff --git a/chromium/net/ftp/ftp_network_transaction.cc b/chromium/net/ftp/ftp_network_transaction.cc index ba30a4dd512..4780240bed6 100644 --- a/chromium/net/ftp/ftp_network_transaction.cc +++ b/chromium/net/ftp/ftp_network_transaction.cc @@ -10,7 +10,6 @@ #include "base/bind_helpers.h" #include "base/callback_helpers.h" #include "base/compiler_specific.h" -#include "base/metrics/histogram_macros.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_split.h" #include "base/strings/string_util.h" @@ -505,8 +504,8 @@ int FtpNetworkTransaction::SendFtpCommand(const std::string& command, memcpy(write_command_buf_->data(), command.data(), command.length()); memcpy(write_command_buf_->data() + command.length(), kCRLF, 2); - net_log_.AddEvent(NetLogEventType::FTP_COMMAND_SENT, - NetLog::StringCallback("command", &command_for_log)); + net_log_.AddEventWithStringParams(NetLogEventType::FTP_COMMAND_SENT, + "command", command_for_log); next_state_ = STATE_CTRL_WRITE; return OK; @@ -681,9 +680,8 @@ int FtpNetworkTransaction::DoCtrlConnect() { ctrl_socket_ = socket_factory_->CreateTransportClientSocket( resolve_request_->GetAddressResults().value(), nullptr, net_log_.net_log(), net_log_.source()); - net_log_.AddEvent( - NetLogEventType::FTP_CONTROL_CONNECTION, - ctrl_socket_->NetLog().source().ToEventParametersCallback()); + net_log_.AddEventReferencingSource(NetLogEventType::FTP_CONTROL_CONNECTION, + ctrl_socket_->NetLog().source()); return ctrl_socket_->Connect(io_callback_); } @@ -1235,9 +1233,8 @@ int FtpNetworkTransaction::DoDataConnect() { ip_endpoint.address(), data_connection_port_); data_socket_ = socket_factory_->CreateTransportClientSocket( data_address, nullptr, net_log_.net_log(), net_log_.source()); - net_log_.AddEvent( - NetLogEventType::FTP_DATA_CONNECTION, - data_socket_->NetLog().source().ToEventParametersCallback()); + net_log_.AddEventReferencingSource(NetLogEventType::FTP_DATA_CONNECTION, + data_socket_->NetLog().source()); return data_socket_->Connect(io_callback_); } diff --git a/chromium/net/ftp/ftp_response_info.h b/chromium/net/ftp/ftp_response_info.h index d20249a09d5..576ef2501b4 100644 --- a/chromium/net/ftp/ftp_response_info.h +++ b/chromium/net/ftp/ftp_response_info.h @@ -9,10 +9,11 @@ #include "base/time/time.h" #include "net/base/ip_endpoint.h" +#include "net/base/net_export.h" namespace net { -class FtpResponseInfo { +class NET_EXPORT_PRIVATE FtpResponseInfo { public: FtpResponseInfo(); ~FtpResponseInfo(); diff --git a/chromium/net/http/bidirectional_stream.cc b/chromium/net/http/bidirectional_stream.cc index 780b8e4d01d..867f7678191 100644 --- a/chromium/net/http/bidirectional_stream.cc +++ b/chromium/net/http/bidirectional_stream.cc @@ -24,6 +24,7 @@ #include "net/log/net_log_capture_mode.h" #include "net/log/net_log_event_type.h" #include "net/log/net_log_source_type.h" +#include "net/log/net_log_values.h" #include "net/spdy/spdy_http_utils.h" #include "net/spdy/spdy_log_util.h" #include "net/ssl/ssl_cert_request_info.h" @@ -36,22 +37,22 @@ namespace net { namespace { -base::Value NetLogHeadersCallback(const spdy::SpdyHeaderBlock* headers, - NetLogCaptureMode capture_mode) { +base::Value NetLogHeadersParams(const spdy::SpdyHeaderBlock* headers, + NetLogCaptureMode capture_mode) { base::DictionaryValue dict; dict.SetKey("headers", ElideSpdyHeaderBlockForNetLog(*headers, capture_mode)); return std::move(dict); } -base::Value NetLogCallback(const GURL* url, - const std::string* method, - const HttpRequestHeaders* headers, - NetLogCaptureMode capture_mode) { +base::Value NetLogParams(const GURL& url, + const std::string& method, + const HttpRequestHeaders* headers, + NetLogCaptureMode capture_mode) { base::DictionaryValue dict; - dict.SetString("url", url->possibly_invalid_spec()); - dict.SetString("method", *method); + dict.SetString("url", url.possibly_invalid_spec()); + dict.SetString("method", method); std::string empty; - base::Value headers_param(headers->NetLogCallback(&empty, capture_mode)); + base::Value headers_param(headers->NetLogParams(empty, capture_mode)); dict.SetKey("headers", std::move(headers_param)); return std::move(dict); } @@ -86,8 +87,7 @@ BidirectionalStream::BidirectionalStream( send_request_headers_automatically_(send_request_headers_automatically), request_headers_sent_(false), delegate_(delegate), - timer_(std::move(timer)), - weak_factory_(this) { + timer_(std::move(timer)) { DCHECK(delegate_); DCHECK(request_info_); @@ -96,10 +96,12 @@ BidirectionalStream::BidirectionalStream( load_timing_info_.request_start = base::TimeTicks::Now(); if (net_log_.IsCapturing()) { - net_log_.BeginEvent( - NetLogEventType::BIDIRECTIONAL_STREAM_ALIVE, - base::Bind(&NetLogCallback, &request_info_->url, &request_info_->method, - base::Unretained(&request_info_->extra_headers))); + net_log_.BeginEvent(NetLogEventType::BIDIRECTIONAL_STREAM_ALIVE, + [&](NetLogCaptureMode capture_mode) { + return NetLogParams( + request_info_->url, request_info_->method, + &request_info_->extra_headers, capture_mode); + }); } if (!request_info_->url.SchemeIs(url::kHttpsScheme)) { @@ -145,8 +147,8 @@ int BidirectionalStream::ReadData(IOBuffer* buf, int buf_len) { // Bytes will be logged in OnDataRead(). } if (net_log_.IsCapturing()) { - net_log_.AddEvent(NetLogEventType::BIDIRECTIONAL_STREAM_READ_DATA, - NetLog::IntCallback("rv", rv)); + net_log_.AddEventWithIntParams( + NetLogEventType::BIDIRECTIONAL_STREAM_READ_DATA, "rv", rv); } return rv; } @@ -161,8 +163,9 @@ void BidirectionalStream::SendvData( DCHECK(write_buffer_len_list_.empty()); if (net_log_.IsCapturing()) { - net_log_.AddEvent(NetLogEventType::BIDIRECTIONAL_STREAM_SENDV_DATA, - NetLog::IntCallback("num_buffers", buffers.size())); + net_log_.AddEventWithIntParams( + NetLogEventType::BIDIRECTIONAL_STREAM_SENDV_DATA, "num_buffers", + buffers.size()); } stream_impl_->SendvData(buffers, lengths, end_stream); for (size_t i = 0; i < buffers.size(); ++i) { @@ -226,9 +229,9 @@ void BidirectionalStream::StartRequest(const SSLConfig& ssl_config) { void BidirectionalStream::OnStreamReady(bool request_headers_sent) { request_headers_sent_ = request_headers_sent; if (net_log_.IsCapturing()) { - net_log_.AddEvent( - NetLogEventType::BIDIRECTIONAL_STREAM_READY, - NetLog::BoolCallback("request_headers_sent", request_headers_sent)); + net_log_.AddEntryWithBoolParams( + NetLogEventType::BIDIRECTIONAL_STREAM_READY, NetLogEventPhase::NONE, + "request_headers_sent", request_headers_sent); } load_timing_info_.send_start = base::TimeTicks::Now(); load_timing_info_.send_end = load_timing_info_.send_start; @@ -245,7 +248,10 @@ void BidirectionalStream::OnHeadersReceived( } if (net_log_.IsCapturing()) { net_log_.AddEvent(NetLogEventType::BIDIRECTIONAL_STREAM_RECV_HEADERS, - base::Bind(&NetLogHeadersCallback, &response_headers)); + [&](NetLogCaptureMode capture_mode) { + return NetLogHeadersParams(&response_headers, + capture_mode); + }); } // Impl should only provide |connect_timing| and |socket_reused| info, // so use a copy to get these information only. @@ -284,9 +290,10 @@ void BidirectionalStream::OnDataSent() { if (net_log_.IsCapturing()) { if (write_buffer_list_.size() > 1) { net_log_.BeginEvent( - NetLogEventType::BIDIRECTIONAL_STREAM_BYTES_SENT_COALESCED, - NetLog::IntCallback("num_buffers_coalesced", - write_buffer_list_.size())); + NetLogEventType::BIDIRECTIONAL_STREAM_BYTES_SENT_COALESCED, [&] { + return NetLogParamsWithInt("num_buffers_coalesced", + write_buffer_list_.size()); + }); } for (size_t i = 0; i < write_buffer_list_.size(); ++i) { net_log_.AddByteTransferEvent( @@ -308,7 +315,9 @@ void BidirectionalStream::OnTrailersReceived( const spdy::SpdyHeaderBlock& trailers) { if (net_log_.IsCapturing()) { net_log_.AddEvent(NetLogEventType::BIDIRECTIONAL_STREAM_RECV_TRAILERS, - base::Bind(&NetLogHeadersCallback, &trailers)); + [&](NetLogCaptureMode capture_mode) { + return NetLogHeadersParams(&trailers, capture_mode); + }); } read_end_time_ = base::TimeTicks::Now(); delegate_->OnTrailersReceived(trailers); @@ -316,8 +325,8 @@ void BidirectionalStream::OnTrailersReceived( void BidirectionalStream::OnFailed(int status) { if (net_log_.IsCapturing()) { - net_log_.AddEvent(NetLogEventType::BIDIRECTIONAL_STREAM_FAILED, - NetLog::IntCallback("net_error", status)); + net_log_.AddEventWithIntParams(NetLogEventType::BIDIRECTIONAL_STREAM_FAILED, + "net_error", status); } NotifyFailed(status); } diff --git a/chromium/net/http/bidirectional_stream.h b/chromium/net/http/bidirectional_stream.h index d4f56f4b14e..4f0b4ab4ff6 100644 --- a/chromium/net/http/bidirectional_stream.h +++ b/chromium/net/http/bidirectional_stream.h @@ -263,7 +263,7 @@ class NET_EXPORT BidirectionalStream : public BidirectionalStreamImpl::Delegate, // are received. Other fields are populated at different stages of the request LoadTimingInfo load_timing_info_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(BidirectionalStream); }; diff --git a/chromium/net/http/bidirectional_stream_unittest.cc b/chromium/net/http/bidirectional_stream_unittest.cc index 7f6387d79c2..cb02bd3bdd5 100644 --- a/chromium/net/http/bidirectional_stream_unittest.cc +++ b/chromium/net/http/bidirectional_stream_unittest.cc @@ -408,7 +408,7 @@ class BidirectionalStreamTest : public TestWithScopedTaskEnvironment { ssl_data_.next_proto = kProtoHTTP2; ssl_data_.ssl_info.cert = ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem"); - net_log_.SetCaptureMode(NetLogCaptureMode::IncludeSocketBytes()); + net_log_.SetObserverCaptureMode(NetLogCaptureMode::kEverything); socket_factory_ = new MockTaggingClientSocketFactory(); session_deps_.socket_factory.reset(socket_factory_); } @@ -591,7 +591,7 @@ TEST_F(BidirectionalStreamTest, } TEST_F(BidirectionalStreamTest, ClientAuthRequestIgnored) { - scoped_refptr cert_request(new SSLCertRequestInfo()); + auto cert_request = base::MakeRefCounted(); cert_request->host_and_port = host_port_pair_; // First attempt receives client auth request. @@ -830,8 +830,7 @@ TEST_F(BidirectionalStreamTest, TestNetLogContainEntries) { // Destroy the delegate will destroy the stream, so we can get an end event // for BIDIRECTIONAL_STREAM_ALIVE. delegate.reset(); - TestNetLogEntry::List entries; - net_log_.GetEntries(&entries); + auto entries = net_log_.GetEntries(); size_t index = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::BIDIRECTIONAL_STREAM_ALIVE, @@ -858,29 +857,23 @@ TEST_F(BidirectionalStreamTest, TestNetLogContainEntries) { index = ExpectLogContainsSomewhere( entries, index, NetLogEventType::BIDIRECTIONAL_STREAM_READ_DATA, NetLogEventPhase::NONE); - TestNetLogEntry entry = entries[index]; - int read_result = 0; - EXPECT_TRUE(entry.params->GetInteger("rv", &read_result)); - EXPECT_EQ(ERR_IO_PENDING, read_result); + EXPECT_EQ(ERR_IO_PENDING, GetIntegerValueFromParams(entries[index], "rv")); // Sent bytes. Sending data is always asynchronous. index = ExpectLogContainsSomewhere( entries, index, NetLogEventType::BIDIRECTIONAL_STREAM_BYTES_SENT, NetLogEventPhase::NONE); - entry = entries[index]; - EXPECT_EQ(NetLogSourceType::BIDIRECTIONAL_STREAM, entry.source.type); + EXPECT_EQ(NetLogSourceType::BIDIRECTIONAL_STREAM, entries[index].source.type); // Received bytes for asynchronous read. index = ExpectLogContainsSomewhere( entries, index, NetLogEventType::BIDIRECTIONAL_STREAM_BYTES_RECEIVED, NetLogEventPhase::NONE); - entry = entries[index]; - EXPECT_EQ(NetLogSourceType::BIDIRECTIONAL_STREAM, entry.source.type); + EXPECT_EQ(NetLogSourceType::BIDIRECTIONAL_STREAM, entries[index].source.type); // Received bytes for synchronous read. index = ExpectLogContainsSomewhere( entries, index, NetLogEventType::BIDIRECTIONAL_STREAM_BYTES_RECEIVED, NetLogEventPhase::NONE); - entry = entries[index]; - EXPECT_EQ(NetLogSourceType::BIDIRECTIONAL_STREAM, entry.source.type); + EXPECT_EQ(NetLogSourceType::BIDIRECTIONAL_STREAM, entries[index].source.type); ExpectLogContainsSomewhere(entries, index, NetLogEventType::BIDIRECTIONAL_STREAM_ALIVE, NetLogEventPhase::END); @@ -1051,41 +1044,30 @@ TEST_F(BidirectionalStreamTest, TestCoalesceSmallDataBuffers) { EXPECT_EQ(CountWriteBytes(writes), delegate->GetTotalSentBytes()); EXPECT_EQ(CountReadBytes(reads), delegate->GetTotalReceivedBytes()); - TestNetLogEntry::List entries; - net_log_.GetEntries(&entries); + auto entries = net_log_.GetEntries(); size_t index = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::BIDIRECTIONAL_STREAM_SENDV_DATA, NetLogEventPhase::NONE); - TestNetLogEntry entry = entries[index]; - int num_buffers = 0; - EXPECT_TRUE(entry.params->GetInteger("num_buffers", &num_buffers)); - EXPECT_EQ(2, num_buffers); + EXPECT_EQ(2, GetIntegerValueFromParams(entries[index], "num_buffers")); index = ExpectLogContainsSomewhereAfter( entries, index, NetLogEventType::BIDIRECTIONAL_STREAM_BYTES_SENT_COALESCED, NetLogEventPhase::BEGIN); - entry = entries[index]; - int num_buffers_coalesced = 0; - EXPECT_TRUE(entry.params->GetInteger("num_buffers_coalesced", - &num_buffers_coalesced)); - EXPECT_EQ(2, num_buffers_coalesced); + EXPECT_EQ(2, + GetIntegerValueFromParams(entries[index], "num_buffers_coalesced")); index = ExpectLogContainsSomewhereAfter( entries, index, NetLogEventType::BIDIRECTIONAL_STREAM_BYTES_SENT, NetLogEventPhase::NONE); - entry = entries[index]; - int byte_count = 0; - EXPECT_TRUE(entry.params->GetInteger("byte_count", &byte_count)); - EXPECT_EQ(buf->size(), byte_count); + EXPECT_EQ(buf->size(), + GetIntegerValueFromParams(entries[index], "byte_count")); index = ExpectLogContainsSomewhereAfter( entries, index + 1, NetLogEventType::BIDIRECTIONAL_STREAM_BYTES_SENT, NetLogEventPhase::NONE); - entry = entries[index]; - byte_count = 0; - EXPECT_TRUE(entry.params->GetInteger("byte_count", &byte_count)); - EXPECT_EQ(buf2->size(), byte_count); + EXPECT_EQ(buf2->size(), + GetIntegerValueFromParams(entries[index], "byte_count")); ExpectLogContainsSomewhere( entries, index, @@ -1464,7 +1446,7 @@ TEST_F(BidirectionalStreamTest, PropagateProtocolError) { delegate->Start(std::move(request_info), http_session_.get()); base::RunLoop().RunUntilIdle(); - EXPECT_THAT(delegate->error(), IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(delegate->error(), IsError(ERR_HTTP2_PROTOCOL_ERROR)); EXPECT_EQ(delegate->response_headers().end(), delegate->response_headers().find(":status")); EXPECT_EQ(0, delegate->on_data_read_count()); @@ -1476,25 +1458,19 @@ TEST_F(BidirectionalStreamTest, PropagateProtocolError) { delegate->GetTotalSentBytes()); EXPECT_EQ(0, delegate->GetTotalReceivedBytes()); - TestNetLogEntry::List entries; - net_log_.GetEntries(&entries); + auto entries = net_log_.GetEntries(); size_t index = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::BIDIRECTIONAL_STREAM_READY, NetLogEventPhase::NONE); - TestNetLogEntry entry = entries[index]; - bool request_headers_sent = false; EXPECT_TRUE( - entry.params->GetBoolean("request_headers_sent", &request_headers_sent)); - EXPECT_TRUE(request_headers_sent); + GetBooleanValueFromParams(entries[index], "request_headers_sent")); index = ExpectLogContainsSomewhere( entries, index, NetLogEventType::BIDIRECTIONAL_STREAM_FAILED, NetLogEventPhase::NONE); - entry = entries[index]; - int net_error = OK; - EXPECT_TRUE(entry.params->GetInteger("net_error", &net_error)); - EXPECT_THAT(net_error, IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_EQ(ERR_HTTP2_PROTOCOL_ERROR, + GetNetErrorCodeFromParams(entries[index])); } TEST_F(BidirectionalStreamTest, DeleteStreamDuringOnHeadersReceived) { @@ -1704,7 +1680,7 @@ TEST_F(BidirectionalStreamTest, DeleteStreamDuringOnFailed) { delegate->response_headers().find(":status")); EXPECT_EQ(0, delegate->on_data_sent_count()); EXPECT_EQ(0, delegate->on_data_read_count()); - EXPECT_THAT(delegate->error(), IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(delegate->error(), IsError(ERR_HTTP2_PROTOCOL_ERROR)); EXPECT_EQ(kProtoHTTP2, delegate->GetProtocol()); // Bytes sent excludes the RST frame. diff --git a/chromium/net/http/broken_alternative_services.cc b/chromium/net/http/broken_alternative_services.cc index e2a71855b03..fcb9548f9f7 100644 --- a/chromium/net/http/broken_alternative_services.cc +++ b/chromium/net/http/broken_alternative_services.cc @@ -34,7 +34,7 @@ base::TimeDelta ComputeBrokenAlternativeServiceExpirationDelay( BrokenAlternativeServices::BrokenAlternativeServices( Delegate* delegate, const base::TickClock* clock) - : delegate_(delegate), clock_(clock), weak_ptr_factory_(this) { + : delegate_(delegate), clock_(clock) { DCHECK(delegate_); DCHECK(clock_); } diff --git a/chromium/net/http/broken_alternative_services.h b/chromium/net/http/broken_alternative_services.h index 3d6690f2162..2d93fb4901a 100644 --- a/chromium/net/http/broken_alternative_services.h +++ b/chromium/net/http/broken_alternative_services.h @@ -165,7 +165,7 @@ class NET_EXPORT_PRIVATE BrokenAlternativeServices { // services. base::OneShotTimer expiration_timer_; - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; }; } // namespace net diff --git a/chromium/net/http/http_auth.cc b/chromium/net/http/http_auth.cc index 338aabb4ec0..5381f1b6865 100644 --- a/chromium/net/http/http_auth.cc +++ b/chromium/net/http/http_auth.cc @@ -20,9 +20,16 @@ #include "net/http/http_response_headers.h" #include "net/http/http_util.h" #include "net/log/net_log.h" +#include "net/log/net_log_values.h" namespace net { +namespace { +const char* const kSchemeNames[] = {kBasicAuthScheme, kDigestAuthScheme, + kNtlmAuthScheme, kNegotiateAuthScheme, + kSpdyProxyAuthScheme, kMockAuthScheme}; +} // namespace + HttpAuth::Identity::Identity() : source(IDENT_SRC_NONE), invalid(true) {} // static @@ -137,9 +144,6 @@ std::string HttpAuth::GetAuthTargetString(Target target) { // static const char* HttpAuth::SchemeToString(Scheme scheme) { - static const char* const kSchemeNames[] = { - kBasicAuthScheme, kDigestAuthScheme, kNtlmAuthScheme, - kNegotiateAuthScheme, kSpdyProxyAuthScheme, kMockAuthScheme}; static_assert(base::size(kSchemeNames) == AUTH_SCHEME_MAX, "http auth scheme names incorrect size"); if (scheme < AUTH_SCHEME_BASIC || scheme >= AUTH_SCHEME_MAX) { @@ -149,6 +153,16 @@ const char* HttpAuth::SchemeToString(Scheme scheme) { return kSchemeNames[scheme]; } +// static +HttpAuth::Scheme HttpAuth::StringToScheme(const std::string& str) { + for (uint8_t i = 0; i < base::size(kSchemeNames); i++) { + if (str == kSchemeNames[i]) + return static_cast(i); + } + NOTREACHED(); + return AUTH_SCHEME_MAX; +} + // static const char* HttpAuth::AuthorizationResultToString( AuthorizationResult authorization_result) { @@ -169,10 +183,10 @@ const char* HttpAuth::AuthorizationResultToString( } // static -NetLogParametersCallback HttpAuth::NetLogAuthorizationResultCallback( +base::Value HttpAuth::NetLogAuthorizationResultParams( const char* name, AuthorizationResult authorization_result) { - return NetLog::StringCallback( + return NetLogParamsWithString( name, AuthorizationResultToString(authorization_result)); } diff --git a/chromium/net/http/http_auth.h b/chromium/net/http/http_auth.h index 90841cdbc7d..622015423a9 100644 --- a/chromium/net/http/http_auth.h +++ b/chromium/net/http/http_auth.h @@ -12,10 +12,13 @@ #include "net/base/auth.h" #include "net/base/net_export.h" #include "net/http/http_util.h" -#include "net/log/net_log_parameters_callback.h" template class scoped_refptr; +namespace base { +class Value; +} + namespace net { class HttpAuthHandler; @@ -141,13 +144,16 @@ class NET_EXPORT_PRIVATE HttpAuth { // Returns a string representation of an authentication Scheme. static const char* SchemeToString(Scheme scheme); + // Returns an authentication Scheme from a string which was produced by + // SchemeToString(). + static Scheme StringToScheme(const std::string& str); + // Returns a string representation of an authorization result. static const char* AuthorizationResultToString( AuthorizationResult authorization_result); - // Use with BoundNetLog to log an authorization result. The returned callback - // is valid as long as |name| is valid. - static NetLogParametersCallback NetLogAuthorizationResultCallback( + // Returns a value for logging an authorization result to a NetLog. + static base::Value NetLogAuthorizationResultParams( const char* name, AuthorizationResult authorization_result); diff --git a/chromium/net/http/http_auth_cache.cc b/chromium/net/http/http_auth_cache.cc index 6a36b9fb12a..ae5ccb22186 100644 --- a/chromium/net/http/http_auth_cache.cc +++ b/chromium/net/http/http_auth_cache.cc @@ -27,12 +27,6 @@ std::string GetParentDirectory(const std::string& path) { return path.substr(0, last_slash + 1); } -// Debug helper to check that |path| arguments are properly formed. -// (should be absolute path, or empty string). -void CheckPathIsValid(const std::string& path) { - DCHECK(path.empty() || path[0] == '/'); -} - // Return true if |path| is a subpath of |container|. In other words, is // |container| an ancestor of |path|? bool IsEnclosingPath(const std::string& container, const std::string& path) { @@ -42,13 +36,22 @@ bool IsEnclosingPath(const std::string& container, const std::string& path) { base::StartsWith(path, container, base::CompareCase::SENSITIVE))); } +#if DCHECK_IS_ON() // Debug helper to check that |origin| arguments are properly formed. +// TODO(asanka): Switch auth cache to use url::Origin. void CheckOriginIsValid(const GURL& origin) { DCHECK(origin.is_valid()); DCHECK(origin.SchemeIsHTTPOrHTTPS() || origin.SchemeIsWSOrWSS()); DCHECK(origin.GetOrigin() == origin); } +// Debug helper to check that |path| arguments are properly formed. +// (should be absolute path, or empty string). +void CheckPathIsValid(const std::string& path) { + DCHECK(path.empty() || path[0] == '/'); +} +#endif + // Functor used by EraseIf. struct IsEnclosedBy { explicit IsEnclosedBy(const std::string& path) : path(path) { } @@ -83,8 +86,10 @@ HttpAuthCache::Entry* HttpAuthCache::Lookup(const GURL& origin, // AddPath() only keeps the shallowest entry. HttpAuthCache::Entry* HttpAuthCache::LookupByPath(const GURL& origin, const std::string& path) { +#if DCHECK_IS_ON() CheckOriginIsValid(origin); CheckPathIsValid(path); +#endif // RFC 2617 section 2: // A client SHOULD assume that all paths at or deeper than the depth of @@ -120,8 +125,10 @@ HttpAuthCache::Entry* HttpAuthCache::Add(const GURL& origin, const std::string& auth_challenge, const AuthCredentials& credentials, const std::string& path) { +#if DCHECK_IS_ON() CheckOriginIsValid(origin); CheckPathIsValid(path); +#endif base::TimeTicks now_ticks = tick_clock_->NowTicks(); @@ -130,13 +137,16 @@ HttpAuthCache::Entry* HttpAuthCache::Add(const GURL& origin, if (!entry) { bool evicted = false; // Failsafe to prevent unbounded memory growth of the cache. + // + // Data collected in June of 2019 indicate that the eviction rate is at + // around 0.05%. I.e. 0.05% of the time the number of entries in the cache + // exceed kMaxNumRealmEntries. The evicted entry is roughly half an hour old + // (median), and it's been around 25 minutes since its last use (median). if (entries_.size() >= kMaxNumRealmEntries) { - LOG(WARNING) << "Num auth cache entries reached limit -- evicting"; + DLOG(WARNING) << "Num auth cache entries reached limit -- evicting"; EvictLeastRecentlyUsedEntry(); evicted = true; } - UMA_HISTOGRAM_BOOLEAN("Net.HttpAuthCacheAddEvicted", evicted); - entry = &(entries_.emplace(std::make_pair(origin, Entry()))->second); entry->origin_ = origin; entry->realm_ = realm; @@ -198,13 +208,15 @@ void HttpAuthCache::Entry::AddPath(const std::string& path) { bool evicted = false; // Failsafe to prevent unbounded memory growth of the cache. + // + // Data collected on June of 2019 indicate that when we get here, the list + // of paths has reached the 10 entry maximum around 1% of the time. if (paths_.size() >= kMaxNumPathsPerRealmEntry) { - LOG(WARNING) << "Num path entries for " << origin() - << " has grown too large -- evicting"; + DLOG(WARNING) << "Num path entries for " << origin() + << " has grown too large -- evicting"; paths_.pop_back(); evicted = true; } - UMA_HISTOGRAM_BOOLEAN("Net.HttpAuthCacheAddPathEvicted", evicted); // Add new path. paths_.push_front(parent_dir); @@ -297,7 +309,9 @@ HttpAuthCache::EntryMap::iterator HttpAuthCache::LookupEntryIt( const GURL& origin, const std::string& realm, HttpAuth::Scheme scheme) { +#if DCHECK_IS_ON() CheckOriginIsValid(origin); +#endif // Linear scan through the entries for the given origin. auto entry_range = entries_.equal_range(origin); @@ -330,11 +344,6 @@ void HttpAuthCache::EvictLeastRecentlyUsedEntry() { } } DCHECK(oldest_entry_it != entries_.end()); - Entry& oldest_entry = oldest_entry_it->second; - UMA_HISTOGRAM_LONG_TIMES("Net.HttpAuthCacheAddEvictedCreation", - now_ticks - oldest_entry.creation_time_ticks_); - UMA_HISTOGRAM_LONG_TIMES("Net.HttpAuthCacheAddEvictedLastUse", - now_ticks - oldest_entry.last_use_time_ticks_); entries_.erase(oldest_entry_it); } diff --git a/chromium/net/http/http_auth_controller.cc b/chromium/net/http/http_auth_controller.cc index d7cf6c20183..9f7923bb524 100644 --- a/chromium/net/http/http_auth_controller.cc +++ b/chromium/net/http/http_auth_controller.cc @@ -23,7 +23,6 @@ #include "net/http/http_request_info.h" #include "net/http/http_response_headers.h" #include "net/log/net_log_event_type.h" -#include "net/log/net_log_parameters_callback.h" #include "net/log/net_log_source.h" #include "net/log/net_log_source_type.h" #include "net/log/net_log_with_source.h" @@ -128,20 +127,13 @@ void HistogramAuthEvent(HttpAuthHandler* handler, AuthEvent auth_event) { kTargetBucketsEnd); } -base::Value ControllerParamsToValue(HttpAuth::Target target, - const GURL* url, - NetLogCaptureMode) { +base::Value ControllerParamsToValue(HttpAuth::Target target, const GURL& url) { base::Value params(base::Value::Type::DICTIONARY); params.SetStringPath("target", HttpAuth::GetAuthTargetString(target)); - params.SetStringPath("url", url->spec()); + params.SetStringPath("url", url.spec()); return params; } -NetLogParametersCallback ControllerParamsCallback(HttpAuth::Target target, - const GURL& url) { - return base::BindRepeating(&ControllerParamsToValue, target, &url); -} - } // namespace HttpAuthController::HttpAuthController( @@ -173,11 +165,12 @@ void HttpAuthController::BindToCallingNetLog( if (!net_log_.source().IsValid()) { net_log_ = NetLogWithSource::Make(caller_net_log.net_log(), NetLogSourceType::HTTP_AUTH_CONTROLLER); - net_log_.BeginEvent(NetLogEventType::AUTH_CONTROLLER, - ControllerParamsCallback(target_, auth_url_)); + net_log_.BeginEvent(NetLogEventType::AUTH_CONTROLLER, [&] { + return ControllerParamsToValue(target_, auth_url_); + }); } - caller_net_log.AddEvent(NetLogEventType::AUTH_BOUND_TO_CONTROLLER, - net_log_.source().ToEventParametersCallback()); + caller_net_log.AddEventReferencingSource( + NetLogEventType::AUTH_BOUND_TO_CONTROLLER, net_log_.source()); } int HttpAuthController::MaybeGenerateAuthToken( @@ -189,8 +182,8 @@ int HttpAuthController::MaybeGenerateAuthToken( bool needs_auth = HaveAuth() || SelectPreemptiveAuth(caller_net_log); if (!needs_auth) return OK; - net_log_.BeginEvent(NetLogEventType::AUTH_GENERATE_TOKEN, - caller_net_log.source().ToEventParametersCallback()); + net_log_.BeginEventReferencingSource(NetLogEventType::AUTH_GENERATE_TOKEN, + caller_net_log.source()); const AuthCredentials* credentials = nullptr; if (identity_.source != HttpAuth::IDENT_SRC_DEFAULT_CREDENTIALS) credentials = &identity_.credentials; @@ -275,8 +268,8 @@ int HttpAuthController::HandleAuthChallenge( DCHECK(!auth_info_); BindToCallingNetLog(caller_net_log); - net_log_.BeginEvent(NetLogEventType::AUTH_HANDLE_CHALLENGE, - caller_net_log.source().ToEventParametersCallback()); + net_log_.BeginEventReferencingSource(NetLogEventType::AUTH_HANDLE_CHALLENGE, + caller_net_log.source()); // Give the existing auth handler first try at the authentication headers. // This will also evict the entry in the HttpAuthCache if the previous diff --git a/chromium/net/http/http_auth_controller_unittest.cc b/chromium/net/http/http_auth_controller_unittest.cc index 1ce5b4e6b24..90fa3a8c2e0 100644 --- a/chromium/net/http/http_auth_controller_unittest.cc +++ b/chromium/net/http/http_auth_controller_unittest.cc @@ -21,7 +21,7 @@ #include "net/log/net_log_event_type.h" #include "net/log/net_log_with_source.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" +#include "net/log/test_net_log_util.h" #include "net/ssl/ssl_info.h" #include "testing/gtest/include/gtest/gtest.h" @@ -138,29 +138,29 @@ TEST(HttpAuthControllerTest, Logging) { RunSingleRoundAuthTest(RUN_HANDLER_SYNC, OK, OK, SCHEME_IS_ENABLED, net_log.bound()); - TestNetLogEntry::List entries; - net_log.GetEntries(&entries); + auto entries = net_log.GetEntries(); // There should be at least two events. ASSERT_GE(entries.size(), 2u); - auto begin = std::find_if(entries.begin(), entries.end(), - [](const TestNetLogEntry& e) -> bool { - std::string target, url; - if (e.type != NetLogEventType::AUTH_CONTROLLER || - e.phase != NetLogEventPhase::BEGIN || - !e.GetStringValue("target", &target) || - !e.GetStringValue("url", &url)) { - return false; - } - - EXPECT_EQ("proxy", target); - EXPECT_EQ("http://example.com/", url); - return true; - }); + auto begin = std::find_if( + entries.begin(), entries.end(), [](const NetLogEntry& e) -> bool { + if (e.type != NetLogEventType::AUTH_CONTROLLER || + e.phase != NetLogEventPhase::BEGIN) + return false; + + auto target = GetOptionalStringValueFromParams(e, "target"); + auto url = GetOptionalStringValueFromParams(e, "url"); + if (!target || !url) + return false; + + EXPECT_EQ("proxy", *target); + EXPECT_EQ("http://example.com/", *url); + return true; + }); EXPECT_TRUE(begin != entries.end()); auto end = std::find_if(++begin, entries.end(), - [](const TestNetLogEntry& e) -> bool { + [](const NetLogEntry& e) -> bool { return e.type == NetLogEventType::AUTH_CONTROLLER && e.phase == NetLogEventPhase::END; }); diff --git a/chromium/net/http/http_auth_gssapi_posix.cc b/chromium/net/http/http_auth_gssapi_posix.cc index 68a4ed882c4..f8efa9f7a2d 100644 --- a/chromium/net/http/http_auth_gssapi_posix.cc +++ b/chromium/net/http/http_auth_gssapi_posix.cc @@ -8,72 +8,24 @@ #include #include "base/base64.h" +#include "base/compiler_specific.h" #include "base/files/file_path.h" #include "base/format_macros.h" #include "base/logging.h" #include "base/stl_util.h" +#include "base/strings/string_number_conversions.h" +#include "base/strings/string_piece.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "base/threading/thread_restrictions.h" +#include "base/values.h" #include "net/base/net_errors.h" +#include "net/http/http_auth_gssapi_posix.h" #include "net/http/http_auth_multi_round_parse.h" - -// These are defined for the GSSAPI library: -// Paraphrasing the comments from gssapi.h: -// "The implementation must reserve static storage for a -// gss_OID_desc object for each constant. That constant -// should be initialized to point to that gss_OID_desc." -// These are encoded using ASN.1 BER encoding. -namespace { - -static gss_OID_desc GSS_C_NT_USER_NAME_VAL = { - 10, - const_cast("\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01") -}; -static gss_OID_desc GSS_C_NT_MACHINE_UID_NAME_VAL = { - 10, - const_cast("\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02") -}; -static gss_OID_desc GSS_C_NT_STRING_UID_NAME_VAL = { - 10, - const_cast("\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03") -}; -static gss_OID_desc GSS_C_NT_HOSTBASED_SERVICE_X_VAL = { - 6, - const_cast("\x2b\x06\x01\x05\x06\x02") -}; -static gss_OID_desc GSS_C_NT_HOSTBASED_SERVICE_VAL = { - 10, - const_cast("\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04") -}; -static gss_OID_desc GSS_C_NT_ANONYMOUS_VAL = { - 6, - const_cast("\x2b\x06\01\x05\x06\x03") -}; -static gss_OID_desc GSS_C_NT_EXPORT_NAME_VAL = { - 6, - const_cast("\x2b\x06\x01\x05\x06\x04") -}; - -} // namespace - -// Heimdal >= 1.4 will define the following as preprocessor macros. -// To avoid conflicting declarations, we have to undefine these. -#undef GSS_C_NT_USER_NAME -#undef GSS_C_NT_MACHINE_UID_NAME -#undef GSS_C_NT_STRING_UID_NAME -#undef GSS_C_NT_HOSTBASED_SERVICE_X -#undef GSS_C_NT_HOSTBASED_SERVICE -#undef GSS_C_NT_ANONYMOUS -#undef GSS_C_NT_EXPORT_NAME - -gss_OID GSS_C_NT_USER_NAME = &GSS_C_NT_USER_NAME_VAL; -gss_OID GSS_C_NT_MACHINE_UID_NAME = &GSS_C_NT_MACHINE_UID_NAME_VAL; -gss_OID GSS_C_NT_STRING_UID_NAME = &GSS_C_NT_STRING_UID_NAME_VAL; -gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &GSS_C_NT_HOSTBASED_SERVICE_X_VAL; -gss_OID GSS_C_NT_HOSTBASED_SERVICE = &GSS_C_NT_HOSTBASED_SERVICE_VAL; -gss_OID GSS_C_NT_ANONYMOUS = &GSS_C_NT_ANONYMOUS_VAL; -gss_OID GSS_C_NT_EXPORT_NAME = &GSS_C_NT_EXPORT_NAME_VAL; +#include "net/log/net_log_event_type.h" +#include "net/log/net_log_values.h" +#include "net/log/net_log_with_source.h" +#include "net/net_buildflags.h" namespace net { @@ -90,243 +42,239 @@ gss_OID_desc CHROME_GSS_SPNEGO_MECH_OID_DESC_VAL = { gss_OID CHROME_GSS_SPNEGO_MECH_OID_DESC = &CHROME_GSS_SPNEGO_MECH_OID_DESC_VAL; -// Debugging helpers. -namespace { - -std::string DisplayStatus(OM_uint32 major_status, - OM_uint32 minor_status) { - if (major_status == GSS_S_COMPLETE) - return "OK"; - return base::StringPrintf("0x%08X 0x%08X", major_status, minor_status); -} - -std::string DisplayCode(GSSAPILibrary* gssapi_lib, - OM_uint32 status, - OM_uint32 status_code_type) { - const int kMaxDisplayIterations = 8; - const size_t kMaxMsgLength = 4096; - // msg_ctx needs to be outside the loop because it is invoked multiple times. - OM_uint32 msg_ctx = 0; - std::string rv = base::StringPrintf("(0x%08X)", status); - - // This loop should continue iterating until msg_ctx is 0 after the first - // iteration. To be cautious and prevent an infinite loop, it stops after - // a finite number of iterations as well. As an added sanity check, no - // individual message may exceed |kMaxMsgLength|, and the final result - // will not exceed |kMaxMsgLength|*2-1. - for (int i = 0; i < kMaxDisplayIterations && rv.size() < kMaxMsgLength; - ++i) { - OM_uint32 min_stat; - gss_buffer_desc_struct msg = GSS_C_EMPTY_BUFFER; - OM_uint32 maj_stat = - gssapi_lib->display_status(&min_stat, status, status_code_type, - GSS_C_NULL_OID, &msg_ctx, &msg); - if (maj_stat == GSS_S_COMPLETE) { - int msg_len = (msg.length > kMaxMsgLength) ? - static_cast(kMaxMsgLength) : - static_cast(msg.length); - if (msg_len > 0 && msg.value != nullptr) { - rv += base::StringPrintf(" %.*s", msg_len, - static_cast(msg.value)); - } - } - gssapi_lib->release_buffer(&min_stat, &msg); - if (!msg_ctx) - break; +OM_uint32 DelegationTypeToFlag(DelegationType delegation_type) { + switch (delegation_type) { + case DelegationType::kNone: + return 0; + case DelegationType::kByKdcPolicy: + return GSS_C_DELEG_POLICY_FLAG; + case DelegationType::kUnconstrained: + return GSS_C_DELEG_FLAG; } - return rv; } -std::string DisplayExtendedStatus(GSSAPILibrary* gssapi_lib, - OM_uint32 major_status, - OM_uint32 minor_status) { - if (major_status == GSS_S_COMPLETE) - return "OK"; - std::string major = DisplayCode(gssapi_lib, major_status, GSS_C_GSS_CODE); - std::string minor = DisplayCode(gssapi_lib, minor_status, GSS_C_MECH_CODE); - return base::StringPrintf("Major: %s | Minor: %s", major.c_str(), - minor.c_str()); -} - -// ScopedName releases a gss_name_t when it goes out of scope. -class ScopedName { +// ScopedBuffer releases a gss_buffer_t when it goes out of scope. +class ScopedBuffer { public: - ScopedName(gss_name_t name, - GSSAPILibrary* gssapi_lib) - : name_(name), - gssapi_lib_(gssapi_lib) { + ScopedBuffer(gss_buffer_t buffer, GSSAPILibrary* gssapi_lib) + : buffer_(buffer), gssapi_lib_(gssapi_lib) { DCHECK(gssapi_lib_); } - ~ScopedName() { - if (name_ != GSS_C_NO_NAME) { + ~ScopedBuffer() { + if (buffer_ != GSS_C_NO_BUFFER) { OM_uint32 minor_status = 0; OM_uint32 major_status = - gssapi_lib_->release_name(&minor_status, &name_); - if (major_status != GSS_S_COMPLETE) { - LOG(WARNING) << "Problem releasing name. " - << DisplayStatus(major_status, minor_status); - } - name_ = GSS_C_NO_NAME; + gssapi_lib_->release_buffer(&minor_status, buffer_); + DLOG_IF(WARNING, major_status != GSS_S_COMPLETE) + << "Problem releasing buffer. major=" << major_status + << ", minor=" << minor_status; + buffer_ = GSS_C_NO_BUFFER; } } private: - gss_name_t name_; + gss_buffer_t buffer_; GSSAPILibrary* gssapi_lib_; - DISALLOW_COPY_AND_ASSIGN(ScopedName); + DISALLOW_COPY_AND_ASSIGN(ScopedBuffer); }; -// ScopedBuffer releases a gss_buffer_t when it goes out of scope. -class ScopedBuffer { +// ScopedName releases a gss_name_t when it goes out of scope. +class ScopedName { public: - ScopedBuffer(gss_buffer_t buffer, - GSSAPILibrary* gssapi_lib) - : buffer_(buffer), - gssapi_lib_(gssapi_lib) { + ScopedName(gss_name_t name, GSSAPILibrary* gssapi_lib) + : name_(name), gssapi_lib_(gssapi_lib) { DCHECK(gssapi_lib_); } - ~ScopedBuffer() { - if (buffer_ != GSS_C_NO_BUFFER) { + ~ScopedName() { + if (name_ != GSS_C_NO_NAME) { OM_uint32 minor_status = 0; - OM_uint32 major_status = - gssapi_lib_->release_buffer(&minor_status, buffer_); + OM_uint32 major_status = gssapi_lib_->release_name(&minor_status, &name_); if (major_status != GSS_S_COMPLETE) { - LOG(WARNING) << "Problem releasing buffer. " - << DisplayStatus(major_status, minor_status); + DLOG_IF(WARNING, major_status != GSS_S_COMPLETE) + << "Problem releasing name. " + << GetGssStatusValue(nullptr, "gss_release_name", major_status, + minor_status); } - buffer_ = GSS_C_NO_BUFFER; + name_ = GSS_C_NO_NAME; } } private: - gss_buffer_t buffer_; + gss_name_t name_; GSSAPILibrary* gssapi_lib_; - DISALLOW_COPY_AND_ASSIGN(ScopedBuffer); + DISALLOW_COPY_AND_ASSIGN(ScopedName); }; -namespace { - -std::string AppendIfPredefinedValue(gss_OID oid, - gss_OID predefined_oid, - const char* predefined_oid_name) { - DCHECK(oid); - DCHECK(predefined_oid); - DCHECK(predefined_oid_name); - std::string output; - if (oid->length != predefined_oid->length) - return output; - if (0 != memcmp(oid->elements, - predefined_oid->elements, - predefined_oid->length)) - return output; - - output += " ("; - output += predefined_oid_name; - output += ")"; - return output; +bool OidEquals(const gss_OID left, const gss_OID right) { + if (left->length != right->length) + return false; + return 0 == memcmp(left->elements, right->elements, right->length); } -} // namespace +base::Value GetGssStatusCodeValue(GSSAPILibrary* gssapi_lib, + OM_uint32 status, + OM_uint32 status_code_type) { + base::Value rv{base::Value::Type::DICTIONARY}; -std::string DescribeOid(GSSAPILibrary* gssapi_lib, const gss_OID oid) { - if (!oid) - return ""; - std::string output; - const size_t kMaxCharsToPrint = 1024; - OM_uint32 byte_length = oid->length; - size_t char_length = byte_length / sizeof(char); - if (char_length > kMaxCharsToPrint) { - // This might be a plain ASCII string. - // Check if the first |kMaxCharsToPrint| characters - // contain only printable characters and are NUL terminated. - const char* str = reinterpret_cast(oid); - size_t str_length = 0; - for ( ; str_length < kMaxCharsToPrint; ++str_length) { - if (!str[str_length] || !isprint(str[str_length])) - break; - } - if (!str[str_length]) { - output += base::StringPrintf("\"%s\"", str); - return output; + rv.SetIntKey("status", status); + + // Message lookups aren't performed if there's no library or if the status + // indicates success. + if (!gssapi_lib || status == GSS_S_COMPLETE) + return rv; + + // gss_display_status() can potentially return multiple strings by sending + // each string on successive invocations. State is maintained across these + // invocations in a caller supplied OM_uint32. After each successful call, + // the context is set to a non-zero value that should be passed as a message + // context to each successive gss_display_status() call. The initial and + // terminal values of this context storage is 0. + OM_uint32 message_context = 0; + + // To account for the off chance that gss_display_status() misbehaves and gets + // into an infinite loop, we'll artificially limit the number of iterations to + // |kMaxDisplayIterations|. This limit is arbitrary. + constexpr size_t kMaxDisplayIterations = 8; + size_t iterations = 0; + + // In addition, each message string is again arbitrarily limited to + // |kMaxMsgLength|. There's no real documented limit to work with here. + constexpr size_t kMaxMsgLength = 4096; + + base::Value messages{base::Value::Type::LIST}; + do { + gss_buffer_desc_struct message_buffer = GSS_C_EMPTY_BUFFER; + ScopedBuffer message_buffer_releaser(&message_buffer, gssapi_lib); + + OM_uint32 minor_status = 0; + OM_uint32 major_status = gssapi_lib->display_status( + &minor_status, status, status_code_type, GSS_C_NO_OID, &message_context, + &message_buffer); + + if (major_status != GSS_S_COMPLETE || message_buffer.length == 0 || + !message_buffer.value) { + continue; } + + base::StringPiece message_string{ + static_cast(message_buffer.value), + std::min(kMaxMsgLength, message_buffer.length)}; + + // The returned string is almost assuredly ASCII, but be defensive. + if (!base::IsStringUTF8(message_string)) + continue; + + messages.GetList().emplace_back(message_string); + } while (message_context != 0 && ++iterations < kMaxDisplayIterations); + + if (messages.GetList().size() > 0) + rv.SetKey("message", std::move(messages)); + return rv; +} + +base::Value GetGssStatusValue(GSSAPILibrary* gssapi_lib, + base::StringPiece method, + OM_uint32 major_status, + OM_uint32 minor_status) { + base::Value params{base::Value::Type::DICTIONARY}; + params.SetStringKey("function", method); + params.SetKey("major_status", GetGssStatusCodeValue(gssapi_lib, major_status, + GSS_C_GSS_CODE)); + params.SetKey("minor_status", GetGssStatusCodeValue(gssapi_lib, minor_status, + GSS_C_MECH_CODE)); + return params; +} + +base::Value OidToValue(gss_OID oid) { + base::Value params(base::Value::Type::DICTIONARY); + + if (!oid || oid->length == 0) { + params.SetStringKey("oid", ""); + return params; } - output = base::StringPrintf("(%u) \"", byte_length); - if (!oid->elements) { - output += ""; - return output; - } - const unsigned char* elements = - reinterpret_cast(oid->elements); - // Don't print more than |kMaxCharsToPrint| characters. - size_t i = 0; - for ( ; (i < byte_length) && (i < kMaxCharsToPrint); ++i) { - output += base::StringPrintf("\\x%02X", elements[i]); + + params.SetIntKey("length", oid->length); + if (!oid->elements) + return params; + + // Cap OID content at arbitrary limit 1k. + constexpr OM_uint32 kMaxOidDataSize = 1024; + params.SetKey( + "bytes", + NetLogBinaryValue(oid->elements, std::min(kMaxOidDataSize, oid->length))); + + // Based on RFC 2744 Appendix A. Hardcoding the OIDs in the list below to + // avoid having a static dependency on the library. + static const struct { + const char* symbolic_name; + const gss_OID_desc oid_desc; + } kWellKnownOIDs[] = { + {"GSS_C_NT_USER_NAME", + {10, const_cast("\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01")}}, + {"GSS_C_NT_MACHINE_UID_NAME", + {10, const_cast("\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02")}}, + {"GSS_C_NT_STRING_UID_NAME", + {10, const_cast("\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03")}}, + {"GSS_C_NT_HOSTBASED_SERVICE_X", + {6, const_cast("\x2b\x06\x01\x05\x06\x02")}}, + {"GSS_C_NT_HOSTBASED_SERVICE", + {10, const_cast("\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04")}}, + {"GSS_C_NT_ANONYMOUS", {6, const_cast("\x2b\x06\01\x05\x06\x03")}}, + {"GSS_C_NT_EXPORT_NAME", + {6, const_cast("\x2b\x06\x01\x05\x06\x04")}}}; + + for (auto& well_known_oid : kWellKnownOIDs) { + if (OidEquals(oid, const_cast(&well_known_oid.oid_desc))) + params.SetStringKey("oid", well_known_oid.symbolic_name); } - if (i >= kMaxCharsToPrint) - output += "..."; - output += "\""; - - // Check if the OID is one of the predefined values. - output += AppendIfPredefinedValue(oid, - GSS_C_NT_USER_NAME, - "GSS_C_NT_USER_NAME"); - output += AppendIfPredefinedValue(oid, - GSS_C_NT_MACHINE_UID_NAME, - "GSS_C_NT_MACHINE_UID_NAME"); - output += AppendIfPredefinedValue(oid, - GSS_C_NT_STRING_UID_NAME, - "GSS_C_NT_STRING_UID_NAME"); - output += AppendIfPredefinedValue(oid, - GSS_C_NT_HOSTBASED_SERVICE_X, - "GSS_C_NT_HOSTBASED_SERVICE_X"); - output += AppendIfPredefinedValue(oid, - GSS_C_NT_HOSTBASED_SERVICE, - "GSS_C_NT_HOSTBASED_SERVICE"); - output += AppendIfPredefinedValue(oid, - GSS_C_NT_ANONYMOUS, - "GSS_C_NT_ANONYMOUS"); - output += AppendIfPredefinedValue(oid, - GSS_C_NT_EXPORT_NAME, - "GSS_C_NT_EXPORT_NAME"); - - return output; -} - -std::string DescribeName(GSSAPILibrary* gssapi_lib, const gss_name_t name) { + + return params; +} + +base::Value GetDisplayNameValue(GSSAPILibrary* gssapi_lib, + const gss_name_t gss_name) { OM_uint32 major_status = 0; OM_uint32 minor_status = 0; - gss_buffer_desc_struct output_name_buffer = GSS_C_EMPTY_BUFFER; - gss_OID_desc output_name_type_desc = GSS_C_EMPTY_BUFFER; - gss_OID output_name_type = &output_name_type_desc; - major_status = gssapi_lib->display_name(&minor_status, - name, - &output_name_buffer, - &output_name_type); - ScopedBuffer scoped_output_name(&output_name_buffer, gssapi_lib); + gss_buffer_desc_struct name = GSS_C_EMPTY_BUFFER; + gss_OID name_type = GSS_C_NO_OID; + + base::Value rv{base::Value::Type::DICTIONARY}; + major_status = + gssapi_lib->display_name(&minor_status, gss_name, &name, &name_type); + ScopedBuffer scoped_output_name(&name, gssapi_lib); if (major_status != GSS_S_COMPLETE) { - std::string error = - base::StringPrintf("Unable to describe name 0x%p, %s", - name, - DisplayExtendedStatus(gssapi_lib, - major_status, - minor_status).c_str()); - return error; + rv.SetKey("error", GetGssStatusValue(gssapi_lib, "gss_display_name", + major_status, minor_status)); + return rv; } - int len = output_name_buffer.length; - std::string description = base::StringPrintf( - "%*s (Type %s)", - len, - reinterpret_cast(output_name_buffer.value), - DescribeOid(gssapi_lib, output_name_type).c_str()); - return description; + auto name_string = + base::StringPiece(reinterpret_cast(name.value), name.length); + rv.SetKey("name", base::IsStringUTF8(name_string) + ? NetLogStringValue(name_string) + : NetLogBinaryValue(name.value, name.length)); + rv.SetKey("type", OidToValue(name_type)); + return rv; +} + +base::Value ContextFlagsToValue(OM_uint32 flags) { + // TODO(asanka): This should break down known flags. At least the + // GSS_C_DELEG_FLAG. + return base::Value(base::StringPrintf("%08x", flags)); } -std::string DescribeContext(GSSAPILibrary* gssapi_lib, - const gss_ctx_id_t context_handle) { +base::Value GetContextStateAsValue(GSSAPILibrary* gssapi_lib, + const gss_ctx_id_t context_handle) { + base::Value rv{base::Value::Type::DICTIONARY}; + if (context_handle == GSS_C_NO_CONTEXT) { + rv.SetKey("error", + GetGssStatusValue(nullptr, "", GSS_S_NO_CONTEXT, 0)); + return rv; + } + OM_uint32 major_status = 0; OM_uint32 minor_status = 0; gss_name_t src_name = GSS_C_NO_NAME; @@ -336,8 +284,6 @@ std::string DescribeContext(GSSAPILibrary* gssapi_lib, OM_uint32 ctx_flags = 0; int locally_initiated = 0; int open = 0; - if (context_handle == GSS_C_NO_CONTEXT) - return std::string("Context: GSS_C_NO_CONTEXT"); major_status = gssapi_lib->inquire_context(&minor_status, context_handle, &src_name, @@ -347,65 +293,41 @@ std::string DescribeContext(GSSAPILibrary* gssapi_lib, &ctx_flags, &locally_initiated, &open); - ScopedName scoped_src_name(src_name, gssapi_lib); - ScopedName scoped_targ_name(targ_name, gssapi_lib); if (major_status != GSS_S_COMPLETE) { - std::string error = - base::StringPrintf("Unable to describe context 0x%p, %s", - context_handle, - DisplayExtendedStatus(gssapi_lib, - major_status, - minor_status).c_str()); - return error; + rv.SetKey("error", GetGssStatusValue(gssapi_lib, "gss_inquire_context", + major_status, minor_status)); + return rv; } - std::string source(DescribeName(gssapi_lib, src_name)); - std::string target(DescribeName(gssapi_lib, targ_name)); - std::string description = base::StringPrintf("Context 0x%p: " - "Source \"%s\", " - "Target \"%s\", " - "lifetime %d, " - "mechanism %s, " - "flags 0x%08X, " - "local %d, " - "open %d", - context_handle, - source.c_str(), - target.c_str(), - lifetime_rec, - DescribeOid(gssapi_lib, - mech_type).c_str(), - ctx_flags, - locally_initiated, - open); - return description; + ScopedName scoped_src_name(src_name, gssapi_lib); + ScopedName scoped_targ_name(targ_name, gssapi_lib); + + rv.SetKey("source", GetDisplayNameValue(gssapi_lib, src_name)); + rv.SetKey("target", GetDisplayNameValue(gssapi_lib, targ_name)); + // lifetime_rec is a uint32, while base::Value only takes ints. On 32 bit + // platforms uint32 doesn't fit on an int. + rv.SetStringKey("lifetime", base::NumberToString(lifetime_rec)); + rv.SetKey("mechanism", OidToValue(mech_type)); + rv.SetKey("flags", ContextFlagsToValue(ctx_flags)); + rv.SetBoolKey("open", !!open); + return rv; } -OM_uint32 DelegationTypeToFlag(DelegationType delegation_type) { - switch (delegation_type) { - case DelegationType::kNone: - return 0; - case DelegationType::kByKdcPolicy: - return GSS_C_DELEG_POLICY_FLAG; - case DelegationType::kUnconstrained: - return GSS_C_DELEG_FLAG; - } +namespace { + +// Return a NetLog value for the result of loading a library. +base::Value LibraryLoadResultParams(base::StringPiece library_name, + base::StringPiece load_result) { + base::Value params{base::Value::Type::DICTIONARY}; + params.SetStringKey("library_name", library_name); + if (!load_result.empty()) + params.SetStringKey("load_result", load_result); + return params; } } // namespace GSSAPISharedLibrary::GSSAPISharedLibrary(const std::string& gssapi_library_name) - : initialized_(false), - gssapi_library_name_(gssapi_library_name), - gssapi_library_(nullptr), - import_name_(nullptr), - release_name_(nullptr), - release_buffer_(nullptr), - display_name_(nullptr), - display_status_(nullptr), - init_sec_context_(nullptr), - wrap_size_limit_(nullptr), - delete_sec_context_(nullptr), - inquire_context_(nullptr) {} + : gssapi_library_name_(gssapi_library_name) {} GSSAPISharedLibrary::~GSSAPISharedLibrary() { if (gssapi_library_) { @@ -414,24 +336,23 @@ GSSAPISharedLibrary::~GSSAPISharedLibrary() { } } -bool GSSAPISharedLibrary::Init() { +bool GSSAPISharedLibrary::Init(const NetLogWithSource& net_log) { if (!initialized_) - InitImpl(); + InitImpl(net_log); return initialized_; } -bool GSSAPISharedLibrary::InitImpl() { +bool GSSAPISharedLibrary::InitImpl(const NetLogWithSource& net_log) { DCHECK(!initialized_); -#if defined(DLOPEN_KERBEROS) - gssapi_library_ = LoadSharedLibrary(); + gssapi_library_ = LoadSharedLibrary(net_log); if (gssapi_library_ == nullptr) return false; -#endif // defined(DLOPEN_KERBEROS) initialized_ = true; return true; } -base::NativeLibrary GSSAPISharedLibrary::LoadSharedLibrary() { +base::NativeLibrary GSSAPISharedLibrary::LoadSharedLibrary( + const NetLogWithSource& net_log) { const char* const* library_names; size_t num_lib_names; const char* user_specified_library[1]; @@ -456,68 +377,117 @@ base::NativeLibrary GSSAPISharedLibrary::LoadSharedLibrary() { num_lib_names = base::size(kDefaultLibraryNames); } + net_log.BeginEvent(NetLogEventType::AUTH_LIBRARY_LOAD); + + // There has to be at least one candidate. + DCHECK_NE(0u, num_lib_names); + + const char* library_name = nullptr; + base::NativeLibraryLoadError load_error; + for (size_t i = 0; i < num_lib_names; ++i) { - const char* library_name = library_names[i]; + load_error = base::NativeLibraryLoadError(); + library_name = library_names[i]; base::FilePath file_path(library_name); // TODO(asanka): Move library loading to a separate thread. // http://crbug.com/66702 base::ThreadRestrictions::ScopedAllowIO allow_io_temporarily; - base::NativeLibraryLoadError load_error; base::NativeLibrary lib = base::LoadNativeLibrary(file_path, &load_error); if (lib) { - // Only return this library if we can bind the functions we need. - if (BindMethods(lib)) + if (BindMethods(lib, library_name, net_log)) { + net_log.EndEvent(NetLogEventType::AUTH_LIBRARY_LOAD, [&] { + return LibraryLoadResultParams(library_name, ""); + }); return lib; + } base::UnloadNativeLibrary(lib); - } else { - // If this is the only library available, log the reason for failure. - LOG_IF(WARNING, num_lib_names == 1) << load_error.ToString(); } } - LOG(WARNING) << "Unable to find a compatible GSSAPI library"; + + // If loading failed, then log the result of the final attempt. Doing so + // is specially important on platforms where there's only one possible + // library. Doing so also always logs the failure when the GSSAPI library + // name is explicitly specified. + net_log.EndEvent(NetLogEventType::AUTH_LIBRARY_LOAD, [&] { + return LibraryLoadResultParams(library_name, load_error.ToString()); + }); return nullptr; } -#if defined(DLOPEN_KERBEROS) -#define BIND(lib, x) \ - DCHECK(lib); \ - gss_##x##_type x = reinterpret_cast( \ - base::GetFunctionPointerFromNativeLibrary(lib, "gss_" #x)); \ - if (x == nullptr) { \ - LOG(WARNING) << "Unable to bind function \"" \ - << "gss_" #x << "\""; \ - return false; \ - } -#else -#define BIND(lib, x) gss_##x##_type x = gss_##x -#endif +namespace { -bool GSSAPISharedLibrary::BindMethods(base::NativeLibrary lib) { - BIND(lib, import_name); - BIND(lib, release_name); - BIND(lib, release_buffer); - BIND(lib, display_name); - BIND(lib, display_status); - BIND(lib, init_sec_context); - BIND(lib, wrap_size_limit); - BIND(lib, delete_sec_context); - BIND(lib, inquire_context); - - import_name_ = import_name; - release_name_ = release_name; - release_buffer_ = release_buffer; - display_name_ = display_name; - display_status_ = display_status; - init_sec_context_ = init_sec_context; - wrap_size_limit_ = wrap_size_limit; - delete_sec_context_ = delete_sec_context; - inquire_context_ = inquire_context; +base::Value BindFailureParams(base::StringPiece library_name, + base::StringPiece method) { + base::Value params{base::Value::Type::DICTIONARY}; + params.SetStringKey("library_name", library_name); + params.SetStringKey("method", method); + return params; +} + +void* BindUntypedMethod(base::NativeLibrary lib, + base::StringPiece library_name, + base::StringPiece method, + const NetLogWithSource& net_log) { + void* ptr = base::GetFunctionPointerFromNativeLibrary(lib, method); + if (ptr == nullptr) { + std::string method_string = method.as_string(); + net_log.AddEvent(NetLogEventType::AUTH_LIBRARY_BIND_FAILED, + [&] { return BindFailureParams(library_name, method); }); + } + return ptr; +} - return true; +template +bool BindMethod(base::NativeLibrary lib, + base::StringPiece library_name, + base::StringPiece method, + T* receiver, + const NetLogWithSource& net_log) { + *receiver = reinterpret_cast( + BindUntypedMethod(lib, library_name, method, net_log)); + return *receiver != nullptr; } -#undef BIND +} // namespace + +bool GSSAPISharedLibrary::BindMethods(base::NativeLibrary lib, + base::StringPiece name, + const NetLogWithSource& net_log) { + bool ok = true; + // It's unlikely for BindMethods() to fail if LoadNativeLibrary() succeeded. A + // failure in this function indicates an interoperability issue whose + // diagnosis requires knowing all the methods that are missing. Hence |ok| is + // updated in a manner that prevents short-circuiting the BindGssMethod() + // invocations. + ok &= BindMethod(lib, name, "gss_delete_sec_context", &delete_sec_context_, + net_log); + ok &= BindMethod(lib, name, "gss_display_name", &display_name_, net_log); + ok &= BindMethod(lib, name, "gss_display_status", &display_status_, net_log); + ok &= BindMethod(lib, name, "gss_import_name", &import_name_, net_log); + ok &= BindMethod(lib, name, "gss_init_sec_context", &init_sec_context_, + net_log); + ok &= + BindMethod(lib, name, "gss_inquire_context", &inquire_context_, net_log); + ok &= BindMethod(lib, name, "gss_release_buffer", &release_buffer_, net_log); + ok &= BindMethod(lib, name, "gss_release_name", &release_name_, net_log); + ok &= + BindMethod(lib, name, "gss_wrap_size_limit", &wrap_size_limit_, net_log); + + if (LIKELY(ok)) + return true; + + delete_sec_context_ = nullptr; + display_name_ = nullptr; + display_status_ = nullptr; + import_name_ = nullptr; + init_sec_context_ = nullptr; + inquire_context_ = nullptr; + release_buffer_ = nullptr; + release_name_ = nullptr; + wrap_size_limit_ = nullptr; + return false; +} OM_uint32 GSSAPISharedLibrary::import_name( OM_uint32* minor_status, @@ -665,10 +635,10 @@ ScopedSecurityContext::~ScopedSecurityContext() { OM_uint32 minor_status = 0; OM_uint32 major_status = gssapi_lib_->delete_sec_context( &minor_status, &security_context_, &output_token); - if (major_status != GSS_S_COMPLETE) { - LOG(WARNING) << "Problem releasing security_context. " - << DisplayStatus(major_status, minor_status); - } + DLOG_IF(WARNING, major_status != GSS_S_COMPLETE) + << "Problem releasing security_context. " + << GetGssStatusValue(gssapi_lib_, "delete_sec_context", major_status, + minor_status); security_context_ = GSS_C_NO_CONTEXT; } } @@ -685,10 +655,10 @@ HttpAuthGSSAPI::HttpAuthGSSAPI(GSSAPILibrary* library, HttpAuthGSSAPI::~HttpAuthGSSAPI() = default; -bool HttpAuthGSSAPI::Init() { +bool HttpAuthGSSAPI::Init(const NetLogWithSource& net_log) { if (!library_) return false; - return library_->Init(); + return library_->Init(net_log); } bool HttpAuthGSSAPI::NeedsIdentity() const { @@ -717,6 +687,7 @@ int HttpAuthGSSAPI::GenerateAuthToken(const AuthCredentials* credentials, const std::string& spn, const std::string& channel_bindings, std::string* auth_token, + const NetLogWithSource& net_log, CompletionOnceCallback /*callback*/) { DCHECK(auth_token); @@ -727,8 +698,8 @@ int HttpAuthGSSAPI::GenerateAuthToken(const AuthCredentials* credentials, : nullptr; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; ScopedBuffer scoped_output_token(&output_token, library_); - int rv = - GetNextSecurityToken(spn, channel_bindings, &input_token, &output_token); + int rv = GetNextSecurityToken(spn, channel_bindings, &input_token, + &output_token, net_log); if (rv != OK) return rv; @@ -741,7 +712,6 @@ int HttpAuthGSSAPI::GenerateAuthToken(const AuthCredentials* credentials, return OK; } - namespace { // GSSAPI status codes consist of a calling error (essentially, a programmer @@ -750,7 +720,6 @@ namespace { // This means a simple switch on the return codes is not sufficient. int MapImportNameStatusToError(OM_uint32 major_status) { - VLOG(1) << "import_name returned 0x" << std::hex << major_status; if (major_status == GSS_S_COMPLETE) return OK; if (GSS_CALLING_ERROR(major_status) != 0) @@ -777,7 +746,6 @@ int MapImportNameStatusToError(OM_uint32 major_status) { } int MapInitSecContextStatusToError(OM_uint32 major_status) { - VLOG(1) << "init_sec_context returned 0x" << std::hex << major_status; // Although GSS_S_CONTINUE_NEEDED is an additional bit, it seems like // other code just checks if major_status is equivalent to it to indicate // that there are no other errors included. @@ -833,12 +801,45 @@ int MapInitSecContextStatusToError(OM_uint32 major_status) { return ERR_UNDOCUMENTED_SECURITY_LIBRARY_STATUS; } +base::Value ImportNameErrorParams(GSSAPILibrary* library, + base::StringPiece spn, + OM_uint32 major_status, + OM_uint32 minor_status) { + base::Value params{base::Value::Type::DICTIONARY}; + params.SetStringKey("spn", spn); + if (major_status != GSS_S_COMPLETE) + params.SetKey("status", GetGssStatusValue(library, "import_name", + major_status, minor_status)); + return params; +} + +base::Value InitSecContextErrorParams(GSSAPILibrary* library, + gss_ctx_id_t context, + OM_uint32 major_status, + OM_uint32 minor_status) { + base::Value params{base::Value::Type::DICTIONARY}; + if (major_status != GSS_S_COMPLETE) + params.SetKey("status", GetGssStatusValue(library, "gss_init_sec_context", + major_status, minor_status)); + if (context != GSS_C_NO_CONTEXT) + params.SetKey("context", GetContextStateAsValue(library, context)); + return params; +} + } // anonymous namespace int HttpAuthGSSAPI::GetNextSecurityToken(const std::string& spn, const std::string& channel_bindings, gss_buffer_t in_token, - gss_buffer_t out_token) { + gss_buffer_t out_token, + const NetLogWithSource& net_log) { + // GSSAPI header files, to this day, require OIDs passed in as non-const + // pointers. Rather than const casting, let's just leave this as non-const. + // Even if the OID pointer is const, the inner |elements| pointer is still + // non-const. + static gss_OID_desc kGSS_C_NT_HOSTBASED_SERVICE = { + 10, const_cast("\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04")}; + // Create a name for the principal // TODO(cbentzel): Just do this on the first pass? std::string spn_principal = spn; @@ -847,38 +848,33 @@ int HttpAuthGSSAPI::GetNextSecurityToken(const std::string& spn, spn_buffer.length = spn_principal.size() + 1; OM_uint32 minor_status = 0; gss_name_t principal_name = GSS_C_NO_NAME; - OM_uint32 major_status = library_->import_name( - &minor_status, - &spn_buffer, - GSS_C_NT_HOSTBASED_SERVICE, - &principal_name); + + OM_uint32 major_status = + library_->import_name(&minor_status, &spn_buffer, + &kGSS_C_NT_HOSTBASED_SERVICE, &principal_name); + net_log.AddEvent(NetLogEventType::AUTH_LIBRARY_IMPORT_NAME, [&] { + return ImportNameErrorParams(library_, spn, major_status, minor_status); + }); int rv = MapImportNameStatusToError(major_status); - if (rv != OK) { - LOG(ERROR) << "Problem importing name from " - << "spn \"" << spn_principal << "\"\n" - << DisplayExtendedStatus(library_, major_status, minor_status); + if (rv != OK) return rv; - } ScopedName scoped_name(principal_name, library_); // Continue creating a security context. - OM_uint32 req_flags = DelegationTypeToFlag(delegation_type_); + net_log.BeginEvent(NetLogEventType::AUTH_LIBRARY_INIT_SEC_CTX); major_status = library_->init_sec_context( &minor_status, GSS_C_NO_CREDENTIAL, scoped_sec_context_.receive(), - principal_name, gss_oid_, req_flags, GSS_C_INDEFINITE, - GSS_C_NO_CHANNEL_BINDINGS, in_token, + principal_name, gss_oid_, DelegationTypeToFlag(delegation_type_), + GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS, in_token, nullptr, // actual_mech_type out_token, nullptr, // ret flags nullptr); - rv = MapInitSecContextStatusToError(major_status); - if (rv != OK) { - LOG(ERROR) << "Problem initializing context. \n" - << DisplayExtendedStatus(library_, major_status, minor_status) - << '\n' - << DescribeContext(library_, scoped_sec_context_.get()); - } - return rv; + net_log.EndEvent(NetLogEventType::AUTH_LIBRARY_INIT_SEC_CTX, [&] { + return InitSecContextErrorParams(library_, scoped_sec_context_.get(), + major_status, minor_status); + }); + return MapInitSecContextStatusToError(major_status); } } // namespace net diff --git a/chromium/net/http/http_auth_gssapi_posix.h b/chromium/net/http/http_auth_gssapi_posix.h index eba04bbd7f2..c118e5b1706 100644 --- a/chromium/net/http/http_auth_gssapi_posix.h +++ b/chromium/net/http/http_auth_gssapi_posix.h @@ -10,6 +10,8 @@ #include "base/gtest_prod_util.h" #include "base/macros.h" #include "base/native_library.h" +#include "base/strings/string_piece_forward.h" +#include "base/values.h" #include "net/base/completion_once_callback.h" #include "net/base/net_export.h" #include "net/http/http_auth.h" @@ -41,7 +43,7 @@ class NET_EXPORT_PRIVATE GSSAPILibrary { // Initializes the library, including any necessary dynamic libraries. // This is done separately from construction (which happens at startup time) // in order to delay work until the class is actually needed. - virtual bool Init() = 0; + virtual bool Init(const NetLogWithSource& net_log) = 0; // These methods match the ones in the GSSAPI library. virtual OM_uint32 import_name( @@ -114,7 +116,7 @@ class NET_EXPORT_PRIVATE GSSAPISharedLibrary : public GSSAPILibrary { ~GSSAPISharedLibrary() override; // GSSAPILibrary methods: - bool Init() override; + bool Init(const NetLogWithSource& net_log) override; OM_uint32 import_name(OM_uint32* minor_status, const gss_buffer_t input_name_buffer, const gss_OID input_name_type, @@ -167,41 +169,33 @@ class NET_EXPORT_PRIVATE GSSAPISharedLibrary : public GSSAPILibrary { const std::string& GetLibraryNameForTesting() override; private: - typedef decltype(&gss_import_name) gss_import_name_type; - typedef decltype(&gss_release_name) gss_release_name_type; - typedef decltype(&gss_release_buffer) gss_release_buffer_type; - typedef decltype(&gss_display_name) gss_display_name_type; - typedef decltype(&gss_display_status) gss_display_status_type; - typedef decltype(&gss_init_sec_context) gss_init_sec_context_type; - typedef decltype(&gss_wrap_size_limit) gss_wrap_size_limit_type; - typedef decltype(&gss_delete_sec_context) gss_delete_sec_context_type; - typedef decltype(&gss_inquire_context) gss_inquire_context_type; - FRIEND_TEST_ALL_PREFIXES(HttpAuthGSSAPIPOSIXTest, GSSAPIStartup); - bool InitImpl(); + bool InitImpl(const NetLogWithSource& net_log); // Finds a usable dynamic library for GSSAPI and loads it. The criteria are: // 1. The library must exist. // 2. The library must export the functions we need. - base::NativeLibrary LoadSharedLibrary(); - bool BindMethods(base::NativeLibrary lib); + base::NativeLibrary LoadSharedLibrary(const NetLogWithSource& net_log); + bool BindMethods(base::NativeLibrary lib, + base::StringPiece library_name, + const NetLogWithSource& net_log); - bool initialized_; + bool initialized_ = false; std::string gssapi_library_name_; // Need some way to invalidate the library. - base::NativeLibrary gssapi_library_; + base::NativeLibrary gssapi_library_ = nullptr; // Function pointers - gss_import_name_type import_name_; - gss_release_name_type release_name_; - gss_release_buffer_type release_buffer_; - gss_display_name_type display_name_; - gss_display_status_type display_status_; - gss_init_sec_context_type init_sec_context_; - gss_wrap_size_limit_type wrap_size_limit_; - gss_delete_sec_context_type delete_sec_context_; - gss_inquire_context_type inquire_context_; + decltype(&gss_import_name) import_name_ = nullptr; + decltype(&gss_release_name) release_name_ = nullptr; + decltype(&gss_release_buffer) release_buffer_ = nullptr; + decltype(&gss_display_name) display_name_ = nullptr; + decltype(&gss_display_status) display_status_ = nullptr; + decltype(&gss_init_sec_context) init_sec_context_ = nullptr; + decltype(&gss_wrap_size_limit) wrap_size_limit_ = nullptr; + decltype(&gss_delete_sec_context) delete_sec_context_ = nullptr; + decltype(&gss_inquire_context) inquire_context_ = nullptr; }; // ScopedSecurityContext releases a gss_ctx_id_t when it goes out of @@ -215,7 +209,7 @@ class ScopedSecurityContext { gss_ctx_id_t* receive() { return &security_context_; } private: - gss_ctx_id_t security_context_; + gss_ctx_id_t security_context_ = GSS_C_NO_CONTEXT; GSSAPILibrary* gssapi_lib_; DISALLOW_COPY_AND_ASSIGN(ScopedSecurityContext); @@ -231,7 +225,7 @@ class NET_EXPORT_PRIVATE HttpAuthGSSAPI : public HttpNegotiateAuthSystem { ~HttpAuthGSSAPI() override; // HttpNegotiateAuthSystem implementation: - bool Init() override; + bool Init(const NetLogWithSource& net_log) override; bool NeedsIdentity() const override; bool AllowsExplicitCredentials() const override; HttpAuth::AuthorizationResult ParseChallenge( @@ -240,6 +234,7 @@ class NET_EXPORT_PRIVATE HttpAuthGSSAPI : public HttpNegotiateAuthSystem { const std::string& spn, const std::string& channel_bindings, std::string* auth_token, + const NetLogWithSource& net_log, CompletionOnceCallback callback) override; void SetDelegation(HttpAuth::DelegationType delegation_type) override; @@ -247,7 +242,8 @@ class NET_EXPORT_PRIVATE HttpAuthGSSAPI : public HttpNegotiateAuthSystem { int GetNextSecurityToken(const std::string& spn, const std::string& channel_bindings, gss_buffer_t in_token, - gss_buffer_t out_token); + gss_buffer_t out_token, + const NetLogWithSource& net_log); std::string scheme_; gss_OID gss_oid_; @@ -257,6 +253,117 @@ class NET_EXPORT_PRIVATE HttpAuthGSSAPI : public HttpNegotiateAuthSystem { HttpAuth::DelegationType delegation_type_ = HttpAuth::DelegationType::kNone; }; +// Diagnostics + +// GetGssStatusCodeValue constructs a base::Value containing a status code and a +// message. +// +// { +// "status" : , +// "message": [ +// +// ] +// } +// +// Messages are looked up via gss_display_status() exposed by |gssapi_lib|. The +// type of status code should be indicated by setting |status_code_type| to +// either |GSS_C_MECH_CODE| or |GSS_C_GSS_CODE|. +// +// Mechanism specific codes aren't unique, so the mechanism needs to be +// identified to look up messages if |status_code_type| is |GSS_C_MECH_CODE|. +// Since no mechanism OIDs are passed in, mechanism specific status codes will +// likely not have messages. +NET_EXPORT_PRIVATE base::Value GetGssStatusCodeValue( + GSSAPILibrary* gssapi_lib, + OM_uint32 status, + OM_uint32 status_code_type); + +// Given major and minor GSSAPI status codes, returns a base::Value +// encapsulating the codes as well as their meanings as expanded via +// gss_display_status(). +// +// The base::Value has the following structure: +// { +// "function": +// "major_status": { +// "status" : , +// "message": [ +// +// ] +// }, +// "minor_status": { +// "status" : , +// "message": [ +// +// ] +// } +// } +// +// Passing nullptr to |gssapi_lib| will skip the message lookups. Thus the +// returned value will be missing the "message" fields. The same is true if the +// message lookup failed for some reason, or if the lookups succeeded but +// yielded an empty message. +NET_EXPORT_PRIVATE base::Value GetGssStatusValue(GSSAPILibrary* gssapi_lib, + base::StringPiece method, + OM_uint32 major_status, + OM_uint32 minor_status); + +// OidToValue returns a base::Value representing an OID. The structure of the +// value is: +// { +// "oid": +// "length": , +// "bytes": +// } +NET_EXPORT_PRIVATE base::Value OidToValue(const gss_OID oid); + +// GetDisplayNameValue returns a base::Value representing a gss_name_t. It +// invokes |gss_display_name()| via |gssapi_lib| to determine the display name +// associated with |gss_name|. +// +// The structure of the returned value is: +// { +// "gss_name": , +// "type": +// } +// +// If the lookup failed, then the structure is: +// { +// "error": +// } +// +// Note that |gss_name_t| is platform dependent. If |gss_display_name| fails, +// there's no good value to display in its stead. +NET_EXPORT_PRIVATE base::Value GetDisplayNameValue(GSSAPILibrary* gssapi_lib, + const gss_name_t gss_name); + +// GetContextStateAsValue returns a base::Value that describes the state of a +// GSSAPI context. The structure of the value is: +// +// { +// "source": { +// "name": , +// "type": +// }, +// "target": { +// "name": , +// "type": +// }, +// "lifetime": , +// "mechanism": , +// "flags": +// "open": +// } +// +// If the inquiry fails, the following is returned: +// { +// "error": +// } +NET_EXPORT_PRIVATE base::Value GetContextStateAsValue( + GSSAPILibrary* gssapi_lib, + const gss_ctx_id_t context_handle); } // namespace net #endif // NET_HTTP_HTTP_AUTH_GSSAPI_POSIX_H_ diff --git a/chromium/net/http/http_auth_gssapi_posix_unittest.cc b/chromium/net/http/http_auth_gssapi_posix_unittest.cc index 158f5f1ff06..7ae41f76c82 100644 --- a/chromium/net/http/http_auth_gssapi_posix_unittest.cc +++ b/chromium/net/http/http_auth_gssapi_posix_unittest.cc @@ -6,13 +6,20 @@ #include +#include "base/base_paths.h" #include "base/bind.h" +#include "base/json/json_reader.h" #include "base/logging.h" #include "base/native_library.h" +#include "base/path_service.h" #include "base/stl_util.h" #include "net/base/net_errors.h" #include "net/http/http_auth_challenge_tokenizer.h" #include "net/http/mock_gssapi_library_posix.h" +#include "net/log/net_log_with_source.h" +#include "net/log/test_net_log.h" +#include "net/log/test_net_log_util.h" +#include "net/net_buildflags.h" #include "testing/gtest/include/gtest/gtest.h" namespace net { @@ -82,27 +89,100 @@ void UnexpectedCallback(int result) { } // namespace TEST(HttpAuthGSSAPIPOSIXTest, GSSAPIStartup) { + BoundTestNetLog log; // TODO(ahendrickson): Manipulate the libraries and paths to test each of the // libraries we expect, and also whether or not they have the interface // functions we want. std::unique_ptr gssapi(new GSSAPISharedLibrary(std::string())); DCHECK(gssapi.get()); - EXPECT_TRUE(gssapi.get()->Init()); + EXPECT_TRUE(gssapi.get()->Init(log.bound())); + + // Should've logged a AUTH_LIBRARY_LOAD event, but not + // AUTH_LIBRARY_BIND_FAILED. + auto entries = log.GetEntries(); + auto offset = ExpectLogContainsSomewhere( + entries, 0u, NetLogEventType::AUTH_LIBRARY_LOAD, NetLogEventPhase::BEGIN); + offset = ExpectLogContainsSomewhereAfter(entries, offset, + NetLogEventType::AUTH_LIBRARY_LOAD, + NetLogEventPhase::END); + ASSERT_LT(offset, entries.size()); + + const auto& entry = entries[offset]; + EXPECT_NE("", GetStringValueFromParams(entry, "library_name")); + + // No load_result since it succeeded. + EXPECT_FALSE(GetOptionalStringValueFromParams(entry, "load_result")); } -#if defined(DLOPEN_KERBEROS) -TEST(HttpAuthGSSAPIPOSIXTest, GSSAPILoadCustomLibrary) { +TEST(HttpAuthGSSAPIPOSIXTest, CustomLibraryMissing) { + BoundTestNetLog log; + std::unique_ptr gssapi( new GSSAPISharedLibrary("/this/library/does/not/exist")); - EXPECT_FALSE(gssapi.get()->Init()); + EXPECT_FALSE(gssapi.get()->Init(log.bound())); + + auto entries = log.GetEntries(); + auto offset = ExpectLogContainsSomewhere( + entries, 0, NetLogEventType::AUTH_LIBRARY_LOAD, NetLogEventPhase::END); + ASSERT_LT(offset, entries.size()); + + const auto& entry = entries[offset]; + EXPECT_NE("", GetStringValueFromParams(entry, "load_result")); +} + +TEST(HttpAuthGSSAPIPOSIXTest, CustomLibraryExists) { + BoundTestNetLog log; + base::FilePath module; + ASSERT_TRUE(base::PathService::Get(base::DIR_MODULE, &module)); + auto basename = base::GetNativeLibraryName("test_gssapi"); + module = module.AppendASCII(basename); + auto gssapi = std::make_unique(module.value()); + EXPECT_TRUE(gssapi.get()->Init(log.bound())); + + auto entries = log.GetEntries(); + auto offset = ExpectLogContainsSomewhere( + entries, 0, NetLogEventType::AUTH_LIBRARY_LOAD, NetLogEventPhase::END); + ASSERT_LT(offset, entries.size()); + + const auto& entry = entries[offset]; + EXPECT_FALSE(GetOptionalStringValueFromParams(entry, "load_result")); + EXPECT_EQ(module.AsUTF8Unsafe(), + GetStringValueFromParams(entry, "library_name")); +} + +TEST(HttpAuthGSSAPIPOSIXTest, CustomLibraryMethodsMissing) { + BoundTestNetLog log; + base::FilePath module; + ASSERT_TRUE(base::PathService::Get(base::DIR_MODULE, &module)); + auto basename = base::GetNativeLibraryName("test_badgssapi"); + module = module.AppendASCII(basename); + auto gssapi = std::make_unique(module.value()); + + // Are you here because this test mysteriously passed even though the library + // doesn't actually have all the methods we need? This could be because the + // test library (//net:test_badgssapi) inadvertently depends on a valid GSSAPI + // library. On macOS this can happen because it's pretty easy to end up + // depending on GSS.framework. + // + // To resolve this issue, make sure that //net:test_badgssapi target in + // //net/BUILD.gn should have an empty `deps` and an empty `libs`. + EXPECT_FALSE(gssapi.get()->Init(log.bound())); + + auto entries = log.GetEntries(); + auto offset = ExpectLogContainsSomewhere( + entries, 0, NetLogEventType::AUTH_LIBRARY_BIND_FAILED, + NetLogEventPhase::NONE); + ASSERT_LT(offset, entries.size()); + + const auto& entry = entries[offset]; + EXPECT_EQ("gss_import_name", GetStringValueFromParams(entry, "method")); } -#endif // defined(DLOPEN_KERBEROS) TEST(HttpAuthGSSAPIPOSIXTest, GSSAPICycle) { std::unique_ptr mock_library( new test::MockGSSAPILibrary); DCHECK(mock_library.get()); - mock_library->Init(); + mock_library->Init(NetLogWithSource()); const char kAuthResponse[] = "Mary had a little lamb"; test::GssContextMockImpl context1( "localhost", // Source name @@ -198,6 +278,7 @@ TEST(HttpAuthGSSAPITest, ParseChallenge_FirstRound) { } TEST(HttpAuthGSSAPITest, ParseChallenge_TwoRounds) { + BoundTestNetLog log; // The first round should just have "Negotiate", and the second round should // have a valid base64 token associated with it. test::MockGSSAPILibrary mock_library; @@ -212,15 +293,30 @@ TEST(HttpAuthGSSAPITest, ParseChallenge_TwoRounds) { // Generate an auth token and create another thing. EstablishInitialContext(&mock_library); std::string auth_token; - EXPECT_EQ(OK, auth_gssapi.GenerateAuthToken( - nullptr, "HTTP/intranet.google.com", std::string(), - &auth_token, base::BindOnce(&UnexpectedCallback))); + EXPECT_EQ( + OK, auth_gssapi.GenerateAuthToken(nullptr, "HTTP/intranet.google.com", + std::string(), &auth_token, log.bound(), + base::BindOnce(&UnexpectedCallback))); std::string second_challenge_text = "Negotiate Zm9vYmFy"; HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(), second_challenge_text.end()); EXPECT_EQ(HttpAuth::AUTHORIZATION_RESULT_ACCEPT, auth_gssapi.ParseChallenge(&second_challenge)); + + auto entries = log.GetEntries(); + auto offset = ExpectLogContainsSomewhere( + entries, 0, NetLogEventType::AUTH_LIBRARY_INIT_SEC_CTX, + NetLogEventPhase::END); + // There should be two of these. + offset = ExpectLogContainsSomewhere( + entries, offset, NetLogEventType::AUTH_LIBRARY_INIT_SEC_CTX, + NetLogEventPhase::END); + ASSERT_LT(offset, entries.size()); + const std::string* source = + entries[offset].params.FindStringPath("context.source.name"); + ASSERT_TRUE(source); + EXPECT_EQ("localhost", *source); } TEST(HttpAuthGSSAPITest, ParseChallenge_UnexpectedTokenFirstRound) { @@ -250,9 +346,10 @@ TEST(HttpAuthGSSAPITest, ParseChallenge_MissingTokenSecondRound) { EstablishInitialContext(&mock_library); std::string auth_token; - EXPECT_EQ(OK, auth_gssapi.GenerateAuthToken( - nullptr, "HTTP/intranet.google.com", std::string(), - &auth_token, base::BindOnce(&UnexpectedCallback))); + EXPECT_EQ(OK, + auth_gssapi.GenerateAuthToken( + nullptr, "HTTP/intranet.google.com", std::string(), &auth_token, + NetLogWithSource(), base::BindOnce(&UnexpectedCallback))); std::string second_challenge_text = "Negotiate"; HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(), second_challenge_text.end()); @@ -274,9 +371,10 @@ TEST(HttpAuthGSSAPITest, ParseChallenge_NonBase64EncodedToken) { EstablishInitialContext(&mock_library); std::string auth_token; - EXPECT_EQ(OK, auth_gssapi.GenerateAuthToken( - nullptr, "HTTP/intranet.google.com", std::string(), - &auth_token, base::BindOnce(&UnexpectedCallback))); + EXPECT_EQ(OK, + auth_gssapi.GenerateAuthToken( + nullptr, "HTTP/intranet.google.com", std::string(), &auth_token, + NetLogWithSource(), base::BindOnce(&UnexpectedCallback))); std::string second_challenge_text = "Negotiate =happyjoy="; HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(), second_challenge_text.end()); @@ -284,4 +382,282 @@ TEST(HttpAuthGSSAPITest, ParseChallenge_NonBase64EncodedToken) { auth_gssapi.ParseChallenge(&second_challenge)); } +TEST(HttpAuthGSSAPITest, OidToValue_NIL) { + auto actual = OidToValue(GSS_C_NO_OID); + auto expected = base::JSONReader::Read(R"({ "oid": "" })"); + ASSERT_TRUE(expected.has_value()); + EXPECT_EQ(actual, expected); +} + +TEST(HttpAuthGSSAPITest, OidToValue_Known) { + gss_OID_desc known = {6, const_cast("\x2b\x06\01\x05\x06\x03")}; + + auto actual = OidToValue(const_cast(&known)); + auto expected = base::JSONReader::Read(R"( + { + "oid" : "GSS_C_NT_ANONYMOUS", + "length": 6, + "bytes" : "KwYBBQYD" + } + )"); + ASSERT_TRUE(expected.has_value()); + EXPECT_EQ(actual, expected); +} + +TEST(HttpAuthGSSAPITest, OidToValue_Unknown) { + gss_OID_desc unknown = {6, const_cast("\x2b\x06\01\x05\x06\x05")}; + auto actual = OidToValue(const_cast(&unknown)); + auto expected = base::JSONReader::Read(R"( + { + "length": 6, + "bytes" : "KwYBBQYF" + } + )"); + ASSERT_TRUE(expected.has_value()); + EXPECT_EQ(actual, expected); +} + +TEST(HttpAuthGSSAPITest, GetGssStatusValue_NoLibrary) { + auto actual = GetGssStatusValue(nullptr, "my_method", GSS_S_BAD_NAME, 1); + auto expected = base::JSONReader::Read(R"( + { + "function": "my_method", + "major_status": { + "status": 131072 + }, + "minor_status": { + "status": 1 + } + } + )"); + ASSERT_TRUE(expected.has_value()); + EXPECT_EQ(actual, expected); +} + +TEST(HttpAuthGSSAPITest, GetGssStatusValue_WithLibrary) { + test::MockGSSAPILibrary library; + auto actual = GetGssStatusValue(&library, "my_method", GSS_S_BAD_NAME, 1); + auto expected = base::JSONReader::Read(R"( + { + "function": "my_method", + "major_status": { + "status": 131072, + "message": [ "Value: 131072, Type 1" ] + }, + "minor_status": { + "status": 1, + "message": [ "Value: 1, Type 2" ] + } + } + )"); + ASSERT_TRUE(expected.has_value()); + EXPECT_EQ(actual, expected); +} + +TEST(HttpAuthGSSAPITest, GetGssStatusValue_Multiline) { + test::MockGSSAPILibrary library; + auto actual = GetGssStatusValue( + &library, "my_method", + static_cast( + test::MockGSSAPILibrary::DisplayStatusSpecials::MultiLine), + 0); + auto expected = base::JSONReader::Read(R"( + { + "function": "my_method", + "major_status": { + "status": 128, + "message": [ + "Line 1 for status 128", + "Line 2 for status 128", + "Line 3 for status 128", + "Line 4 for status 128", + "Line 5 for status 128" + ] + }, + "minor_status": { + "status": 0 + } + } + )"); + ASSERT_TRUE(expected.has_value()); + EXPECT_EQ(actual, expected); +} + +TEST(HttpAuthGSSAPITest, GetGssStatusValue_InfiniteLines) { + test::MockGSSAPILibrary library; + auto actual = GetGssStatusValue( + &library, "my_method", + static_cast( + test::MockGSSAPILibrary::DisplayStatusSpecials::InfiniteLines), + 0); + auto expected = base::JSONReader::Read(R"( + { + "function": "my_method", + "major_status": { + "status": 129, + "message": [ + "Line 1 for status 129", + "Line 2 for status 129", + "Line 3 for status 129", + "Line 4 for status 129", + "Line 5 for status 129", + "Line 6 for status 129", + "Line 7 for status 129", + "Line 8 for status 129" + ] + }, + "minor_status": { + "status": 0 + } + } + )"); + ASSERT_TRUE(expected.has_value()); + EXPECT_EQ(actual, expected); +} + +TEST(HttpAuthGSSAPITest, GetGssStatusValue_Failure) { + test::MockGSSAPILibrary library; + auto actual = GetGssStatusValue( + &library, "my_method", + static_cast( + test::MockGSSAPILibrary::DisplayStatusSpecials::Fail), + 0); + auto expected = base::JSONReader::Read(R"( + { + "function": "my_method", + "major_status": { + "status": 130 + }, + "minor_status": { + "status": 0 + } + } + )"); + ASSERT_TRUE(expected.has_value()); + EXPECT_EQ(actual, expected); +} + +TEST(HttpAuthGSSAPITest, GetGssStatusValue_EmptyMessage) { + test::MockGSSAPILibrary library; + auto actual = GetGssStatusValue( + &library, "my_method", + static_cast( + test::MockGSSAPILibrary::DisplayStatusSpecials::EmptyMessage), + 0); + auto expected = base::JSONReader::Read(R"( + { + "function": "my_method", + "major_status": { + "status": 131 + }, + "minor_status": { + "status": 0 + } + } + )"); + ASSERT_TRUE(expected.has_value()); + EXPECT_EQ(actual, expected); +} + +TEST(HttpAuthGSSAPITest, GetGssStatusValue_Misbehave) { + test::MockGSSAPILibrary library; + auto actual = GetGssStatusValue( + &library, "my_method", + static_cast( + test::MockGSSAPILibrary::DisplayStatusSpecials::UninitalizedBuffer), + 0); + auto expected = base::JSONReader::Read(R"( + { + "function": "my_method", + "major_status": { + "status": 132 + }, + "minor_status": { + "status": 0 + } + } + )"); + ASSERT_TRUE(expected.has_value()); + EXPECT_EQ(actual, expected); +} + +TEST(HttpAuthGSSAPITest, GetGssStatusValue_NotUtf8) { + test::MockGSSAPILibrary library; + auto actual = GetGssStatusValue( + &library, "my_method", + static_cast( + test::MockGSSAPILibrary::DisplayStatusSpecials::InvalidUtf8), + 0); + auto expected = base::JSONReader::Read(R"( + { + "function": "my_method", + "major_status": { + "status": 133 + }, + "minor_status": { + "status": 0 + } + } + )"); + ASSERT_TRUE(expected.has_value()); + EXPECT_EQ(actual, expected); +} + +TEST(HttpAuthGSSAPITest, GetContextStateAsValue_ValidContext) { + test::GssContextMockImpl context{"source_spn@somewhere", + "target_spn@somewhere.else", + /* lifetime_rec= */ 100, + *CHROME_GSS_SPNEGO_MECH_OID_DESC, + /* ctx_flags= */ 0, + /* locally_initiated= */ 1, + /* open= */ 0}; + test::MockGSSAPILibrary library; + auto actual = GetContextStateAsValue( + &library, reinterpret_cast(&context)); + auto expected = base::JSONReader::Read(R"( + { + "source": { + "name": "source_spn@somewhere", + "type": { + "oid" : "" + } + }, + "target": { + "name": "target_spn@somewhere.else", + "type": { + "oid" : "" + } + }, + "lifetime": "100", + "mechanism": { + "oid": "" + }, + "flags": "00000000", + "open": false + } + )"); + ASSERT_TRUE(expected.has_value()); + EXPECT_EQ(actual, expected); +} + +TEST(HttpAuthGSSAPITest, GetContextStateAsValue_NoContext) { + test::MockGSSAPILibrary library; + auto actual = GetContextStateAsValue(&library, GSS_C_NO_CONTEXT); + auto expected = base::JSONReader::Read(R"( + { + "error": { + "function": "", + "major_status": { + "status": 524288 + }, + "minor_status": { + "status": 0 + } + } + } + )"); + ASSERT_TRUE(expected.has_value()); + EXPECT_EQ(actual, expected); +} + } // namespace net diff --git a/chromium/net/http/http_auth_handler.cc b/chromium/net/http/http_auth_handler.cc index f1cf12bf5f4..fc89e546a8f 100644 --- a/chromium/net/http/http_auth_handler.cc +++ b/chromium/net/http/http_auth_handler.cc @@ -39,8 +39,8 @@ bool HttpAuthHandler::InitFromChallenge(HttpAuthChallengeTokenizer* challenge, auth_challenge_ = challenge->challenge_text(); net_log_.BeginEvent(NetLogEventType::AUTH_HANDLER_INIT); bool ok = Init(challenge, ssl_info); - net_log_.EndEvent(NetLogEventType::AUTH_HANDLER_INIT, - NetLog::BoolCallback("succeeded", ok)); + net_log_.AddEntryWithBoolParams(NetLogEventType::AUTH_HANDLER_INIT, + NetLogEventPhase::END, "succeeded", ok); // Init() is expected to set the scheme, realm, score, and properties. The // realm may be empty. @@ -100,9 +100,10 @@ void HttpAuthHandler::FinishGenerateAuthToken(int rv) { HttpAuth::AuthorizationResult HttpAuthHandler::HandleAnotherChallenge( HttpAuthChallengeTokenizer* challenge) { auto authorization_result = HandleAnotherChallengeImpl(challenge); - net_log_.AddEvent(NetLogEventType::AUTH_HANDLE_CHALLENGE, - HttpAuth::NetLogAuthorizationResultCallback( - "authorization_result", authorization_result)); + net_log_.AddEvent(NetLogEventType::AUTH_HANDLE_CHALLENGE, [&] { + return HttpAuth::NetLogAuthorizationResultParams("authorization_result", + authorization_result); + }); return authorization_result; } diff --git a/chromium/net/http/http_auth_handler_factory.cc b/chromium/net/http/http_auth_handler_factory.cc index d44ad9c6589..9961e04454c 100644 --- a/chromium/net/http/http_auth_handler_factory.cc +++ b/chromium/net/http/http_auth_handler_factory.cc @@ -103,8 +103,7 @@ HttpAuthHandlerFactory* HttpAuthHandlerRegistryFactory::GetSchemeFactory( std::unique_ptr HttpAuthHandlerFactory::CreateDefault( const HttpAuthPreferences* prefs -#if (defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)) || \ - defined(OS_FUCHSIA) +#if BUILDFLAG(USE_EXTERNAL_GSSAPI) , const std::string& gssapi_library_name #endif @@ -116,7 +115,7 @@ HttpAuthHandlerFactory::CreateDefault( std::vector auth_types(std::begin(kDefaultAuthSchemes), std::end(kDefaultAuthSchemes)); return HttpAuthHandlerRegistryFactory::Create(prefs, auth_types -#if defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS) +#if BUILDFLAG(USE_EXTERNAL_GSSAPI) , gssapi_library_name #endif @@ -132,8 +131,7 @@ std::unique_ptr HttpAuthHandlerRegistryFactory::Create( const HttpAuthPreferences* prefs, const std::vector& auth_schemes -#if (defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)) || \ - defined(OS_FUCHSIA) +#if BUILDFLAG(USE_EXTERNAL_GSSAPI) , const std::string& gssapi_library_name #endif @@ -147,17 +145,17 @@ HttpAuthHandlerRegistryFactory::Create( std::unique_ptr registry_factory( new HttpAuthHandlerRegistryFactory()); - if (base::ContainsKey(auth_schemes_set, kBasicAuthScheme)) { + if (base::Contains(auth_schemes_set, kBasicAuthScheme)) { registry_factory->RegisterSchemeFactory( kBasicAuthScheme, new HttpAuthHandlerBasic::Factory()); } - if (base::ContainsKey(auth_schemes_set, kDigestAuthScheme)) { + if (base::Contains(auth_schemes_set, kDigestAuthScheme)) { registry_factory->RegisterSchemeFactory( kDigestAuthScheme, new HttpAuthHandlerDigest::Factory()); } - if (base::ContainsKey(auth_schemes_set, kNtlmAuthScheme)) { + if (base::Contains(auth_schemes_set, kNtlmAuthScheme)) { HttpAuthHandlerNTLM::Factory* ntlm_factory = new HttpAuthHandlerNTLM::Factory(); #if defined(OS_WIN) @@ -167,16 +165,14 @@ HttpAuthHandlerRegistryFactory::Create( } #if BUILDFLAG(USE_KERBEROS) - if (base::ContainsKey(auth_schemes_set, kNegotiateAuthScheme)) { + if (base::Contains(auth_schemes_set, kNegotiateAuthScheme)) { HttpAuthHandlerNegotiate::Factory* negotiate_factory = new HttpAuthHandlerNegotiate::Factory(negotiate_auth_system_factory); #if defined(OS_WIN) negotiate_factory->set_library(std::make_unique()); -#elif defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS) +#elif BUILDFLAG(USE_EXTERNAL_GSSAPI) negotiate_factory->set_library( std::make_unique(gssapi_library_name)); -#elif defined(OS_CHROMEOS) - negotiate_factory->set_library(std::make_unique("")); #endif registry_factory->RegisterSchemeFactory(kNegotiateAuthScheme, negotiate_factory); diff --git a/chromium/net/http/http_auth_handler_factory.h b/chromium/net/http/http_auth_handler_factory.h index d7215cc1f9a..f4f985e3a25 100644 --- a/chromium/net/http/http_auth_handler_factory.h +++ b/chromium/net/http/http_auth_handler_factory.h @@ -141,8 +141,7 @@ class NET_EXPORT HttpAuthHandlerFactory { // used by the Negotiate authentication handler. static std::unique_ptr CreateDefault( const HttpAuthPreferences* prefs = nullptr -#if (defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)) || \ - defined(OS_FUCHSIA) +#if BUILDFLAG(USE_EXTERNAL_GSSAPI) , const std::string& gssapi_library_name = "" #endif @@ -204,8 +203,7 @@ class NET_EXPORT HttpAuthHandlerRegistryFactory static std::unique_ptr Create( const HttpAuthPreferences* prefs, const std::vector& auth_schemes -#if (defined(OS_POSIX) && !defined(OS_ANDROID) && !defined(OS_CHROMEOS)) || \ - defined(OS_FUCHSIA) +#if BUILDFLAG(USE_EXTERNAL_GSSAPI) , const std::string& gssapi_library_name = "" #endif diff --git a/chromium/net/http/http_auth_handler_mock.cc b/chromium/net/http/http_auth_handler_mock.cc index 74d9fefcb13..2f051cedddf 100644 --- a/chromium/net/http/http_auth_handler_mock.cc +++ b/chromium/net/http/http_auth_handler_mock.cc @@ -49,8 +49,7 @@ HttpAuthHandlerMock::HttpAuthHandlerMock() first_round_(true), connection_based_(false), allows_default_credentials_(false), - allows_explicit_credentials_(true), - weak_factory_(this) {} + allows_explicit_credentials_(true) {} HttpAuthHandlerMock::~HttpAuthHandlerMock() = default; diff --git a/chromium/net/http/http_auth_handler_mock.h b/chromium/net/http/http_auth_handler_mock.h index abc36936dec..5e7e32c82f1 100644 --- a/chromium/net/http/http_auth_handler_mock.h +++ b/chromium/net/http/http_auth_handler_mock.h @@ -111,7 +111,7 @@ class HttpAuthHandlerMock : public HttpAuthHandler { bool allows_default_credentials_; bool allows_explicit_credentials_; GURL request_url_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; }; void PrintTo(const HttpAuthHandlerMock::State& state, ::std::ostream* os); diff --git a/chromium/net/http/http_auth_handler_negotiate.cc b/chromium/net/http/http_auth_handler_negotiate.cc index 612e52eb88d..83e88725560 100644 --- a/chromium/net/http/http_auth_handler_negotiate.cc +++ b/chromium/net/http/http_auth_handler_negotiate.cc @@ -36,7 +36,7 @@ base::Value NetLogParameterChannelBindings( const std::string& channel_binding_token, NetLogCaptureMode capture_mode) { base::DictionaryValue dict; - if (!capture_mode.include_socket_bytes()) + if (!NetLogCaptureIncludesSocketBytes(capture_mode)) return std::move(dict); dict.Clear(); @@ -131,7 +131,7 @@ int HttpAuthHandlerNegotiate::Factory::CreateAuthHandler( if (!http_auth_preferences()->AllowGssapiLibraryLoad()) return ERR_UNSUPPORTED_AUTH_SCHEME; #endif - if (!auth_library_->Init()) { + if (!auth_library_->Init(net_log)) { is_unsupported_ = true; return ERR_UNSUPPORTED_AUTH_SCHEME; } @@ -185,7 +185,7 @@ bool HttpAuthHandlerNegotiate::AllowsExplicitCredentials() { bool HttpAuthHandlerNegotiate::Init(HttpAuthChallengeTokenizer* challenge, const SSLInfo& ssl_info) { #if defined(OS_POSIX) - if (!auth_system_->Init()) { + if (!auth_system_->Init(net_log())) { VLOG(1) << "can't initialize GSSAPI library"; return false; } @@ -211,9 +211,11 @@ bool HttpAuthHandlerNegotiate::Init(HttpAuthChallengeTokenizer* challenge, x509_util::GetTLSServerEndPointChannelBinding(*ssl_info.cert, &channel_bindings_); if (!channel_bindings_.empty()) - net_log().AddEvent( - NetLogEventType::AUTH_CHANNEL_BINDINGS, - base::Bind(&NetLogParameterChannelBindings, channel_bindings_)); + net_log().AddEvent(NetLogEventType::AUTH_CHANNEL_BINDINGS, + [&](NetLogCaptureMode capture_mode) { + return NetLogParameterChannelBindings( + channel_bindings_, capture_mode); + }); return true; } @@ -385,7 +387,7 @@ int HttpAuthHandlerNegotiate::DoGenerateAuthToken() { next_state_ = STATE_GENERATE_AUTH_TOKEN_COMPLETE; AuthCredentials* credentials = has_credentials_ ? &credentials_ : nullptr; return auth_system_->GenerateAuthToken( - credentials, spn_, channel_bindings_, auth_token_, + credentials, spn_, channel_bindings_, auth_token_, net_log(), base::BindOnce(&HttpAuthHandlerNegotiate::OnIOComplete, base::Unretained(this))); } diff --git a/chromium/net/http/http_auth_handler_negotiate_unittest.cc b/chromium/net/http/http_auth_handler_negotiate_unittest.cc index ce0ada3f8fe..e4111c8acfa 100644 --- a/chromium/net/http/http_auth_handler_negotiate_unittest.cc +++ b/chromium/net/http/http_auth_handler_negotiate_unittest.cc @@ -18,6 +18,7 @@ #include "net/http/http_request_info.h" #include "net/http/mock_allow_http_auth_preferences.h" #include "net/log/net_log_with_source.h" +#include "net/net_buildflags.h" #include "net/ssl/ssl_info.h" #include "net/test/gtest_util.h" #include "net/test/test_with_scoped_task_environment.h" @@ -25,12 +26,18 @@ #include "testing/gtest/include/gtest/gtest.h" #include "testing/platform_test.h" +#if !BUILDFLAG(USE_KERBEROS) +#error "use_kerberos should be true to use Negotiate authentication scheme." +#endif + #if defined(OS_ANDROID) #include "net/android/dummy_spnego_authenticator.h" #elif defined(OS_WIN) #include "net/http/mock_sspi_library_win.h" -#elif defined(OS_POSIX) +#elif BUILDFLAG(USE_EXTERNAL_GSSAPI) #include "net/http/mock_gssapi_library_posix.h" +#else +#error "use_kerberos is true, but no Kerberos implementation available." #endif using net::test::IsError; @@ -40,14 +47,6 @@ namespace net { constexpr char kFakeToken[] = "FakeToken"; -#if defined(OS_ANDROID) -typedef net::android::DummySpnegoAuthenticator MockAuthLibrary; -#elif defined(OS_WIN) -typedef MockSSPILibrary MockAuthLibrary; -#elif defined(OS_POSIX) -typedef test::MockGSSAPILibrary MockAuthLibrary; -#endif - class HttpAuthHandlerNegotiateTest : public PlatformTest, public WithScopedTaskEnvironment { public: @@ -65,10 +64,9 @@ class HttpAuthHandlerNegotiateTest : public PlatformTest, http_auth_preferences_->set_auth_android_negotiate_account_type( "org.chromium.test.DummySpnegoAuthenticator"); MockAuthLibrary::EnsureTestAccountExists(); -#endif -#if defined(OS_WIN) || (defined(OS_POSIX) && !defined(OS_ANDROID)) +#else factory_->set_library(base::WrapUnique(auth_library_)); -#endif +#endif // !OS_ANDROID } #if defined(OS_ANDROID) @@ -82,7 +80,7 @@ class HttpAuthHandlerNegotiateTest : public PlatformTest, security_package_->cbMaxToken = 1337; mock_library->ExpectQuerySecurityPackageInfo( L"Negotiate", SEC_E_OK, security_package_.get()); -#elif defined(OS_POSIX) +#else // Copied from an actual transaction! static const char kAuthResponse[] = "\x60\x82\x02\xCA\x06\x09\x2A\x86\x48\x86\xF7\x12\x01\x02\x02\x01" @@ -171,7 +169,7 @@ class HttpAuthHandlerNegotiateTest : public PlatformTest, queries[i].expected_input_token, queries[i].output_token); } -#endif // defined(OS_POSIX) +#endif // !OS_WIN } #if defined(OS_POSIX) @@ -202,7 +200,6 @@ class HttpAuthHandlerNegotiateTest : public PlatformTest, query.expected_input_token, query.output_token); } - #endif // defined(OS_POSIX) int CreateHandler(bool disable_cname_lookup, @@ -267,7 +264,7 @@ TEST_F(HttpAuthHandlerNegotiateTest, DisableCname) { nullptr, &request_info, callback.callback(), &token))); #if defined(OS_WIN) EXPECT_EQ("HTTP/alias", auth_handler->spn_for_testing()); -#elif defined(OS_POSIX) +#else EXPECT_EQ("HTTP@alias", auth_handler->spn_for_testing()); #endif } @@ -285,7 +282,7 @@ TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameStandardPort) { nullptr, &request_info, callback.callback(), &token))); #if defined(OS_WIN) EXPECT_EQ("HTTP/alias", auth_handler->spn_for_testing()); -#elif defined(OS_POSIX) +#else EXPECT_EQ("HTTP@alias", auth_handler->spn_for_testing()); #endif } @@ -303,7 +300,7 @@ TEST_F(HttpAuthHandlerNegotiateTest, DisableCnameNonstandardPort) { nullptr, &request_info, callback.callback(), &token))); #if defined(OS_WIN) EXPECT_EQ("HTTP/alias:500", auth_handler->spn_for_testing()); -#elif defined(OS_POSIX) +#else EXPECT_EQ("HTTP@alias:500", auth_handler->spn_for_testing()); #endif } @@ -321,7 +318,7 @@ TEST_F(HttpAuthHandlerNegotiateTest, CnameSync) { nullptr, &request_info, callback.callback(), &token))); #if defined(OS_WIN) EXPECT_EQ("HTTP/canonical.example.com", auth_handler->spn_for_testing()); -#elif defined(OS_POSIX) +#else EXPECT_EQ("HTTP@canonical.example.com", auth_handler->spn_for_testing()); #endif } @@ -341,7 +338,7 @@ TEST_F(HttpAuthHandlerNegotiateTest, CnameAsync) { EXPECT_THAT(callback.WaitForResult(), IsOk()); #if defined(OS_WIN) EXPECT_EQ("HTTP/canonical.example.com", auth_handler->spn_for_testing()); -#elif defined(OS_POSIX) +#else EXPECT_EQ("HTTP@canonical.example.com", auth_handler->spn_for_testing()); #endif } @@ -382,14 +379,12 @@ TEST_F(HttpAuthHandlerNegotiateTest, NoKerberosCredentials) { EXPECT_THAT(callback.WaitForResult(), IsError(ERR_MISSING_AUTH_CREDENTIALS)); } -#if defined(DLOPEN_KERBEROS) +#if BUILDFLAG(USE_EXTERNAL_GSSAPI) TEST_F(HttpAuthHandlerNegotiateTest, MissingGSSAPI) { - std::unique_ptr host_resolver(new MockHostResolver()); MockAllowHttpAuthPreferences http_auth_preferences; std::unique_ptr negotiate_factory( new HttpAuthHandlerNegotiate::Factory( net::HttpAuthHandlerFactory::NegotiateAuthSystemFactory())); - negotiate_factory->set_host_resolver(host_resolver); negotiate_factory->set_http_auth_preferences(&http_auth_preferences); negotiate_factory->set_library( std::make_unique("/this/library/does/not/exist")); @@ -397,12 +392,12 @@ TEST_F(HttpAuthHandlerNegotiateTest, MissingGSSAPI) { GURL gurl("http://www.example.com"); std::unique_ptr generic_handler; int rv = negotiate_factory->CreateAuthHandlerFromString( - "Negotiate", HttpAuth::AUTH_SERVER, gurl, NetLogWithSource(), - &generic_handler); + "Negotiate", HttpAuth::AUTH_SERVER, SSLInfo(), gurl, NetLogWithSource(), + resolver(), &generic_handler); EXPECT_THAT(rv, IsError(ERR_UNSUPPORTED_AUTH_SCHEME)); EXPECT_TRUE(generic_handler.get() == nullptr); } -#endif // defined(DLOPEN_KERBEROS) +#endif // BUILDFLAG(USE_EXTERNAL_GSSAPI) // AllowGssapiLibraryLoad() is only supported on Chrome OS. #if defined(OS_CHROMEOS) @@ -431,7 +426,7 @@ class TestAuthSystem : public HttpNegotiateAuthSystem { ~TestAuthSystem() override = default; // HttpNegotiateAuthSystem implementation: - bool Init() override { return true; } + bool Init(const NetLogWithSource&) override { return true; } bool NeedsIdentity() const override { return true; } bool AllowsExplicitCredentials() const override { return true; } @@ -444,6 +439,7 @@ class TestAuthSystem : public HttpNegotiateAuthSystem { const std::string& spn, const std::string& channel_bindings, std::string* auth_token, + const NetLogWithSource& net_log, net::CompletionOnceCallback callback) override { *auth_token = kFakeToken; return net::OK; diff --git a/chromium/net/http/http_auth_handler_ntlm.cc b/chromium/net/http/http_auth_handler_ntlm.cc index 926f62ce45b..5dd7093d71b 100644 --- a/chromium/net/http/http_auth_handler_ntlm.cc +++ b/chromium/net/http/http_auth_handler_ntlm.cc @@ -41,7 +41,7 @@ int HttpAuthHandlerNTLM::GenerateAuthTokenImpl( std::string* auth_token) { #if defined(NTLM_SSPI) return auth_sspi_.GenerateAuthToken(credentials, CreateSPN(origin_), - channel_bindings_, auth_token, + channel_bindings_, auth_token, net_log(), std::move(callback)); #else // !defined(NTLM_SSPI) // TODO(cbentzel): Shouldn't be hitting this case. diff --git a/chromium/net/http/http_auth_handler_ntlm.h b/chromium/net/http/http_auth_handler_ntlm.h index 799a026c1c4..8403ee0572c 100644 --- a/chromium/net/http/http_auth_handler_ntlm.h +++ b/chromium/net/http/http_auth_handler_ntlm.h @@ -40,6 +40,18 @@ namespace net { +#if defined(NTLM_PORTABLE) +// These values are persisted to logs. Entries should not be renumbered and +// numeric values should never be reused. +enum class NtlmV2Usage : int { + kDisabledOverInsecure = 0, + kDisabledOverSecure, + kEnabledOverInsecure, + kEnabledOverSecure, + kMaxValue = kEnabledOverSecure +}; +#endif + class HttpAuthPreferences; // Code for handling HTTP NTLM authentication. diff --git a/chromium/net/http/http_auth_handler_ntlm_portable.cc b/chromium/net/http/http_auth_handler_ntlm_portable.cc index 1b13f78216a..3a52b57551f 100644 --- a/chromium/net/http/http_auth_handler_ntlm_portable.cc +++ b/chromium/net/http/http_auth_handler_ntlm_portable.cc @@ -4,12 +4,15 @@ #include "net/http/http_auth_handler_ntlm.h" +#include "base/metrics/histogram_macros.h" #include "base/rand_util.h" #include "base/time/time.h" #include "net/base/net_errors.h" #include "net/base/network_interfaces.h" #include "net/dns/host_resolver.h" +#include "net/http/http_auth_handler_ntlm.h" #include "net/http/http_auth_preferences.h" +#include "net/ssl/ssl_info.h" namespace net { @@ -23,6 +26,14 @@ void GenerateRandom(uint8_t* output, size_t n) { base::RandBytes(output, n); } +void RecordNtlmV2Usage(bool is_v2, bool is_secure) { + auto bucket = is_v2 ? is_secure ? NtlmV2Usage::kEnabledOverSecure + : NtlmV2Usage::kEnabledOverInsecure + : is_secure ? NtlmV2Usage::kDisabledOverSecure + : NtlmV2Usage::kDisabledOverInsecure; + UMA_HISTOGRAM_ENUMERATION("Net.HttpAuthNtlmV2Usage", bucket); +} + } // namespace // static @@ -133,6 +144,9 @@ int HttpAuthHandlerNTLM::Factory::CreateAuthHandler( if (!tmp_handler->InitFromChallenge(challenge, target, ssl_info, origin, net_log)) return ERR_INVALID_RESPONSE; + RecordNtlmV2Usage( + http_auth_preferences() ? http_auth_preferences()->NtlmV2Enabled() : true, + ssl_info.is_valid()); handler->swap(tmp_handler); return OK; } diff --git a/chromium/net/http/http_auth_handler_ntlm_portable_unittest.cc b/chromium/net/http/http_auth_handler_ntlm_portable_unittest.cc index ff42afffea6..c48b815dd6a 100644 --- a/chromium/net/http/http_auth_handler_ntlm_portable_unittest.cc +++ b/chromium/net/http/http_auth_handler_ntlm_portable_unittest.cc @@ -9,6 +9,7 @@ #include "base/stl_util.h" #include "base/strings/string_util.h" #include "base/strings/utf_string_conversions.h" +#include "base/test/metrics/histogram_tester.h" #include "build/build_config.h" #include "net/base/test_completion_callback.h" #include "net/dns/mock_host_resolver.h" @@ -163,8 +164,11 @@ class HttpAuthHandlerNtlmPortableTest : public PlatformTest { }; TEST_F(HttpAuthHandlerNtlmPortableTest, SimpleConstruction) { + base::HistogramTester histogram_tester; ASSERT_EQ(OK, CreateHandler()); ASSERT_TRUE(GetAuthHandler() != nullptr); + histogram_tester.ExpectBucketCount("Net.HttpAuthNtlmV2Usage", + NtlmV2Usage::kDisabledOverInsecure, 1); } TEST_F(HttpAuthHandlerNtlmPortableTest, DoNotAllowDefaultCreds) { @@ -217,6 +221,7 @@ TEST_F(HttpAuthHandlerNtlmPortableTest, CantChangeSchemeMidway) { } TEST_F(HttpAuthHandlerNtlmPortableTest, NtlmV1AuthenticationSuccess) { + base::HistogramTester histogram_tester; HttpAuthHandlerNTLM::ScopedProcSetter proc_setter(MockGetMSTime, MockRandom, MockGetHostName); ASSERT_EQ(OK, CreateHandler()); @@ -236,6 +241,8 @@ TEST_F(HttpAuthHandlerNtlmPortableTest, NtlmV1AuthenticationSuccess) { ASSERT_EQ(0, memcmp(decoded.data(), ntlm::test::kExpectedAuthenticateMsgSpecResponseV1, decoded.size())); + histogram_tester.ExpectBucketCount("Net.HttpAuthNtlmV2Usage", + NtlmV2Usage::kDisabledOverInsecure, 1); } } // namespace net diff --git a/chromium/net/http/http_auth_handler_unittest.cc b/chromium/net/http/http_auth_handler_unittest.cc index d4898983697..bb25c16f103 100644 --- a/chromium/net/http/http_auth_handler_unittest.cc +++ b/chromium/net/http/http_auth_handler_unittest.cc @@ -15,7 +15,6 @@ #include "net/log/net_log_event_type.h" #include "net/log/net_log_source_type.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/ssl/ssl_info.h" #include "testing/gtest/include/gtest/gtest.h" @@ -53,8 +52,7 @@ TEST(HttpAuthHandlerTest, NetLog) { mock_handler.HandleAnotherChallenge(&tokenizer); - TestNetLogEntry::List entries; - test_net_log.GetEntries(&entries); + auto entries = test_net_log.GetEntries(); ASSERT_EQ(5u, entries.size()); EXPECT_TRUE(LogContainsBeginEvent(entries, 0, diff --git a/chromium/net/http/http_auth_sspi_win.cc b/chromium/net/http/http_auth_sspi_win.cc index d9c098f928d..8bc2665f9d8 100644 --- a/chromium/net/http/http_auth_sspi_win.cc +++ b/chromium/net/http/http_auth_sspi_win.cc @@ -263,7 +263,7 @@ HttpAuthSSPI::~HttpAuthSSPI() { } } -bool HttpAuthSSPI::Init() { +bool HttpAuthSSPI::Init(const NetLogWithSource&) { return true; } @@ -300,6 +300,7 @@ int HttpAuthSSPI::GenerateAuthToken(const AuthCredentials* credentials, const std::string& spn, const std::string& channel_bindings, std::string* auth_token, + const NetLogWithSource&, CompletionOnceCallback /*callback*/) { // Initial challenge. if (!SecIsValidHandle(&cred_)) { diff --git a/chromium/net/http/http_auth_sspi_win.h b/chromium/net/http/http_auth_sspi_win.h index e672c89fade..408ac5931d7 100644 --- a/chromium/net/http/http_auth_sspi_win.h +++ b/chromium/net/http/http_auth_sspi_win.h @@ -116,7 +116,7 @@ class NET_EXPORT_PRIVATE HttpAuthSSPI : public HttpNegotiateAuthSystem { ~HttpAuthSSPI() override; // HttpNegotiateAuthSystem implementation: - bool Init() override; + bool Init(const NetLogWithSource& net_log) override; bool NeedsIdentity() const override; bool AllowsExplicitCredentials() const override; HttpAuth::AuthorizationResult ParseChallenge( @@ -125,6 +125,7 @@ class NET_EXPORT_PRIVATE HttpAuthSSPI : public HttpNegotiateAuthSystem { const std::string& spn, const std::string& channel_bindings, std::string* auth_token, + const NetLogWithSource& net_log, CompletionOnceCallback callback) override; void SetDelegation(HttpAuth::DelegationType delegation_type) override; diff --git a/chromium/net/http/http_auth_sspi_win_unittest.cc b/chromium/net/http/http_auth_sspi_win_unittest.cc index 3c427679103..d9031fa7e28 100644 --- a/chromium/net/http/http_auth_sspi_win_unittest.cc +++ b/chromium/net/http/http_auth_sspi_win_unittest.cc @@ -3,10 +3,12 @@ // found in the LICENSE file. #include "net/http/http_auth_sspi_win.h" + #include "base/bind.h" #include "net/base/net_errors.h" #include "net/http/http_auth_challenge_tokenizer.h" #include "net/http/mock_sspi_library_win.h" +#include "net/log/net_log_with_source.h" #include "net/test/gtest_util.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" @@ -96,9 +98,10 @@ TEST(HttpAuthSSPITest, ParseChallenge_TwoRounds) { // Generate an auth token and create another thing. std::string auth_token; - EXPECT_EQ(OK, auth_sspi.GenerateAuthToken( - nullptr, "HTTP/intranet.google.com", std::string(), - &auth_token, base::BindOnce(&UnexpectedCallback))); + EXPECT_EQ(OK, + auth_sspi.GenerateAuthToken( + nullptr, "HTTP/intranet.google.com", std::string(), &auth_token, + NetLogWithSource(), base::BindOnce(&UnexpectedCallback))); std::string second_challenge_text = "Negotiate Zm9vYmFy"; HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(), @@ -133,9 +136,10 @@ TEST(HttpAuthSSPITest, ParseChallenge_MissingTokenSecondRound) { auth_sspi.ParseChallenge(&first_challenge)); std::string auth_token; - EXPECT_EQ(OK, auth_sspi.GenerateAuthToken( - nullptr, "HTTP/intranet.google.com", std::string(), - &auth_token, base::BindOnce(&UnexpectedCallback))); + EXPECT_EQ(OK, + auth_sspi.GenerateAuthToken( + nullptr, "HTTP/intranet.google.com", std::string(), &auth_token, + NetLogWithSource(), base::BindOnce(&UnexpectedCallback))); std::string second_challenge_text = "Negotiate"; HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(), second_challenge_text.end()); @@ -156,9 +160,10 @@ TEST(HttpAuthSSPITest, ParseChallenge_NonBase64EncodedToken) { auth_sspi.ParseChallenge(&first_challenge)); std::string auth_token; - EXPECT_EQ(OK, auth_sspi.GenerateAuthToken( - nullptr, "HTTP/intranet.google.com", std::string(), - &auth_token, base::BindOnce(&UnexpectedCallback))); + EXPECT_EQ(OK, + auth_sspi.GenerateAuthToken( + nullptr, "HTTP/intranet.google.com", std::string(), &auth_token, + NetLogWithSource(), base::BindOnce(&UnexpectedCallback))); std::string second_challenge_text = "Negotiate =happyjoy="; HttpAuthChallengeTokenizer second_challenge(second_challenge_text.begin(), second_challenge_text.end()); diff --git a/chromium/net/http/http_cache.cc b/chromium/net/http/http_cache.cc index a23d7bce0bb..b6803dc9c7c 100644 --- a/chromium/net/http/http_cache.cc +++ b/chromium/net/http/http_cache.cc @@ -56,6 +56,9 @@ namespace net { +const char HttpCache::kDoubleKeyPrefix[] = "_dk_"; +const char HttpCache::kDoubleKeySeparator[] = " "; + HttpCache::DefaultBackend::DefaultBackend(CacheType type, BackendType backend_type, const base::FilePath& path, @@ -229,94 +232,6 @@ class HttpCache::WorkItem { //----------------------------------------------------------------------------- -// This class encapsulates a transaction whose only purpose is to write metadata -// to a given entry. -class HttpCache::MetadataWriter { - public: - explicit MetadataWriter(HttpCache::Transaction* transaction) - : verified_(false), buf_len_(0), transaction_(transaction) {} - - ~MetadataWriter() = default; - - // Implements the bulk of HttpCache::WriteMetadata. - void Write(const GURL& url, - base::Time expected_response_time, - IOBuffer* buf, - int buf_len); - - private: - void VerifyResponse(int result); - void SelfDestroy(); - void OnIOComplete(int result); - - bool verified_; - scoped_refptr buf_; - int buf_len_; - base::Time expected_response_time_; - HttpRequestInfo request_info_; - - // |transaction_| to come after |request_info_| so that |request_info_| is not - // destroyed earlier. - std::unique_ptr transaction_; - DISALLOW_COPY_AND_ASSIGN(MetadataWriter); -}; - -void HttpCache::MetadataWriter::Write(const GURL& url, - base::Time expected_response_time, - IOBuffer* buf, - int buf_len) { - DCHECK_GT(buf_len, 0); - DCHECK(buf); - DCHECK(buf->data()); - request_info_.url = url; - request_info_.method = "GET"; - - // todo (crbug.com/690099): Incorrect usage of LOAD_ONLY_FROM_CACHE. - request_info_.load_flags = - LOAD_ONLY_FROM_CACHE | LOAD_SKIP_CACHE_VALIDATION | LOAD_SKIP_VARY_CHECK; - - expected_response_time_ = expected_response_time; - buf_ = buf; - buf_len_ = buf_len; - verified_ = false; - - int rv = transaction_->Start( - &request_info_, - base::Bind(&MetadataWriter::OnIOComplete, base::Unretained(this)), - NetLogWithSource()); - if (rv != ERR_IO_PENDING) - VerifyResponse(rv); -} - -void HttpCache::MetadataWriter::VerifyResponse(int result) { - verified_ = true; - if (result != OK) - return SelfDestroy(); - - const HttpResponseInfo* response_info = transaction_->GetResponseInfo(); - DCHECK(response_info->was_cached); - if (response_info->response_time != expected_response_time_) - return SelfDestroy(); - - result = transaction_->WriteMetadata( - buf_.get(), - buf_len_, - base::Bind(&MetadataWriter::OnIOComplete, base::Unretained(this))); - if (result != ERR_IO_PENDING) - SelfDestroy(); -} - -void HttpCache::MetadataWriter::SelfDestroy() { - delete this; -} - -void HttpCache::MetadataWriter::OnIOComplete(int result) { - if (!verified_) - return VerifyResponse(result); - SelfDestroy(); -} - -//----------------------------------------------------------------------------- HttpCache::HttpCache(HttpNetworkSession* session, std::unique_ptr backend_factory, bool is_main_cache) @@ -335,8 +250,7 @@ HttpCache::HttpCache(std::unique_ptr network_layer, fail_conditionalization_for_test_(false), mode_(NORMAL), network_layer_(std::move(network_layer)), - clock_(base::DefaultClock::GetInstance()), - weak_factory_(this) { + clock_(base::DefaultClock::GetInstance()) { HttpNetworkSession* session = network_layer_->GetSession(); // Session may be NULL in unittests. // TODO(mmenke): Seems like tests could be changed to provide a session, @@ -422,28 +336,6 @@ bool HttpCache::ParseResponseInfo(const char* data, int len, return response_info->InitFromPickle(pickle, response_truncated); } -void HttpCache::WriteMetadata(const GURL& url, - RequestPriority priority, - base::Time expected_response_time, - IOBuffer* buf, - int buf_len) { - if (!buf_len) - return; - - // Do lazy initialization of disk cache if needed. - if (!disk_cache_.get()) { - // We don't care about the result. - CreateBackend(nullptr, CompletionOnceCallback()); - } - - HttpCache::Transaction* transaction = - new HttpCache::Transaction(priority, this); - MetadataWriter* writer = new MetadataWriter(transaction); - - // The writer will self destruct when done. - writer->Write(url, expected_response_time, buf, buf_len); -} - void HttpCache::CloseAllConnections() { HttpNetworkSession* session = GetSession(); if (session) @@ -459,14 +351,14 @@ void HttpCache::CloseIdleConnections() { void HttpCache::OnExternalCacheHit( const GURL& url, const std::string& http_method, - base::Optional top_frame_origin) { + const NetworkIsolationKey& network_isolation_key) { if (!disk_cache_.get() || mode_ == DISABLE) return; HttpRequestInfo request_info; request_info.url = url; request_info.method = http_method; - request_info.network_isolation_key = NetworkIsolationKey(top_frame_origin); + request_info.network_isolation_key = network_isolation_key; std::string key = GenerateCacheKey(&request_info); disk_cache_->OnExternalCacheHit(key); } @@ -527,6 +419,33 @@ void HttpCache::DumpMemoryStats(base::trace_event::ProcessMemoryDump* pmd, base::trace_event::MemoryAllocatorDump::kUnitsBytes, size); } +std::string HttpCache::GetResourceURLFromHttpCacheKey(const std::string& key) { + // Search the key to see whether it begins with |kDoubleKeyPrefix|. If so, + // then the entry was double-keyed. + if (base::StartsWith(key, kDoubleKeyPrefix, base::CompareCase::SENSITIVE)) { + // Find the rightmost occurrence of |kDoubleKeySeparator|, as when both + // the top-frame origin and the initiator are added to the key, there will + // be two occurrences of |kDoubleKeySeparator|. When the cache entry is + // originally written to disk, GenerateCacheKey method calls + // HttpUtil::SpecForRequest method, which has a DCHECK to ensure that + // the original resource url is valid, and hence will not contain the + // unescaped whitespace of |kDoubleKeySeparator|. + size_t separator_position = key.rfind(kDoubleKeySeparator); + DCHECK_NE(separator_position, std::string::npos); + + size_t separator_size = strlen(kDoubleKeySeparator); + size_t start_position = separator_position + separator_size; + DCHECK_LE(start_position, key.size() - 1); + + return key.substr(start_position); + } + return key; +} + +std::string HttpCache::GenerateCacheKeyForTest(const HttpRequestInfo* request) { + return GenerateCacheKey(request); +} + //----------------------------------------------------------------------------- net::Error HttpCache::CreateAndSetWorkItem(ActiveEntry** entry, @@ -603,12 +522,15 @@ int HttpCache::GetBackendForTransaction(Transaction* transaction) { std::string HttpCache::GenerateCacheKey(const HttpRequestInfo* request) { std::string isolation_key; - if (base::FeatureList::IsEnabled(features::kSplitCacheByTopFrameOrigin)) { - // Prepend the key with "_dk_" to mark it as double keyed (and makes it an - // invalid url so that it doesn't get confused with a single-keyed - // entry). Separate the origin and url with invalid whitespace character. - isolation_key = - base::StrCat({"_dk_", request->network_isolation_key.ToString(), " "}); + if (base::FeatureList::IsEnabled( + features::kSplitCacheByNetworkIsolationKey)) { + // Prepend the key with |kDoubleKeyPrefix| = "_dk_" to mark it as + // double-keyed (and makes it an invalid url so that it doesn't get + // confused with a single-keyed entry). Separate the origin and url + // with invalid whitespace character |kDoubleKeySeparator|. + isolation_key = base::StrCat({kDoubleKeyPrefix, + request->network_isolation_key.ToString(), + kDoubleKeySeparator}); } // Strip out the reference, username, and password sections of the URL and diff --git a/chromium/net/http/http_cache.h b/chromium/net/http/http_cache.h index bd2dd225d0c..371786c56a2 100644 --- a/chromium/net/http/http_cache.h +++ b/chromium/net/http/http_cache.h @@ -56,7 +56,6 @@ namespace net { class HttpNetworkSession; class HttpResponseInfo; -class IOBuffer; class NetLog; struct HttpRequestInfo; @@ -203,17 +202,6 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory { HttpResponseInfo* response_info, bool* response_truncated); - // Writes |buf_len| bytes of metadata stored in |buf| to the cache entry - // referenced by |url|, as long as the entry's |expected_response_time| has - // not changed. This method returns without blocking, and the operation will - // be performed asynchronously without any completion notification. - // Takes ownership of |buf|. - virtual void WriteMetadata(const GURL& url, - RequestPriority priority, - base::Time expected_response_time, - IOBuffer* buf, - int buf_len); - // Get/Set the cache's mode. void set_mode(Mode value) { mode_ = value; } Mode mode() { return mode_; } @@ -231,13 +219,10 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory { void CloseIdleConnections(); // Called whenever an external cache in the system reuses the resource - // referred to by |url| and |http_method|, inside a page with a top-level - // URL at |top_frame_origin|. - // TODO(crbug.com/965126): Use NetworkIsolationKey instead of top frame - // origin. + // referred to by |url| and |http_method| and |network_isolation_key|. void OnExternalCacheHit(const GURL& url, const std::string& http_method, - base::Optional top_frame_origin); + const NetworkIsolationKey& network_isolation_key); // Causes all transactions created after this point to simulate lock timeout // and effectively bypass the cache lock whenever there is lock contention. @@ -277,6 +262,13 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory { void DumpMemoryStats(base::trace_event::ProcessMemoryDump* pmd, const std::string& parent_absolute_name) const; + // Get the URL from the entry's cache key. If double-keying is not enabled, + // this will be the key itself. + static std::string GetResourceURLFromHttpCacheKey(const std::string& key); + + // Function to generate cache key for testing. + std::string GenerateCacheKeyForTest(const HttpRequestInfo* request); + private: // Types -------------------------------------------------------------------- @@ -293,13 +285,17 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory { enum { kResponseInfoIndex = 0, kResponseContentIndex, + // Only currently used in DoTruncateCachedMetadata(). + // TODO(mmenke): Remove this in and DoTruncateCachedMetadata() in M79, after + // most metadata entries in the cache have been removed. Without + // DoTruncateCachedMetadata(), the metadata will be removed when a cache + // entry is destroyed, but some conditionalized updates will keep it around. kMetadataIndex, // Must remain at the end of the enum. kNumCacheEntryDataIndices }; - class MetadataWriter; class QuicServerInfoFactoryAdaptor; class Transaction; class WorkItem; @@ -625,6 +621,12 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory { // Processes the backend creation notification. void OnBackendCreated(int result, PendingOp* pending_op); + // Constants ---------------------------------------------------------------- + + // Used when generating and accessing keys if cache is split. + static const char kDoubleKeyPrefix[]; + static const char kDoubleKeySeparator[]; + // Variables ---------------------------------------------------------------- NetLog* net_log_; @@ -658,7 +660,7 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory { THREAD_CHECKER(thread_checker_); - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(HttpCache); }; diff --git a/chromium/net/http/http_cache_lookup_manager.cc b/chromium/net/http/http_cache_lookup_manager.cc index 6fd010f50aa..1d59385cbc5 100644 --- a/chromium/net/http/http_cache_lookup_manager.cc +++ b/chromium/net/http/http_cache_lookup_manager.cc @@ -14,10 +14,9 @@ namespace net { // Returns parameters associated with the start of a server push lookup // transaction. -base::Value NetLogPushLookupTransactionCallback( +base::Value NetLogPushLookupTransactionParams( const NetLogSource& net_log, - const ServerPushDelegate::ServerPushHelper* push_helper, - NetLogCaptureMode /* capture_mode */) { + const ServerPushDelegate::ServerPushHelper* push_helper) { base::DictionaryValue dict; net_log.AddToEventParameters(&dict); dict.SetString("push_url", push_helper->GetURL().possibly_invalid_spec()); @@ -40,9 +39,10 @@ int HttpCacheLookupManager::LookupTransaction::StartLookup( HttpCache* cache, CompletionOnceCallback callback, const NetLogWithSource& session_net_log) { - net_log_.BeginEvent(NetLogEventType::SERVER_PUSH_LOOKUP_TRANSACTION, - base::Bind(&NetLogPushLookupTransactionCallback, - session_net_log.source(), push_helper_.get())); + net_log_.BeginEvent(NetLogEventType::SERVER_PUSH_LOOKUP_TRANSACTION, [&] { + return NetLogPushLookupTransactionParams(session_net_log.source(), + push_helper_.get()); + }); request_->url = push_helper_->GetURL(); request_->method = "GET"; @@ -61,7 +61,7 @@ void HttpCacheLookupManager::LookupTransaction::OnLookupComplete(int result) { } HttpCacheLookupManager::HttpCacheLookupManager(HttpCache* http_cache) - : http_cache_(http_cache), weak_factory_(this) {} + : http_cache_(http_cache) {} HttpCacheLookupManager::~HttpCacheLookupManager() = default; @@ -71,7 +71,7 @@ void HttpCacheLookupManager::OnPush( GURL pushed_url = push_helper->GetURL(); // There's a pending lookup transaction sent over already. - if (base::ContainsKey(lookup_transactions_, pushed_url)) + if (base::Contains(lookup_transactions_, pushed_url)) return; auto lookup = std::make_unique(std::move(push_helper), diff --git a/chromium/net/http/http_cache_lookup_manager.h b/chromium/net/http/http_cache_lookup_manager.h index ba649cde90b..d7ece6785d7 100644 --- a/chromium/net/http/http_cache_lookup_manager.h +++ b/chromium/net/http/http_cache_lookup_manager.h @@ -57,7 +57,7 @@ class NET_EXPORT_PRIVATE HttpCacheLookupManager : public ServerPushDelegate { // HttpCache must outlive the HttpCacheLookupManager. HttpCache* http_cache_; std::map> lookup_transactions_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; }; } // namespace net diff --git a/chromium/net/http/http_cache_transaction.cc b/chromium/net/http/http_cache_transaction.cc index 8c5633af59c..68ed6135ea1 100644 --- a/chromium/net/http/http_cache_transaction.cc +++ b/chromium/net/http/http_cache_transaction.cc @@ -42,6 +42,7 @@ #include "net/cert/x509_certificate.h" #include "net/disk_cache/disk_cache.h" #include "net/http/http_cache_writers.h" +#include "net/http/http_log_util.h" #include "net/http/http_network_session.h" #include "net/http/http_request_info.h" #include "net/http/http_util.h" @@ -87,20 +88,9 @@ enum ExternallyConditionalizedType { } // namespace -#define CACHE_STATUS_HISTOGRAMS(type) \ - do { \ - UMA_HISTOGRAM_ENUMERATION("HttpCache.Pattern" type, cache_entry_status_, \ - CacheEntryStatus::ENTRY_MAX); \ - if (validation_request) { \ - UMA_HISTOGRAM_ENUMERATION("HttpCache.ValidationCause" type, \ - validation_cause_, VALIDATION_CAUSE_MAX); \ - } \ - if (stale_request) { \ - UMA_HISTOGRAM_COUNTS_1M( \ - "HttpCache.StaleEntry.FreshnessPeriodsSinceLastUsed" type, \ - freshness_periods_since_last_used); \ - } \ - } while (0) +#define CACHE_STATUS_HISTOGRAMS(type) \ + UMA_HISTOGRAM_ENUMERATION("HttpCache.Pattern" type, cache_entry_status_, \ + CacheEntryStatus::ENTRY_MAX) struct HeaderNameAndValue { const char* name; @@ -182,6 +172,7 @@ HttpCache::Transaction::Transaction(RequestPriority priority, HttpCache* cache) bypass_lock_for_test_(false), bypass_lock_after_headers_for_test_(false), fail_conditionalization_for_test_(false), + read_buf_len_(0), io_buf_len_(0), read_offset_(0), effective_load_flags_(0), @@ -193,8 +184,7 @@ HttpCache::Transaction::Transaction(RequestPriority priority, HttpCache* cache) parallel_writing_pattern_(PARALLEL_WRITING_NONE), moved_network_transaction_to_writers_(false), websocket_handshake_stream_base_create_helper_(nullptr), - in_do_loop_(false), - weak_factory_(this) { + in_do_loop_(false) { TRACE_EVENT0("io", "HttpCacheTransaction::Transaction"); static_assert(HttpCache::Transaction::kNumValidationHeaders == base::size(kValidationHeaders), @@ -223,23 +213,6 @@ HttpCache::Transaction::Mode HttpCache::Transaction::mode() const { return mode_; } -int HttpCache::Transaction::WriteMetadata(IOBuffer* buf, - int buf_len, - CompletionOnceCallback callback) { - DCHECK(buf); - DCHECK_GT(buf_len, 0); - DCHECK(!callback.is_null()); - if (!cache_.get() || !entry_) - return ERR_UNEXPECTED; - - // We don't need to track this operation for anything. - // It could be possible to check if there is something already written and - // avoid writing again (it should be the same, right?), but let's allow the - // caller to "update" the contents with something new. - return entry_->disk_entry->WriteData(kMetadataIndex, 0, buf, buf_len, - std::move(callback), true); -} - LoadState HttpCache::Transaction::GetWriterLoadState() const { const HttpTransaction* transaction = network_transaction(); if (transaction) @@ -376,7 +349,7 @@ int HttpCache::Transaction::Read(IOBuffer* buf, reading_ = true; read_buf_ = buf; - io_buf_len_ = buf_len; + read_buf_len_ = buf_len; int rv = TransitionToReadingState(); if (rv != OK || next_state_ == STATE_NONE) return rv; @@ -977,13 +950,6 @@ int HttpCache::Transaction::DoLoop(int result) { DCHECK_EQ(OK, rv); rv = DoPartialHeadersReceived(); break; - case STATE_CACHE_READ_METADATA: - DCHECK_EQ(OK, rv); - rv = DoCacheReadMetadata(); - break; - case STATE_CACHE_READ_METADATA_COMPLETE: - rv = DoCacheReadMetadataComplete(rv); - break; case STATE_HEADERS_PHASE_CANNOT_PROCEED: rv = DoHeadersPhaseCannotProceed(rv); break; @@ -1054,7 +1020,7 @@ int HttpCache::Transaction::DoGetBackendComplete(int result) { mode_ = NONE; // Keep track of the fraction of requests that we can double-key. - UMA_HISTOGRAM_BOOLEAN("HttpCache.TopFrameOriginPresent", + UMA_HISTOGRAM_BOOLEAN("HttpCache.NetworkIsolationKeyPresent", request_->network_isolation_key.IsFullyPopulated()); if (!ShouldPassThrough()) { @@ -2078,17 +2044,7 @@ int HttpCache::Transaction::DoTruncateCachedMetadataComplete(int result) { int HttpCache::Transaction::DoPartialHeadersReceived() { new_response_ = nullptr; - if (!partial_) { - if (entry_ && entry_->disk_entry->GetDataSize(kMetadataIndex) && - !base::FeatureList::IsEnabled(net::features::kIsolatedCodeCache)) { - TransitionToState(STATE_CACHE_READ_METADATA); - } else { - TransitionToState(STATE_FINISH_HEADERS); - } - return OK; - } - - if (mode_ != NONE && !reading_) { + if (partial_ && mode_ != NONE && !reading_) { // We are about to return the headers for a byte-range request to the user, // so let's fix them. partial_->FixResponseHeaders(response_.headers.get(), true); @@ -2175,39 +2131,11 @@ int HttpCache::Transaction::DoFinishHeadersComplete(int rv) { return rv; } -int HttpCache::Transaction::DoCacheReadMetadata() { - TRACE_EVENT0("io", "HttpCacheTransaction::DoCacheReadMetadata"); - DCHECK(entry_); - DCHECK(!response_.metadata.get()); - DCHECK(!base::FeatureList::IsEnabled(net::features::kIsolatedCodeCache)); - TransitionToState(STATE_CACHE_READ_METADATA_COMPLETE); - - response_.metadata = base::MakeRefCounted( - entry_->disk_entry->GetDataSize(kMetadataIndex)); - - net_log_.BeginEvent(NetLogEventType::HTTP_CACHE_READ_INFO); - return entry_->disk_entry->ReadData(kMetadataIndex, 0, - response_.metadata.get(), - response_.metadata->size(), - io_callback_); -} - -int HttpCache::Transaction::DoCacheReadMetadataComplete(int result) { - TRACE_EVENT0("io", "HttpCacheTransaction::DoCacheReadMetadataComplete"); - net_log_.EndEventWithNetErrorCode(NetLogEventType::HTTP_CACHE_READ_INFO, - result); - if (result != response_.metadata->size()) - return OnCacheReadError(result, false); - - TransitionToState(STATE_FINISH_HEADERS); - return OK; -} - int HttpCache::Transaction::DoNetworkReadCacheWrite() { TRACE_EVENT0("io", "HttpCacheTransaction::DoNetworkReadCacheWrite"); DCHECK(InWriters()); TransitionToState(STATE_NETWORK_READ_CACHE_WRITE_COMPLETE); - return entry_->writers->Read(read_buf_, io_buf_len_, io_callback_, this); + return entry_->writers->Read(read_buf_, read_buf_len_, io_callback_, this); } int HttpCache::Transaction::DoNetworkReadCacheWriteComplete(int result) { @@ -2280,7 +2208,7 @@ int HttpCache::Transaction::DoPartialNetworkReadCompleted(int result) { int HttpCache::Transaction::DoNetworkRead() { TRACE_EVENT0("io", "HttpCacheTransaction::DoNetworkRead"); TransitionToState(STATE_NETWORK_READ_COMPLETE); - return network_trans_->Read(read_buf_.get(), io_buf_len_, io_callback_); + return network_trans_->Read(read_buf_.get(), read_buf_len_, io_callback_); } int HttpCache::Transaction::DoNetworkReadComplete(int result) { @@ -2312,12 +2240,12 @@ int HttpCache::Transaction::DoCacheReadData() { if (net_log_.IsCapturing()) net_log_.BeginEvent(NetLogEventType::HTTP_CACHE_READ_DATA); if (partial_) { - return partial_->CacheRead(entry_->disk_entry, read_buf_.get(), io_buf_len_, - io_callback_); + return partial_->CacheRead(entry_->disk_entry, read_buf_.get(), + read_buf_len_, io_callback_); } return entry_->disk_entry->ReadData(kResponseContentIndex, read_offset_, - read_buf_.get(), io_buf_len_, + read_buf_.get(), read_buf_len_, io_callback_); } @@ -2425,10 +2353,9 @@ void HttpCache::Transaction::SetRequest(const NetLogWithSource& net_log) { if (range_found || special_headers || external_validation_.initialized) { // Log the headers before request_ is modified. std::string empty; - net_log_.AddEvent( - NetLogEventType::HTTP_CACHE_CALLER_REQUEST_HEADERS, - base::Bind(&HttpRequestHeaders::NetLogCallback, - base::Unretained(&request_->extra_headers), &empty)); + NetLogRequestHeaders(net_log_, + NetLogEventType::HTTP_CACHE_CALLER_REQUEST_HEADERS, + empty, &request_->extra_headers); } // We don't support ranges and validation headers. @@ -2481,7 +2408,8 @@ bool HttpCache::Transaction::ShouldPassThrough() { // again. Also, if the request does not have a top frame origin, bypass the // cache otherwise resources from different pages could share a cached entry // in such cases. - if (base::FeatureList::IsEnabled(features::kSplitCacheByTopFrameOrigin) && + if (base::FeatureList::IsEnabled( + features::kSplitCacheByNetworkIsolationKey) && request_->network_isolation_key.IsTransient()) { return true; } @@ -2526,12 +2454,7 @@ int HttpCache::Transaction::BeginCacheRead() { if (method_ == "HEAD") FixHeadersForHead(); - if (entry_->disk_entry->GetDataSize(kMetadataIndex) && - !base::FeatureList::IsEnabled(net::features::kIsolatedCodeCache)) { - TransitionToState(STATE_CACHE_READ_METADATA); - } else { - TransitionToState(STATE_FINISH_HEADERS); - } + TransitionToState(STATE_FINISH_HEADERS); return OK; } @@ -2783,10 +2706,6 @@ ValidationType HttpCache::Transaction::RequiresValidation() { validation_cause_ = VALIDATION_CAUSE_ZERO_FRESHNESS; } else { validation_cause_ = VALIDATION_CAUSE_STALE; - stale_entry_freshness_ = lifetimes.freshness; - stale_entry_age_ = response_.headers->GetCurrentAge( - response_.request_time, response_.response_time, - cache_->clock_->Now()); } } @@ -3104,12 +3023,7 @@ int HttpCache::Transaction::DoSetupEntryForRead() { if (method_ == "HEAD") FixHeadersForHead(); - if (entry_->disk_entry->GetDataSize(kMetadataIndex) && - !base::FeatureList::IsEnabled(net::features::kIsolatedCodeCache)) { - TransitionToState(STATE_CACHE_READ_METADATA); - } else { - TransitionToState(STATE_FINISH_HEADERS); - } + TransitionToState(STATE_FINISH_HEADERS); return OK; } @@ -3450,45 +3364,6 @@ void HttpCache::Transaction::RecordHistograms() { cache_entry_status_ == CacheEntryStatus::ENTRY_VALIDATED || cache_entry_status_ == CacheEntryStatus::ENTRY_UPDATED; - bool stale_request = - validation_cause_ == VALIDATION_CAUSE_STALE && - (validation_request || - cache_entry_status_ == CacheEntryStatus::ENTRY_CANT_CONDITIONALIZE); - int64_t freshness_periods_since_last_used = 0; - - if (stale_request && !open_entry_last_used_.is_null()) { - // Note that we are not able to capture those transactions' histograms which - // when added to entry, the response was being written by another - // transaction because getting the last used timestamp might lead to a data - // race in that case. TODO(crbug.com/713354). - - // For stale entries, record how many freshness periods have elapsed since - // the entry was last used. - DCHECK(!stale_entry_freshness_.is_zero()); - base::TimeDelta time_since_use = base::Time::Now() - open_entry_last_used_; - freshness_periods_since_last_used = - (time_since_use * 1000) / stale_entry_freshness_; - - if (validation_request) { - int64_t age_in_freshness_periods = - (stale_entry_age_ * 100) / stale_entry_freshness_; - if (cache_entry_status_ == CacheEntryStatus::ENTRY_VALIDATED) { - UMA_HISTOGRAM_COUNTS_1M("HttpCache.StaleEntry.Validated.Age", - stale_entry_age_.InSeconds()); - UMA_HISTOGRAM_COUNTS_1M( - "HttpCache.StaleEntry.Validated.AgeInFreshnessPeriods", - age_in_freshness_periods); - - } else { - UMA_HISTOGRAM_COUNTS_1M("HttpCache.StaleEntry.Updated.Age", - stale_entry_age_.InSeconds()); - UMA_HISTOGRAM_COUNTS_1M( - "HttpCache.StaleEntry.Updated.AgeInFreshnessPeriods", - age_in_freshness_periods); - } - } - } - std::string mime_type; HttpResponseHeaders* response_headers = GetResponseInfo()->headers.get(); if (response_headers && response_headers->GetMimeType(&mime_type)) { @@ -3528,6 +3403,10 @@ void HttpCache::Transaction::RecordHistograms() { } CACHE_STATUS_HISTOGRAMS(""); + if (validation_request) { + UMA_HISTOGRAM_ENUMERATION("HttpCache.ValidationCause", validation_cause_, + VALIDATION_CAUSE_MAX); + } if (cache_entry_status_ == CacheEntryStatus::ENTRY_CANT_CONDITIONALIZE) { UMA_HISTOGRAM_ENUMERATION("HttpCache.CantConditionalizeCause", @@ -3568,17 +3447,9 @@ void HttpCache::Transaction::RecordHistograms() { TimeDelta before_send_time = send_request_since_ - first_cache_access_since_; TimeDelta after_send_time = now - send_request_since_; - int64_t before_send_percent = (total_time.ToInternalValue() == 0) - ? 0 - : before_send_time * 100 / total_time; - DCHECK_GE(before_send_percent, 0); - DCHECK_LE(before_send_percent, 100); - base::HistogramBase::Sample before_send_sample = - static_cast(before_send_percent); UMA_HISTOGRAM_TIMES("HttpCache.AccessToDone.SentRequest", total_time); UMA_HISTOGRAM_TIMES("HttpCache.BeforeSend", before_send_time); - UMA_HISTOGRAM_PERCENTAGE("HttpCache.PercentBeforeSend", before_send_sample); // TODO(gavinp): Remove or minimize these histograms, particularly the ones // below this comment after we have received initial data. @@ -3588,29 +3459,21 @@ void HttpCache::Transaction::RecordHistograms() { before_send_time); UMA_HISTOGRAM_TIMES("HttpCache.AfterSend.CantConditionalize", after_send_time); - UMA_HISTOGRAM_PERCENTAGE("HttpCache.PercentBeforeSend.CantConditionalize", - before_send_sample); break; } case CacheEntryStatus::ENTRY_NOT_IN_CACHE: { UMA_HISTOGRAM_TIMES("HttpCache.BeforeSend.NotCached", before_send_time); UMA_HISTOGRAM_TIMES("HttpCache.AfterSend.NotCached", after_send_time); - UMA_HISTOGRAM_PERCENTAGE("HttpCache.PercentBeforeSend.NotCached", - before_send_sample); break; } case CacheEntryStatus::ENTRY_VALIDATED: { UMA_HISTOGRAM_TIMES("HttpCache.BeforeSend.Validated", before_send_time); UMA_HISTOGRAM_TIMES("HttpCache.AfterSend.Validated", after_send_time); - UMA_HISTOGRAM_PERCENTAGE("HttpCache.PercentBeforeSend.Validated", - before_send_sample); break; } case CacheEntryStatus::ENTRY_UPDATED: { UMA_HISTOGRAM_TIMES("HttpCache.AfterSend.Updated", after_send_time); UMA_HISTOGRAM_TIMES("HttpCache.BeforeSend.Updated", before_send_time); - UMA_HISTOGRAM_PERCENTAGE("HttpCache.PercentBeforeSend.Updated", - before_send_sample); break; } default: diff --git a/chromium/net/http/http_cache_transaction.h b/chromium/net/http/http_cache_transaction.h index e4cc343f25f..ec14305ab56 100644 --- a/chromium/net/http/http_cache_transaction.h +++ b/chromium/net/http/http_cache_transaction.h @@ -86,25 +86,6 @@ class NET_EXPORT_PRIVATE HttpCache::Transaction : public HttpTransaction { const std::string& key() const { return cache_key_; } - // Writes |buf_len| bytes of meta-data from the provided buffer |buf|. to the - // HTTP cache entry that backs this transaction (if any). - // Returns the number of bytes actually written, or a net error code. If the - // operation cannot complete immediately, returns ERR_IO_PENDING, grabs a - // reference to the buffer (until completion), and notifies the caller using - // the provided |callback| when the operation finishes. - // - // The first time this method is called for a given transaction, previous - // meta-data will be overwritten with the provided data, and subsequent - // invocations will keep appending to the cached entry. - // - // In order to guarantee that the metadata is set to the correct entry, the - // response (or response info) must be evaluated by the caller, for instance - // to make sure that the response_time is as expected, before calling this - // method. - int WriteMetadata(IOBuffer* buf, - int buf_len, - CompletionOnceCallback callback); - HttpCache::ActiveEntry* entry() { return entry_; } // Returns the LoadState of the writer transaction of a given ActiveEntry. In @@ -278,8 +259,6 @@ class NET_EXPORT_PRIVATE HttpCache::Transaction : public HttpTransaction { STATE_TRUNCATE_CACHED_METADATA, STATE_TRUNCATE_CACHED_METADATA_COMPLETE, STATE_PARTIAL_HEADERS_RECEIVED, - STATE_CACHE_READ_METADATA, - STATE_CACHE_READ_METADATA_COMPLETE, STATE_HEADERS_PHASE_CANNOT_PROCEED, STATE_FINISH_HEADERS, STATE_FINISH_HEADERS_COMPLETE, @@ -360,8 +339,6 @@ class NET_EXPORT_PRIVATE HttpCache::Transaction : public HttpTransaction { int DoTruncateCachedMetadata(); int DoTruncateCachedMetadataComplete(int result); int DoPartialHeadersReceived(); - int DoCacheReadMetadata(); - int DoCacheReadMetadataComplete(int result); int DoHeadersPhaseCannotProceed(int result); int DoFinishHeaders(int result); int DoFinishHeadersComplete(int result); @@ -621,6 +598,10 @@ class NET_EXPORT_PRIVATE HttpCache::Transaction : public HttpTransaction { // lock. bool fail_conditionalization_for_test_; // Fail ConditionalizeRequest. scoped_refptr read_buf_; + + // Length of the buffer passed in Read(). + int read_buf_len_; + int io_buf_len_; int read_offset_; int effective_load_flags_; @@ -643,8 +624,6 @@ class NET_EXPORT_PRIVATE HttpCache::Transaction : public HttpTransaction { base::TimeTicks send_request_since_; base::TimeTicks read_headers_since_; base::Time open_entry_last_used_; - base::TimeDelta stale_entry_freshness_; - base::TimeDelta stale_entry_age_; bool cant_conditionalize_zero_freshness_from_memhint_; bool recorded_histograms_; ParallelWritingPattern parallel_writing_pattern_; @@ -675,7 +654,7 @@ class NET_EXPORT_PRIVATE HttpCache::Transaction : public HttpTransaction { // True if the Transaction is currently processing the DoLoop. bool in_do_loop_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(Transaction); }; diff --git a/chromium/net/http/http_cache_unittest.cc b/chromium/net/http/http_cache_unittest.cc index 51452135915..8d4f37b7cba 100644 --- a/chromium/net/http/http_cache_unittest.cc +++ b/chromium/net/http/http_cache_unittest.cc @@ -57,7 +57,6 @@ #include "net/log/net_log_source.h" #include "net/log/net_log_with_source.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/socket/client_socket_handle.h" #include "net/ssl/ssl_cert_request_info.h" @@ -659,7 +658,7 @@ class FakeWebSocketHandshakeStreamCreateHelper // Returns true if |entry| is not one of the log types paid attention to in this // test. Note that HTTP_CACHE_WRITE_INFO and HTTP_CACHE_*_DATA are // ignored. -bool ShouldIgnoreLogEntry(const TestNetLogEntry& entry) { +bool ShouldIgnoreLogEntry(const NetLogEntry& entry) { switch (entry.type) { case NetLogEventType::HTTP_CACHE_GET_BACKEND: case NetLogEventType::HTTP_CACHE_OPEN_OR_CREATE_ENTRY: @@ -674,21 +673,18 @@ bool ShouldIgnoreLogEntry(const TestNetLogEntry& entry) { } } -// Modifies |entries| to only include log entries created by the cache layer and -// asserted on in these tests. -void FilterLogEntries(TestNetLogEntry::List* entries) { - base::EraseIf(*entries, ShouldIgnoreLogEntry); +// Gets the entries from |net_log| created by the cache layer and asserted on in +// these tests. +std::vector GetFilteredNetLogEntries( + const BoundTestNetLog& net_log) { + auto entries = net_log.GetEntries(); + base::EraseIf(entries, ShouldIgnoreLogEntry); + return entries; } bool LogContainsEventType(const BoundTestNetLog& log, NetLogEventType expected) { - TestNetLogEntry::List entries; - log.GetEntries(&entries); - for (size_t i = 0; i < entries.size(); i++) { - if (entries[i].type == expected) - return true; - } - return false; + return !log.GetEntriesWithType(expected).empty(); } } // namespace @@ -736,6 +732,24 @@ class HttpCacheIOCallbackTest : public HttpCacheTest { } }; +class HttpSplitCacheKeyTest : public HttpCacheTest { + public: + HttpSplitCacheKeyTest() {} + ~HttpSplitCacheKeyTest() override = default; + + std::string ComputeCacheKey(const std::string& url_string) { + GURL url(url_string); + const auto kOrigin = url::Origin::Create(url); + net::HttpRequestInfo request_info; + request_info.url = url; + request_info.method = "GET"; + request_info.network_isolation_key = + net::NetworkIsolationKey(kOrigin, kOrigin); + MockHttpCache cache; + return cache.http_cache()->GenerateCacheKeyForTest(&request_info); + } +}; + //----------------------------------------------------------------------------- // Tests. @@ -786,9 +800,7 @@ TEST_F(HttpCacheTest, SimpleGETNoDiskCache) { // Check that the NetLog was filled as expected. // (We attempted to OpenOrCreate entries, but fail). - TestNetLogEntry::List entries; - log.GetEntries(&entries); - FilterLogEntries(&entries); + auto entries = GetFilteredNetLogEntries(log); EXPECT_EQ(4u, entries.size()); EXPECT_TRUE(LogContainsBeginEvent(entries, 0, @@ -955,9 +967,7 @@ TEST_F(HttpCacheTest, SimpleGET_LoadOnlyFromCache_Hit) { log.bound(), &load_timing_info); // Check that the NetLog was filled as expected. - TestNetLogEntry::List entries; - log.GetEntries(&entries); - FilterLogEntries(&entries); + auto entries = GetFilteredNetLogEntries(log); EXPECT_EQ(6u, entries.size()); EXPECT_TRUE(LogContainsBeginEvent(entries, 0, @@ -985,8 +995,7 @@ TEST_F(HttpCacheTest, SimpleGET_LoadOnlyFromCache_Hit) { &load_timing_info); // Check that the NetLog was filled as expected. - log.GetEntries(&entries); - FilterLogEntries(&entries); + entries = GetFilteredNetLogEntries(log); EXPECT_EQ(8u, entries.size()); EXPECT_TRUE(LogContainsBeginEvent(entries, 0, @@ -1260,9 +1269,7 @@ TEST_F(HttpCacheTest, SimpleGET_LoadBypassCache) { &load_timing_info); // Check that the NetLog was filled as expected. - TestNetLogEntry::List entries; - log.GetEntries(&entries); - FilterLogEntries(&entries); + auto entries = GetFilteredNetLogEntries(log); EXPECT_EQ(8u, entries.size()); EXPECT_TRUE(LogContainsBeginEvent(entries, 0, @@ -5809,7 +5816,8 @@ TEST_F(HttpCacheTest, SimplePOST_Invalidate_205) { // with cache split by top-frame origin. TEST_F(HttpCacheTest, SimplePOST_Invalidate_205_SplitCache) { base::test::ScopedFeatureList feature_list; - feature_list.InitAndEnableFeature(net::features::kSplitCacheByTopFrameOrigin); + feature_list.InitAndEnableFeature( + net::features::kSplitCacheByNetworkIsolationKey); url::Origin origin_a = url::Origin::Create(GURL("http://a.com")); url::Origin origin_b = url::Origin::Create(GURL("http://b.com")); @@ -5818,14 +5826,14 @@ TEST_F(HttpCacheTest, SimplePOST_Invalidate_205_SplitCache) { MockTransaction transaction(kSimpleGET_Transaction); AddMockTransaction(&transaction); MockHttpRequest req1(transaction); - req1.network_isolation_key = NetworkIsolationKey(origin_a); + req1.network_isolation_key = NetworkIsolationKey(origin_a, origin_a); // Attempt to populate the cache. RunTransactionTestWithRequest(cache.http_cache(), transaction, req1, nullptr); // Same for a different origin. MockHttpRequest req1b(transaction); - req1b.network_isolation_key = NetworkIsolationKey(origin_b); + req1b.network_isolation_key = NetworkIsolationKey(origin_b, origin_b); RunTransactionTestWithRequest(cache.http_cache(), transaction, req1b, nullptr); @@ -5842,7 +5850,7 @@ TEST_F(HttpCacheTest, SimplePOST_Invalidate_205_SplitCache) { transaction.status = "HTTP/1.1 205 No Content"; MockHttpRequest req2(transaction); req2.upload_data_stream = &upload_data_stream; - req2.network_isolation_key = NetworkIsolationKey(origin_a); + req2.network_isolation_key = NetworkIsolationKey(origin_a, origin_a); RunTransactionTestWithRequest(cache.http_cache(), transaction, req2, nullptr); @@ -9597,10 +9605,89 @@ TEST_F(HttpCacheTest, UpdatesRequestResponseTimeOn304) { RemoveMockTransaction(&mock_network_response); } +TEST_F(HttpCacheTest, SplitCacheWithFrameOrigin) { + base::test::ScopedFeatureList feature_list; + feature_list.InitWithFeatures( + {net::features::kSplitCacheByNetworkIsolationKey, + net::features::kAppendFrameOriginToNetworkIsolationKey}, + {}); + + base::HistogramTester histograms; + MockHttpCache cache; + HttpResponseInfo response; + + url::Origin origin_a = url::Origin::Create(GURL("http://a.com")); + url::Origin origin_b = url::Origin::Create(GURL("http://b.com")); + url::Origin origin_data = + url::Origin::Create(GURL("data:text/html,Hello World")); + + MockHttpRequest trans_info = MockHttpRequest(kSimpleGET_Transaction); + // Request with a.com as the top frame and subframe origins. It shouldn't be + // cached. + trans_info.network_isolation_key = NetworkIsolationKey(origin_a, origin_a); + RunTransactionTestWithRequest(cache.http_cache(), kSimpleGET_Transaction, + trans_info, &response); + EXPECT_FALSE(response.was_cached); + histograms.ExpectBucketCount("HttpCache.NetworkIsolationKeyPresent", true, 1); + histograms.ExpectTotalCount("HttpCache.NetworkIsolationKeyPresent", 1); + + // The second request should be cached. + RunTransactionTestWithRequest(cache.http_cache(), kSimpleGET_Transaction, + trans_info, &response); + EXPECT_TRUE(response.was_cached); + + // Now request with b.com as the subframe origin. It shouldn't be cached. + trans_info.network_isolation_key = NetworkIsolationKey(origin_a, origin_b); + RunTransactionTestWithRequest(cache.http_cache(), kSimpleGET_Transaction, + trans_info, &response); + EXPECT_FALSE(response.was_cached); + + // The second request should be cached. + RunTransactionTestWithRequest(cache.http_cache(), kSimpleGET_Transaction, + trans_info, &response); + EXPECT_TRUE(response.was_cached); + + // a.com should still be cached. + trans_info.network_isolation_key = NetworkIsolationKey(origin_a, origin_a); + RunTransactionTestWithRequest(cache.http_cache(), kSimpleGET_Transaction, + trans_info, &response); + EXPECT_TRUE(response.was_cached); + + // Now make a request with an opaque subframe origin. It shouldn't be + // cached. + trans_info.network_isolation_key = NetworkIsolationKey(origin_a, origin_data); + EXPECT_TRUE(trans_info.network_isolation_key.ToString().empty()); + RunTransactionTestWithRequest(cache.http_cache(), kSimpleGET_Transaction, + trans_info, &response); + EXPECT_FALSE(response.was_cached); + + // On the second request, it still shouldn't be cached. + RunTransactionTestWithRequest(cache.http_cache(), kSimpleGET_Transaction, + trans_info, &response); + EXPECT_FALSE(response.was_cached); + + // Verify that a post transaction with a data stream uses a separate key. + const int64_t kUploadId = 1; // Just a dummy value. + + std::vector> element_readers; + element_readers.push_back( + std::make_unique("hello", 5)); + ElementsUploadDataStream upload_data_stream(std::move(element_readers), + kUploadId); + + MockHttpRequest post_info = MockHttpRequest(kSimplePOST_Transaction); + post_info.network_isolation_key = NetworkIsolationKey(origin_a, origin_a); + post_info.upload_data_stream = &upload_data_stream; + + RunTransactionTestWithRequest(cache.http_cache(), kSimplePOST_Transaction, + post_info, &response); + EXPECT_FALSE(response.was_cached); +} TEST_F(HttpCacheTest, SplitCache) { base::test::ScopedFeatureList feature_list; - feature_list.InitAndEnableFeature(net::features::kSplitCacheByTopFrameOrigin); + feature_list.InitAndEnableFeature( + net::features::kSplitCacheByNetworkIsolationKey); base::HistogramTester histograms; MockHttpCache cache; @@ -9616,7 +9703,8 @@ TEST_F(HttpCacheTest, SplitCache) { RunTransactionTestWithRequest(cache.http_cache(), kSimpleGET_Transaction, trans_info, &response); EXPECT_FALSE(response.was_cached); - histograms.ExpectUniqueSample("HttpCache.TopFrameOriginPresent", false, 1); + histograms.ExpectUniqueSample("HttpCache.NetworkIsolationKeyPresent", false, + 1); RunTransactionTestWithRequest(cache.http_cache(), kSimpleGET_Transaction, trans_info, &response); @@ -9624,12 +9712,12 @@ TEST_F(HttpCacheTest, SplitCache) { // Now request with a.com as the top frame origin. It shouldn't be cached // since the cached resource has a different top frame origin. - trans_info.network_isolation_key = NetworkIsolationKey(origin_a); + trans_info.network_isolation_key = NetworkIsolationKey(origin_a, origin_a); RunTransactionTestWithRequest(cache.http_cache(), kSimpleGET_Transaction, trans_info, &response); EXPECT_FALSE(response.was_cached); - histograms.ExpectBucketCount("HttpCache.TopFrameOriginPresent", true, 1); - histograms.ExpectTotalCount("HttpCache.TopFrameOriginPresent", 3); + histograms.ExpectBucketCount("HttpCache.NetworkIsolationKeyPresent", true, 1); + histograms.ExpectTotalCount("HttpCache.NetworkIsolationKeyPresent", 3); // The second request should be cached. RunTransactionTestWithRequest(cache.http_cache(), kSimpleGET_Transaction, @@ -9637,7 +9725,7 @@ TEST_F(HttpCacheTest, SplitCache) { EXPECT_TRUE(response.was_cached); // Now request with b.com as the top frame origin. It shouldn't be cached. - trans_info.network_isolation_key = NetworkIsolationKey(origin_b); + trans_info.network_isolation_key = NetworkIsolationKey(origin_b, origin_b); RunTransactionTestWithRequest(cache.http_cache(), kSimpleGET_Transaction, trans_info, &response); EXPECT_FALSE(response.was_cached); @@ -9648,14 +9736,15 @@ TEST_F(HttpCacheTest, SplitCache) { EXPECT_TRUE(response.was_cached); // a.com should still be cached. - trans_info.network_isolation_key = NetworkIsolationKey(origin_a); + trans_info.network_isolation_key = NetworkIsolationKey(origin_a, origin_b); RunTransactionTestWithRequest(cache.http_cache(), kSimpleGET_Transaction, trans_info, &response); EXPECT_TRUE(response.was_cached); // Now make a request with an opaque top frame origin. It shouldn't be // cached. - trans_info.network_isolation_key = NetworkIsolationKey(origin_data); + trans_info.network_isolation_key = + NetworkIsolationKey(origin_data, origin_data); EXPECT_TRUE(trans_info.network_isolation_key.ToString().empty()); RunTransactionTestWithRequest(cache.http_cache(), kSimpleGET_Transaction, trans_info, &response); @@ -9676,7 +9765,7 @@ TEST_F(HttpCacheTest, SplitCache) { kUploadId); MockHttpRequest post_info = MockHttpRequest(kSimplePOST_Transaction); - post_info.network_isolation_key = NetworkIsolationKey(origin_a); + post_info.network_isolation_key = NetworkIsolationKey(origin_a, origin_a); post_info.upload_data_stream = &upload_data_stream; RunTransactionTestWithRequest(cache.http_cache(), kSimplePOST_Transaction, @@ -9687,7 +9776,7 @@ TEST_F(HttpCacheTest, SplitCache) { TEST_F(HttpCacheTest, NonSplitCache) { base::test::ScopedFeatureList feature_list; feature_list.InitAndDisableFeature( - net::features::kSplitCacheByTopFrameOrigin); + net::features::kSplitCacheByNetworkIsolationKey); base::HistogramTester histograms; MockHttpCache cache; @@ -9706,176 +9795,13 @@ TEST_F(HttpCacheTest, NonSplitCache) { // Now request with a.com as the top frame origin. It should use the same // cached object. - trans_info.network_isolation_key = - NetworkIsolationKey(url::Origin::Create(GURL("http://a.com/"))); + const auto kOriginA = url::Origin::Create(GURL("http://a.com/")); + trans_info.network_isolation_key = NetworkIsolationKey(kOriginA, kOriginA); RunTransactionTestWithRequest(cache.http_cache(), kSimpleGET_Transaction, trans_info, &response); EXPECT_TRUE(response.was_cached); - histograms.ExpectBucketCount("HttpCache.TopFrameOriginPresent", true, 1); - histograms.ExpectTotalCount("HttpCache.TopFrameOriginPresent", 3); -} - -// Tests that we can write metadata to an entry. -TEST_F(HttpCacheTest, WriteMetadata_OK) { - base::test::ScopedFeatureList feature_list; - feature_list.InitAndDisableFeature(net::features::kIsolatedCodeCache); - ASSERT_FALSE(base::FeatureList::IsEnabled(net::features::kIsolatedCodeCache)); - MockHttpCache cache; - - // Write to the cache - HttpResponseInfo response; - RunTransactionTestWithResponseInfo(cache.http_cache(), kSimpleGET_Transaction, - &response); - EXPECT_TRUE(response.metadata.get() == nullptr); - - // Trivial call. - cache.http_cache()->WriteMetadata(GURL("foo"), DEFAULT_PRIORITY, Time::Now(), - nullptr, 0); - - // Write meta data to the same entry. - scoped_refptr buf = - base::MakeRefCounted(50); - memset(buf->data(), 0, buf->size()); - base::strlcpy(buf->data(), "Hi there", buf->size()); - cache.http_cache()->WriteMetadata(GURL(kSimpleGET_Transaction.url), - DEFAULT_PRIORITY, response.response_time, - buf.get(), buf->size()); - - // Release the buffer before the operation takes place. - buf = nullptr; - - // Makes sure we finish pending operations. - base::RunLoop().RunUntilIdle(); - - RunTransactionTestWithResponseInfo(cache.http_cache(), kSimpleGET_Transaction, - &response); - ASSERT_TRUE(response.metadata.get() != nullptr); - EXPECT_EQ(50, response.metadata->size()); - EXPECT_EQ(0, strcmp(response.metadata->data(), "Hi there")); - - EXPECT_EQ(1, cache.network_layer()->transaction_count()); - EXPECT_EQ(2, cache.disk_cache()->open_count()); - EXPECT_EQ(1, cache.disk_cache()->create_count()); -} - -// Tests that we don't read metadata when IsolatedCodeCache is enabled. -TEST_F(HttpCacheTest, ReadMetadata_IsolatedCache) { - base::test::ScopedFeatureList feature_list; - feature_list.InitAndEnableFeature(net::features::kIsolatedCodeCache); - ASSERT_TRUE(base::FeatureList::IsEnabled(net::features::kIsolatedCodeCache)); - MockHttpCache cache; - - // Write to the cache - HttpResponseInfo response; - RunTransactionTestWithResponseInfo(cache.http_cache(), kSimpleGET_Transaction, - &response); - EXPECT_TRUE(response.metadata.get() == nullptr); - - // Trivial call. - cache.http_cache()->WriteMetadata(GURL("foo"), DEFAULT_PRIORITY, Time::Now(), - nullptr, 0); - - // Write meta data to the same entry. - scoped_refptr buf = - base::MakeRefCounted(50); - memset(buf->data(), 0, buf->size()); - base::strlcpy(buf->data(), "Hi there", buf->size()); - cache.http_cache()->WriteMetadata(GURL(kSimpleGET_Transaction.url), - DEFAULT_PRIORITY, response.response_time, - buf.get(), buf->size()); - - // Release the buffer before the operation takes place. - buf = nullptr; - - // Makes sure we finish pending operations. - base::RunLoop().RunUntilIdle(); - - RunTransactionTestWithResponseInfo(cache.http_cache(), kSimpleGET_Transaction, - &response); - ASSERT_TRUE(response.metadata.get() == nullptr); - - EXPECT_EQ(1, cache.network_layer()->transaction_count()); - EXPECT_EQ(2, cache.disk_cache()->open_count()); - EXPECT_EQ(1, cache.disk_cache()->create_count()); -} - -// Tests that we only write metadata to an entry if the time stamp matches. -TEST_F(HttpCacheTest, WriteMetadata_Fail) { - base::test::ScopedFeatureList feature_list; - feature_list.InitAndDisableFeature(net::features::kIsolatedCodeCache); - ASSERT_FALSE(base::FeatureList::IsEnabled(net::features::kIsolatedCodeCache)); - MockHttpCache cache; - - // Write to the cache - HttpResponseInfo response; - RunTransactionTestWithResponseInfo(cache.http_cache(), kSimpleGET_Transaction, - &response); - EXPECT_TRUE(response.metadata.get() == nullptr); - - // Attempt to write meta data to the same entry. - scoped_refptr buf = - base::MakeRefCounted(50); - memset(buf->data(), 0, buf->size()); - base::strlcpy(buf->data(), "Hi there", buf->size()); - base::Time expected_time = response.response_time - - base::TimeDelta::FromMilliseconds(20); - cache.http_cache()->WriteMetadata(GURL(kSimpleGET_Transaction.url), - DEFAULT_PRIORITY, expected_time, buf.get(), - buf->size()); - - // Makes sure we finish pending operations. - base::RunLoop().RunUntilIdle(); - - RunTransactionTestWithResponseInfo(cache.http_cache(), kSimpleGET_Transaction, - &response); - EXPECT_TRUE(response.metadata.get() == nullptr); - - EXPECT_EQ(1, cache.network_layer()->transaction_count()); - EXPECT_EQ(2, cache.disk_cache()->open_count()); - EXPECT_EQ(1, cache.disk_cache()->create_count()); -} - -// Tests that we ignore VARY checks when writing metadata since the request -// headers for the WriteMetadata transaction are made up. -TEST_F(HttpCacheTest, WriteMetadata_IgnoreVary) { - base::test::ScopedFeatureList feature_list; - feature_list.InitAndDisableFeature(net::features::kIsolatedCodeCache); - ASSERT_FALSE(base::FeatureList::IsEnabled(net::features::kIsolatedCodeCache)); - MockHttpCache cache; - - // Write to the cache - HttpResponseInfo response; - ScopedMockTransaction transaction(kSimpleGET_Transaction); - transaction.request_headers = "accept-encoding: gzip\r\n"; - transaction.response_headers = - "Vary: accept-encoding\n" - "Cache-Control: max-age=10000\n"; - - RunTransactionTestWithResponseInfo(cache.http_cache(), transaction, - &response); - EXPECT_FALSE(response.metadata); - - // Attempt to write meta data to the same entry. - scoped_refptr buf = - base::MakeRefCounted(50); - memset(buf->data(), 0, buf->size()); - base::strlcpy(buf->data(), "Hi there", buf->size()); - cache.http_cache()->WriteMetadata(GURL(transaction.url), DEFAULT_PRIORITY, - response.response_time, buf.get(), - buf->size()); - - // Makes sure we finish pending operations. - base::RunLoop().RunUntilIdle(); - - RunTransactionTestWithResponseInfo(cache.http_cache(), transaction, - &response); - ASSERT_TRUE(response.metadata); - EXPECT_EQ(50, response.metadata->size()); - EXPECT_EQ(0, strcmp(response.metadata->data(), "Hi there")); - - EXPECT_EQ(1, cache.network_layer()->transaction_count()); - EXPECT_EQ(2, cache.disk_cache()->open_count()); - EXPECT_EQ(1, cache.disk_cache()->create_count()); + histograms.ExpectBucketCount("HttpCache.NetworkIsolationKeyPresent", true, 1); + histograms.ExpectTotalCount("HttpCache.NetworkIsolationKeyPresent", 3); } TEST_F(HttpCacheTest, SkipVaryCheck) { @@ -9969,72 +9895,6 @@ TEST_F(HttpCacheTest, InvalidLoadFlagCombination) { RunTransactionTest(cache.http_cache(), transaction); } -// Tests that we can read metadata after validating the entry and with READ mode -// transactions. -TEST_F(HttpCacheTest, ReadMetadata) { - base::test::ScopedFeatureList feature_list; - feature_list.InitAndDisableFeature(net::features::kIsolatedCodeCache); - ASSERT_FALSE(base::FeatureList::IsEnabled(net::features::kIsolatedCodeCache)); - MockHttpCache cache; - - // Write to the cache - HttpResponseInfo response; - RunTransactionTestWithResponseInfo(cache.http_cache(), - kTypicalGET_Transaction, &response); - EXPECT_TRUE(response.metadata.get() == nullptr); - - // Write meta data to the same entry. - scoped_refptr buf = - base::MakeRefCounted(50); - memset(buf->data(), 0, buf->size()); - base::strlcpy(buf->data(), "Hi there", buf->size()); - cache.http_cache()->WriteMetadata(GURL(kTypicalGET_Transaction.url), - DEFAULT_PRIORITY, response.response_time, - buf.get(), buf->size()); - - // Makes sure we finish pending operations. - base::RunLoop().RunUntilIdle(); - - // Start with a READ mode transaction. - MockTransaction trans1(kTypicalGET_Transaction); - trans1.load_flags = LOAD_ONLY_FROM_CACHE | LOAD_SKIP_CACHE_VALIDATION; - - RunTransactionTestWithResponseInfo(cache.http_cache(), trans1, &response); - ASSERT_TRUE(response.metadata.get() != nullptr); - EXPECT_EQ(50, response.metadata->size()); - EXPECT_EQ(0, strcmp(response.metadata->data(), "Hi there")); - - EXPECT_EQ(1, cache.network_layer()->transaction_count()); - EXPECT_EQ(2, cache.disk_cache()->open_count()); - EXPECT_EQ(1, cache.disk_cache()->create_count()); - base::RunLoop().RunUntilIdle(); - - // Now make sure that the entry is re-validated with the server. - trans1.load_flags = LOAD_VALIDATE_CACHE; - trans1.status = "HTTP/1.1 304 Not Modified"; - AddMockTransaction(&trans1); - - response.metadata = nullptr; - RunTransactionTestWithResponseInfo(cache.http_cache(), trans1, &response); - EXPECT_TRUE(response.metadata.get() != nullptr); - - EXPECT_EQ(2, cache.network_layer()->transaction_count()); - EXPECT_EQ(3, cache.disk_cache()->open_count()); - EXPECT_EQ(1, cache.disk_cache()->create_count()); - base::RunLoop().RunUntilIdle(); - RemoveMockTransaction(&trans1); - - // Now return 200 when validating the entry so the metadata will be lost. - MockTransaction trans2(kTypicalGET_Transaction); - trans2.load_flags = LOAD_VALIDATE_CACHE; - RunTransactionTestWithResponseInfo(cache.http_cache(), trans2, &response); - EXPECT_TRUE(response.metadata.get() == nullptr); - - EXPECT_EQ(3, cache.network_layer()->transaction_count()); - EXPECT_EQ(4, cache.disk_cache()->open_count()); - EXPECT_EQ(1, cache.disk_cache()->create_count()); -} - // Tests that we don't mark entries as truncated when a filter detects the end // of the stream. TEST_F(HttpCacheTest, FilterCompletion) { @@ -11343,6 +11203,21 @@ TEST_F(HttpCacheTest, CacheEntryStatusCantConditionalize) { response_info.cache_entry_status); } +TEST_F(HttpSplitCacheKeyTest, GetResourceURLFromKey) { + base::test::ScopedFeatureList feature_list; + feature_list.InitAndEnableFeature( + net::features::kSplitCacheByNetworkIsolationKey); + MockHttpCache cache; + std::string urls[] = {"http://www.a.com/", "https://b.com/example.html", + "http://example.com/Some Path/Some Leaf?some query"}; + + for (const std::string& url : urls) { + std::string key = ComputeCacheKey(url); + EXPECT_EQ(GURL(url).spec(), + cache.http_cache()->GetResourceURLFromHttpCacheKey(key)); + } +} + class TestCompletionCallbackForHttpCache : public TestCompletionCallbackBase { public: TestCompletionCallbackForHttpCache() {} diff --git a/chromium/net/http/http_cache_writers.cc b/chromium/net/http/http_cache_writers.cc index c20d5d37936..5d8e78d22dd 100644 --- a/chromium/net/http/http_cache_writers.cc +++ b/chromium/net/http/http_cache_writers.cc @@ -50,7 +50,7 @@ HttpCache::Writers::TransactionInfo::TransactionInfo(const TransactionInfo&) = default; HttpCache::Writers::Writers(HttpCache* cache, HttpCache::ActiveEntry* entry) - : cache_(cache), entry_(entry), weak_factory_(this) {} + : cache_(cache), entry_(entry) {} HttpCache::Writers::~Writers() = default; diff --git a/chromium/net/http/http_cache_writers.h b/chromium/net/http/http_cache_writers.h index e914ab1026e..c638aeba65e 100644 --- a/chromium/net/http/http_cache_writers.h +++ b/chromium/net/http/http_cache_writers.h @@ -283,7 +283,7 @@ class NET_EXPORT_PRIVATE HttpCache::Writers { // end of DoLoop(). base::OnceClosure cache_callback_; // Callback for cache_. - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(Writers); }; diff --git a/chromium/net/http/http_log_util.cc b/chromium/net/http/http_log_util.cc index 699dd804e35..9c9bc1dbe5c 100644 --- a/chromium/net/http/http_log_util.cc +++ b/chromium/net/http/http_log_util.cc @@ -8,6 +8,9 @@ #include "base/strings/stringprintf.h" #include "net/http/http_auth_challenge_tokenizer.h" #include "net/http/http_auth_scheme.h" +#include "net/http/http_request_headers.h" +#include "net/http/http_response_headers.h" +#include "net/log/net_log_with_source.h" namespace net { @@ -41,7 +44,7 @@ std::string ElideHeaderValueForNetLog(NetLogCaptureMode capture_mode, std::string::const_iterator redact_end = value.begin(); if (redact_begin == redact_end && - !capture_mode.include_cookies_and_credentials()) { + !NetLogCaptureIncludesSensitive(capture_mode)) { if (base::EqualsCaseInsensitiveASCII(header, "set-cookie") || base::EqualsCaseInsensitiveASCII(header, "set-cookie2") || base::EqualsCaseInsensitiveASCII(header, "cookie") || @@ -70,4 +73,21 @@ std::string ElideHeaderValueForNetLog(NetLogCaptureMode capture_mode, std::string(redact_end, value.end()); } +NET_EXPORT void NetLogResponseHeaders(const NetLogWithSource& net_log, + NetLogEventType type, + const HttpResponseHeaders* headers) { + net_log.AddEvent(type, [&](NetLogCaptureMode capture_mode) { + return headers->NetLogParams(capture_mode); + }); +} + +void NetLogRequestHeaders(const NetLogWithSource& net_log, + NetLogEventType type, + const std::string& request_line, + const HttpRequestHeaders* headers) { + net_log.AddEvent(type, [&](NetLogCaptureMode capture_mode) { + return headers->NetLogParams(request_line, capture_mode); + }); +} + } // namespace net diff --git a/chromium/net/http/http_log_util.h b/chromium/net/http/http_log_util.h index 15a58f7f0b6..ca417487338 100644 --- a/chromium/net/http/http_log_util.h +++ b/chromium/net/http/http_log_util.h @@ -9,9 +9,14 @@ #include "net/base/net_export.h" #include "net/log/net_log_capture_mode.h" +#include "net/log/net_log_event_type.h" namespace net { +class NetLogWithSource; +class HttpResponseHeaders; +class HttpRequestHeaders; + // Given an HTTP header |header| with value |value|, returns the elided version // of the header value at |log_level|. NET_EXPORT_PRIVATE std::string ElideHeaderValueForNetLog( @@ -19,6 +24,15 @@ NET_EXPORT_PRIVATE std::string ElideHeaderValueForNetLog( const std::string& header, const std::string& value); +NET_EXPORT void NetLogResponseHeaders(const NetLogWithSource& net_log, + NetLogEventType type, + const HttpResponseHeaders* headers); + +NET_EXPORT void NetLogRequestHeaders(const NetLogWithSource& net_log, + NetLogEventType type, + const std::string& request_line, + const HttpRequestHeaders* headers); + } // namespace net #endif // NET_HTTP_HTTP_LOG_UTIL_H_ diff --git a/chromium/net/http/http_log_util_unittest.cc b/chromium/net/http/http_log_util_unittest.cc index 9b6ec8f8646..c4406c8afdb 100644 --- a/chromium/net/http/http_log_util_unittest.cc +++ b/chromium/net/http/http_log_util_unittest.cc @@ -11,61 +11,61 @@ namespace net { TEST(HttpLogUtilTest, ElideHeaderValueForNetLog) { // Only elide for appropriate log level. EXPECT_EQ("[10 bytes were stripped]", - ElideHeaderValueForNetLog(NetLogCaptureMode::Default(), "Cookie", + ElideHeaderValueForNetLog(NetLogCaptureMode::kDefault, "Cookie", "name=value")); - EXPECT_EQ("name=value", ElideHeaderValueForNetLog( - NetLogCaptureMode::IncludeCookiesAndCredentials(), - "Cookie", "name=value")); + EXPECT_EQ("name=value", + ElideHeaderValueForNetLog(NetLogCaptureMode::kIncludeSensitive, + "Cookie", "name=value")); // Headers are compared case insensitively. EXPECT_EQ("[10 bytes were stripped]", - ElideHeaderValueForNetLog(NetLogCaptureMode::Default(), "cOoKiE", + ElideHeaderValueForNetLog(NetLogCaptureMode::kDefault, "cOoKiE", "name=value")); // These headers should be completely elided. EXPECT_EQ("[10 bytes were stripped]", - ElideHeaderValueForNetLog(NetLogCaptureMode::Default(), - "Set-Cookie", "name=value")); + ElideHeaderValueForNetLog(NetLogCaptureMode::kDefault, "Set-Cookie", + "name=value")); EXPECT_EQ("[10 bytes were stripped]", - ElideHeaderValueForNetLog(NetLogCaptureMode::Default(), + ElideHeaderValueForNetLog(NetLogCaptureMode::kDefault, "Set-Cookie2", "name=value")); EXPECT_EQ("[10 bytes were stripped]", - ElideHeaderValueForNetLog(NetLogCaptureMode::Default(), + ElideHeaderValueForNetLog(NetLogCaptureMode::kDefault, "Authorization", "Basic 1234")); EXPECT_EQ("[10 bytes were stripped]", - ElideHeaderValueForNetLog(NetLogCaptureMode::Default(), + ElideHeaderValueForNetLog(NetLogCaptureMode::kDefault, "Proxy-Authorization", "Basic 1234")); // Unknown headers should pass through. - EXPECT_EQ("value", ElideHeaderValueForNetLog(NetLogCaptureMode::Default(), + EXPECT_EQ("value", ElideHeaderValueForNetLog(NetLogCaptureMode::kDefault, "Boring", "value")); // Basic and Digest auth challenges are public. EXPECT_EQ("Basic realm=test", - ElideHeaderValueForNetLog(NetLogCaptureMode::Default(), + ElideHeaderValueForNetLog(NetLogCaptureMode::kDefault, "WWW-Authenticate", "Basic realm=test")); EXPECT_EQ("Digest realm=test", - ElideHeaderValueForNetLog(NetLogCaptureMode::Default(), + ElideHeaderValueForNetLog(NetLogCaptureMode::kDefault, "WWW-Authenticate", "Digest realm=test")); EXPECT_EQ("Basic realm=test", ElideHeaderValueForNetLog( - NetLogCaptureMode::Default(), + NetLogCaptureMode::kDefault, "Proxy-Authenticate", "Basic realm=test")); EXPECT_EQ( "Digest realm=test", - ElideHeaderValueForNetLog(NetLogCaptureMode::Default(), + ElideHeaderValueForNetLog(NetLogCaptureMode::kDefault, "Proxy-Authenticate", "Digest realm=test")); // Multi-round mechanisms partially elided. EXPECT_EQ("NTLM [4 bytes were stripped]", - ElideHeaderValueForNetLog(NetLogCaptureMode::Default(), + ElideHeaderValueForNetLog(NetLogCaptureMode::kDefault, "WWW-Authenticate", "NTLM 1234")); EXPECT_EQ("NTLM [4 bytes were stripped]", - ElideHeaderValueForNetLog(NetLogCaptureMode::Default(), + ElideHeaderValueForNetLog(NetLogCaptureMode::kDefault, "Proxy-Authenticate", "NTLM 1234")); // Leave whitespace intact. EXPECT_EQ("NTLM [4 bytes were stripped] ", - ElideHeaderValueForNetLog(NetLogCaptureMode::Default(), + ElideHeaderValueForNetLog(NetLogCaptureMode::kDefault, "WWW-Authenticate", "NTLM 1234 ")); } diff --git a/chromium/net/http/http_negotiate_auth_system.h b/chromium/net/http/http_negotiate_auth_system.h index cf90cd66a8d..15dcc6c4425 100644 --- a/chromium/net/http/http_negotiate_auth_system.h +++ b/chromium/net/http/http_negotiate_auth_system.h @@ -13,12 +13,13 @@ namespace net { class AuthCredentials; class HttpAuthChallengeTokenizer; +class NetLogWithSource; class NET_EXPORT_PRIVATE HttpNegotiateAuthSystem { public: virtual ~HttpNegotiateAuthSystem() = default; - virtual bool Init() = 0; + virtual bool Init(const NetLogWithSource& net_log) = 0; // True if authentication needs the identity of the user from Chrome. virtual bool NeedsIdentity() const = 0; @@ -57,6 +58,7 @@ class NET_EXPORT_PRIVATE HttpNegotiateAuthSystem { const std::string& spn, const std::string& channel_bindings, std::string* auth_token, + const NetLogWithSource& net_log, CompletionOnceCallback callback) = 0; // Sets the delegation type allowed on the Kerberos ticket. This allows diff --git a/chromium/net/http/http_network_layer.cc b/chromium/net/http/http_network_layer.cc index ab48161c637..1c835fa6d75 100644 --- a/chromium/net/http/http_network_layer.cc +++ b/chromium/net/http/http_network_layer.cc @@ -24,18 +24,14 @@ HttpNetworkLayer::HttpNetworkLayer(HttpNetworkSession* session) suspended_(false) { DCHECK(session_); #if defined(OS_WIN) - base::PowerMonitor* power_monitor = base::PowerMonitor::Get(); - if (power_monitor) - power_monitor->AddObserver(this); + base::PowerMonitor::AddObserver(this); #endif } HttpNetworkLayer::~HttpNetworkLayer() { DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); #if defined(OS_WIN) - base::PowerMonitor* power_monitor = base::PowerMonitor::Get(); - if (power_monitor) - power_monitor->RemoveObserver(this); + base::PowerMonitor::RemoveObserver(this); #endif } diff --git a/chromium/net/http/http_network_session.cc b/chromium/net/http/http_network_session.cc index d3ed27d0886..93e89e46866 100644 --- a/chromium/net/http/http_network_session.cc +++ b/chromium/net/http/http_network_session.cc @@ -40,19 +40,6 @@ namespace net { -namespace { - -SSLClientSocketContext CreateClientSocketContext( - const HttpNetworkSession::Context& context, - SSLClientSessionCache* ssl_client_session_cache) { - return SSLClientSocketContext( - context.cert_verifier, context.transport_security_state, - context.cert_transparency_verifier, context.ct_policy_enforcer, - ssl_client_session_cache); -} - -} // unnamed namespace - // The maximum receive window sizes for HTTP/2 sessions and streams. const int32_t kSpdySessionMaxRecvWindowSize = 15 * 1024 * 1024; // 15 MB const int32_t kSpdyStreamMaxRecvWindowSize = 6 * 1024 * 1024; // 6 MB @@ -98,46 +85,8 @@ HttpNetworkSession::Params::Params() enable_websocket_over_http2(false), enable_quic(false), enable_quic_proxies_for_https_urls(false), - quic_max_packet_length(quic::kDefaultMaxPacketSize), - quic_max_server_configs_stored_in_properties(0u), - quic_enable_socket_recv_optimization(false), - mark_quic_broken_when_network_blackholes(false), - retry_without_alt_svc_on_quic_errors(true), - support_ietf_format_quic_altsvc(false), - quic_close_sessions_on_ip_change(false), - quic_goaway_sessions_on_ip_change(false), - quic_idle_connection_timeout_seconds(kIdleConnectionTimeoutSeconds), - quic_reduced_ping_timeout_seconds(quic::kPingTimeoutSecs), - quic_retransmittable_on_wire_timeout_milliseconds(0), - quic_max_time_before_crypto_handshake_seconds( - quic::kMaxTimeForCryptoHandshakeSecs), - quic_max_idle_time_before_crypto_handshake_seconds( - quic::kInitialIdleTimeoutSecs), - quic_migrate_sessions_on_network_change_v2(false), - quic_migrate_sessions_early_v2(false), - quic_retry_on_alternate_network_before_handshake(false), - quic_migrate_idle_sessions(false), - quic_idle_session_migration_period(base::TimeDelta::FromSeconds( - kDefaultIdleSessionMigrationPeriodSeconds)), - quic_max_time_on_non_default_network( - base::TimeDelta::FromSeconds(kMaxTimeOnNonDefaultNetworkSecs)), - quic_max_migrations_to_non_default_network_on_write_error( - kMaxMigrationsToNonDefaultNetworkOnWriteError), - quic_max_migrations_to_non_default_network_on_path_degrading( - kMaxMigrationsToNonDefaultNetworkOnPathDegrading), - quic_allow_server_migration(false), - quic_allow_remote_alt_svc(true), - quic_race_stale_dns_on_connection(false), - quic_go_away_on_path_degrading(false), - quic_disable_bidirectional_streams(false), - quic_race_cert_verification(false), - quic_estimate_initial_rtt(false), - quic_headers_include_h2_stream_dependency(false), - quic_initial_rtt_for_handshake_milliseconds(0), http_09_on_non_default_ports_enabled(false), disable_idle_sockets_close_on_memory_pressure(false) { - quic_supported_versions.push_back(quic::ParsedQuicVersion( - quic::PROTOCOL_QUIC_CRYPTO, quic::QUIC_VERSION_46)); enable_early_data = base::FeatureList::IsEnabled(features::kEnableTLS13EarlyData); } @@ -190,7 +139,11 @@ HttpNetworkSession::HttpNetworkSession(const Params& params, proxy_resolution_service_(context.proxy_resolution_service), ssl_config_service_(context.ssl_config_service), ssl_client_session_cache_(SSLClientSessionCache::Config()), - ssl_client_session_cache_privacy_mode_(SSLClientSessionCache::Config()), + ssl_client_context_(context.cert_verifier, + context.transport_security_state, + context.cert_transparency_verifier, + context.ct_policy_enforcer, + &ssl_client_session_cache_), push_delegate_(nullptr), quic_stream_factory_( context.net_log, @@ -210,42 +163,14 @@ HttpNetworkSession::HttpNetworkSession(const Params& params, : quic::QuicRandom::GetInstance(), context.quic_clock ? context.quic_clock : quic::QuicChromiumClock::GetInstance(), - params.quic_max_packet_length, - params.quic_user_agent_id, - params.quic_max_server_configs_stored_in_properties > 0, - params.quic_close_sessions_on_ip_change, - params.quic_goaway_sessions_on_ip_change, - params.mark_quic_broken_when_network_blackholes, - params.quic_idle_connection_timeout_seconds, - params.quic_reduced_ping_timeout_seconds, - params.quic_retransmittable_on_wire_timeout_milliseconds, - params.quic_max_time_before_crypto_handshake_seconds, - params.quic_max_idle_time_before_crypto_handshake_seconds, - params.quic_migrate_sessions_on_network_change_v2, - params.quic_migrate_sessions_early_v2, - params.quic_retry_on_alternate_network_before_handshake, - params.quic_migrate_idle_sessions, - params.quic_idle_session_migration_period, - params.quic_max_time_on_non_default_network, - params.quic_max_migrations_to_non_default_network_on_write_error, - params.quic_max_migrations_to_non_default_network_on_path_degrading, - params.quic_allow_server_migration, - params.quic_race_stale_dns_on_connection, - params.quic_go_away_on_path_degrading, - params.quic_race_cert_verification, - params.quic_estimate_initial_rtt, - params.quic_headers_include_h2_stream_dependency, - params.quic_connection_options, - params.quic_client_connection_options, - params.quic_enable_socket_recv_optimization, - params.quic_initial_rtt_for_handshake_milliseconds), + params.quic_params), spdy_session_pool_(context.host_resolver, context.ssl_config_service, context.http_server_properties, context.transport_security_state, - params.quic_supported_versions, + params.quic_params.supported_versions, params.enable_spdy_ping_based_connection_checking, - params.support_ietf_format_quic_altsvc, + params.quic_params.support_ietf_format_quic_altsvc, params.spdy_session_max_recv_window_size, AddDefaultHttp2Settings(params.http2_settings), params.greased_http2_frame, @@ -274,7 +199,7 @@ HttpNetworkSession::HttpNetworkSession(const Params& params, next_protos_.push_back(kProtoHTTP11); http_server_properties_->SetMaxServerConfigsStoredInProperties( - params.quic_max_server_configs_stored_in_properties); + params.quic_params.max_server_configs_stored_in_properties); if (!params_.disable_idle_sockets_close_on_memory_pressure) { memory_pressure_listener_.reset( @@ -293,14 +218,14 @@ HttpNetworkSession::~HttpNetworkSession() { void HttpNetworkSession::AddResponseDrainer( std::unique_ptr drainer) { - DCHECK(!base::ContainsKey(response_drainers_, drainer.get())); + DCHECK(!base::Contains(response_drainers_, drainer.get())); HttpResponseBodyDrainer* drainer_ptr = drainer.get(); response_drainers_[drainer_ptr] = std::move(drainer); } void HttpNetworkSession::RemoveResponseDrainer( HttpResponseBodyDrainer* drainer) { - DCHECK(base::ContainsKey(response_drainers_, drainer)); + DCHECK(base::Contains(response_drainers_, drainer)); response_drainers_[drainer].release(); response_drainers_.erase(drainer); } @@ -327,69 +252,78 @@ std::unique_ptr HttpNetworkSession::QuicInfoToValue() const { dict->SetBoolean("quic_enabled", IsQuicEnabled()); auto connection_options(std::make_unique()); - for (const auto& option : params_.quic_connection_options) + for (const auto& option : params_.quic_params.connection_options) connection_options->AppendString(quic::QuicTagToString(option)); dict->Set("connection_options", std::move(connection_options)); auto supported_versions(std::make_unique()); - for (const auto& version : params_.quic_supported_versions) + for (const auto& version : params_.quic_params.supported_versions) supported_versions->AppendString(ParsedQuicVersionToString(version)); dict->Set("supported_versions", std::move(supported_versions)); auto origins_to_force_quic_on(std::make_unique()); - for (const auto& origin : params_.origins_to_force_quic_on) + for (const auto& origin : params_.quic_params.origins_to_force_quic_on) origins_to_force_quic_on->AppendString(origin.ToString()); dict->Set("origins_to_force_quic_on", std::move(origins_to_force_quic_on)); - dict->SetInteger("max_packet_length", params_.quic_max_packet_length); + dict->SetInteger("max_packet_length", params_.quic_params.max_packet_length); dict->SetInteger("max_server_configs_stored_in_properties", - params_.quic_max_server_configs_stored_in_properties); + params_.quic_params.max_server_configs_stored_in_properties); dict->SetInteger("idle_connection_timeout_seconds", - params_.quic_idle_connection_timeout_seconds); + params_.quic_params.idle_connection_timeout.InSeconds()); dict->SetInteger("reduced_ping_timeout_seconds", - params_.quic_reduced_ping_timeout_seconds); - dict->SetBoolean("mark_quic_broken_when_network_blackholes", - params_.mark_quic_broken_when_network_blackholes); + params_.quic_params.reduced_ping_timeout.InSeconds()); + dict->SetBoolean( + "mark_quic_broken_when_network_blackholes", + params_.quic_params.mark_quic_broken_when_network_blackholes); dict->SetBoolean("retry_without_alt_svc_on_quic_errors", - params_.retry_without_alt_svc_on_quic_errors); + params_.quic_params.retry_without_alt_svc_on_quic_errors); dict->SetBoolean("race_cert_verification", - params_.quic_race_cert_verification); + params_.quic_params.race_cert_verification); dict->SetBoolean("disable_bidirectional_streams", - params_.quic_disable_bidirectional_streams); + params_.quic_params.disable_bidirectional_streams); dict->SetBoolean("close_sessions_on_ip_change", - params_.quic_close_sessions_on_ip_change); + params_.quic_params.close_sessions_on_ip_change); dict->SetBoolean("goaway_sessions_on_ip_change", - params_.quic_goaway_sessions_on_ip_change); + params_.quic_params.goaway_sessions_on_ip_change); dict->SetBoolean("migrate_sessions_on_network_change_v2", - params_.quic_migrate_sessions_on_network_change_v2); + params_.quic_params.migrate_sessions_on_network_change_v2); dict->SetBoolean("migrate_sessions_early_v2", - params_.quic_migrate_sessions_early_v2); - dict->SetInteger("retransmittable_on_wire_timeout_milliseconds", - params_.quic_retransmittable_on_wire_timeout_milliseconds); - dict->SetBoolean("retry_on_alternate_network_before_handshake", - params_.quic_retry_on_alternate_network_before_handshake); - dict->SetBoolean("migrate_idle_sessions", params_.quic_migrate_idle_sessions); - dict->SetInteger("idle_session_migration_period_seconds", - params_.quic_idle_session_migration_period.InSeconds()); - dict->SetInteger("max_time_on_non_default_network_seconds", - params_.quic_max_time_on_non_default_network.InSeconds()); + params_.quic_params.migrate_sessions_early_v2); + dict->SetInteger( + "retransmittable_on_wire_timeout_milliseconds", + params_.quic_params.retransmittable_on_wire_timeout.InMilliseconds()); + dict->SetBoolean( + "retry_on_alternate_network_before_handshake", + params_.quic_params.retry_on_alternate_network_before_handshake); + dict->SetBoolean("migrate_idle_sessions", + params_.quic_params.migrate_idle_sessions); + dict->SetInteger( + "idle_session_migration_period_seconds", + params_.quic_params.idle_session_migration_period.InSeconds()); + dict->SetInteger( + "max_time_on_non_default_network_seconds", + params_.quic_params.max_time_on_non_default_network.InSeconds()); dict->SetInteger( "max_num_migrations_to_non_default_network_on_write_error", - params_.quic_max_migrations_to_non_default_network_on_write_error); + params_.quic_params.max_migrations_to_non_default_network_on_write_error); dict->SetInteger( "max_num_migrations_to_non_default_network_on_path_degrading", - params_.quic_max_migrations_to_non_default_network_on_path_degrading); + params_.quic_params + .max_migrations_to_non_default_network_on_path_degrading); dict->SetBoolean("allow_server_migration", - params_.quic_allow_server_migration); + params_.quic_params.allow_server_migration); dict->SetBoolean("race_stale_dns_on_connection", - params_.quic_race_stale_dns_on_connection); + params_.quic_params.race_stale_dns_on_connection); dict->SetBoolean("go_away_on_path_degrading", - params_.quic_go_away_on_path_degrading); - dict->SetBoolean("estimate_initial_rtt", params_.quic_estimate_initial_rtt); + params_.quic_params.go_away_on_path_degrading); + dict->SetBoolean("estimate_initial_rtt", + params_.quic_params.estimate_initial_rtt); dict->SetBoolean("server_push_cancellation", params_.enable_server_push_cancellation); - dict->SetInteger("initial_rtt_for_handshake_milliseconds", - params_.quic_initial_rtt_for_handshake_milliseconds); + dict->SetInteger( + "initial_rtt_for_handshake_milliseconds", + params_.quic_params.initial_rtt_for_handshake.InMilliseconds()); return std::move(dict); } @@ -398,7 +332,8 @@ void HttpNetworkSession::CloseAllConnections() { normal_socket_pool_manager_->FlushSocketPoolsWithError(ERR_ABORTED); websocket_socket_pool_manager_->FlushSocketPoolsWithError(ERR_ABORTED); spdy_session_pool_.CloseCurrentSessions(ERR_ABORTED); - quic_stream_factory_.CloseAllSessions(ERR_ABORTED, quic::QUIC_INTERNAL_ERROR); + quic_stream_factory_.CloseAllSessions(ERR_ABORTED, + quic::QUIC_PEER_GOING_AWAY); } void HttpNetworkSession::CloseIdleConnections() { @@ -489,7 +424,6 @@ void HttpNetworkSession::DisableQuic() { void HttpNetworkSession::ClearSSLSessionCache() { ssl_client_session_cache_.Flush(); - ssl_client_session_cache_privacy_mode_.Flush(); } CommonConnectJobParams HttpNetworkSession::CreateCommonConnectJobParams( @@ -501,12 +435,9 @@ CommonConnectJobParams HttpNetworkSession::CreateCommonConnectJobParams( : ClientSocketFactory::GetDefaultFactory(), context_.host_resolver, &http_auth_cache_, context_.http_auth_handler_factory, &spdy_session_pool_, - ¶ms_.quic_supported_versions, &quic_stream_factory_, + ¶ms_.quic_params.supported_versions, &quic_stream_factory_, context_.proxy_delegate, context_.http_user_agent_settings, - CreateClientSocketContext(context_, &ssl_client_session_cache_), - CreateClientSocketContext(context_, - &ssl_client_session_cache_privacy_mode_), - context_.socket_performance_watcher_factory, + &ssl_client_context_, context_.socket_performance_watcher_factory, context_.network_quality_estimator, context_.net_log, for_websockets ? &websocket_endpoint_lock_manager_ : nullptr); } diff --git a/chromium/net/http/http_network_session.h b/chromium/net/http/http_network_session.h index d6caef9c3a9..1e2131fe79e 100644 --- a/chromium/net/http/http_network_session.h +++ b/chromium/net/http/http_network_session.h @@ -136,105 +136,8 @@ class NET_EXPORT HttpNetworkSession { // If true, HTTPS URLs can be sent to QUIC proxies. bool enable_quic_proxies_for_https_urls; - // QUIC runtime configuration options. - - // Versions of QUIC which may be used. - quic::ParsedQuicVersionVector quic_supported_versions; - // User agent description to send in the QUIC handshake. - std::string quic_user_agent_id; - // Limit on the size of QUIC packets. - size_t quic_max_packet_length; - // Maximum number of server configs that are to be stored in - // HttpServerProperties, instead of the disk cache. - size_t quic_max_server_configs_stored_in_properties; - // QUIC will be used for all connections in this set. - std::set origins_to_force_quic_on; - // Set of QUIC tags to send in the handshake's connection options. - quic::QuicTagVector quic_connection_options; - // Set of QUIC tags to send in the handshake's connection options that only - // affect the client. - quic::QuicTagVector quic_client_connection_options; - // Enables experimental optimization for receiving data in UDPSocket. - bool quic_enable_socket_recv_optimization; - - // Active QUIC experiments - - // Marks a QUIC server broken when a connection blackholes after the - // handshake is confirmed. - bool mark_quic_broken_when_network_blackholes; - // Retry requests which fail with QUIC_PROTOCOL_ERROR, and mark QUIC - // broken if the retry succeeds. - bool retry_without_alt_svc_on_quic_errors; - // If true, alt-svc headers advertising QUIC in IETF format will be - // supported. - bool support_ietf_format_quic_altsvc; - // If true, all QUIC sessions are closed when any local IP address changes. - bool quic_close_sessions_on_ip_change; - // If true, all QUIC sessions are marked as goaway when any local IP address - // changes. - bool quic_goaway_sessions_on_ip_change; - // Specifies QUIC idle connection state lifetime. - int quic_idle_connection_timeout_seconds; - // Specifies the reduced ping timeout subsequent connections should use when - // a connection was timed out with open streams. - int quic_reduced_ping_timeout_seconds; - // Maximum time that a session can have no retransmittable packets on the - // wire. Set to zero if not specified and no retransmittable PING will be - // sent to peer when the wire has no retransmittable packets. - int quic_retransmittable_on_wire_timeout_milliseconds; - // Maximum time the session can be alive before crypto handshake is - // finished. - int quic_max_time_before_crypto_handshake_seconds; - // Maximum idle time before the crypto handshake has completed. - int quic_max_idle_time_before_crypto_handshake_seconds; - // If true, connection migration v2 will be used to migrate existing - // sessions to network when the platform indicates that the default network - // is changing. - bool quic_migrate_sessions_on_network_change_v2; - // If true, connection migration v2 may be used to migrate active QUIC - // sessions to alternative network if current network connectivity is poor. - bool quic_migrate_sessions_early_v2; - // If true, a new connection may be kicked off on an alternate network when - // a connection fails on the default network before handshake is confirmed. - bool quic_retry_on_alternate_network_before_handshake; - // If true, an idle session will be migrated within the idle migration - // period. - bool quic_migrate_idle_sessions; - // A session can be migrated if its idle time is within this period. - base::TimeDelta quic_idle_session_migration_period; - // Maximum time the session could be on the non-default network before - // migrates back to default network. Defaults to - // kMaxTimeOnNonDefaultNetwork. - base::TimeDelta quic_max_time_on_non_default_network; - // Maximum number of migrations to the non-default network on write error - // per network for each session. - int quic_max_migrations_to_non_default_network_on_write_error; - // Maximum number of migrations to the non-default network on path - // degrading per network for each session. - int quic_max_migrations_to_non_default_network_on_path_degrading; - // If true, allows migration of QUIC connections to a server-specified - // alternate server address. - bool quic_allow_server_migration; - // If true, allows QUIC to use alternative services with a different - // hostname from the origin. - bool quic_allow_remote_alt_svc; - // If true, the quic stream factory may race connection from stale dns - // result with the original dns resolution - bool quic_race_stale_dns_on_connection; - // If true, the quic session may mark itself as GOAWAY on path degrading. - bool quic_go_away_on_path_degrading; - // If true, bidirectional streams over QUIC will be disabled. - bool quic_disable_bidirectional_streams; - // If true, race cert verification with host resolution. - bool quic_race_cert_verification; - // If true, estimate the initial RTT for QUIC connections based on network. - bool quic_estimate_initial_rtt; - // If true, client headers will include HTTP/2 stream dependency info - // derived from the request priority. - bool quic_headers_include_h2_stream_dependency; - // The initial rtt that will be used in crypto handshake if no cached - // smoothed rtt is present. - int quic_initial_rtt_for_handshake_milliseconds; + // QUIC runtime configuration options and active experiments. + QuicParams quic_params; // If non-empty, QUIC will only be spoken to hosts in this list. base::flat_set quic_host_whitelist; @@ -414,7 +317,7 @@ class NET_EXPORT HttpNetworkSession { HttpAuthCache http_auth_cache_; SSLClientAuthCache ssl_client_auth_cache_; SSLClientSessionCache ssl_client_session_cache_; - SSLClientSessionCache ssl_client_session_cache_privacy_mode_; + SSLClientContext ssl_client_context_; WebSocketEndpointLockManager websocket_endpoint_lock_manager_; std::unique_ptr normal_socket_pool_manager_; std::unique_ptr websocket_socket_pool_manager_; diff --git a/chromium/net/http/http_network_transaction.cc b/chromium/net/http/http_network_transaction.cc index 010c62a496b..9aea7f000c9 100644 --- a/chromium/net/http/http_network_transaction.cc +++ b/chromium/net/http/http_network_transaction.cc @@ -40,6 +40,7 @@ #include "net/http/http_auth_handler_factory.h" #include "net/http/http_basic_stream.h" #include "net/http/http_chunked_decoder.h" +#include "net/http/http_log_util.h" #include "net/http/http_network_session.h" #include "net/http/http_proxy_client_socket.h" #include "net/http/http_request_headers.h" @@ -399,9 +400,6 @@ int HttpNetworkTransaction::Read(IOBuffer* buf, DCHECK(proxy_info_.is_http() || proxy_info_.is_https() || proxy_info_.is_quic()); DCHECK_EQ(headers->response_code(), HTTP_PROXY_AUTHENTICATION_REQUIRED); - LOG(WARNING) << "Blocked proxy response with status " - << headers->response_code() << " to CONNECT request for " - << GetHostAndPort(url_) << "."; return ERR_TUNNEL_CONNECTION_FAILED; } @@ -1060,7 +1058,7 @@ int HttpNetworkTransaction::DoReadHeadersComplete(int result) { } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { DCHECK(stream_.get()); DCHECK(IsSecureRequest()); - response_.cert_request_info = new SSLCertRequestInfo; + response_.cert_request_info = base::MakeRefCounted(); stream_->GetSSLCertRequestInfo(response_.cert_request_info.get()); result = HandleCertificateRequest(result); if (result == OK) @@ -1108,16 +1106,9 @@ int HttpNetworkTransaction::DoReadHeadersComplete(int result) { return OK; } - // Like Net.HttpResponseCode, but only for MAIN_FRAME loads. - if (request_->load_flags & LOAD_MAIN_FRAME_DEPRECATED) { - const int response_code = response_.headers->response_code(); - UMA_HISTOGRAM_ENUMERATION( - "Net.HttpResponseCode_Nxx_MainFrame", response_code/100, 10); - } - - net_log_.AddEvent( - NetLogEventType::HTTP_TRANSACTION_READ_RESPONSE_HEADERS, - base::Bind(&HttpResponseHeaders::NetLogCallback, response_.headers)); + NetLogResponseHeaders(net_log_, + NetLogEventType::HTTP_TRANSACTION_READ_RESPONSE_HEADERS, + response_.headers.get()); if (response_headers_callback_) response_headers_callback_.Run(response_.headers); @@ -1633,11 +1624,11 @@ int HttpNetworkTransaction::HandleIOError(int error) { ResetConnectionAndRequestForResend(); error = OK; break; - case ERR_SPDY_PING_FAILED: - case ERR_SPDY_SERVER_REFUSED_STREAM: - case ERR_SPDY_PUSHED_STREAM_NOT_AVAILABLE: - case ERR_SPDY_CLAIMED_PUSHED_STREAM_RESET_BY_SERVER: - case ERR_SPDY_PUSHED_RESPONSE_DOES_NOT_MATCH: + case ERR_HTTP2_PING_FAILED: + case ERR_HTTP2_SERVER_REFUSED_STREAM: + case ERR_HTTP2_PUSHED_STREAM_NOT_AVAILABLE: + case ERR_HTTP2_CLAIMED_PUSHED_STREAM_RESET_BY_SERVER: + case ERR_HTTP2_PUSHED_RESPONSE_DOES_NOT_MATCH: case ERR_QUIC_HANDSHAKE_FAILED: if (HasExceededMaxRetries()) break; @@ -1668,7 +1659,8 @@ int HttpNetworkTransaction::HandleIOError(int error) { retry_attempts_++; ResetConnectionAndRequestForResend(); error = OK; - } else if (session_->params().retry_without_alt_svc_on_quic_errors) { + } else if (session_->params() + .quic_params.retry_without_alt_svc_on_quic_errors) { // Disable alternative services for this request and retry it. If the // retry succeeds, then the alternative service will be marked as // broken then. @@ -1853,18 +1845,14 @@ bool HttpNetworkTransaction::ContentEncodingsValid() const { request_headers_.GetHeader(HttpRequestHeaders::kAcceptEncoding, &accept_encoding); std::set allowed_encodings; - if (!HttpUtil::ParseAcceptEncoding(accept_encoding, &allowed_encodings)) { - FilterSourceStream::ReportContentDecodingFailed(SourceStream::TYPE_INVALID); + if (!HttpUtil::ParseAcceptEncoding(accept_encoding, &allowed_encodings)) return false; - } std::string content_encoding; headers->GetNormalizedHeader("Content-Encoding", &content_encoding); std::set used_encodings; - if (!HttpUtil::ParseContentEncoding(content_encoding, &used_encodings)) { - FilterSourceStream::ReportContentDecodingFailed(SourceStream::TYPE_INVALID); + if (!HttpUtil::ParseContentEncoding(content_encoding, &used_encodings)) return false; - } // When "Accept-Encoding" is not specified, it is parsed as "*". // If "*" encoding is advertised, then any encoding should be "accepted". @@ -1880,8 +1868,6 @@ bool HttpNetworkTransaction::ContentEncodingsValid() const { if (source_type == SourceStream::TYPE_UNKNOWN) continue; if (allowed_encodings.find(encoding) == allowed_encodings.end()) { - FilterSourceStream::ReportContentDecodingFailed( - SourceStream::TYPE_REJECTED); result = false; break; } diff --git a/chromium/net/http/http_network_transaction.h b/chromium/net/http/http_network_transaction.h index 86775540290..fbb7bf69337 100644 --- a/chromium/net/http/http_network_transaction.h +++ b/chromium/net/http/http_network_transaction.h @@ -422,8 +422,8 @@ class NET_EXPORT_PRIVATE HttpNetworkTransaction // Network error details for this transaction. NetErrorDetails net_error_details_; - // Number of retries made for network errors like ERR_SPDY_PING_FAILED, - // ERR_SPDY_SERVER_REFUSED_STREAM, ERR_QUIC_HANDSHAKE_FAILED and + // Number of retries made for network errors like ERR_HTTP2_PING_FAILED, + // ERR_HTTP2_SERVER_REFUSED_STREAM, ERR_QUIC_HANDSHAKE_FAILED and // ERR_QUIC_PROTOCOL_ERROR. Currently we stop after 3 tries // (including the initial request) and fail the request. // This count excludes retries on reused sockets since a well diff --git a/chromium/net/http/http_network_transaction_unittest.cc b/chromium/net/http/http_network_transaction_unittest.cc index 510b0e83524..7bd3fffca68 100644 --- a/chromium/net/http/http_network_transaction_unittest.cc +++ b/chromium/net/http/http_network_transaction_unittest.cc @@ -77,7 +77,6 @@ #include "net/log/net_log_event_type.h" #include "net/log/net_log_source.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/proxy_resolution/mock_proxy_resolver.h" #include "net/proxy_resolution/proxy_config_service_fixed.h" @@ -101,6 +100,7 @@ #include "net/spdy/spdy_test_util_common.h" #include "net/ssl/client_cert_identity_test_util.h" #include "net/ssl/ssl_cert_request_info.h" +#include "net/ssl/ssl_config.h" #include "net/ssl/ssl_config_service.h" #include "net/ssl/ssl_info.h" #include "net/ssl/ssl_private_key.h" @@ -177,17 +177,17 @@ bool IsTransportSocketPoolStalled(HttpNetworkSession* session) { // Takes in a Value created from a NetLogHttpResponseParameter, and returns // a JSONified list of headers as a single string. Uses single quotes instead -// of double quotes for easier comparison. Returns false on failure. -bool GetHeaders(base::DictionaryValue* params, std::string* headers) { - if (!params) - return false; - base::ListValue* header_list; - if (!params->GetList("headers", &header_list)) - return false; - std::string double_quote_headers; - base::JSONWriter::Write(*header_list, &double_quote_headers); - base::ReplaceChars(double_quote_headers, "\"", "'", headers); - return true; +// of double quotes for easier comparison. +std::string GetHeaders(const base::Value& params) { + if (!params.is_dict()) + return ""; + const base::Value* header_list = params.FindListKey("headers"); + if (!header_list) + return ""; + std::string headers; + base::JSONWriter::Write(*header_list, &headers); + base::ReplaceChars(headers, "\"", "'", &headers); + return headers; } // Tests LoadTimingInfo in the case a socket is reused and no PAC script is @@ -360,6 +360,11 @@ class TestSSLConfigService : public SSLConfigService { return false; } + void UpdateSSLConfigAndNotify(const SSLConfig& config) { + config_ = config; + NotifySSLConfigChange(); + } + private: SSLConfig config_; }; @@ -381,9 +386,7 @@ class HttpNetworkTransactionTest : public PlatformTest, protected: HttpNetworkTransactionTest() : WithScopedTaskEnvironment( - base::test::ScopedTaskEnvironment::MainThreadType::IO_MOCK_TIME, - base::test::ScopedTaskEnvironment::NowSource:: - MAIN_THREAD_MOCK_TIME), + base::test::ScopedTaskEnvironment::TimeSource::MOCK_TIME_AND_NOW), dummy_connect_job_params_( nullptr /* client_socket_factory */, nullptr /* host_resolver */, @@ -394,8 +397,7 @@ class HttpNetworkTransactionTest : public PlatformTest, nullptr /* quic_stream_factory */, nullptr /* proxy_delegate */, nullptr /* http_user_agent_settings */, - SSLClientSocketContext(), - SSLClientSocketContext(), + nullptr /* ssl_client_context */, nullptr /* socket_performance_watcher_factory */, nullptr /* network_quality_estimator */, nullptr /* net_log */, @@ -511,8 +513,7 @@ class HttpNetworkTransactionTest : public PlatformTest, rv = ReadTransaction(&trans, &out.response_data); EXPECT_THAT(rv, IsOk()); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); size_t pos = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::HTTP_TRANSACTION_SEND_REQUEST_HEADERS, NetLogEventPhase::NONE); @@ -520,9 +521,8 @@ class HttpNetworkTransactionTest : public PlatformTest, entries, pos, NetLogEventType::HTTP_TRANSACTION_READ_RESPONSE_HEADERS, NetLogEventPhase::NONE); - std::string line; - EXPECT_TRUE(entries[pos].GetStringValue("line", &line)); - EXPECT_EQ("GET / HTTP/1.1\r\n", line); + EXPECT_EQ("GET / HTTP/1.1\r\n", + GetStringValueFromParams(entries[pos], "line")); HttpRequestHeaders request_headers; EXPECT_TRUE(trans.GetFullRequestHeaders(&request_headers)); @@ -532,10 +532,8 @@ class HttpNetworkTransactionTest : public PlatformTest, EXPECT_TRUE(request_headers.GetHeader("Connection", &value)); EXPECT_EQ("keep-alive", value); - std::string response_headers; - EXPECT_TRUE(GetHeaders(entries[pos].params.get(), &response_headers)); EXPECT_EQ("['Host: www.example.org','Connection: keep-alive']", - response_headers); + GetHeaders(entries[pos].params)); out.total_received_bytes = trans.GetTotalReceivedBytes(); // The total number of sent bytes should not have changed. @@ -808,6 +806,9 @@ bool CheckNTLMProxyAuth( } // namespace +// TODO(950069): Add testing for frame_origin in NetworkIsolationKey +// using kAppendInitiatingFrameOriginToNetworkIsolationKey. + TEST_F(HttpNetworkTransactionTest, Basic) { std::unique_ptr session(CreateSession(&session_deps_)); HttpNetworkTransaction trans(DEFAULT_PRIORITY, session.get()); @@ -1884,7 +1885,7 @@ void HttpNetworkTransactionTest::PreconnectErrorResendRequestTest( } // Test that we do not retry indefinitely when a server sends an error like -// ERR_SPDY_PING_FAILED, ERR_SPDY_SERVER_REFUSED_STREAM, +// ERR_HTTP2_PING_FAILED, ERR_HTTP2_SERVER_REFUSED_STREAM, // ERR_QUIC_HANDSHAKE_FAILED or ERR_QUIC_PROTOCOL_ERROR. TEST_F(HttpNetworkTransactionTest, FiniteRetriesOnIOError) { HttpRequestInfo request; @@ -1923,7 +1924,7 @@ TEST_F(HttpNetworkTransactionTest, FiniteRetriesOnIOError) { EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); rv = callback.WaitForResult(); - EXPECT_THAT(rv, IsError(ERR_SPDY_SERVER_REFUSED_STREAM)); + EXPECT_THAT(rv, IsError(ERR_HTTP2_SERVER_REFUSED_STREAM)); } TEST_F(HttpNetworkTransactionTest, RetryTwiceOnIOError) { @@ -3361,8 +3362,7 @@ TEST_F(HttpNetworkTransactionTest, BasicAuthProxyNoKeepAliveHttp10) { rv = callback1.WaitForResult(); EXPECT_THAT(rv, IsOk()); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); size_t pos = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::HTTP_TRANSACTION_SEND_TUNNEL_HEADERS, NetLogEventPhase::NONE); @@ -3486,8 +3486,7 @@ TEST_F(HttpNetworkTransactionTest, BasicAuthProxyNoKeepAliveHttp11) { rv = callback1.WaitForResult(); EXPECT_THAT(rv, IsOk()); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); size_t pos = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::HTTP_TRANSACTION_SEND_TUNNEL_HEADERS, NetLogEventPhase::NONE); @@ -3609,8 +3608,7 @@ TEST_F(HttpNetworkTransactionTest, BasicAuthProxyKeepAliveHttp10) { int rv = trans.Start(&request, callback1.callback(), log.bound()); EXPECT_THAT(callback1.GetResult(rv), IsOk()); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); size_t pos = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::HTTP_TRANSACTION_SEND_TUNNEL_HEADERS, NetLogEventPhase::NONE); @@ -3720,8 +3718,7 @@ TEST_F(HttpNetworkTransactionTest, BasicAuthProxyKeepAliveHttp11) { int rv = trans.Start(&request, callback1.callback(), log.bound()); EXPECT_THAT(callback1.GetResult(rv), IsOk()); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); size_t pos = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::HTTP_TRANSACTION_SEND_TUNNEL_HEADERS, NetLogEventPhase::NONE); @@ -3846,8 +3843,7 @@ TEST_F(HttpNetworkTransactionTest, BasicAuthProxyKeepAliveExtraData) { int rv = trans->Start(&request, callback1.callback(), log.bound()); EXPECT_THAT(callback1.GetResult(rv), IsOk()); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); size_t pos = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::HTTP_TRANSACTION_SEND_TUNNEL_HEADERS, NetLogEventPhase::NONE); @@ -4197,8 +4193,7 @@ TEST_F(HttpNetworkTransactionTest, HttpsServerRequestsProxyAuthThroughProxy) { rv = callback1.WaitForResult(); EXPECT_THAT(rv, IsError(ERR_UNEXPECTED_PROXY_AUTH)); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); size_t pos = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::HTTP_TRANSACTION_SEND_TUNNEL_HEADERS, NetLogEventPhase::NONE); @@ -9969,8 +9964,7 @@ TEST_F(HttpNetworkTransactionTest, BasicAuthSpdyProxy) { rv = callback1.WaitForResult(); EXPECT_THAT(rv, IsOk()); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); size_t pos = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::HTTP_TRANSACTION_SEND_TUNNEL_HEADERS, NetLogEventPhase::NONE); @@ -12191,7 +12185,7 @@ TEST_F(HttpNetworkTransactionTest, ClearAlternativeServices) { base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1); http_server_properties->SetQuicAlternativeService( test_server, alternative_service, expiration, - session->params().quic_supported_versions); + session->params().quic_params.supported_versions); EXPECT_EQ( 1u, http_server_properties->GetAlternativeServiceInfos(test_server).size()); @@ -12344,7 +12338,7 @@ TEST_F(HttpNetworkTransactionTest, IdentifyQuicBroken) { base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1); http_server_properties->SetQuicAlternativeService( server, alternative_service, expiration, - HttpNetworkSession::Params().quic_supported_versions); + HttpNetworkSession::Params().quic_params.supported_versions); // Mark the QUIC alternative service as broken. http_server_properties->MarkAlternativeServiceBroken(alternative_service); @@ -12409,12 +12403,12 @@ TEST_F(HttpNetworkTransactionTest, IdentifyQuicNotBroken) { alternative_service_info_vector.push_back( AlternativeServiceInfo::CreateQuicAlternativeServiceInfo( alternative_service1, expiration, - session->params().quic_supported_versions)); + session->params().quic_params.supported_versions)); AlternativeService alternative_service2(kProtoQUIC, alternative2); alternative_service_info_vector.push_back( AlternativeServiceInfo::CreateQuicAlternativeServiceInfo( alternative_service2, expiration, - session->params().quic_supported_versions)); + session->params().quic_params.supported_versions)); http_server_properties->SetAlternativeServices( server, alternative_service_info_vector); @@ -14832,8 +14826,7 @@ TEST_F(HttpNetworkTransactionTest, ProxyTunnelGet) { rv = callback1.WaitForResult(); EXPECT_THAT(rv, IsOk()); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); size_t pos = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::HTTP_TRANSACTION_SEND_TUNNEL_HEADERS, NetLogEventPhase::NONE); @@ -14913,8 +14906,7 @@ TEST_F(HttpNetworkTransactionTest, ProxyTunnelGetIPv6) { rv = callback1.WaitForResult(); EXPECT_THAT(rv, IsOk()); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); size_t pos = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::HTTP_TRANSACTION_SEND_TUNNEL_HEADERS, NetLogEventPhase::NONE); @@ -14986,8 +14978,7 @@ TEST_F(HttpNetworkTransactionTest, ProxyTunnelGetHangup) { rv = callback1.WaitForResult(); EXPECT_THAT(rv, IsError(ERR_EMPTY_RESPONSE)); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); size_t pos = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::HTTP_TRANSACTION_SEND_TUNNEL_HEADERS, NetLogEventPhase::NONE); @@ -15097,7 +15088,7 @@ TEST_F(HttpNetworkTransactionTest, ClientAuthCertCache_Direct_NoFalseStart) { request_info.traffic_annotation = net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS); - scoped_refptr cert_request(new SSLCertRequestInfo()); + auto cert_request = base::MakeRefCounted(); cert_request->host_and_port = HostPortPair("www.example.com", 443); // [ssl_]data1 contains the data for the first SSL handshake. When a @@ -15202,7 +15193,7 @@ TEST_F(HttpNetworkTransactionTest, ClientAuthCertCache_Direct_FalseStart) { request_info.traffic_annotation = net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS); - scoped_refptr cert_request(new SSLCertRequestInfo()); + auto cert_request = base::MakeRefCounted(); cert_request->host_and_port = HostPortPair("www.example.com", 443); // When TLS False Start is used, SSLClientSocket::Connect() calls will @@ -15818,8 +15809,7 @@ TEST_F(HttpNetworkTransactionTest, RetryWithoutConnectionPooling) { ASSERT_THAT(ReadTransaction(&trans2, &response_data), IsOk()); EXPECT_EQ("hello!", response_data); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); ExpectLogContainsSomewhere( entries, 0, NetLogEventType::HTTP_TRANSACTION_RESTART_MISDIRECTED_REQUEST, NetLogEventPhase::NONE); @@ -20198,7 +20188,6 @@ TEST_F(HttpNetworkTransactionTest, AuthEverything) { SSLSocketDataProvider ssl_proxy1(ASYNC, ERR_SSL_CLIENT_AUTH_CERT_NEEDED); ssl_proxy1.cert_request_info = cert_request_info_proxy.get(); ssl_proxy1.expected_send_client_cert = false; - ssl_proxy1.expected_false_start_enabled = true; StaticSocketDataProvider data1; session_deps_.socket_factory->AddSocketDataProvider(&data1); session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl_proxy1); @@ -20208,8 +20197,6 @@ TEST_F(HttpNetworkTransactionTest, AuthEverything) { SSLSocketDataProvider ssl_proxy2(ASYNC, OK); ssl_proxy2.expected_send_client_cert = true; ssl_proxy2.expected_client_cert = identity_proxy->certificate(); - // Proxy connections with client certs disable False Start. - ssl_proxy2.expected_false_start_enabled = false; // The client attempts an HTTP CONNECT, but the proxy requests basic auth. std::vector mock_writes2; std::vector mock_reads2; @@ -20232,9 +20219,6 @@ TEST_F(HttpNetworkTransactionTest, AuthEverything) { // The origin requests client certificates. SSLSocketDataProvider ssl_origin2(ASYNC, ERR_SSL_CLIENT_AUTH_CERT_NEEDED); ssl_origin2.cert_request_info = cert_request_info_origin.get(); - // The origin connection is eligible for False Start, despite the proxy - // connection disabling it. - ssl_origin2.expected_false_start_enabled = true; StaticSocketDataProvider data2(mock_reads2, mock_writes2); session_deps_.socket_factory->AddSocketDataProvider(&data2); session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl_proxy2); @@ -20245,8 +20229,6 @@ TEST_F(HttpNetworkTransactionTest, AuthEverything) { SSLSocketDataProvider ssl_proxy3(ASYNC, OK); ssl_proxy3.expected_send_client_cert = true; ssl_proxy3.expected_client_cert = identity_proxy->certificate(); - // Proxy connections with client certs disable False Start. - ssl_proxy3.expected_false_start_enabled = false; std::vector mock_writes3; std::vector mock_reads3; mock_writes3.emplace_back( @@ -20259,9 +20241,6 @@ TEST_F(HttpNetworkTransactionTest, AuthEverything) { SSLSocketDataProvider ssl_origin3(ASYNC, OK); ssl_origin3.expected_send_client_cert = true; ssl_origin3.expected_client_cert = identity_origin->certificate(); - // The origin connection is eligible for False Start, despite the proxy - // connection disabling it. - ssl_origin3.expected_false_start_enabled = true; // The client sends the origin HTTP request, which results in another HTTP // auth request. mock_writes3.emplace_back( @@ -20746,10 +20725,10 @@ TEST_F(HttpNetworkTransactionTest, ClientCertSocketReuse) { // same key, the second a different one. Checks that the requests are // partitioned across sockets as expected. TEST_F(HttpNetworkTransactionTest, NetworkIsolation) { - NetworkIsolationKey network_isolation_key1( - url::Origin::Create(GURL("http://origin1/"))); - NetworkIsolationKey network_isolation_key2( - url::Origin::Create(GURL("http://origin2/"))); + const auto kOrigin1 = url::Origin::Create(GURL("http://origin1/")); + const auto kOrigin2 = url::Origin::Create(GURL("http://origin2/")); + NetworkIsolationKey network_isolation_key1(kOrigin1, kOrigin1); + NetworkIsolationKey network_isolation_key2(kOrigin2, kOrigin2); for (bool partition_connections : {false, true}) { SCOPED_TRACE(partition_connections); @@ -20894,10 +20873,10 @@ TEST_F(HttpNetworkTransactionTest, NetworkIsolation) { } TEST_F(HttpNetworkTransactionTest, NetworkIsolationH2) { - NetworkIsolationKey network_isolation_key1( - url::Origin::Create(GURL("http://origin1/"))); - NetworkIsolationKey network_isolation_key2( - url::Origin::Create(GURL("http://origin2/"))); + const auto kOrigin1 = url::Origin::Create(GURL("http://origin1/")); + const auto kOrigin2 = url::Origin::Create(GURL("http://origin2/")); + NetworkIsolationKey network_isolation_key1(kOrigin1, kOrigin1); + NetworkIsolationKey network_isolation_key2(kOrigin2, kOrigin2); // Whether to use an H2 proxy. When false, uses HTTPS H2 requests without a // proxy, when true, uses HTTP requests over an H2 proxy. It's unnecessary to @@ -21109,4 +21088,490 @@ TEST_F(HttpNetworkTransactionTest, NetworkIsolationH2) { } } +// Preconnect two sockets with different NetworkIsolationKeys when +// features::kPartitionConnectionsByNetworkIsolationKey is enabled. Then issue a +// request and make sure the correct socket is used. Loops three times, +// expecting to use the first preconnect, second preconnect, and neither. +TEST_F(HttpNetworkTransactionTest, NetworkIsolationPreconnect) { + base::test::ScopedFeatureList feature_list; + feature_list.InitAndEnableFeature( + features::kPartitionConnectionsByNetworkIsolationKey); + + enum class TestCase { + kUseFirstPreconnect, + kUseSecondPreconnect, + kDontUsePreconnect, + }; + + const auto kOrigin1 = url::Origin::Create(GURL("http://origin1/")); + const auto kOrigin2 = url::Origin::Create(GURL("http://origin2/")); + const auto kOrigin3 = url::Origin::Create(GURL("http://origin3/")); + NetworkIsolationKey preconnect1_isolation_key(kOrigin1, kOrigin1); + NetworkIsolationKey preconnect2_isolation_key(kOrigin2, kOrigin2); + NetworkIsolationKey not_preconnected_isolation_key(kOrigin3, kOrigin3); + + // Test that only preconnects with + for (TestCase test_case : + {TestCase::kUseFirstPreconnect, TestCase::kUseSecondPreconnect, + TestCase::kDontUsePreconnect}) { + SpdySessionDependencies session_deps; + // Make DNS lookups completely synchronously, so preconnects complete + // immediately. + session_deps.host_resolver->set_synchronous_mode(true); + + const MockWrite kMockWrites[] = { + MockWrite(ASYNC, 0, + "GET / HTTP/1.1\r\n" + "Host: www.foo.com\r\n" + "Connection: keep-alive\r\n\r\n"), + }; + + const MockRead kMockReads[] = { + MockRead(ASYNC, 1, + "HTTP/1.1 200 OK\r\nContent-Length: 5\r\n\r\n" + "hello"), + }; + + // Used for the socket that will actually be used, which may or may not be + // one of the preconnects + SequencedSocketData used_socket_data(MockConnect(SYNCHRONOUS, OK), + kMockReads, kMockWrites); + + // Used for the preconnects that won't actually be used. + SequencedSocketData preconnect1_data(MockConnect(SYNCHRONOUS, OK), + base::span(), + base::span()); + SequencedSocketData preconnect2_data(MockConnect(SYNCHRONOUS, OK), + base::span(), + base::span()); + + NetworkIsolationKey network_isolation_key_for_request; + + switch (test_case) { + case TestCase::kUseFirstPreconnect: + session_deps.socket_factory->AddSocketDataProvider(&used_socket_data); + session_deps.socket_factory->AddSocketDataProvider(&preconnect2_data); + network_isolation_key_for_request = preconnect1_isolation_key; + break; + case TestCase::kUseSecondPreconnect: + session_deps.socket_factory->AddSocketDataProvider(&preconnect1_data); + session_deps.socket_factory->AddSocketDataProvider(&used_socket_data); + network_isolation_key_for_request = preconnect2_isolation_key; + break; + case TestCase::kDontUsePreconnect: + session_deps.socket_factory->AddSocketDataProvider(&preconnect1_data); + session_deps.socket_factory->AddSocketDataProvider(&preconnect2_data); + session_deps.socket_factory->AddSocketDataProvider(&used_socket_data); + network_isolation_key_for_request = not_preconnected_isolation_key; + break; + } + + std::unique_ptr session(CreateSession(&session_deps)); + + // Preconnect sockets. + HttpRequestInfo request; + request.method = "GET"; + request.url = GURL("http://www.foo.com/"); + request.traffic_annotation = + net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS); + + request.network_isolation_key = preconnect1_isolation_key; + session->http_stream_factory()->PreconnectStreams(1, request); + + request.network_isolation_key = preconnect2_isolation_key; + session->http_stream_factory()->PreconnectStreams(1, request); + + request.network_isolation_key = network_isolation_key_for_request; + + EXPECT_EQ(2, GetIdleSocketCountInTransportSocketPool(session.get())); + + // Make the request. + TestCompletionCallback callback; + + HttpNetworkTransaction trans(DEFAULT_PRIORITY, session.get()); + + int rv = trans.Start(&request, callback.callback(), NetLogWithSource()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + + rv = callback.WaitForResult(); + EXPECT_THAT(rv, IsOk()); + + const HttpResponseInfo* response = trans.GetResponseInfo(); + ASSERT_TRUE(response); + ASSERT_TRUE(response->headers); + EXPECT_EQ(200, response->headers->response_code()); + + std::string response_data; + rv = ReadTransaction(&trans, &response_data); + EXPECT_THAT(rv, IsOk()); + EXPECT_EQ("hello", response_data); + + if (test_case != TestCase::kDontUsePreconnect) { + EXPECT_EQ(2, GetIdleSocketCountInTransportSocketPool(session.get())); + } else { + EXPECT_EQ(3, GetIdleSocketCountInTransportSocketPool(session.get())); + } + } +} + +// Test that the NetworkIsolationKey is passed down to SSLConfig so the session +// cache is isolated. +TEST_F(HttpNetworkTransactionTest, NetworkIsolationSSL) { + base::test::ScopedFeatureList feature_list; + feature_list.InitWithFeatures( + {features::kPartitionConnectionsByNetworkIsolationKey, + features::kPartitionSSLSessionsByNetworkIsolationKey}, + {}); + + const auto kOrigin1 = url::Origin::Create(GURL("http://origin1/")); + const auto kOrigin2 = url::Origin::Create(GURL("http://origin2/")); + const NetworkIsolationKey kNetworkIsolationKey1(kOrigin1, kOrigin1); + const NetworkIsolationKey kNetworkIsolationKey2(kOrigin2, kOrigin2); + std::unique_ptr session(CreateSession(&session_deps_)); + + // The server always sends Connection: close, so each request goes over a + // distinct socket. + + const MockWrite kWrites1[] = { + MockWrite("GET /1 HTTP/1.1\r\n" + "Host: foo.test\r\n" + "Connection: keep-alive\r\n\r\n")}; + + const MockRead kReads1[] = { + MockRead("HTTP/1.1 200 OK\r\n" + "Connection: close\r\n" + "Content-Length: 1\r\n\r\n" + "1")}; + + const MockWrite kWrites2[] = { + MockWrite("GET /2 HTTP/1.1\r\n" + "Host: foo.test\r\n" + "Connection: keep-alive\r\n\r\n")}; + + const MockRead kReads2[] = { + MockRead("HTTP/1.1 200 OK\r\n" + "Connection: close\r\n" + "Content-Length: 1\r\n\r\n" + "2")}; + + const MockWrite kWrites3[] = { + MockWrite("GET /3 HTTP/1.1\r\n" + "Host: foo.test\r\n" + "Connection: keep-alive\r\n\r\n")}; + + const MockRead kReads3[] = { + MockRead("HTTP/1.1 200 OK\r\n" + "Connection: close\r\n" + "Content-Length: 1\r\n\r\n" + "3")}; + + StaticSocketDataProvider data1(kReads1, kWrites1); + StaticSocketDataProvider data2(kReads2, kWrites2); + StaticSocketDataProvider data3(kReads3, kWrites3); + session_deps_.socket_factory->AddSocketDataProvider(&data1); + session_deps_.socket_factory->AddSocketDataProvider(&data2); + session_deps_.socket_factory->AddSocketDataProvider(&data3); + + SSLSocketDataProvider ssl_data1(ASYNC, OK); + ssl_data1.expected_host_and_port = HostPortPair("foo.test", 443); + ssl_data1.expected_network_isolation_key = kNetworkIsolationKey1; + SSLSocketDataProvider ssl_data2(ASYNC, OK); + ssl_data2.expected_host_and_port = HostPortPair("foo.test", 443); + ssl_data2.expected_network_isolation_key = kNetworkIsolationKey2; + SSLSocketDataProvider ssl_data3(ASYNC, OK); + ssl_data3.expected_host_and_port = HostPortPair("foo.test", 443); + ssl_data3.expected_network_isolation_key = kNetworkIsolationKey1; + session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl_data1); + session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl_data2); + session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl_data3); + + TestCompletionCallback callback; + HttpRequestInfo request1; + request1.method = "GET"; + request1.url = GURL("https://foo.test/1"); + request1.traffic_annotation = + net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS); + request1.network_isolation_key = kNetworkIsolationKey1; + auto trans1 = + std::make_unique(DEFAULT_PRIORITY, session.get()); + int rv = trans1->Start(&request1, callback.callback(), NetLogWithSource()); + EXPECT_THAT(callback.GetResult(rv), IsOk()); + std::string response_data1; + EXPECT_THAT(ReadTransaction(trans1.get(), &response_data1), IsOk()); + EXPECT_EQ("1", response_data1); + trans1.reset(); + + HttpRequestInfo request2; + request2.method = "GET"; + request2.url = GURL("https://foo.test/2"); + request2.traffic_annotation = + net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS); + request2.network_isolation_key = kNetworkIsolationKey2; + auto trans2 = + std::make_unique(DEFAULT_PRIORITY, session.get()); + rv = trans2->Start(&request2, callback.callback(), NetLogWithSource()); + EXPECT_THAT(callback.GetResult(rv), IsOk()); + std::string response_data2; + EXPECT_THAT(ReadTransaction(trans2.get(), &response_data2), IsOk()); + EXPECT_EQ("2", response_data2); + trans2.reset(); + + HttpRequestInfo request3; + request3.method = "GET"; + request3.url = GURL("https://foo.test/3"); + request3.traffic_annotation = + net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS); + request3.network_isolation_key = kNetworkIsolationKey1; + auto trans3 = + std::make_unique(DEFAULT_PRIORITY, session.get()); + rv = trans3->Start(&request3, callback.callback(), NetLogWithSource()); + EXPECT_THAT(callback.GetResult(rv), IsOk()); + std::string response_data3; + EXPECT_THAT(ReadTransaction(trans3.get(), &response_data3), IsOk()); + EXPECT_EQ("3", response_data3); + trans3.reset(); +} + +// Test that the NetworkIsolationKey is passed down to SSLConfig so the session +// cache is isolated, for both origins and proxies. +TEST_F(HttpNetworkTransactionTest, NetworkIsolationSSLProxy) { + base::test::ScopedFeatureList feature_list; + feature_list.InitWithFeatures( + {features::kPartitionConnectionsByNetworkIsolationKey, + features::kPartitionSSLSessionsByNetworkIsolationKey}, + {}); + + session_deps_.proxy_resolution_service = ProxyResolutionService::CreateFixed( + "https://myproxy:70", TRAFFIC_ANNOTATION_FOR_TESTS); + + const auto kOrigin1 = url::Origin::Create(GURL("http://origin1/")); + const auto kOrigin2 = url::Origin::Create(GURL("http://origin2/")); + const NetworkIsolationKey kNetworkIsolationKey1(kOrigin1, kOrigin1); + const NetworkIsolationKey kNetworkIsolationKey2(kOrigin2, kOrigin2); + std::unique_ptr session(CreateSession(&session_deps_)); + + // Make both a tunneled and non-tunneled request. + HttpRequestInfo request1; + request1.method = "GET"; + request1.url = GURL("https://foo.test/1"); + request1.traffic_annotation = + net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS); + request1.network_isolation_key = kNetworkIsolationKey1; + + HttpRequestInfo request2; + request2.method = "GET"; + request2.url = GURL("http://foo.test/2"); + request2.traffic_annotation = + net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS); + request2.network_isolation_key = kNetworkIsolationKey2; + + const MockWrite kWrites1[] = { + MockWrite("CONNECT foo.test:443 HTTP/1.1\r\n" + "Host: foo.test:443\r\n" + "Proxy-Connection: keep-alive\r\n\r\n"), + MockWrite("GET /1 HTTP/1.1\r\n" + "Host: foo.test\r\n" + "Connection: keep-alive\r\n\r\n")}; + + const MockRead kReads1[] = { + MockRead("HTTP/1.1 200 Connection Established\r\n\r\n"), + MockRead("HTTP/1.1 200 OK\r\n" + "Connection: close\r\n" + "Content-Length: 1\r\n\r\n" + "1")}; + + const MockWrite kWrites2[] = { + MockWrite("GET http://foo.test/2 HTTP/1.1\r\n" + "Host: foo.test\r\n" + "Proxy-Connection: keep-alive\r\n\r\n")}; + + const MockRead kReads2[] = { + MockRead("HTTP/1.1 200 OK\r\n" + "Connection: close\r\n" + "Content-Length: 1\r\n\r\n" + "2")}; + + StaticSocketDataProvider data1(kReads1, kWrites1); + StaticSocketDataProvider data2(kReads2, kWrites2); + session_deps_.socket_factory->AddSocketDataProvider(&data1); + session_deps_.socket_factory->AddSocketDataProvider(&data2); + session_deps_.socket_factory->AddSocketDataProvider(&data2); + + SSLSocketDataProvider ssl_proxy1(ASYNC, OK); + ssl_proxy1.expected_host_and_port = HostPortPair("myproxy", 70); + ssl_proxy1.expected_network_isolation_key = kNetworkIsolationKey1; + SSLSocketDataProvider ssl_origin1(ASYNC, OK); + ssl_origin1.expected_host_and_port = HostPortPair("foo.test", 443); + ssl_origin1.expected_network_isolation_key = kNetworkIsolationKey1; + SSLSocketDataProvider ssl_proxy2(ASYNC, OK); + ssl_proxy2.expected_host_and_port = HostPortPair("myproxy", 70); + ssl_proxy2.expected_network_isolation_key = kNetworkIsolationKey2; + session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl_proxy1); + session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl_origin1); + session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl_proxy2); + + TestCompletionCallback callback; + auto trans1 = + std::make_unique(DEFAULT_PRIORITY, session.get()); + int rv = trans1->Start(&request1, callback.callback(), NetLogWithSource()); + EXPECT_THAT(callback.GetResult(rv), IsOk()); + std::string response_data1; + EXPECT_THAT(ReadTransaction(trans1.get(), &response_data1), IsOk()); + EXPECT_EQ("1", response_data1); + trans1.reset(); + + auto trans2 = + std::make_unique(DEFAULT_PRIORITY, session.get()); + rv = trans2->Start(&request2, callback.callback(), NetLogWithSource()); + EXPECT_THAT(callback.GetResult(rv), IsOk()); + std::string response_data2; + EXPECT_THAT(ReadTransaction(trans2.get(), &response_data2), IsOk()); + EXPECT_EQ("2", response_data2); + trans2.reset(); +} + +// Test that SSLConfig changes from SSLConfigService are picked up even when +// there are live sockets. +TEST_F(HttpNetworkTransactionTest, SSLConfigChanged) { + SSLConfig ssl_config; + ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1_3; + auto ssl_config_service = std::make_unique(ssl_config); + TestSSLConfigService* ssl_config_service_raw = ssl_config_service.get(); + + session_deps_.ssl_config_service = std::move(ssl_config_service); + + // Make three requests. Between the second and third, the SSL config will + // change. + HttpRequestInfo request1; + request1.method = "GET"; + request1.url = GURL("https://foo.test/1"); + request1.traffic_annotation = + net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS); + + HttpRequestInfo request2; + request2.method = "GET"; + request2.url = GURL("https://foo.test/2"); + request2.traffic_annotation = + net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS); + + HttpRequestInfo request3; + request3.method = "GET"; + request3.url = GURL("https://foo.test/3"); + request3.traffic_annotation = + net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS); + + const MockWrite kWrites1[] = { + MockWrite("GET /1 HTTP/1.1\r\n" + "Host: foo.test\r\n" + "Connection: keep-alive\r\n\r\n"), + MockWrite("GET /2 HTTP/1.1\r\n" + "Host: foo.test\r\n" + "Connection: keep-alive\r\n\r\n"), + }; + + const MockRead kReads1[] = { + MockRead("HTTP/1.1 200 OK\r\n" + "Connection: keep-alive\r\n" + "Content-Length: 1\r\n\r\n" + "1"), + MockRead("HTTP/1.1 200 OK\r\n" + "Connection: keep-alive\r\n" + "Content-Length: 1\r\n\r\n" + "2"), + }; + + // The third request goes on a different socket because the SSL config has + // changed. + const MockWrite kWrites2[] = { + MockWrite("GET /3 HTTP/1.1\r\n" + "Host: foo.test\r\n" + "Connection: keep-alive\r\n\r\n")}; + + const MockRead kReads2[] = { + MockRead("HTTP/1.1 200 OK\r\n" + "Connection: keep-alive\r\n" + "Content-Length: 1\r\n\r\n" + "3")}; + + StaticSocketDataProvider data1(kReads1, kWrites1); + StaticSocketDataProvider data2(kReads2, kWrites2); + session_deps_.socket_factory->AddSocketDataProvider(&data1); + session_deps_.socket_factory->AddSocketDataProvider(&data2); + + SSLSocketDataProvider ssl1(ASYNC, OK); + ssl1.expected_ssl_version_max = SSL_PROTOCOL_VERSION_TLS1_3; + SSLSocketDataProvider ssl2(ASYNC, OK); + ssl2.expected_ssl_version_max = SSL_PROTOCOL_VERSION_TLS1_2; + session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl1); + session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl2); + + std::unique_ptr session = CreateSession(&session_deps_); + + TestCompletionCallback callback; + auto trans1 = + std::make_unique(DEFAULT_PRIORITY, session.get()); + int rv = trans1->Start(&request1, callback.callback(), NetLogWithSource()); + EXPECT_THAT(callback.GetResult(rv), IsOk()); + std::string response_data1; + EXPECT_THAT(ReadTransaction(trans1.get(), &response_data1), IsOk()); + EXPECT_EQ("1", response_data1); + trans1.reset(); + + auto trans2 = + std::make_unique(DEFAULT_PRIORITY, session.get()); + rv = trans2->Start(&request2, callback.callback(), NetLogWithSource()); + EXPECT_THAT(callback.GetResult(rv), IsOk()); + std::string response_data2; + EXPECT_THAT(ReadTransaction(trans2.get(), &response_data2), IsOk()); + EXPECT_EQ("2", response_data2); + trans2.reset(); + + ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2; + ssl_config_service_raw->UpdateSSLConfigAndNotify(ssl_config); + + auto trans3 = + std::make_unique(DEFAULT_PRIORITY, session.get()); + rv = trans3->Start(&request3, callback.callback(), NetLogWithSource()); + EXPECT_THAT(callback.GetResult(rv), IsOk()); + std::string response_data3; + EXPECT_THAT(ReadTransaction(trans3.get(), &response_data3), IsOk()); + EXPECT_EQ("3", response_data3); + trans3.reset(); +} + +TEST_F(HttpNetworkTransactionTest, SSLConfigChangedPendingConnect) { + SSLConfig ssl_config; + ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1_3; + auto ssl_config_service = std::make_unique(ssl_config); + TestSSLConfigService* ssl_config_service_raw = ssl_config_service.get(); + + session_deps_.ssl_config_service = std::move(ssl_config_service); + + HttpRequestInfo request; + request.method = "GET"; + request.url = GURL("https://foo.test/1"); + request.traffic_annotation = + net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS); + + // Make a socket which never connects. + StaticSocketDataProvider data({}, {}); + session_deps_.socket_factory->AddSocketDataProvider(&data); + SSLSocketDataProvider ssl_data(SYNCHRONOUS, ERR_IO_PENDING); + ssl_data.expected_ssl_version_max = SSL_PROTOCOL_VERSION_TLS1_3; + session_deps_.socket_factory->AddSSLSocketDataProvider(&ssl_data); + + std::unique_ptr session = CreateSession(&session_deps_); + + TestCompletionCallback callback; + auto trans = + std::make_unique(DEFAULT_PRIORITY, session.get()); + int rv = trans->Start(&request, callback.callback(), NetLogWithSource()); + EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); + + ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1_2; + ssl_config_service_raw->UpdateSSLConfigAndNotify(ssl_config); + + EXPECT_THAT(callback.GetResult(rv), IsError(ERR_NETWORK_CHANGED)); +} + } // namespace net diff --git a/chromium/net/http/http_proxy_client_socket.cc b/chromium/net/http/http_proxy_client_socket.cc index 46ff67800a2..f9ebee2a584 100644 --- a/chromium/net/http/http_proxy_client_socket.cc +++ b/chromium/net/http/http_proxy_client_socket.cc @@ -16,6 +16,7 @@ #include "net/base/io_buffer.h" #include "net/base/proxy_delegate.h" #include "net/http/http_basic_stream.h" +#include "net/http/http_log_util.h" #include "net/http/http_network_session.h" #include "net/http/http_request_info.h" #include "net/http/http_response_headers.h" @@ -394,10 +395,9 @@ int HttpProxyClientSocket::DoSendRequest() { BuildTunnelRequest(endpoint_, extra_headers, user_agent, &request_line_, &request_headers_); - net_log_.AddEvent( - NetLogEventType::HTTP_TRANSACTION_SEND_TUNNEL_HEADERS, - base::Bind(&HttpRequestHeaders::NetLogCallback, - base::Unretained(&request_headers_), &request_line_)); + NetLogRequestHeaders(net_log_, + NetLogEventType::HTTP_TRANSACTION_SEND_TUNNEL_HEADERS, + request_line_, &request_headers_); } parser_buf_ = base::MakeRefCounted(); @@ -429,9 +429,9 @@ int HttpProxyClientSocket::DoReadHeadersComplete(int result) { if (response_.headers->GetHttpVersion() < HttpVersion(1, 0)) return ERR_TUNNEL_CONNECTION_FAILED; - net_log_.AddEvent( - NetLogEventType::HTTP_TRANSACTION_READ_TUNNEL_RESPONSE_HEADERS, - base::Bind(&HttpResponseHeaders::NetLogCallback, response_.headers)); + NetLogResponseHeaders( + net_log_, NetLogEventType::HTTP_TRANSACTION_READ_TUNNEL_RESPONSE_HEADERS, + response_.headers.get()); if (proxy_delegate_) { int rv = proxy_delegate_->OnHttp1TunnelHeadersReceived(proxy_server_, diff --git a/chromium/net/http/http_proxy_client_socket_fuzzer.cc b/chromium/net/http/http_proxy_client_socket_fuzzer.cc index 57a50f6bc47..45c36ccabf2 100644 --- a/chromium/net/http/http_proxy_client_socket_fuzzer.cc +++ b/chromium/net/http/http_proxy_client_socket_fuzzer.cc @@ -12,7 +12,6 @@ #include "base/logging.h" #include "base/strings/utf_string_conversions.h" -#include "base/test/fuzzed_data_provider.h" #include "net/base/address_list.h" #include "net/base/auth.h" #include "net/base/host_port_pair.h" @@ -26,6 +25,7 @@ #include "net/socket/fuzzed_socket.h" #include "net/socket/next_proto.h" #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" // Fuzzer for HttpProxyClientSocket only tests establishing a connection when // using the proxy as a tunnel. @@ -36,7 +36,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { // Use a test NetLog, to exercise logging code. net::TestNetLog test_net_log; - base::FuzzedDataProvider data_provider(data, size); + FuzzedDataProvider data_provider(data, size); net::TestCompletionCallback callback; std::unique_ptr fuzzed_socket( diff --git a/chromium/net/http/http_proxy_connect_job.cc b/chromium/net/http/http_proxy_connect_job.cc index d4886569c47..a9fbbdc38fd 100644 --- a/chromium/net/http/http_proxy_connect_job.cc +++ b/chromium/net/http/http_proxy_connect_job.cc @@ -188,8 +188,7 @@ HttpProxyConnectJob::HttpProxyConnectJob( common_connect_job_params->http_auth_cache, common_connect_job_params->http_auth_handler_factory, host_resolver()) - : nullptr), - weak_ptr_factory_(this) {} + : nullptr) {} HttpProxyConnectJob::~HttpProxyConnectJob() {} @@ -662,8 +661,8 @@ int HttpProxyConnectJob::DoQuicProxyCreateSession() { quic::ParsedQuicVersion quic_version = common_connect_job_params()->quic_supported_versions->front(); return quic_stream_request_->Request( - proxy_server, quic_version.transport_version, ssl_params->privacy_mode(), - kH2QuicTunnelPriority, socket_tag(), + proxy_server, quic_version, ssl_params->privacy_mode(), + kH2QuicTunnelPriority, socket_tag(), params_->network_isolation_key(), ssl_params->ssl_config().GetCertVerifyFlags(), GURL("https://" + proxy_server.ToString()), net_log(), &quic_net_error_details_, diff --git a/chromium/net/http/http_proxy_connect_job.h b/chromium/net/http/http_proxy_connect_job.h index ef12a1e31a8..7a7b9677f55 100644 --- a/chromium/net/http/http_proxy_connect_job.h +++ b/chromium/net/http/http_proxy_connect_job.h @@ -239,7 +239,7 @@ class NET_EXPORT_PRIVATE HttpProxyConnectJob : public ConnectJob, // Time when the connection to the proxy was started. base::TimeTicks connect_start_time_; - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(HttpProxyConnectJob); }; diff --git a/chromium/net/http/http_proxy_connect_job_unittest.cc b/chromium/net/http/http_proxy_connect_job_unittest.cc index f555b9f1ca9..8ddd8e2f422 100644 --- a/chromium/net/http/http_proxy_connect_job_unittest.cc +++ b/chromium/net/http/http_proxy_connect_job_unittest.cc @@ -57,14 +57,8 @@ class HttpProxyConnectJobTest : public ::testing::TestWithParam, protected: HttpProxyConnectJobTest() : WithScopedTaskEnvironment( - base::test::ScopedTaskEnvironment::MainThreadType::MOCK_TIME, - base::test::ScopedTaskEnvironment::NowSource:: - MAIN_THREAD_MOCK_TIME), + base::test::ScopedTaskEnvironment::TimeSource::MOCK_TIME_AND_NOW), field_trial_list_(nullptr) { - // Set an initial delay to ensure that calls to TimeTicks::Now() do not - // return a null value. - FastForwardBy(base::TimeDelta::FromSeconds(1)); - // Used a mock HostResolver that does not have a cache. session_deps_.host_resolver = std::make_unique(); @@ -125,7 +119,7 @@ class HttpProxyConnectJobTest : public ::testing::TestWithParam, base::MakeRefCounted( HostPortPair(kHttpsProxyHost, 443), OnHostResolutionCallback()), nullptr, nullptr, HostPortPair(kHttpsProxyHost, 443), SSLConfig(), - PRIVACY_MODE_DISABLED); + PRIVACY_MODE_DISABLED, NetworkIsolationKey()); } // Returns a correctly constructed HttpProxyParams for the HTTP or HTTPS diff --git a/chromium/net/http/http_request_headers.cc b/chromium/net/http/http_request_headers.cc index 50190a909e2..b8db53837a4 100644 --- a/chromium/net/http/http_request_headers.cc +++ b/chromium/net/http/http_request_headers.cc @@ -15,8 +15,8 @@ #include "net/base/escape.h" #include "net/http/http_log_util.h" #include "net/http/http_util.h" -#include "net/log/net_log.h" #include "net/log/net_log_capture_mode.h" +#include "net/log/net_log_values.h" namespace net { @@ -184,11 +184,11 @@ std::string HttpRequestHeaders::ToString() const { return output; } -base::Value HttpRequestHeaders::NetLogCallback( - const std::string* request_line, +base::Value HttpRequestHeaders::NetLogParams( + const std::string& request_line, NetLogCaptureMode capture_mode) const { base::DictionaryValue dict; - dict.SetKey("line", NetLogStringValue(*request_line)); + dict.SetKey("line", NetLogStringValue(request_line)); auto headers = std::make_unique(); for (auto it = headers_.begin(); it != headers_.end(); ++it) { std::string log_value = diff --git a/chromium/net/http/http_request_headers.h b/chromium/net/http/http_request_headers.h index 2ec412731ce..3124ee7aeaa 100644 --- a/chromium/net/http/http_request_headers.h +++ b/chromium/net/http/http_request_headers.h @@ -17,6 +17,7 @@ #include "base/macros.h" #include "base/strings/string_piece.h" #include "net/base/net_export.h" +#include "net/log/net_log_capture_mode.h" namespace base { class Value; @@ -24,8 +25,6 @@ class Value; namespace net { -class NetLogCaptureMode; - class NET_EXPORT HttpRequestHeaders { public: struct NET_EXPORT HeaderKeyValuePair { @@ -173,8 +172,8 @@ class NET_EXPORT HttpRequestHeaders { // Takes in the request line and returns a Value for use with the NetLog // containing both the request line and all headers fields. - base::Value NetLogCallback(const std::string* request_line, - NetLogCaptureMode capture_mode) const; + base::Value NetLogParams(const std::string& request_line, + NetLogCaptureMode capture_mode) const; const HeaderVector& GetHeaderVector() const { return headers_; } diff --git a/chromium/net/http/http_response_body_drainer_unittest.cc b/chromium/net/http/http_response_body_drainer_unittest.cc index a1c3c96136e..b40cdca15b8 100644 --- a/chromium/net/http/http_response_body_drainer_unittest.cc +++ b/chromium/net/http/http_response_body_drainer_unittest.cc @@ -85,8 +85,7 @@ class MockHttpStream : public HttpStream { is_sync_(false), is_last_chunk_zero_size_(false), is_complete_(false), - can_reuse_connection_(true), - weak_factory_(this) {} + can_reuse_connection_(true) {} ~MockHttpStream() override = default; // HttpStream implementation. @@ -177,7 +176,7 @@ class MockHttpStream : public HttpStream { bool is_complete_; bool can_reuse_connection_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(MockHttpStream); }; diff --git a/chromium/net/http/http_response_headers.cc b/chromium/net/http/http_response_headers.cc index 8b3a4aca87c..087922755a2 100644 --- a/chromium/net/http/http_response_headers.cc +++ b/chromium/net/http/http_response_headers.cc @@ -32,8 +32,8 @@ #include "net/http/http_byte_range.h" #include "net/http/http_log_util.h" #include "net/http/http_util.h" -#include "net/log/net_log.h" #include "net/log/net_log_capture_mode.h" +#include "net/log/net_log_values.h" using base::StringPiece; using base::Time; @@ -1330,7 +1330,7 @@ bool HttpResponseHeaders::GetContentRangeFor206( instance_length); } -base::Value HttpResponseHeaders::NetLogCallback( +base::Value HttpResponseHeaders::NetLogParams( NetLogCaptureMode capture_mode) const { base::DictionaryValue dict; base::ListValue headers; diff --git a/chromium/net/http/http_response_headers.h b/chromium/net/http/http_response_headers.h index be216358e1f..a0d74d9c539 100644 --- a/chromium/net/http/http_response_headers.h +++ b/chromium/net/http/http_response_headers.h @@ -18,6 +18,7 @@ #include "base/time/time.h" #include "net/base/net_export.h" #include "net/http/http_version.h" +#include "net/log/net_log_capture_mode.h" namespace base { class Pickle; @@ -30,7 +31,6 @@ class Value; namespace net { class HttpByteRange; -class NetLogCaptureMode; enum ValidationType { VALIDATION_NONE, // The resource is fresh. @@ -295,7 +295,7 @@ class NET_EXPORT HttpResponseHeaders bool IsChunkEncoded() const; // Creates a Value for use with the NetLog containing the response headers. - base::Value NetLogCallback(NetLogCaptureMode capture_mode) const; + base::Value NetLogParams(NetLogCaptureMode capture_mode) const; // Returns the HTTP response code. This is 0 if the response code text seems // to exist but could not be parsed. Otherwise, it defaults to 200 if the diff --git a/chromium/net/http/http_response_info.cc b/chromium/net/http/http_response_info.cc index 1debebaa8e7..0b9844e9ac1 100644 --- a/chromium/net/http/http_response_info.cc +++ b/chromium/net/http/http_response_info.cc @@ -419,6 +419,7 @@ bool HttpResponseInfo::DidUseQuic() const { case CONNECTION_INFO_QUIC_45: case CONNECTION_INFO_QUIC_46: case CONNECTION_INFO_QUIC_47: + case CONNECTION_INFO_QUIC_48: case CONNECTION_INFO_QUIC_99: case CONNECTION_INFO_QUIC_999: return true; @@ -485,6 +486,8 @@ std::string HttpResponseInfo::ConnectionInfoToString( return "http/2+quic/46"; case CONNECTION_INFO_QUIC_47: return "http/2+quic/47"; + case CONNECTION_INFO_QUIC_48: + return "http/2+quic/48"; case CONNECTION_INFO_QUIC_99: return "http/2+quic/99"; case CONNECTION_INFO_HTTP0_9: diff --git a/chromium/net/http/http_response_info.h b/chromium/net/http/http_response_info.h index 742cf23e32c..1f75fe4793c 100644 --- a/chromium/net/http/http_response_info.h +++ b/chromium/net/http/http_response_info.h @@ -63,6 +63,7 @@ class NET_EXPORT HttpResponseInfo { CONNECTION_INFO_QUIC_46 = 25, CONNECTION_INFO_QUIC_47 = 26, CONNECTION_INFO_QUIC_999 = 27, + CONNECTION_INFO_QUIC_48 = 28, NUM_OF_CONNECTION_INFOS, }; diff --git a/chromium/net/http/http_server_properties_impl.cc b/chromium/net/http/http_server_properties_impl.cc index f18530db106..bf614b37103 100644 --- a/chromium/net/http/http_server_properties_impl.cc +++ b/chromium/net/http/http_server_properties_impl.cc @@ -29,13 +29,10 @@ HttpServerPropertiesImpl::HttpServerPropertiesImpl( : base::DefaultTickClock::GetInstance()), clock_(clock ? clock : base::DefaultClock::GetInstance()), broken_alternative_services_(this, tick_clock_), + canonical_suffixes_({".ggpht.com", ".c.youtube.com", ".googlevideo.com", + ".googleusercontent.com"}), quic_server_info_map_(kDefaultMaxQuicServerEntries), - max_server_configs_stored_in_properties_(kDefaultMaxQuicServerEntries) { - canonical_suffixes_.push_back(".ggpht.com"); - canonical_suffixes_.push_back(".c.youtube.com"); - canonical_suffixes_.push_back(".googlevideo.com"); - canonical_suffixes_.push_back(".googleusercontent.com"); -} + max_server_configs_stored_in_properties_(kDefaultMaxQuicServerEntries) {} HttpServerPropertiesImpl::HttpServerPropertiesImpl() : HttpServerPropertiesImpl(nullptr, nullptr) {} @@ -92,7 +89,7 @@ void HttpServerPropertiesImpl::SetAlternativeServiceServers( url::SchemeHostPort canonical_server(kCanonicalScheme, canonical_suffix, kCanonicalPort); // If we already have a valid canonical server, we're done. - if (base::ContainsKey(canonical_alt_svc_map_, canonical_server) && + if (base::Contains(canonical_alt_svc_map_, canonical_server) && (alternative_service_map_.Peek( canonical_alt_svc_map_[canonical_server]) != alternative_service_map_.end())) { diff --git a/chromium/net/http/http_server_properties_impl.h b/chromium/net/http/http_server_properties_impl.h index 5ae2d6b358f..863d1531f01 100644 --- a/chromium/net/http/http_server_properties_impl.h +++ b/chromium/net/http/http_server_properties_impl.h @@ -159,7 +159,7 @@ class NET_EXPORT HttpServerPropertiesImpl CanonicalAltSvcMap; typedef base::flat_map CanonicalServerInfoMap; - typedef std::vector CanonicalSufficList; + typedef std::vector CanonicalSuffixList; typedef std::set Http11ServerHostPortSet; // Return the iterator for |server|, or for its canonical host, or end. @@ -202,9 +202,9 @@ class NET_EXPORT HttpServerPropertiesImpl // to an actual origin, which has a plausible alternate protocol mapping. CanonicalAltSvcMap canonical_alt_svc_map_; - // Contains list of suffixes (for exmaple ".c.youtube.com", + // Contains list of suffixes (for example ".c.youtube.com", // ".googlevideo.com", ".googleusercontent.com") of canonical hostnames. - CanonicalSufficList canonical_suffixes_; + const CanonicalSuffixList canonical_suffixes_; QuicServerInfoMap quic_server_info_map_; @@ -212,7 +212,7 @@ class NET_EXPORT HttpServerPropertiesImpl // and have a corresponding entry in |quic_server_info_map_|. The map can be // used to quickly look for server info for hosts that share the same // canonical suffix but don't have exact match in |quic_server_info_map_|. The - // map exists solely to improve the search performance. It only contais + // map exists solely to improve the search performance. It only contains // derived data that can be recalculated by traversing // |quic_server_info_map_|. CanonicalServerInfoMap canonical_server_info_map_; diff --git a/chromium/net/http/http_server_properties_impl_unittest.cc b/chromium/net/http/http_server_properties_impl_unittest.cc index 5ae3d35fbf1..95aa25ddaf6 100644 --- a/chromium/net/http/http_server_properties_impl_unittest.cc +++ b/chromium/net/http/http_server_properties_impl_unittest.cc @@ -69,7 +69,7 @@ class HttpServerPropertiesImplTest : public TestWithScopedTaskEnvironment { protected: HttpServerPropertiesImplTest() : TestWithScopedTaskEnvironment( - base::test::ScopedTaskEnvironment::MainThreadType::MOCK_TIME), + base::test::ScopedTaskEnvironment::TimeSource::MOCK_TIME), test_tick_clock_(GetMockTickClock()), impl_(test_tick_clock_, &test_clock_) { // Set |test_clock_| to some random time. @@ -89,7 +89,7 @@ class HttpServerPropertiesImplTest : public TestWithScopedTaskEnvironment { if (alternative_service.protocol == kProtoQUIC) { return impl_.SetQuicAlternativeService( origin, alternative_service, expiration, - HttpNetworkSession::Params().quic_supported_versions); + HttpNetworkSession::Params().quic_params.supported_versions); } else { return impl_.SetHttp2AlternativeService(origin, alternative_service, expiration); @@ -376,7 +376,7 @@ TEST_F(AlternateProtocolServerPropertiesTest, ExcludeOrigin) { AlternativeServiceInfo alternative_service_info4 = AlternativeServiceInfo::CreateQuicAlternativeServiceInfo( AlternativeService(kProtoQUIC, "foo", 443), expiration, - HttpNetworkSession::Params().quic_supported_versions); + HttpNetworkSession::Params().quic_params.supported_versions); alternative_service_info_vector.push_back(alternative_service_info4); url::SchemeHostPort test_server("https", "foo", 443); @@ -571,7 +571,7 @@ TEST_F(AlternateProtocolServerPropertiesTest, ClearServerWithCanonical) { const AlternativeServiceInfo alternative_service_info = AlternativeServiceInfo::CreateQuicAlternativeServiceInfo( alternative_service, expiration, - HttpNetworkSession::Params().quic_supported_versions); + HttpNetworkSession::Params().quic_params.supported_versions); impl_.SetAlternativeServices( canonical_server, @@ -987,7 +987,7 @@ TEST_F(AlternateProtocolServerPropertiesTest, Canonical) { alternative_service_info_vector.push_back( AlternativeServiceInfo::CreateQuicAlternativeServiceInfo( canonical_alternative_service1, expiration, - HttpNetworkSession::Params().quic_supported_versions)); + HttpNetworkSession::Params().quic_params.supported_versions)); const AlternativeService canonical_alternative_service2(kProtoHTTP2, "", 443); alternative_service_info_vector.push_back( AlternativeServiceInfo::CreateHttp2AlternativeServiceInfo( @@ -1234,12 +1234,12 @@ TEST_F(AlternateProtocolServerPropertiesTest, AlternativeServiceInfo::CreateQuicAlternativeServiceInfo( AlternativeService(kProtoQUIC, "bar", 443), now + base::TimeDelta::FromHours(1), - HttpNetworkSession::Params().quic_supported_versions)); + HttpNetworkSession::Params().quic_params.supported_versions)); alternative_service_info_vector.push_back( AlternativeServiceInfo::CreateQuicAlternativeServiceInfo( AlternativeService(kProtoQUIC, "baz", 443), now + base::TimeDelta::FromHours(1), - HttpNetworkSession::Params().quic_supported_versions)); + HttpNetworkSession::Params().quic_params.supported_versions)); impl_.SetAlternativeServices(url::SchemeHostPort("https", "youtube.com", 443), alternative_service_info_vector); diff --git a/chromium/net/http/http_server_properties_manager.cc b/chromium/net/http/http_server_properties_manager.cc index 9b780f4c742..8cb7cd9d563 100644 --- a/chromium/net/http/http_server_properties_manager.cc +++ b/chromium/net/http/http_server_properties_manager.cc @@ -73,11 +73,6 @@ void AddAlternativeServiceFieldsToDictionaryValue( NextProtoToString(alternative_service.protocol)); } -base::Value NetLogCallback(const base::Value* http_server_properties_dict, - NetLogCaptureMode capture_mode) { - return http_server_properties_dict->Clone(); -} - // A local or temporary data structure to hold preferences for a server. // This is used only in UpdatePrefs. struct ServerPref { @@ -140,17 +135,6 @@ HttpServerPropertiesManager::~HttpServerPropertiesManager() { UpdatePrefsFromCache(base::OnceClosure()); } -// static -void HttpServerPropertiesManager::SetVersion( - base::DictionaryValue* http_server_properties_dict, - int version_number) { - if (version_number < 0) - version_number = kVersionNumber; - DCHECK_LE(version_number, kVersionNumber); - if (version_number <= kVersionNumber) - http_server_properties_dict->SetInteger(kVersionKey, version_number); -} - void HttpServerPropertiesManager::Clear(base::OnceClosure callback) { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); @@ -179,7 +163,7 @@ void HttpServerPropertiesManager::SetSupportsSpdy( http_server_properties_impl_->SetSupportsSpdy(server, support_spdy); bool new_support_spdy = http_server_properties_impl_->GetSupportsSpdy(server); if (old_support_spdy != new_support_spdy) - ScheduleUpdatePrefs(SUPPORTS_SPDY); + ScheduleUpdatePrefs(); } bool HttpServerPropertiesManager::RequiresHTTP11(const HostPortPair& server) { @@ -192,7 +176,7 @@ void HttpServerPropertiesManager::SetHTTP11Required( DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); http_server_properties_impl_->SetHTTP11Required(server); - ScheduleUpdatePrefs(HTTP_11_REQUIRED); + ScheduleUpdatePrefs(); } void HttpServerPropertiesManager::MaybeForceHTTP11(const HostPortPair& server, @@ -216,7 +200,7 @@ bool HttpServerPropertiesManager::SetHttp2AlternativeService( const bool changed = http_server_properties_impl_->SetHttp2AlternativeService( origin, alternative_service, expiration); if (changed) { - ScheduleUpdatePrefs(SET_ALTERNATIVE_SERVICES); + ScheduleUpdatePrefs(); } return changed; } @@ -230,7 +214,7 @@ bool HttpServerPropertiesManager::SetQuicAlternativeService( const bool changed = http_server_properties_impl_->SetQuicAlternativeService( origin, alternative_service, expiration, advertised_versions); if (changed) { - ScheduleUpdatePrefs(SET_ALTERNATIVE_SERVICES); + ScheduleUpdatePrefs(); } return changed; } @@ -242,7 +226,7 @@ bool HttpServerPropertiesManager::SetAlternativeServices( const bool changed = http_server_properties_impl_->SetAlternativeServices( origin, alternative_service_info_vector); if (changed) { - ScheduleUpdatePrefs(SET_ALTERNATIVE_SERVICES); + ScheduleUpdatePrefs(); } return changed; } @@ -252,7 +236,7 @@ void HttpServerPropertiesManager::MarkAlternativeServiceBroken( DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); http_server_properties_impl_->MarkAlternativeServiceBroken( alternative_service); - ScheduleUpdatePrefs(MARK_ALTERNATIVE_SERVICE_BROKEN); + ScheduleUpdatePrefs(); } void HttpServerPropertiesManager:: @@ -262,8 +246,7 @@ void HttpServerPropertiesManager:: http_server_properties_impl_ ->MarkAlternativeServiceBrokenUntilDefaultNetworkChanges( alternative_service); - ScheduleUpdatePrefs( - MARK_ALTERNATIVE_SERVICE_BROKEN_UNTIL_DEFAULT_NETWORK_CHANGES); + ScheduleUpdatePrefs(); } void HttpServerPropertiesManager::MarkAlternativeServiceRecentlyBroken( @@ -271,7 +254,7 @@ void HttpServerPropertiesManager::MarkAlternativeServiceRecentlyBroken( DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); http_server_properties_impl_->MarkAlternativeServiceRecentlyBroken( alternative_service); - ScheduleUpdatePrefs(MARK_ALTERNATIVE_SERVICE_RECENTLY_BROKEN); + ScheduleUpdatePrefs(); } bool HttpServerPropertiesManager::IsAlternativeServiceBroken( @@ -299,14 +282,14 @@ void HttpServerPropertiesManager::ConfirmAlternativeService( // For persisting, we only care about the value returned by // IsAlternativeServiceBroken. If that value changes, then call persist. if (old_value != new_value) - ScheduleUpdatePrefs(CONFIRM_ALTERNATIVE_SERVICE); + ScheduleUpdatePrefs(); } bool HttpServerPropertiesManager::OnDefaultNetworkChanged() { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); bool changed = http_server_properties_impl_->OnDefaultNetworkChanged(); if (changed) - ScheduleUpdatePrefs(ON_DEFAULT_NETWORK_CHANGED); + ScheduleUpdatePrefs(); return changed; } @@ -337,7 +320,7 @@ void HttpServerPropertiesManager::SetSupportsQuic(bool used_quic, IPAddress new_last_quic_addr; http_server_properties_impl_->GetSupportsQuic(&new_last_quic_addr); if (old_last_quic_addr != new_last_quic_addr) - ScheduleUpdatePrefs(SET_SUPPORTS_QUIC); + ScheduleUpdatePrefs(); } void HttpServerPropertiesManager::SetServerNetworkStats( @@ -353,7 +336,7 @@ void HttpServerPropertiesManager::SetServerNetworkStats( ServerNetworkStats new_stats = *(http_server_properties_impl_->GetServerNetworkStats(server)); if (old_stats != new_stats) - ScheduleUpdatePrefs(SET_SERVER_NETWORK_STATS); + ScheduleUpdatePrefs(); } void HttpServerPropertiesManager::ClearServerNetworkStats( @@ -363,7 +346,7 @@ void HttpServerPropertiesManager::ClearServerNetworkStats( http_server_properties_impl_->GetServerNetworkStats(server) != nullptr; http_server_properties_impl_->ClearServerNetworkStats(server); if (need_update) - ScheduleUpdatePrefs(CLEAR_SERVER_NETWORK_STATS); + ScheduleUpdatePrefs(); } const ServerNetworkStats* HttpServerPropertiesManager::GetServerNetworkStats( @@ -385,7 +368,7 @@ bool HttpServerPropertiesManager::SetQuicServerInfo( bool changed = http_server_properties_impl_->SetQuicServerInfo(server_id, server_info); if (changed) - ScheduleUpdatePrefs(SET_QUIC_SERVER_INFO); + ScheduleUpdatePrefs(); return changed; } @@ -467,65 +450,35 @@ void HttpServerPropertiesManager::UpdateCacheFromPrefs() { bool detected_corrupted_prefs = false; net_log_.AddEvent(NetLogEventType::HTTP_SERVER_PROPERTIES_UPDATE_CACHE, - base::Bind(&NetLogCallback, http_server_properties_dict)); - int version = kMissingVersion; - if (!http_server_properties_dict->GetIntegerWithoutPathExpansion(kVersionKey, - &version)) { - DVLOG(1) << "Missing version. Clearing all properties."; + [&] { return http_server_properties_dict->Clone(); }); + int version_number = kMissingVersion; + if (!http_server_properties_dict->GetIntegerWithoutPathExpansion( + kVersionKey, &version_number) || + version_number != kVersionNumber) { + DVLOG(1) << "Missing or unsupported. Clearing all properties. " + << version_number; return; } const base::DictionaryValue* servers_dict = nullptr; const base::ListValue* servers_list = nullptr; - if (version < 4) { - // The properties for a given server is in - // http_server_properties_dict["servers"][server]. - // Before Version 4, server data was stored in the following format in - // alphabetical order. - // - // "http_server_properties": { - // "servers": { - // "0-edge-chat.facebook.com:443" : {...}, - // "0.client-channel.google.com:443" : {...}, - // "yt3.ggpht.com:80" : {...}, - // ... - // }, ... - // }, - if (!http_server_properties_dict->GetDictionaryWithoutPathExpansion( - kServersKey, &servers_dict)) { - DVLOG(1) << "Malformed http_server_properties for servers."; - return; - } - } else { - // For Version 4, data was stored in the following format. - // |servers| are saved in MRU order. - // - // "http_server_properties": { - // "servers": [ - // {"yt3.ggpht.com:443" : {...}}, - // {"0.client-channel.google.com:443" : {...}}, - // {"0-edge-chat.facebook.com:80" : {...}}, - // ... - // ], ... - // }, - // For Version 5, data was stored in the following format. - // |servers| are saved in MRU order. |servers| are in the format flattened - // representation of (scheme/host/port) where port might be ignored if is - // default with scheme. - // - // "http_server_properties": { - // "servers": [ - // {"https://yt3.ggpht.com" : {...}}, - // {"http://0.client-channel.google.com:443" : {...}}, - // {"http://0-edge-chat.facebook.com" : {...}}, - // ... - // ], ... - // }, - if (!http_server_properties_dict->GetListWithoutPathExpansion( - kServersKey, &servers_list)) { - DVLOG(1) << "Malformed http_server_properties for servers list."; - return; - } + // For Version 5, data is stored in the following format. + // |servers| are saved in MRU order. |servers| are in the format flattened + // representation of (scheme/host/port) where port might be ignored if is + // default with scheme. + // + // "http_server_properties": { + // "servers": [ + // {"https://yt3.ggpht.com" : {...}}, + // {"http://0.client-channel.google.com:443" : {...}}, + // {"http://0-edge-chat.facebook.com" : {...}}, + // ... + // ], ... + // }, + if (!http_server_properties_dict->GetListWithoutPathExpansion( + kServersKey, &servers_list)) { + DVLOG(1) << "Malformed http_server_properties for servers list."; + return; } std::unique_ptr addr = std::make_unique(); @@ -542,29 +495,21 @@ void HttpServerPropertiesManager::UpdateCacheFromPrefs() { std::make_unique( max_server_configs_stored_in_properties()); - if (version < 4) { + // Iterate servers list in reverse MRU order so that entries are inserted + // into |spdy_servers_map|, |alternative_service_map|, and + // |server_network_stats_map| from oldest to newest. + for (auto it = servers_list->end(); it != servers_list->begin();) { + --it; + if (!it->GetAsDictionary(&servers_dict)) { + DVLOG(1) << "Malformed http_server_properties for servers dictionary."; + detected_corrupted_prefs = true; + continue; + } if (!AddServersData(*servers_dict, spdy_servers_map.get(), alternative_service_map.get(), - server_network_stats_map.get(), version)) { + server_network_stats_map.get())) { detected_corrupted_prefs = true; } - } else { - // Iterate servers list in reverse MRU order so that entries are inserted - // into |spdy_servers_map|, |alternative_service_map|, and - // |server_network_stats_map| from oldest to newest. - for (auto it = servers_list->end(); it != servers_list->begin();) { - --it; - if (!it->GetAsDictionary(&servers_dict)) { - DVLOG(1) << "Malformed http_server_properties for servers dictionary."; - detected_corrupted_prefs = true; - continue; - } - if (!AddServersData(*servers_dict, spdy_servers_map.get(), - alternative_service_map.get(), - server_network_stats_map.get(), version)) { - detected_corrupted_prefs = true; - } - } } if (!AddToQuicServerInfoMap(*http_server_properties_dict, @@ -642,7 +587,7 @@ void HttpServerPropertiesManager::UpdateCacheFromPrefs() { // Update the prefs with what we have read (delete all corrupted prefs). if (detected_corrupted_prefs) - ScheduleUpdatePrefs(DETECTED_CORRUPTED_PREFS); + ScheduleUpdatePrefs(); } bool HttpServerPropertiesManager::AddToBrokenAlternativeServices( @@ -713,17 +658,12 @@ bool HttpServerPropertiesManager::AddServersData( const base::DictionaryValue& servers_dict, SpdyServersMap* spdy_servers_map, AlternativeServiceMap* alternative_service_map, - ServerNetworkStatsMap* network_stats_map, - int version) { + ServerNetworkStatsMap* network_stats_map) { for (base::DictionaryValue::Iterator it(servers_dict); !it.IsAtEnd(); it.Advance()) { // Get server's scheme/host/pair. const std::string& server_str = it.key(); std::string spdy_server_url = server_str; - if (version < 5) { - // For old version disk data, always use HTTPS as the scheme. - spdy_server_url.insert(0, "https://"); - } url::SchemeHostPort spdy_server((GURL(spdy_server_url))); if (spdy_server.host().empty()) { DVLOG(1) << "Malformed http_server_properties for server: " << server_str; @@ -999,10 +939,7 @@ bool HttpServerPropertiesManager::AddToQuicServerInfoMap( return !detected_corrupted_prefs; } -// -// Update Preferences with data from the cached data. -// -void HttpServerPropertiesManager::ScheduleUpdatePrefs(Location location) { +void HttpServerPropertiesManager::ScheduleUpdatePrefs() { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); // Do not schedule a new update if there is already one scheduled. if (network_prefs_update_timer_.IsRunning()) @@ -1012,10 +949,6 @@ void HttpServerPropertiesManager::ScheduleUpdatePrefs(Location location) { FROM_HERE, kUpdatePrefsDelay, base::Bind(&HttpServerPropertiesManager::UpdatePrefsFromCache, base::Unretained(this), base::Passed(base::OnceClosure()))); - - // TODO(rtenneti): Delete the following histogram after collecting some data. - UMA_HISTOGRAM_ENUMERATION("Net.HttpServerProperties.UpdatePrefs", location, - HttpServerPropertiesManager::NUM_LOCATIONS); } void HttpServerPropertiesManager::UpdatePrefsFromCache( @@ -1127,7 +1060,7 @@ void HttpServerPropertiesManager::UpdatePrefsFromCache( http_server_properties_dict.SetWithoutPathExpansion(kServersKey, std::move(servers_list)); - SetVersion(&http_server_properties_dict, kVersionNumber); + http_server_properties_dict.SetInteger(kVersionKey, kVersionNumber); IPAddress last_quic_addr; if (http_server_properties_impl_->GetSupportsQuic(&last_quic_addr)) { @@ -1150,7 +1083,7 @@ void HttpServerPropertiesManager::UpdatePrefsFromCache( setting_prefs_ = false; net_log_.AddEvent(NetLogEventType::HTTP_SERVER_PROPERTIES_UPDATE_PREFS, - base::Bind(&NetLogCallback, &http_server_properties_dict)); + [&] { return http_server_properties_dict.Clone(); }); } void HttpServerPropertiesManager::SaveAlternativeServiceToServerPrefs( diff --git a/chromium/net/http/http_server_properties_manager.h b/chromium/net/http/http_server_properties_manager.h index a8ecf3199f9..17d7d969455 100644 --- a/chromium/net/http/http_server_properties_manager.h +++ b/chromium/net/http/http_server_properties_manager.h @@ -80,10 +80,6 @@ class NET_EXPORT HttpServerPropertiesManager : public HttpServerProperties { ~HttpServerPropertiesManager() override; - // Helper function for unit tests to set the version in the dictionary. - static void SetVersion(base::DictionaryValue* http_server_properties_dict, - int version_number); - // ---------------------------------- // HttpServerProperties methods: // ---------------------------------- @@ -150,33 +146,6 @@ class NET_EXPORT HttpServerPropertiesManager : public HttpServerProperties { void ScheduleUpdateCacheForTesting(); protected: - // The location where ScheduleUpdatePrefs was called. - // Must be kept up to date with HttpServerPropertiesUpdatePrefsLocation in - // histograms.xml. - enum Location { - SUPPORTS_SPDY = 0, - HTTP_11_REQUIRED = 1, - SET_ALTERNATIVE_SERVICES = 2, - MARK_ALTERNATIVE_SERVICE_BROKEN = 3, - MARK_ALTERNATIVE_SERVICE_RECENTLY_BROKEN = 4, - CONFIRM_ALTERNATIVE_SERVICE = 5, - CLEAR_ALTERNATIVE_SERVICE = 6, - // deprecated: SET_SPDY_SETTING = 7, - // deprecated: CLEAR_SPDY_SETTINGS = 8, - // deprecated: CLEAR_ALL_SPDY_SETTINGS = 9, - SET_SUPPORTS_QUIC = 10, - SET_SERVER_NETWORK_STATS = 11, - DETECTED_CORRUPTED_PREFS = 12, - SET_QUIC_SERVER_INFO = 13, - CLEAR_SERVER_NETWORK_STATS = 14, - MARK_ALTERNATIVE_SERVICE_BROKEN_UNTIL_DEFAULT_NETWORK_CHANGES = 15, - ON_DEFAULT_NETWORK_CHANGED = 16, - NUM_LOCATIONS = 17, - }; - - // -------------------- - // SPDY related methods - // These are used to delay updating of the cached data in // |http_server_properties_impl_| while the preferences are changing, and // execute only one update per simultaneous prefs changes. @@ -190,7 +159,7 @@ class NET_EXPORT HttpServerPropertiesManager : public HttpServerProperties { // |http_server_properties_impl_| is changing, and execute only one update per // simultaneous changes. // |location| specifies where this method is called from. - void ScheduleUpdatePrefs(Location location); + void ScheduleUpdatePrefs(); // Update prefs::kHttpServerProperties in preferences with the cached data // from |http_server_properties_impl_|. Invokes |callback| when changes have @@ -211,8 +180,7 @@ class NET_EXPORT HttpServerPropertiesManager : public HttpServerProperties { bool AddServersData(const base::DictionaryValue& server_dict, SpdyServersMap* spdy_servers_map, AlternativeServiceMap* alternative_service_map, - ServerNetworkStatsMap* network_stats_map, - int version); + ServerNetworkStatsMap* network_stats_map); // Helper method used for parsing an alternative service from JSON. // |dict| is the JSON dictionary to be parsed. It should contain fields // corresponding to members of AlternativeService. diff --git a/chromium/net/http/http_server_properties_manager_unittest.cc b/chromium/net/http/http_server_properties_manager_unittest.cc index 59762bcc1f7..4921d2e610b 100644 --- a/chromium/net/http/http_server_properties_manager_unittest.cc +++ b/chromium/net/http/http_server_properties_manager_unittest.cc @@ -98,20 +98,17 @@ class MockPrefDelegate : public net::HttpServerPropertiesManager::PrefDelegate { } // namespace -// TODO(rtenneti): After we stop supporting version 3 and everyone has migrated -// to version 4, delete the following code. -static const int kHttpServerPropertiesVersions[] = {3, 4, 5}; - -class HttpServerPropertiesManagerTest : public testing::TestWithParam, +class HttpServerPropertiesManagerTest : public testing::Test, public WithScopedTaskEnvironment { protected: HttpServerPropertiesManagerTest() : WithScopedTaskEnvironment( - base::test::ScopedTaskEnvironment::MainThreadType::MOCK_TIME) {} + base::test::ScopedTaskEnvironment::TimeSource::MOCK_TIME) {} void SetUp() override { one_day_from_now_ = base::Time::Now() + base::TimeDelta::FromDays(1); - advertised_versions_ = HttpNetworkSession::Params().quic_supported_versions; + advertised_versions_ = + HttpNetworkSession::Params().quic_params.supported_versions; pref_delegate_ = new MockPrefDelegate; http_server_props_manager_ = std::make_unique( @@ -141,6 +138,13 @@ class HttpServerPropertiesManagerTest : public testing::TestWithParam, return !alternative_service_info_vector.empty(); } + // Returns a dictionary with only the version field populated. + static base::DictionaryValue DictWithVersion() { + base::DictionaryValue http_server_properties_dict; + http_server_properties_dict.SetInteger("version", 5); + return http_server_properties_dict; + } + MockPrefDelegate* pref_delegate_; // Owned by HttpServerPropertiesManager. std::unique_ptr http_server_props_manager_; base::Time one_day_from_now_; @@ -150,11 +154,7 @@ class HttpServerPropertiesManagerTest : public testing::TestWithParam, DISALLOW_COPY_AND_ASSIGN(HttpServerPropertiesManagerTest); }; -INSTANTIATE_TEST_SUITE_P(/* no prefix */, - HttpServerPropertiesManagerTest, - ::testing::ValuesIn(kHttpServerPropertiesVersions)); - -TEST_P(HttpServerPropertiesManagerTest, +TEST_F(HttpServerPropertiesManagerTest, SingleUpdateForTwoSpdyServerPrefChanges) { // Set up the prefs for https://www.google.com and https://mail.google.com and // then set it twice. Only expect a single cache update. @@ -186,15 +186,11 @@ TEST_P(HttpServerPropertiesManagerTest, // Set the server preference for https://www.google.com. auto servers_dict = std::make_unique(); - servers_dict->SetWithoutPathExpansion( - GetParam() >= 5 ? "https://www.google.com" : "www.google.com:443", - std::move(server_pref_dict)); - std::unique_ptr servers_list; - if (GetParam() >= 4) { - servers_list = std::make_unique(); - servers_list->Append(std::move(servers_dict)); - servers_dict = std::make_unique(); - } + servers_dict->SetWithoutPathExpansion("https://www.google.com", + std::move(server_pref_dict)); + auto servers_list = std::make_unique(); + servers_list->Append(std::move(servers_dict)); + servers_dict = std::make_unique(); // Set the preference for mail.google.com server. auto server_pref_dict1 = std::make_unique(); @@ -218,26 +214,12 @@ TEST_P(HttpServerPropertiesManagerTest, server_pref_dict1->SetWithoutPathExpansion("network_stats", std::move(stats1)); // Set the server preference for https://mail.google.com. - servers_dict->SetWithoutPathExpansion( - GetParam() >= 5 ? "https://mail.google.com" : "mail.google.com:443", - std::move(server_pref_dict1)); - base::DictionaryValue http_server_properties_dict; - if (GetParam() >= 4) { - servers_list->AppendIfNotPresent(std::move(servers_dict)); - if (GetParam() == 5) { - HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, -1); - } else { - HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, - GetParam()); - } - http_server_properties_dict.SetWithoutPathExpansion( - "servers", std::move(servers_list)); - } else { - HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, - GetParam()); - http_server_properties_dict.SetWithoutPathExpansion( - "servers", std::move(servers_dict)); - } + servers_dict->SetWithoutPathExpansion("https://mail.google.com", + std::move(server_pref_dict1)); + servers_list->Append(std::move(servers_dict)); + base::DictionaryValue http_server_properties_dict = DictWithVersion(); + http_server_properties_dict.SetWithoutPathExpansion("servers", + std::move(servers_list)); auto supports_quic = std::make_unique(); supports_quic->SetBoolean("used_quic", true); supports_quic->SetString("address", "127.0.0.1"); @@ -343,7 +325,7 @@ TEST_P(HttpServerPropertiesManagerTest, play_quic_server_id)); } -TEST_P(HttpServerPropertiesManagerTest, BadCachedHostPortPair) { +TEST_F(HttpServerPropertiesManagerTest, BadCachedHostPortPair) { auto server_pref_dict = std::make_unique(); // Set supports_spdy for www.google.com:65536. @@ -367,24 +349,11 @@ TEST_P(HttpServerPropertiesManagerTest, BadCachedHostPortPair) { auto servers_dict = std::make_unique(); servers_dict->SetWithoutPathExpansion("www.google.com:65536", std::move(server_pref_dict)); - base::DictionaryValue http_server_properties_dict; - if (GetParam() >= 4) { auto servers_list = std::make_unique(); servers_list->Append(std::move(servers_dict)); - if (GetParam() == 5) { - HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, -1); - } else { - HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, - GetParam()); - } + base::DictionaryValue http_server_properties_dict = DictWithVersion(); http_server_properties_dict.SetWithoutPathExpansion( "servers", std::move(servers_list)); - } else { - HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, - GetParam()); - http_server_properties_dict.SetWithoutPathExpansion( - "servers", std::move(servers_dict)); - } // Set quic_server_info for www.google.com:65536. auto quic_servers_dict = std::make_unique(); @@ -421,7 +390,7 @@ TEST_P(HttpServerPropertiesManagerTest, BadCachedHostPortPair) { EXPECT_EQ(0u, http_server_props_manager_->quic_server_info_map().size()); } -TEST_P(HttpServerPropertiesManagerTest, BadCachedAltProtocolPort) { +TEST_F(HttpServerPropertiesManagerTest, BadCachedAltProtocolPort) { auto server_pref_dict = std::make_unique(); // Set supports_spdy for www.google.com:80. @@ -440,24 +409,11 @@ TEST_P(HttpServerPropertiesManagerTest, BadCachedAltProtocolPort) { auto servers_dict = std::make_unique(); servers_dict->SetWithoutPathExpansion("www.google.com:80", std::move(server_pref_dict)); - base::DictionaryValue http_server_properties_dict; - if (GetParam() >= 4) { auto servers_list = std::make_unique(); servers_list->Append(std::move(servers_dict)); - if (GetParam() == 5) { - HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, -1); - } else { - HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, - GetParam()); - } + base::DictionaryValue http_server_properties_dict = DictWithVersion(); http_server_properties_dict.SetWithoutPathExpansion( "servers", std::move(servers_list)); - } else { - HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, - GetParam()); - http_server_properties_dict.SetWithoutPathExpansion( - "servers", std::move(servers_dict)); - } // Set up the pref. pref_delegate_->SetPrefs(http_server_properties_dict); @@ -473,7 +429,7 @@ TEST_P(HttpServerPropertiesManagerTest, BadCachedAltProtocolPort) { HasAlternativeService(url::SchemeHostPort("http", "www.google.com", 80))); } -TEST_P(HttpServerPropertiesManagerTest, SupportsSpdy) { +TEST_F(HttpServerPropertiesManagerTest, SupportsSpdy) { // Add mail.google.com:443 as a supporting spdy server. url::SchemeHostPort spdy_server("https", "mail.google.com", 443); EXPECT_FALSE( @@ -502,7 +458,7 @@ TEST_P(HttpServerPropertiesManagerTest, SupportsSpdy) { // scheduled if multiple updates happen in a given time period. Subsequent pref // update could also be scheduled once the previous scheduled update is // completed. -TEST_P(HttpServerPropertiesManagerTest, +TEST_F(HttpServerPropertiesManagerTest, SinglePrefUpdateForTwoSpdyServerCacheChanges) { // Post an update task. SetSupportsSpdy calls ScheduleUpdatePrefs with a delay // of 60ms. @@ -545,7 +501,7 @@ TEST_P(HttpServerPropertiesManagerTest, EXPECT_EQ(1, pref_delegate_->GetAndClearNumPrefUpdates()); } -TEST_P(HttpServerPropertiesManagerTest, GetAlternativeServiceInfos) { +TEST_F(HttpServerPropertiesManagerTest, GetAlternativeServiceInfos) { url::SchemeHostPort spdy_server_mail("http", "mail.google.com", 80); EXPECT_FALSE(HasAlternativeService(spdy_server_mail)); const AlternativeService alternative_service(kProtoHTTP2, "mail.google.com", @@ -569,7 +525,7 @@ TEST_P(HttpServerPropertiesManagerTest, GetAlternativeServiceInfos) { alternative_service_info_vector[0].alternative_service()); } -TEST_P(HttpServerPropertiesManagerTest, SetAlternativeServices) { +TEST_F(HttpServerPropertiesManagerTest, SetAlternativeServices) { url::SchemeHostPort spdy_server_mail("http", "mail.google.com", 80); EXPECT_FALSE(HasAlternativeService(spdy_server_mail)); AlternativeServiceInfoVector alternative_service_info_vector; @@ -603,7 +559,7 @@ TEST_P(HttpServerPropertiesManagerTest, SetAlternativeServices) { alternative_service_info_vector2[1].alternative_service()); } -TEST_P(HttpServerPropertiesManagerTest, SetAlternativeServicesEmpty) { +TEST_F(HttpServerPropertiesManagerTest, SetAlternativeServicesEmpty) { url::SchemeHostPort spdy_server_mail("http", "mail.google.com", 80); EXPECT_FALSE(HasAlternativeService(spdy_server_mail)); const AlternativeService alternative_service(kProtoHTTP2, "mail.google.com", @@ -617,7 +573,7 @@ TEST_P(HttpServerPropertiesManagerTest, SetAlternativeServicesEmpty) { EXPECT_FALSE(HasAlternativeService(spdy_server_mail)); } -TEST_P(HttpServerPropertiesManagerTest, ConfirmAlternativeService) { +TEST_F(HttpServerPropertiesManagerTest, ConfirmAlternativeService) { url::SchemeHostPort spdy_server_mail; AlternativeService alternative_service; @@ -663,7 +619,7 @@ TEST_P(HttpServerPropertiesManagerTest, ConfirmAlternativeService) { alternative_service)); } -TEST_P(HttpServerPropertiesManagerTest, +TEST_F(HttpServerPropertiesManagerTest, ConfirmBrokenUntilDefaultNetworkChanges) { url::SchemeHostPort spdy_server_mail; AlternativeService alternative_service; @@ -712,7 +668,7 @@ TEST_P(HttpServerPropertiesManagerTest, alternative_service)); } -TEST_P(HttpServerPropertiesManagerTest, +TEST_F(HttpServerPropertiesManagerTest, OnDefaultNetworkChangedWithBrokenUntilDefaultNetworkChanges) { url::SchemeHostPort spdy_server_mail; AlternativeService alternative_service; @@ -761,7 +717,7 @@ TEST_P(HttpServerPropertiesManagerTest, alternative_service)); } -TEST_P(HttpServerPropertiesManagerTest, OnDefaultNetworkChangedWithBrokenOnly) { +TEST_F(HttpServerPropertiesManagerTest, OnDefaultNetworkChangedWithBrokenOnly) { url::SchemeHostPort spdy_server_mail; AlternativeService alternative_service; @@ -807,7 +763,7 @@ TEST_P(HttpServerPropertiesManagerTest, OnDefaultNetworkChangedWithBrokenOnly) { alternative_service)); } -TEST_P(HttpServerPropertiesManagerTest, SupportsQuic) { +TEST_F(HttpServerPropertiesManagerTest, SupportsQuic) { IPAddress address; EXPECT_FALSE(http_server_props_manager_->GetSupportsQuic(&address)); @@ -831,7 +787,7 @@ TEST_P(HttpServerPropertiesManagerTest, SupportsQuic) { EXPECT_EQ(0u, GetPendingMainThreadTaskCount()); } -TEST_P(HttpServerPropertiesManagerTest, ServerNetworkStats) { +TEST_F(HttpServerPropertiesManagerTest, ServerNetworkStats) { url::SchemeHostPort mail_server("http", "mail.google.com", 80); const ServerNetworkStats* stats = http_server_props_manager_->GetServerNetworkStats(mail_server); @@ -869,7 +825,7 @@ TEST_P(HttpServerPropertiesManagerTest, ServerNetworkStats) { http_server_props_manager_->GetServerNetworkStats(mail_server)); } -TEST_P(HttpServerPropertiesManagerTest, QuicServerInfo) { +TEST_F(HttpServerPropertiesManagerTest, QuicServerInfo) { quic::QuicServerId mail_quic_server_id("mail.google.com", 80, false); EXPECT_EQ(nullptr, http_server_props_manager_->GetQuicServerInfo(mail_quic_server_id)); @@ -896,7 +852,7 @@ TEST_P(HttpServerPropertiesManagerTest, QuicServerInfo) { EXPECT_EQ(0u, GetPendingMainThreadTaskCount()); } -TEST_P(HttpServerPropertiesManagerTest, Clear) { +TEST_F(HttpServerPropertiesManagerTest, Clear) { const url::SchemeHostPort spdy_server("https", "mail.google.com", 443); const IPAddress actual_address(127, 0, 0, 1); const quic::QuicServerId mail_quic_server_id("mail.google.com", 80, false); @@ -972,11 +928,10 @@ TEST_P(HttpServerPropertiesManagerTest, Clear) { // https://crbug.com/444956: Add 200 alternative_service servers followed by // supports_quic and verify we have read supports_quic from prefs. -TEST_P(HttpServerPropertiesManagerTest, BadSupportsQuic) { +TEST_F(HttpServerPropertiesManagerTest, BadSupportsQuic) { auto servers_dict = std::make_unique(); - std::unique_ptr servers_list; - if (GetParam() >= 4) - servers_list = std::make_unique(); + std::unique_ptr servers_list = + std::make_unique(); for (int i = 1; i <= 200; ++i) { // Set up alternative_service for www.google.com:i. @@ -988,46 +943,21 @@ TEST_P(HttpServerPropertiesManagerTest, BadSupportsQuic) { auto server_pref_dict = std::make_unique(); server_pref_dict->SetWithoutPathExpansion( "alternative_service", std::move(alternative_service_list)); - if (GetParam() >= 5) { servers_dict->SetWithoutPathExpansion( StringPrintf("https://www.google.com:%d", i), std::move(server_pref_dict)); - } else { - servers_dict->SetWithoutPathExpansion( - StringPrintf("www.google.com:%d", i), std::move(server_pref_dict)); - } - if (GetParam() >= 4) { servers_list->AppendIfNotPresent(std::move(servers_dict)); servers_dict = std::make_unique(); - } } // Set the server preference for http://mail.google.com server. auto server_pref_dict1 = std::make_unique(); - if (GetParam() >= 5) { servers_dict->SetWithoutPathExpansion("https://mail.google.com", std::move(server_pref_dict1)); - } else { - servers_dict->SetWithoutPathExpansion("mail.google.com:80", - std::move(server_pref_dict1)); - } - base::DictionaryValue http_server_properties_dict; - if (GetParam() >= 4) { servers_list->AppendIfNotPresent(std::move(servers_dict)); - if (GetParam() == 5) { - HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, -1); - } else { - HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, - GetParam()); - } + base::DictionaryValue http_server_properties_dict = DictWithVersion(); http_server_properties_dict.SetWithoutPathExpansion( "servers", std::move(servers_list)); - } else { - HttpServerPropertiesManager::SetVersion(&http_server_properties_dict, - GetParam()); - http_server_properties_dict.SetWithoutPathExpansion( - "servers", std::move(servers_dict)); - } // Set up SupportsQuic for 127.0.0.1 auto supports_quic = std::make_unique(); @@ -1043,11 +973,7 @@ TEST_P(HttpServerPropertiesManagerTest, BadSupportsQuic) { // Verify alternative service. for (int i = 1; i <= 200; ++i) { GURL server_gurl; - if (GetParam() >= 5) { - server_gurl = GURL(StringPrintf("https://www.google.com:%d", i)); - } else { server_gurl = GURL(StringPrintf("https://www.google.com:%d", i)); - } url::SchemeHostPort server(server_gurl); AlternativeServiceInfoVector alternative_service_info_vector = http_server_props_manager_->GetAlternativeServiceInfos(server); @@ -1064,7 +990,7 @@ TEST_P(HttpServerPropertiesManagerTest, BadSupportsQuic) { EXPECT_EQ("127.0.0.1", address.ToString()); } -TEST_P(HttpServerPropertiesManagerTest, UpdatePrefsWithCache) { +TEST_F(HttpServerPropertiesManagerTest, UpdatePrefsWithCache) { const url::SchemeHostPort server_www("https", "www.google.com", 80); const url::SchemeHostPort server_mail("https", "mail.google.com", 80); @@ -1210,7 +1136,7 @@ TEST_P(HttpServerPropertiesManagerTest, UpdatePrefsWithCache) { EXPECT_EQ(expected_json, preferences_json); } -TEST_P(HttpServerPropertiesManagerTest, +TEST_F(HttpServerPropertiesManagerTest, SingleCacheUpdateForMultipleUpdatesScheduled) { EXPECT_EQ(0u, GetPendingMainThreadTaskCount()); // Update cache. @@ -1241,7 +1167,7 @@ TEST_P(HttpServerPropertiesManagerTest, EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); } -TEST_P(HttpServerPropertiesManagerTest, AddToAlternativeServiceMap) { +TEST_F(HttpServerPropertiesManagerTest, AddToAlternativeServiceMap) { std::unique_ptr server_value = base::JSONReader::ReadDeprecated( "{\"alternative_service\":[{\"port\":443,\"protocol_str\":\"h2\"}," "{\"port\":123,\"protocol_str\":\"quic\"," @@ -1293,7 +1219,7 @@ TEST_P(HttpServerPropertiesManagerTest, AddToAlternativeServiceMap) { } // Regression test for https://crbug.com/615497. -TEST_P(HttpServerPropertiesManagerTest, DoNotLoadAltSvcForInsecureOrigins) { +TEST_F(HttpServerPropertiesManagerTest, DoNotLoadAltSvcForInsecureOrigins) { std::unique_ptr server_value = base::JSONReader::ReadDeprecated( "{\"alternative_service\":[{\"port\":443,\"protocol_str\":\"h2\"," "\"expiration\":\"9223372036854775807\"}]}"); @@ -1311,7 +1237,7 @@ TEST_P(HttpServerPropertiesManagerTest, DoNotLoadAltSvcForInsecureOrigins) { } // Do not persist expired alternative service entries to disk. -TEST_P(HttpServerPropertiesManagerTest, DoNotPersistExpiredAlternativeService) { +TEST_F(HttpServerPropertiesManagerTest, DoNotPersistExpiredAlternativeService) { AlternativeServiceInfoVector alternative_service_info_vector; const AlternativeService broken_alternative_service( @@ -1386,7 +1312,7 @@ TEST_P(HttpServerPropertiesManagerTest, DoNotPersistExpiredAlternativeService) { } // Test that expired alternative service entries on disk are ignored. -TEST_P(HttpServerPropertiesManagerTest, DoNotLoadExpiredAlternativeService) { +TEST_F(HttpServerPropertiesManagerTest, DoNotLoadExpiredAlternativeService) { auto alternative_service_list = std::make_unique(); auto expired_dict = std::make_unique(); expired_dict->SetString("protocol_str", "h2"); @@ -1429,7 +1355,7 @@ TEST_P(HttpServerPropertiesManagerTest, DoNotLoadExpiredAlternativeService) { } // Make sure prefs are updated on destruction. -TEST_P(HttpServerPropertiesManagerTest, UpdatePrefsOnShutdown) { +TEST_F(HttpServerPropertiesManagerTest, UpdatePrefsOnShutdown) { int pref_updates = 0; pref_delegate_->set_extra_update_prefs_callback( base::Bind([](int* updates) { (*updates)++; }, &pref_updates)); @@ -1437,7 +1363,7 @@ TEST_P(HttpServerPropertiesManagerTest, UpdatePrefsOnShutdown) { EXPECT_EQ(1, pref_updates); } -TEST_P(HttpServerPropertiesManagerTest, PersistAdvertisedVersionsToPref) { +TEST_F(HttpServerPropertiesManagerTest, PersistAdvertisedVersionsToPref) { const url::SchemeHostPort server_www("https", "www.google.com", 80); const url::SchemeHostPort server_mail("https", "mail.google.com", 80); @@ -1449,7 +1375,7 @@ TEST_P(HttpServerPropertiesManagerTest, PersistAdvertisedVersionsToPref) { ASSERT_TRUE(base::Time::FromUTCString("2036-12-01 10:00:00", &expiration1)); quic::ParsedQuicVersionVector advertised_versions = { quic::ParsedQuicVersion(quic::PROTOCOL_QUIC_CRYPTO, - quic::QUIC_VERSION_44), + quic::QUIC_VERSION_46), quic::ParsedQuicVersion(quic::PROTOCOL_QUIC_CRYPTO, quic::QUIC_VERSION_39)}; alternative_service_info_vector.push_back( @@ -1499,7 +1425,7 @@ TEST_P(HttpServerPropertiesManagerTest, PersistAdvertisedVersionsToPref) { "{\"quic_servers\":{\"https://mail.google.com:80\":{" "\"server_info\":\"quic_server_info1\"}},\"servers\":[" "{\"https://www.google.com:80\":{\"alternative_service\":[{" - "\"advertised_versions\":[39,44],\"expiration\":\"13756212000000000\"," + "\"advertised_versions\":[39,46],\"expiration\":\"13756212000000000\"," "\"port\":443,\"protocol_str\":\"quic\"},{\"advertised_versions\":[]," "\"expiration\":\"13758804000000000\",\"host\":\"www.google.com\"," "\"port\":1234,\"protocol_str\":\"h2\"}]}}," @@ -1517,13 +1443,13 @@ TEST_P(HttpServerPropertiesManagerTest, PersistAdvertisedVersionsToPref) { EXPECT_EQ(expected_json, preferences_json); } -TEST_P(HttpServerPropertiesManagerTest, ReadAdvertisedVersionsFromPref) { +TEST_F(HttpServerPropertiesManagerTest, ReadAdvertisedVersionsFromPref) { std::unique_ptr server_value = base::JSONReader::ReadDeprecated( "{\"alternative_service\":[" "{\"port\":443,\"protocol_str\":\"quic\"}," "{\"port\":123,\"protocol_str\":\"quic\"," "\"expiration\":\"9223372036854775807\"," - "\"advertised_versions\":[44,39]}]}"); + "\"advertised_versions\":[46,39]}]}"); ASSERT_TRUE(server_value); base::DictionaryValue* server_dict; ASSERT_TRUE(server_value->GetAsDictionary(&server_dict)); @@ -1564,18 +1490,18 @@ TEST_P(HttpServerPropertiesManagerTest, ReadAdvertisedVersionsFromPref) { quic::QUIC_VERSION_39), loaded_advertised_versions[0]); EXPECT_EQ(quic::ParsedQuicVersion(quic::PROTOCOL_QUIC_CRYPTO, - quic::QUIC_VERSION_44), + quic::QUIC_VERSION_46), loaded_advertised_versions[1]); } -TEST_P(HttpServerPropertiesManagerTest, +TEST_F(HttpServerPropertiesManagerTest, UpdatePrefWhenAdvertisedVersionsChange) { const url::SchemeHostPort server_www("https", "www.google.com", 80); // #1: Set alternate protocol. AlternativeServiceInfoVector alternative_service_info_vector; // Quic alternative service set with a single QUIC version: - // quic::QUIC_VERSION_44. + // quic::QUIC_VERSION_46. AlternativeService quic_alternative_service1(kProtoQUIC, "", 443); base::Time expiration1; ASSERT_TRUE(base::Time::FromUTCString("2036-12-01 10:00:00", &expiration1)); @@ -1624,7 +1550,7 @@ TEST_P(HttpServerPropertiesManagerTest, // Quic alternative service set with two advertised QUIC versions. quic::ParsedQuicVersionVector advertised_versions = { quic::ParsedQuicVersion(quic::PROTOCOL_QUIC_CRYPTO, - quic::QUIC_VERSION_44), + quic::QUIC_VERSION_46), quic::ParsedQuicVersion(quic::PROTOCOL_QUIC_CRYPTO, quic::QUIC_VERSION_39)}; alternative_service_info_vector_2.push_back( @@ -1644,7 +1570,7 @@ TEST_P(HttpServerPropertiesManagerTest, "{\"quic_servers\":{\"https://mail.google.com:80\":" "{\"server_info\":\"quic_server_info1\"}},\"servers\":[" "{\"https://www.google.com:80\":" - "{\"alternative_service\":[{\"advertised_versions\":[39,44]," + "{\"alternative_service\":[{\"advertised_versions\":[39,46]," "\"expiration\":\"13756212000000000\",\"port\":443," "\"protocol_str\":\"quic\"}]}}],\"supports_quic\":" "{\"address\":\"127.0.0.1\",\"used_quic\":true},\"version\":5}"; @@ -1659,7 +1585,7 @@ TEST_P(HttpServerPropertiesManagerTest, quic::ParsedQuicVersion(quic::PROTOCOL_QUIC_CRYPTO, quic::QUIC_VERSION_39), quic::ParsedQuicVersion(quic::PROTOCOL_QUIC_CRYPTO, - quic::QUIC_VERSION_44)}; + quic::QUIC_VERSION_46)}; alternative_service_info_vector_3.push_back( AlternativeServiceInfo::CreateQuicAlternativeServiceInfo( quic_alternative_service1, expiration1, advertised_versions_2)); @@ -1671,7 +1597,7 @@ TEST_P(HttpServerPropertiesManagerTest, EXPECT_EQ(0, pref_delegate_->GetAndClearNumPrefUpdates()); } -TEST_P(HttpServerPropertiesManagerTest, UpdateCacheWithPrefs) { +TEST_F(HttpServerPropertiesManagerTest, UpdateCacheWithPrefs) { AlternativeService cached_broken_service(kProtoQUIC, "cached_broken", 443); AlternativeService cached_broken_service2(kProtoQUIC, "cached_broken2", 443); AlternativeService cached_recently_broken_service(kProtoQUIC, diff --git a/chromium/net/http/http_stream_factory.cc b/chromium/net/http/http_stream_factory.cc index 3bca1d7c738..51bcae28729 100644 --- a/chromium/net/http/http_stream_factory.cc +++ b/chromium/net/http/http_stream_factory.cc @@ -78,8 +78,9 @@ void HttpStreamFactory::ProcessAlternativeServices( quic::ParsedQuicVersionVector advertised_versions; if (protocol == kProtoQUIC && !alternative_service_entry.version.empty()) { advertised_versions = FilterSupportedAltSvcVersions( - alternative_service_entry, session->params().quic_supported_versions, - session->params().support_ietf_format_quic_altsvc); + alternative_service_entry, + session->params().quic_params.supported_versions, + session->params().quic_params.support_ietf_format_quic_altsvc); if (advertised_versions.empty()) continue; } @@ -256,8 +257,8 @@ bool HttpStreamFactory::OnInitConnection(const JobController& controller, PreconnectingProxyServer preconnecting_proxy_server(proxy_info.proxy_server(), privacy_mode); - if (base::ContainsKey(preconnecting_proxy_servers_, - preconnecting_proxy_server)) { + if (base::Contains(preconnecting_proxy_servers_, + preconnecting_proxy_server)) { UMA_HISTOGRAM_EXACT_LINEAR("Net.PreconnectSkippedToProxyServers", 1, 2); // Skip preconnect to the proxy server since we are already preconnecting // (probably via some other job). See https://crbug.com/682041 for details. diff --git a/chromium/net/http/http_stream_factory_job.cc b/chromium/net/http/http_stream_factory_job.cc index e176dfd7dc8..ed7b2346906 100644 --- a/chromium/net/http/http_stream_factory_job.cc +++ b/chromium/net/http/http_stream_factory_job.cc @@ -66,18 +66,17 @@ const base::Feature kLimitEarlyPreconnectsExperiment{ } // namespace // Returns parameters associated with the start of a HTTP stream job. -base::Value NetLogHttpStreamJobCallback(const NetLogSource& source, - const GURL* original_url, - const GURL* url, - bool expect_spdy, - bool using_quic, - RequestPriority priority, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogHttpStreamJobParams(const NetLogSource& source, + const GURL& original_url, + const GURL& url, + bool expect_spdy, + bool using_quic, + RequestPriority priority) { base::DictionaryValue dict; if (source.IsValid()) source.AddToEventParameters(&dict); - dict.SetString("original_url", original_url->GetOrigin().spec()); - dict.SetString("url", url->GetOrigin().spec()); + dict.SetString("original_url", original_url.GetOrigin().spec()); + dict.SetString("url", url.GetOrigin().spec()); dict.SetBoolean("expect_spdy", expect_spdy); dict.SetBoolean("using_quic", using_quic); dict.SetString("priority", RequestPriorityToString(priority)); @@ -86,9 +85,7 @@ base::Value NetLogHttpStreamJobCallback(const NetLogSource& source, // Returns parameters associated with the Proto (with NPN negotiation) of a HTTP // stream. -base::Value NetLogHttpStreamProtoCallback( - NextProto negotiated_protocol, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogHttpStreamProtoParams(NextProto negotiated_protocol) { base::DictionaryValue dict; dict.SetString("proto", NextProtoToString(negotiated_protocol)); @@ -169,8 +166,7 @@ HttpStreamFactory::Job::Job(Delegate* delegate, request_info_.socket_tag, request_info_.network_isolation_key)), stream_type_(HttpStreamRequest::BIDIRECTIONAL_STREAM), - init_connection_already_resumed_(false), - ptr_factory_(this) { + init_connection_already_resumed_(false) { // QUIC can only be spoken to servers, never to proxies. if (alternative_protocol == kProtoQUIC) DCHECK(proxy_info_.is_direct()); @@ -180,7 +176,7 @@ HttpStreamFactory::Job::Job(Delegate* delegate, if (quic_version_ == quic::UnsupportedQuicVersion() && ShouldForceQuic(session, destination, origin_url, proxy_info, using_ssl_)) { - quic_version_ = session->params().quic_supported_versions[0]; + quic_version_ = session->params().quic_params.supported_versions[0]; } if (using_quic_) @@ -362,10 +358,10 @@ bool HttpStreamFactory::Job::ShouldForceQuic(HttpNetworkSession* session, // handled by the socket pools, using an HttpProxyConnectJob. if (proxy_info.is_quic()) return !using_ssl; - return (base::ContainsKey(session->params().origins_to_force_quic_on, - HostPortPair()) || - base::ContainsKey(session->params().origins_to_force_quic_on, - destination)) && + return (base::Contains(session->params().quic_params.origins_to_force_quic_on, + HostPortPair()) || + base::Contains(session->params().quic_params.origins_to_force_quic_on, + destination)) && proxy_info.is_direct() && origin_url.SchemeIs(url::kHttpsScheme); } @@ -630,13 +626,13 @@ int HttpStreamFactory::Job::DoStart() { const NetLogWithSource* net_log = delegate_->GetNetLog(); if (net_log) { - net_log_.BeginEvent( - NetLogEventType::HTTP_STREAM_JOB, - base::Bind(&NetLogHttpStreamJobCallback, net_log->source(), - &request_info_.url, &origin_url_, expect_spdy_, using_quic_, - priority_)); - net_log->AddEvent(NetLogEventType::HTTP_STREAM_REQUEST_STARTED_JOB, - net_log_.source().ToEventParametersCallback()); + net_log_.BeginEvent(NetLogEventType::HTTP_STREAM_JOB, [&] { + return NetLogHttpStreamJobParams(net_log->source(), request_info_.url, + origin_url_, expect_spdy_, using_quic_, + priority_); + }); + net_log->AddEventReferencingSource( + NetLogEventType::HTTP_STREAM_REQUEST_STARTED_JOB, net_log_.source()); } // Don't connect to restricted ports. @@ -657,8 +653,9 @@ int HttpStreamFactory::Job::DoStart() { int HttpStreamFactory::Job::DoWait() { next_state_ = STATE_WAIT_COMPLETE; bool should_wait = delegate_->ShouldWait(this); - net_log_.BeginEvent(NetLogEventType::HTTP_STREAM_JOB_WAITING, - NetLog::BoolCallback("should_wait", should_wait)); + net_log_.AddEntryWithBoolParams(NetLogEventType::HTTP_STREAM_JOB_WAITING, + NetLogEventPhase::BEGIN, "should_wait", + should_wait); if (should_wait) return ERR_IO_PENDING; @@ -711,25 +708,6 @@ int HttpStreamFactory::Job::DoInitConnectionImpl() { // Disable network fetches for HTTPS proxies, since the network requests // are probably going to need to go through the proxy too. proxy_ssl_config_.disable_cert_verification_network_fetches = true; - - if (proxy_ssl_config_.send_client_cert) { - // When connecting through an HTTPS proxy, disable TLS False Start so that - // client authentication errors can be distinguished between those - // originating from the proxy server (ERR_PROXY_CONNECTION_FAILED) and - // those originating from the endpoint (ERR_SSL_PROTOCOL_ERROR / - // ERR_BAD_SSL_CLIENT_AUTH_CERT). - // - // We now handle this fine for SSLClientAuthCache updates, though not - // ReconsiderProxyAfterError() below. In case of issues there, and general - // False Start compatibility risk, we continue to disable False Start. (If - // it becomes a problem, the risk of removing this is likely low.) - // - // This assumes the proxy will only request certificates on the initial - // handshake; renegotiation on the proxy connection is unsupported. - // - // See https://crbug.com/828965. - proxy_ssl_config_.false_start_enabled = false; - } } if (using_ssl_) { // Prior to HTTP/2 and SPDY, some servers use TLS renegotiation to request @@ -773,8 +751,8 @@ int HttpStreamFactory::Job::DoInitConnectionImpl() { ssl_config = &server_ssl_config_; } int rv = quic_request_.Request( - destination, quic_version_.transport_version, - request_info_.privacy_mode, priority_, request_info_.socket_tag, + destination, quic_version_, request_info_.privacy_mode, priority_, + request_info_.socket_tag, request_info_.network_isolation_key, ssl_config->GetCertVerifyFlags(), url, net_log_, &net_error_details_, base::BindOnce(&Job::OnFailedOnDefaultNetwork, ptr_factory_.GetWeakPtr()), @@ -875,7 +853,8 @@ int HttpStreamFactory::Job::DoInitConnectionImpl() { return PreconnectSocketsForHttpRequest( GetSocketGroup(), destination_, request_info_.load_flags, priority_, session_, proxy_info_, server_ssl_config_, proxy_ssl_config_, - request_info_.privacy_mode, net_log_, num_streams_); + request_info_.privacy_mode, request_info_.network_isolation_key, + net_log_, num_streams_); } ClientSocketPool::ProxyAuthCallback proxy_auth_callback = @@ -945,9 +924,9 @@ int HttpStreamFactory::Job::DoInitConnectionComplete(int result) { if (connection_->socket()->WasAlpnNegotiated()) { was_alpn_negotiated_ = true; negotiated_protocol_ = connection_->socket()->GetNegotiatedProtocol(); - net_log_.AddEvent( - NetLogEventType::HTTP_STREAM_REQUEST_PROTO, - base::Bind(&NetLogHttpStreamProtoCallback, negotiated_protocol_)); + net_log_.AddEvent(NetLogEventType::HTTP_STREAM_REQUEST_PROTO, [&] { + return NetLogHttpStreamProtoParams(negotiated_protocol_); + }); if (negotiated_protocol_ == kProtoHTTP2) { if (is_websocket_) { // WebSocket is not supported over a fresh HTTP/2 connection. @@ -1152,9 +1131,9 @@ int HttpStreamFactory::Job::DoCreateStream() { net_log_); if (!spdy_session->HasAcceptableTransportSecurity()) { - spdy_session->CloseSessionOnError(ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY, + spdy_session->CloseSessionOnError(ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY, ""); - return ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY; + return ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY; } url::SchemeHostPort scheme_host_port( diff --git a/chromium/net/http/http_stream_factory_job.h b/chromium/net/http/http_stream_factory_job.h index 3a5488e312c..94d1a9190f8 100644 --- a/chromium/net/http/http_stream_factory_job.h +++ b/chromium/net/http/http_stream_factory_job.h @@ -477,7 +477,7 @@ class HttpStreamFactory::Job std::unique_ptr spdy_session_request_; - base::WeakPtrFactory ptr_factory_; + base::WeakPtrFactory ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(Job); }; diff --git a/chromium/net/http/http_stream_factory_job_controller.cc b/chromium/net/http/http_stream_factory_job_controller.cc index d208cd01f3a..45a9e840014 100644 --- a/chromium/net/http/http_stream_factory_job_controller.cc +++ b/chromium/net/http/http_stream_factory_job_controller.cc @@ -16,6 +16,7 @@ #include "base/trace_event/memory_usage_estimator.h" #include "base/values.h" #include "net/base/host_mapping_rules.h" +#include "net/base/load_flags.h" #include "net/http/bidirectional_stream_impl.h" #include "net/http/transport_security_state.h" #include "net/log/net_log.h" @@ -32,8 +33,7 @@ namespace { // Returns parameters associated with the proxy resolution. base::Value NetLogHttpStreamJobProxyServerResolved( - const ProxyServer& proxy_server, - NetLogCaptureMode /* capture_mode */) { + const ProxyServer& proxy_server) { base::DictionaryValue dict; dict.SetString("proxy_server", proxy_server.is_valid() @@ -48,18 +48,15 @@ base::Value NetLogHttpStreamJobProxyServerResolved( // the main job. const int kMaxDelayTimeForMainJobSecs = 3; -base::Value NetLogJobControllerCallback(const GURL* url, - bool is_preconnect, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogJobControllerParams(const GURL& url, bool is_preconnect) { base::DictionaryValue dict; - dict.SetString("url", url->possibly_invalid_spec()); + dict.SetString("url", url.possibly_invalid_spec()); dict.SetBoolean("is_preconnect", is_preconnect); return std::move(dict); } -base::Value NetLogAltSvcCallback(const AlternativeServiceInfo* alt_svc_info, - bool is_broken, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogAltSvcParams(const AlternativeServiceInfo* alt_svc_info, + bool is_broken) { base::DictionaryValue dict; dict.SetString("alt_svc", alt_svc_info->ToString()); dict.SetBoolean("is_broken", is_broken); @@ -102,14 +99,13 @@ HttpStreamFactory::JobController::JobController( proxy_ssl_config_(proxy_ssl_config), num_streams_(0), priority_(IDLE), - net_log_( - NetLogWithSource::Make(session->net_log(), - NetLogSourceType::HTTP_STREAM_JOB_CONTROLLER)), - ptr_factory_(this) { + net_log_(NetLogWithSource::Make( + session->net_log(), + NetLogSourceType::HTTP_STREAM_JOB_CONTROLLER)) { DCHECK(factory); - net_log_.BeginEvent(NetLogEventType::HTTP_STREAM_JOB_CONTROLLER, - base::Bind(&NetLogJobControllerCallback, - &request_info.url, is_preconnect)); + net_log_.BeginEvent(NetLogEventType::HTTP_STREAM_JOB_CONTROLLER, [&] { + return NetLogJobControllerParams(request_info.url, is_preconnect); + }); } HttpStreamFactory::JobController::~JobController() { @@ -143,10 +139,11 @@ std::unique_ptr HttpStreamFactory::JobController::Start( request_ = request.get(); // Associates |net_log_| with |source_net_log|. - source_net_log.AddEvent(NetLogEventType::HTTP_STREAM_JOB_CONTROLLER_BOUND, - net_log_.source().ToEventParametersCallback()); - net_log_.AddEvent(NetLogEventType::HTTP_STREAM_JOB_CONTROLLER_BOUND, - source_net_log.source().ToEventParametersCallback()); + source_net_log.AddEventReferencingSource( + NetLogEventType::HTTP_STREAM_JOB_CONTROLLER_BOUND, net_log_.source()); + net_log_.AddEventReferencingSource( + NetLogEventType::HTTP_STREAM_JOB_CONTROLLER_BOUND, + source_net_log.source()); RunLoop(OK); return request; @@ -459,8 +456,8 @@ void HttpStreamFactory::JobController::AddConnectionAttemptsToRequest( void HttpStreamFactory::JobController::ResumeMainJobLater( const base::TimeDelta& delay) { - net_log_.AddEvent(NetLogEventType::HTTP_STREAM_JOB_DELAYED, - NetLog::Int64Callback("delay", delay.InMilliseconds())); + net_log_.AddEventWithInt64Params(NetLogEventType::HTTP_STREAM_JOB_DELAYED, + "delay", delay.InMilliseconds()); resume_main_job_callback_.Reset( base::BindOnce(&HttpStreamFactory::JobController::ResumeMainJob, ptr_factory_.GetWeakPtr())); @@ -475,9 +472,9 @@ void HttpStreamFactory::JobController::ResumeMainJob() { return; } main_job_is_resumed_ = true; - main_job_->net_log().AddEvent( - NetLogEventType::HTTP_STREAM_JOB_RESUMED, - NetLog::Int64Callback("delay", main_job_wait_time_.InMilliseconds())); + main_job_->net_log().AddEventWithInt64Params( + NetLogEventType::HTTP_STREAM_JOB_RESUMED, "delay", + main_job_wait_time_.InMilliseconds()); main_job_->Resume(); main_job_wait_time_ = base::TimeDelta(); @@ -641,10 +638,11 @@ int HttpStreamFactory::JobController::DoResolveProxyComplete(int rv) { proxy_resolve_request_ = nullptr; net_log_.AddEvent( - NetLogEventType::HTTP_STREAM_JOB_CONTROLLER_PROXY_SERVER_RESOLVED, - base::Bind( - &NetLogHttpStreamJobProxyServerResolved, - proxy_info_.is_empty() ? ProxyServer() : proxy_info_.proxy_server())); + NetLogEventType::HTTP_STREAM_JOB_CONTROLLER_PROXY_SERVER_RESOLVED, [&] { + return NetLogHttpStreamJobProxyServerResolved( + proxy_info_.is_empty() ? ProxyServer() + : proxy_info_.proxy_server()); + }); if (rv != OK) return rv; @@ -771,12 +769,12 @@ void HttpStreamFactory::JobController::BindJob(Job* job) { job_bound_ = true; bound_job_ = job; - request_->net_log().AddEvent( + request_->net_log().AddEventReferencingSource( NetLogEventType::HTTP_STREAM_REQUEST_BOUND_TO_JOB, - job->net_log().source().ToEventParametersCallback()); - job->net_log().AddEvent( + job->net_log().source()); + job->net_log().AddEventReferencingSource( NetLogEventType::HTTP_STREAM_JOB_BOUND_TO_REQUEST, - request_->net_log().source().ToEventParametersCallback()); + request_->net_log().source()); OrphanUnboundJob(); } @@ -1013,9 +1011,9 @@ HttpStreamFactory::JobController::GetAlternativeServiceInfoInternal( const bool is_broken = http_server_properties.IsAlternativeServiceBroken( alternative_service_info.alternative_service()); net_log_.AddEvent( - NetLogEventType::HTTP_STREAM_JOB_CONTROLLER_ALT_SVC_FOUND, - base::BindRepeating(&NetLogAltSvcCallback, &alternative_service_info, - is_broken)); + NetLogEventType::HTTP_STREAM_JOB_CONTROLLER_ALT_SVC_FOUND, [&] { + return NetLogAltSvcParams(&alternative_service_info, is_broken); + }); if (is_broken) { HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_BROKEN, false); continue; @@ -1050,7 +1048,7 @@ HttpStreamFactory::JobController::GetAlternativeServiceInfoInternal( continue; if (stream_type == HttpStreamRequest::BIDIRECTIONAL_STREAM && - session_->params().quic_disable_bidirectional_streams) { + session_->params().quic_params.disable_bidirectional_streams) { continue; } @@ -1067,11 +1065,12 @@ HttpStreamFactory::JobController::GetAlternativeServiceInfoInternal( HostPortPair mapped_origin(origin.host(), origin.port()); ignore_result(ApplyHostMappingRules(original_url, &mapped_origin)); QuicSessionKey session_key(mapped_origin, request_info.privacy_mode, - request_info.socket_tag); + request_info.socket_tag, + request_info.network_isolation_key); HostPortPair destination(alternative_service_info.host_port_pair()); if (session_key.host() != destination.host() && - !session_->params().quic_allow_remote_alt_svc) { + !session_->params().quic_params.allow_remote_alt_svc) { continue; } ignore_result(ApplyHostMappingRules(original_url, &destination)); @@ -1098,7 +1097,7 @@ HttpStreamFactory::JobController::GetAlternativeServiceInfoInternal( quic::ParsedQuicVersion HttpStreamFactory::JobController::SelectQuicVersion( const quic::ParsedQuicVersionVector& advertised_versions) { const quic::ParsedQuicVersionVector& supported_versions = - session_->params().quic_supported_versions; + session_->params().quic_params.supported_versions; if (advertised_versions.empty()) return supported_versions[0]; @@ -1242,7 +1241,7 @@ bool HttpStreamFactory::JobController::IsQuicWhitelistedForHost( return true; std::string lowered_host = base::ToLowerASCII(host); - return base::ContainsKey(host_whitelist, lowered_host); + return base::Contains(host_whitelist, lowered_host); } } // namespace net diff --git a/chromium/net/http/http_stream_factory_job_controller.h b/chromium/net/http/http_stream_factory_job_controller.h index f24cdd7a81f..783759ead81 100644 --- a/chromium/net/http/http_stream_factory_job_controller.h +++ b/chromium/net/http/http_stream_factory_job_controller.h @@ -360,7 +360,7 @@ class HttpStreamFactory::JobController RequestPriority priority_; const NetLogWithSource net_log_; - base::WeakPtrFactory ptr_factory_; + base::WeakPtrFactory ptr_factory_{this}; }; } // namespace net diff --git a/chromium/net/http/http_stream_factory_job_controller_unittest.cc b/chromium/net/http/http_stream_factory_job_controller_unittest.cc index 05c444f7283..b3407f02428 100644 --- a/chromium/net/http/http_stream_factory_job_controller_unittest.cc +++ b/chromium/net/http/http_stream_factory_job_controller_unittest.cc @@ -31,7 +31,6 @@ #include "net/http/http_stream_factory_test_util.h" #include "net/log/net_log_with_source.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/proxy_resolution/mock_proxy_resolver.h" #include "net/proxy_resolution/proxy_config_service_fixed.h" @@ -178,7 +177,7 @@ class HttpStreamFactoryJobControllerTest public: HttpStreamFactoryJobControllerTest() : TestWithScopedTaskEnvironment( - base::test::ScopedTaskEnvironment::MainThreadType::MOCK_TIME) { + base::test::ScopedTaskEnvironment::TimeSource::MOCK_TIME) { session_deps_.enable_quic = true; session_deps_.host_resolver->set_synchronous_mode(true); } @@ -274,7 +273,7 @@ class HttpStreamFactoryJobControllerTest if (alternative_service.protocol == kProtoQUIC) { session_->http_server_properties()->SetQuicAlternativeService( server, alternative_service, expiration, - session_->params().quic_supported_versions); + session_->params().quic_params.supported_versions); } else { session_->http_server_properties()->SetHttp2AlternativeService( server, alternative_service, expiration); @@ -307,6 +306,7 @@ class HttpStreamFactoryJobControllerTest void TestMainJobFailsAfterAltJobSucceeded( bool alt_job_retried_on_non_default_network); + BoundTestNetLog net_log_; TestJobFactory job_factory_; MockHttpStreamRequestDelegate request_delegate_; SpdySessionDependencies session_deps_{ProxyResolutionService::CreateDirect()}; @@ -320,7 +320,7 @@ class HttpStreamFactoryJobControllerTest quic::MockClock clock_; quic::test::MockRandom random_generator_{0}; QuicTestPacketMaker client_maker_{ - HttpNetworkSession::Params().quic_supported_versions[0], + HttpNetworkSession::Params().quic_params.supported_versions[0], quic::QuicUtils::CreateRandomConnectionId(&random_generator_), &clock_, kServerHostname, @@ -328,7 +328,6 @@ class HttpStreamFactoryJobControllerTest false}; protected: - BoundTestNetLog net_log_; bool use_alternative_proxy_ = false; bool is_preconnect_ = false; bool enable_ip_based_pooling_ = true; @@ -706,7 +705,8 @@ TEST_F(JobControllerReconsiderProxyAfterErrorTest, url::SchemeHostPort(GURL("http://www.example.com")), stats1); // Prepare the mocked data. - MockQuicData quic_data; + MockQuicData quic_data( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data.AddRead(ASYNC, ERR_QUIC_PROTOCOL_ERROR); quic_data.AddWrite(ASYNC, OK); quic_data.AddSocketDataToFactory(session_deps_.socket_factory.get()); @@ -796,7 +796,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, CancelJobsBeforeBinding) { // Use COLD_START to make the alt job pending. crypto_client_stream_factory_.set_handshake_mode( MockCryptoClientStream::COLD_START); - quic_data_ = std::make_unique(); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data_->AddRead(SYNCHRONOUS, OK); tcp_data_ = std::make_unique(); @@ -856,7 +857,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, void HttpStreamFactoryJobControllerTest::TestOnStreamFailedForBothJobs( bool alt_job_retried_on_non_default_network) { - quic_data_ = std::make_unique(); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data_->AddConnect(ASYNC, ERR_FAILED); tcp_data_ = std::make_unique(); tcp_data_->set_connect_data(MockConnect(ASYNC, ERR_FAILED)); @@ -907,7 +909,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, void HttpStreamFactoryJobControllerTest::TestAltJobFailsAfterMainJobSucceeded( bool alt_job_retried_on_non_default_network) { - quic_data_ = std::make_unique(); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data_->AddRead(ASYNC, ERR_FAILED); crypto_client_stream_factory_.set_handshake_mode( MockCryptoClientStream::COLD_START); @@ -976,7 +979,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, // Tests that when alt job succeeds, main job is destroyed. TEST_F(HttpStreamFactoryJobControllerTest, AltJobSucceedsMainJobDestroyed) { - quic_data_ = std::make_unique(); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data_->AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Use cold start and complete alt job manually. crypto_client_stream_factory_.set_handshake_mode( @@ -1024,9 +1028,9 @@ TEST_F(HttpStreamFactoryJobControllerTest, AltJobSucceedsMainJobDestroyed) { // Regression test for crbug.com/678768. TEST_F(HttpStreamFactoryJobControllerTest, AltJobSucceedsMainJobBlockedControllerDestroyed) { - quic_data_ = std::make_unique(); - quic_data_->AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); + quic_data_->AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(1)); quic_data_->AddRead(ASYNC, OK); HttpRequestInfo request_info; @@ -1103,7 +1107,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, // JobController will be cleaned up. TEST_F(HttpStreamFactoryJobControllerTest, OrphanedJobCompletesControllerDestroyed) { - quic_data_ = std::make_unique(); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data_->AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Use cold start and complete alt job manually. crypto_client_stream_factory_.set_handshake_mode( @@ -1157,7 +1162,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, void HttpStreamFactoryJobControllerTest::TestAltJobSucceedsAfterMainJobFailed( bool alt_job_retried_on_non_default_network) { - quic_data_ = std::make_unique(); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data_->AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Use cold start and complete alt job manually. crypto_client_stream_factory_.set_handshake_mode( @@ -1225,7 +1231,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, void HttpStreamFactoryJobControllerTest:: TestAltJobSucceedsAfterMainJobSucceeded( bool alt_job_retried_on_non_default_network) { - quic_data_ = std::make_unique(); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data_->AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Use cold start and complete alt job manually. crypto_client_stream_factory_.set_handshake_mode( @@ -1308,7 +1315,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, void HttpStreamFactoryJobControllerTest:: TestMainJobSucceedsAfterAltJobSucceeded( bool alt_job_retried_on_non_default_network) { - quic_data_ = std::make_unique(); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data_->AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Use cold start and complete alt job manually. crypto_client_stream_factory_.set_handshake_mode( @@ -1383,7 +1391,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, void HttpStreamFactoryJobControllerTest::TestMainJobFailsAfterAltJobSucceeded( bool alt_job_retried_on_non_default_network) { - quic_data_ = std::make_unique(); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data_->AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Use cold start and complete alt job manually. crypto_client_stream_factory_.set_handshake_mode( @@ -1446,7 +1455,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, void HttpStreamFactoryJobControllerTest::TestMainJobSucceedsAfterAltJobFailed( bool alt_job_retried_on_non_default_network) { - quic_data_ = std::make_unique(); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data_->AddConnect(SYNCHRONOUS, ERR_FAILED); tcp_data_ = std::make_unique(); @@ -1514,7 +1524,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, // then the alternative service is not marked as broken. TEST_F(HttpStreamFactoryJobControllerTest, MainJobSucceedsAfterConnectionChanged) { - quic_data_ = std::make_unique(); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data_->AddConnect(SYNCHRONOUS, ERR_NETWORK_CHANGED); tcp_data_ = std::make_unique(); tcp_data_->set_connect_data(MockConnect(SYNCHRONOUS, OK)); @@ -1556,7 +1567,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, // Get load state after main job fails and before alternative job succeeds. TEST_F(HttpStreamFactoryJobControllerTest, GetLoadStateAfterMainJobFailed) { // Use COLD_START to complete alt job manually. - quic_data_ = std::make_unique(); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data_->AddRead(SYNCHRONOUS, ERR_IO_PENDING); crypto_client_stream_factory_.set_handshake_mode( MockCryptoClientStream::COLD_START); @@ -1603,7 +1615,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, GetLoadStateAfterMainJobFailed) { TEST_F(HttpStreamFactoryJobControllerTest, ResumeMainJobWhenAltJobStalls) { // Use COLD_START to stall alt job. - quic_data_ = std::make_unique(); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data_->AddRead(SYNCHRONOUS, ERR_IO_PENDING); crypto_client_stream_factory_.set_handshake_mode( MockCryptoClientStream::COLD_START); @@ -1672,7 +1685,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, HostResolutionHang) { Initialize(request_info); // handshake will fail asynchronously after mock data is unpaused. - MockQuicData quic_data; + MockQuicData quic_data( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause quic_data.AddRead(ASYNC, ERR_FAILED); quic_data.AddWrite(ASYNC, ERR_FAILED); @@ -1744,7 +1758,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, DelayedTCP) { Initialize(request_info); // Handshake will fail asynchronously after mock data is unpaused. - MockQuicData quic_data; + MockQuicData quic_data( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause quic_data.AddRead(ASYNC, ERR_FAILED); quic_data.AddWrite(ASYNC, ERR_FAILED); @@ -1884,7 +1899,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, DelayedTCPWithLargeSrtt) { Initialize(request_info); // handshake will fail asynchronously after mock data is unpaused. - MockQuicData quic_data; + MockQuicData quic_data( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause quic_data.AddRead(ASYNC, ERR_FAILED); quic_data.AddWrite(ASYNC, ERR_FAILED); @@ -1943,7 +1959,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, Initialize(request_info); // handshake will fail asynchronously after mock data is unpaused. - MockQuicData quic_data; + MockQuicData quic_data( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause quic_data.AddRead(ASYNC, ERR_FAILED); quic_data.AddWrite(ASYNC, ERR_FAILED); @@ -2064,7 +2081,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, DelayedTCPAlternativeProxy) { EXPECT_TRUE(test_proxy_delegate()->alternative_proxy_server().is_quic()); // Handshake will fail asynchronously after mock data is unpaused. - MockQuicData quic_data; + MockQuicData quic_data( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause quic_data.AddRead(ASYNC, ERR_FAILED); quic_data.AddWrite(ASYNC, ERR_FAILED); @@ -2122,7 +2140,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, FailAlternativeProxy) { ProxyClientSocketDataProvider proxy_data(SYNCHRONOUS, OK); session_deps_.socket_factory->AddProxyClientSocketDataProvider(&proxy_data); - quic_data_ = std::make_unique(); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data_->AddConnect(SYNCHRONOUS, ERR_FAILED); tcp_data_ = std::make_unique(); tcp_data_->set_connect_data(MockConnect(SYNCHRONOUS, OK)); @@ -2175,7 +2194,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, ProxyClientSocketDataProvider proxy_data(SYNCHRONOUS, OK); session_deps_.socket_factory->AddProxyClientSocketDataProvider(&proxy_data); - quic_data_ = std::make_unique(); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data_->AddConnect(SYNCHRONOUS, ERR_INTERNET_DISCONNECTED); tcp_data_ = std::make_unique(); tcp_data_->set_connect_data(MockConnect(SYNCHRONOUS, OK)); @@ -2228,7 +2248,8 @@ TEST_F(HttpStreamFactoryJobControllerTest, // Use COLD_START to make the alt job pending. crypto_client_stream_factory_.set_handshake_mode( MockCryptoClientStream::COLD_START); - quic_data_ = std::make_unique(); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data_->AddRead(SYNCHRONOUS, ERR_IO_PENDING); tcp_data_ = std::make_unique(); tcp_data_->set_connect_data(MockConnect(SYNCHRONOUS, OK)); @@ -2276,9 +2297,9 @@ TEST_F(HttpStreamFactoryJobControllerTest, } TEST_F(HttpStreamFactoryJobControllerTest, PreconnectToHostWithValidAltSvc) { - quic_data_ = std::make_unique(); - quic_data_->AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); + quic_data_->AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(1)); quic_data_->AddRead(ASYNC, OK); HttpRequestInfo request_info; @@ -2450,10 +2471,9 @@ TEST_F(JobControllerLimitMultipleH2Requests, MultipleRequests) { base::RunLoop().RunUntilIdle(); requests.clear(); EXPECT_TRUE(HttpStreamFactoryPeer::IsJobControllerDeleted(factory_)); - TestNetLogEntry::List entries; + auto entries = net_log_.GetEntries(); size_t log_position = 0; for (int i = 0; i < kNumRequests - 1; ++i) { - net_log_.GetEntries(&entries); log_position = ExpectLogContainsSomewhereAfter( entries, log_position, NetLogEventType::HTTP_STREAM_JOB_THROTTLED, NetLogEventPhase::NONE); @@ -2707,7 +2727,8 @@ TEST_F(JobControllerLimitMultipleH2Requests, H1NegotiatedForFirstRequest) { TEST_F(JobControllerLimitMultipleH2Requests, QuicJobNotThrottled) { crypto_client_stream_factory_.set_handshake_mode( MockCryptoClientStream::COLD_START); - quic_data_ = std::make_unique(); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data_->AddRead(SYNCHRONOUS, ERR_IO_PENDING); MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING)}; tcp_data_ = @@ -2751,9 +2772,8 @@ TEST_F(JobControllerLimitMultipleH2Requests, QuicJobNotThrottled) { EXPECT_TRUE(job_controller->alternative_job()); EXPECT_CALL(request_delegate_, OnStreamReadyImpl(_, _, _)); base::RunLoop().RunUntilIdle(); - TestNetLogEntry::List entries; - net_log_.GetEntries(&entries); - for (auto entry : entries) { + auto entries = net_log_.GetEntries(); + for (const auto& entry : entries) { ASSERT_NE(NetLogEventType::HTTP_STREAM_JOB_THROTTLED, entry.type); } } @@ -2772,10 +2792,11 @@ TEST_P(HttpStreamFactoryJobControllerMisdirectedRequestRetry, const bool enable_ip_based_pooling = ::testing::get<0>(GetParam()); const bool enable_alternative_services = ::testing::get<1>(GetParam()); if (enable_alternative_services) { - quic_data_ = std::make_unique(); + quic_data_ = std::make_unique( + HttpNetworkSession::Params().quic_params.supported_versions.front()); quic_data_->AddConnect(SYNCHRONOUS, OK); quic_data_->AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); quic_data_->AddRead(ASYNC, OK); } tcp_data_ = std::make_unique(); @@ -2908,7 +2929,7 @@ TEST_F(HttpStreamFactoryJobControllerTest, GetAlternativeServiceInfoFor) { // Set alternative service for the same server with the same list of versions // that is supported. quic::ParsedQuicVersionVector supported_versions = - session_->params().quic_supported_versions; + session_->params().quic_params.supported_versions; ASSERT_TRUE(session_->http_server_properties()->SetQuicAlternativeService( server, alternative_service, expiration, supported_versions)); @@ -2940,9 +2961,11 @@ TEST_F(HttpStreamFactoryJobControllerTest, GetAlternativeServiceInfoFor) { // Set alternative service for the same server with two QUIC versions: // - one unsupported version: |unsupported_version_1|, - // - one supported version: session_->params().quic_supported_versions[0]. + // - one supported version: + // session_->params().quic_params.supported_versions[0]. quic::ParsedQuicVersionVector mixed_quic_versions = { - unsupported_version_1, session_->params().quic_supported_versions[0]}; + unsupported_version_1, + session_->params().quic_params.supported_versions[0]}; ASSERT_TRUE(session_->http_server_properties()->SetQuicAlternativeService( server, alternative_service, expiration, mixed_quic_versions)); @@ -2985,13 +3008,13 @@ TEST_F(HttpStreamFactoryJobControllerTest, QuicHostWhitelist) { // Set HttpNetworkSession's QUIC host whitelist to only have www.example.com HttpNetworkSessionPeer session_peer(session_.get()); session_peer.params()->quic_host_whitelist.insert("www.example.com"); - session_peer.params()->quic_allow_remote_alt_svc = true; + session_peer.params()->quic_params.allow_remote_alt_svc = true; // Set alternative service for www.google.com to be www.example.com over QUIC. url::SchemeHostPort server(request_info.url); base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1); quic::ParsedQuicVersionVector supported_versions = - session_->params().quic_supported_versions; + session_->params().quic_params.supported_versions; session_->http_server_properties()->SetQuicAlternativeService( server, AlternativeService(kProtoQUIC, "www.example.com", 443), expiration, supported_versions); diff --git a/chromium/net/http/http_stream_factory_unittest.cc b/chromium/net/http/http_stream_factory_unittest.cc index 9258f8fb7af..be453dc1fa3 100644 --- a/chromium/net/http/http_stream_factory_unittest.cc +++ b/chromium/net/http/http_stream_factory_unittest.cc @@ -18,8 +18,10 @@ #include "base/run_loop.h" #include "base/stl_util.h" #include "base/test/metrics/histogram_tester.h" +#include "base/test/scoped_feature_list.h" #include "build/build_config.h" #include "net/base/completion_once_callback.h" +#include "net/base/features.h" #include "net/base/port_util.h" #include "net/base/privacy_mode.h" #include "net/base/proxy_server.h" @@ -48,6 +50,7 @@ #include "net/quic/quic_http_utils.h" #include "net/quic/quic_stream_factory_peer.h" #include "net/quic/quic_test_packet_maker.h" +#include "net/quic/quic_test_packet_printer.h" #include "net/socket/client_socket_handle.h" #include "net/socket/client_socket_pool.h" #include "net/socket/connect_job.h" @@ -110,8 +113,7 @@ class MockWebSocketHandshakeStream : public WebSocketHandshakeStreamBase { kStreamTypeSpdy, }; - explicit MockWebSocketHandshakeStream(StreamType type) - : type_(type), weak_ptr_factory_(this) {} + explicit MockWebSocketHandshakeStream(StreamType type) : type_(type) {} ~MockWebSocketHandshakeStream() override = default; @@ -170,7 +172,7 @@ class MockWebSocketHandshakeStream : public WebSocketHandshakeStreamBase { private: const StreamType type_; - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; }; // HttpStreamFactory subclass that can wait until a preconnect is complete. @@ -360,6 +362,7 @@ TestCase kTests[] = { void PreconnectHelperForURL(int num_streams, const GURL& url, + NetworkIsolationKey network_isolation_key, HttpNetworkSession* session) { HttpNetworkSessionPeer peer(session); MockHttpStreamFactoryForPreconnect* mock_factory = @@ -370,6 +373,7 @@ void PreconnectHelperForURL(int num_streams, request.method = "GET"; request.url = url; request.load_flags = 0; + request.network_isolation_key = network_isolation_key; request.traffic_annotation = MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS); @@ -380,7 +384,7 @@ void PreconnectHelperForURL(int num_streams, void PreconnectHelper(const TestCase& test, HttpNetworkSession* session) { GURL url = test.ssl ? GURL("https://www.google.com") : GURL("http://www.google.com"); - PreconnectHelperForURL(test.num_streams, url, session); + PreconnectHelperForURL(test.num_streams, url, NetworkIsolationKey(), session); } ClientSocketPool::GroupId GetGroupId(const TestCase& test) { @@ -479,6 +483,9 @@ class CapturePreconnectsTransportSocketPool : public TransportClientSocketPool { using HttpStreamFactoryTest = TestWithScopedTaskEnvironment; +// TODO(950069): Add testing for frame_origin in NetworkIsolationKey using +// kAppendInitiatingFrameOriginToNetworkIsolationKey. + TEST_F(HttpStreamFactoryTest, PreconnectDirect) { for (size_t i = 0; i < base::size(kTests); ++i) { SpdySessionDependencies session_deps( @@ -609,10 +616,50 @@ TEST_F(HttpStreamFactoryTest, PreconnectUnsafePort) { std::move(owned_transport_conn_pool)); peer.SetClientSocketPoolManager(std::move(mock_pool_manager)); - PreconnectHelperForURL(1, GURL("http://www.google.com:7"), session.get()); + PreconnectHelperForURL(1, GURL("http://www.google.com:7"), + NetworkIsolationKey(), session.get()); EXPECT_EQ(-1, transport_conn_pool->last_num_streams()); } +// Verify that preconnects use the specified NetworkIsolationKey. +TEST_F(HttpStreamFactoryTest, PreconnectNetworkIsolationKey) { + base::test::ScopedFeatureList feature_list; + feature_list.InitAndEnableFeature( + features::kPartitionConnectionsByNetworkIsolationKey); + + SpdySessionDependencies session_deps(ProxyResolutionService::CreateDirect()); + std::unique_ptr session( + SpdySessionDependencies::SpdyCreateSession(&session_deps)); + HttpNetworkSessionPeer peer(session.get()); + CommonConnectJobParams common_connect_job_params = + session->CreateCommonConnectJobParams(); + std::unique_ptr + owned_transport_conn_pool = + std::make_unique( + &common_connect_job_params); + CapturePreconnectsTransportSocketPool* transport_conn_pool = + owned_transport_conn_pool.get(); + auto mock_pool_manager = std::make_unique(); + mock_pool_manager->SetSocketPool(ProxyServer::Direct(), + std::move(owned_transport_conn_pool)); + peer.SetClientSocketPoolManager(std::move(mock_pool_manager)); + + const GURL kURL("http://foo.test/"); + const auto kOriginFoo = url::Origin::Create(GURL("http://foo.test")); + const auto kOriginBar = url::Origin::Create(GURL("http://bar.test")); + const NetworkIsolationKey kKey1(kOriginFoo, kOriginFoo); + const NetworkIsolationKey kKey2(kOriginBar, kOriginBar); + PreconnectHelperForURL(1, kURL, kKey1, session.get()); + EXPECT_EQ(1, transport_conn_pool->last_num_streams()); + EXPECT_EQ(kKey1, + transport_conn_pool->last_group_id().network_isolation_key()); + + PreconnectHelperForURL(2, kURL, kKey2, session.get()); + EXPECT_EQ(2, transport_conn_pool->last_num_streams()); + EXPECT_EQ(kKey2, + transport_conn_pool->last_group_id().network_isolation_key()); +} + TEST_F(HttpStreamFactoryTest, JobNotifiesProxy) { const char* kProxyString = "PROXY bad:99; PROXY maybe:80; DIRECT"; SpdySessionDependencies session_deps( @@ -835,7 +882,8 @@ class TestBidirectionalDelegate : public BidirectionalStreamImpl::Delegate { // Simplify ownership issues and the interaction with the MockSocketFactory. class MockQuicData { public: - MockQuicData() : packet_number_(0) {} + explicit MockQuicData(quic::ParsedQuicVersion version) + : packet_number_(0), printer_(version) {} ~MockQuicData() = default; @@ -857,6 +905,7 @@ class MockQuicData { void AddSocketDataToFactory(MockClientSocketFactory* factory) { socket_data_ = std::make_unique(reads_, writes_); + socket_data_->set_printer(&printer_); factory->AddSocketDataProvider(socket_data_.get()); } @@ -865,6 +914,7 @@ class MockQuicData { std::vector writes_; std::vector reads_; size_t packet_number_; + QuicPacketPrinter printer_; std::unique_ptr socket_data_; }; @@ -1141,7 +1191,7 @@ TEST_F(HttpStreamFactoryTest, UsePreConnectIfNoZeroRTT) { host_port_pair.port()); http_server_properties.SetQuicAlternativeService( server, alternative_service, expiration, - session_params.quic_supported_versions); + session_params.quic_params.supported_versions); HttpNetworkSession::Context session_context = SpdySessionDependencies::CreateSessionContext(&session_deps); @@ -1160,7 +1210,8 @@ TEST_F(HttpStreamFactoryTest, UsePreConnectIfNoZeroRTT) { mock_pool_manager->SetSocketPool(proxy_server, base::WrapUnique(http_proxy_pool)); peer.SetClientSocketPoolManager(std::move(mock_pool_manager)); - PreconnectHelperForURL(num_streams, url, session.get()); + PreconnectHelperForURL(num_streams, url, NetworkIsolationKey(), + session.get()); EXPECT_EQ(num_streams, http_proxy_pool->last_num_streams()); } } @@ -2197,6 +2248,9 @@ class HttpStreamFactoryBidirectionalQuicTest proxy_resolution_service_(ProxyResolutionService::CreateDirect()), ssl_config_service_(new SSLConfigServiceDefaults) { clock_.AdvanceTime(quic::QuicTime::Delta::FromMilliseconds(20)); + if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3) { + SetQuicFlag(FLAGS_quic_supports_tls_handshake, true); + } } void TearDown() override { session_.reset(); } @@ -2204,13 +2258,14 @@ class HttpStreamFactoryBidirectionalQuicTest // Disable bidirectional stream over QUIC. This should be invoked before // Initialize(). void DisableQuicBidirectionalStream() { - params_.quic_disable_bidirectional_streams = true; + params_.quic_params.disable_bidirectional_streams = true; } void Initialize() { params_.enable_quic = true; - params_.quic_supported_versions = quic::test::SupportedVersions(version_); - params_.quic_headers_include_h2_stream_dependency = + params_.quic_params.supported_versions = + quic::test::SupportedVersions(version_); + params_.quic_params.headers_include_h2_stream_dependency = client_headers_include_h2_stream_dependency_; HttpNetworkSession::Context session_context; @@ -2247,7 +2302,7 @@ class HttpStreamFactoryBidirectionalQuicTest base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1); http_server_properties_.SetQuicAlternativeService( url::SchemeHostPort(default_url_), alternative_service, expiration, - session_->params().quic_supported_versions); + session_->params().quic_params.supported_versions); } test::QuicTestPacketMaker& client_packet_maker() { @@ -2268,7 +2323,10 @@ class HttpStreamFactoryBidirectionalQuicTest version_.transport_version, n); } + quic::ParsedQuicVersion version() const { return version_; } + private: + QuicFlagSaver saver_; const quic::ParsedQuicVersion version_; const bool client_headers_include_h2_stream_dependency_; quic::MockClock clock_; @@ -2298,20 +2356,17 @@ INSTANTIATE_TEST_SUITE_P( TEST_P(HttpStreamFactoryBidirectionalQuicTest, RequestBidirectionalStreamImplQuicAlternative) { - MockQuicData mock_quic_data; + MockQuicData mock_quic_data(version()); spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); size_t spdy_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite(client_packet_maker().MakeInitialSettingsPacket( - 1, &header_stream_offset)); + mock_quic_data.AddWrite(client_packet_maker().MakeInitialSettingsPacket(1)); mock_quic_data.AddWrite(client_packet_maker().MakeRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), /*should_include_version=*/true, /*fin=*/true, priority, client_packet_maker().GetRequestHeaders("GET", "https", "/"), - /*parent_stream_id=*/0, &spdy_headers_frame_length, - &header_stream_offset)); + /*parent_stream_id=*/0, &spdy_headers_frame_length)); size_t spdy_response_headers_frame_length; mock_quic_data.AddRead(server_packet_maker().MakeResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), @@ -2426,20 +2481,17 @@ TEST_P(HttpStreamFactoryBidirectionalQuicTest, TEST_P(HttpStreamFactoryBidirectionalQuicTest, RequestBidirectionalStreamImplHttpJobFailsQuicJobSucceeds) { // Set up Quic data. - MockQuicData mock_quic_data; + MockQuicData mock_quic_data(version()); spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); size_t spdy_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite(client_packet_maker().MakeInitialSettingsPacket( - 1, &header_stream_offset)); + mock_quic_data.AddWrite(client_packet_maker().MakeInitialSettingsPacket(1)); mock_quic_data.AddWrite(client_packet_maker().MakeRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), /*should_include_version=*/true, /*fin=*/true, priority, client_packet_maker().GetRequestHeaders("GET", "https", "/"), - /*parent_stream_id=*/0, &spdy_headers_frame_length, - &header_stream_offset)); + /*parent_stream_id=*/0, &spdy_headers_frame_length)); size_t spdy_response_headers_frame_length; mock_quic_data.AddRead(server_packet_maker().MakeResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), @@ -2680,20 +2732,17 @@ TEST_F(HttpStreamFactoryTest, Tag) { // should not be shared amongst streams with different socket tags). TEST_P(HttpStreamFactoryBidirectionalQuicTest, Tag) { // Prepare mock QUIC data for a first session establishment. - MockQuicData mock_quic_data; + MockQuicData mock_quic_data(version()); spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); size_t spdy_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite(client_packet_maker().MakeInitialSettingsPacket( - 1, &header_stream_offset)); + mock_quic_data.AddWrite(client_packet_maker().MakeInitialSettingsPacket(1)); mock_quic_data.AddWrite(client_packet_maker().MakeRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), /*should_include_version=*/true, /*fin=*/true, priority, client_packet_maker().GetRequestHeaders("GET", "https", "/"), - /*parent_stream_id=*/0, &spdy_headers_frame_length, - &header_stream_offset)); + /*parent_stream_id=*/0, &spdy_headers_frame_length)); size_t spdy_response_headers_frame_length; mock_quic_data.AddRead(server_packet_maker().MakeResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), @@ -2704,17 +2753,15 @@ TEST_P(HttpStreamFactoryBidirectionalQuicTest, Tag) { mock_quic_data.AddSocketDataToFactory(&socket_factory()); // Prepare mock QUIC data for a second session establishment. - MockQuicData mock_quic_data2; - quic::QuicStreamOffset header_stream_offset2 = 0; - mock_quic_data2.AddWrite(client_packet_maker().MakeInitialSettingsPacket( - 1, &header_stream_offset2)); + client_packet_maker().Reset(); + MockQuicData mock_quic_data2(version()); + mock_quic_data2.AddWrite(client_packet_maker().MakeInitialSettingsPacket(1)); mock_quic_data2.AddWrite(client_packet_maker().MakeRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), /*should_include_version=*/true, /*fin=*/true, priority, client_packet_maker().GetRequestHeaders("GET", "https", "/"), - /*parent_stream_id=*/0, &spdy_headers_frame_length, - &header_stream_offset)); + /*parent_stream_id=*/0, &spdy_headers_frame_length)); mock_quic_data2.AddRead(server_packet_maker().MakeResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), /*should_include_version=*/false, diff --git a/chromium/net/http/http_stream_parser.cc b/chromium/net/http/http_stream_parser.cc index 6615a48c8fe..3112cae517a 100644 --- a/chromium/net/http/http_stream_parser.cc +++ b/chromium/net/http/http_stream_parser.cc @@ -17,6 +17,7 @@ #include "net/base/ip_endpoint.h" #include "net/base/upload_data_stream.h" #include "net/http/http_chunked_decoder.h" +#include "net/http/http_log_util.h" #include "net/http/http_request_headers.h" #include "net/http/http_request_info.h" #include "net/http/http_response_headers.h" @@ -67,11 +68,9 @@ bool HeadersContainMultipleCopiesOfField(const HttpResponseHeaders& headers, return false; } -base::Value NetLogSendRequestBodyCallback( - uint64_t length, - bool is_chunked, - bool did_merge, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogSendRequestBodyParams(uint64_t length, + bool is_chunked, + bool did_merge) { base::DictionaryValue dict; dict.SetInteger("length", static_cast(length)); dict.SetBoolean("is_chunked", is_chunked); @@ -79,6 +78,15 @@ base::Value NetLogSendRequestBodyCallback( return std::move(dict); } +void NetLogSendRequestBody(const NetLogWithSource& net_log, + uint64_t length, + bool is_chunked, + bool did_merge) { + net_log.AddEvent(NetLogEventType::HTTP_TRANSACTION_SEND_REQUEST_BODY, [&] { + return NetLogSendRequestBodyParams(length, is_chunked, did_merge); + }); +} + // Returns true if |error_code| is an error for which we give the server a // chance to send a body containing error information, if the error was received // while trying to upload a request body. @@ -211,8 +219,7 @@ HttpStreamParser::HttpStreamParser(StreamSocket* stream_socket, connection_is_reused_(connection_is_reused), net_log_(net_log), sent_last_chunk_(false), - upload_error_(OK), - weak_ptr_factory_(this) { + upload_error_(OK) { io_callback_ = base::BindRepeating(&HttpStreamParser::OnIOComplete, weak_ptr_factory_.GetWeakPtr()); } @@ -230,9 +237,9 @@ int HttpStreamParser::SendRequest( DCHECK(!callback.is_null()); DCHECK(response); - net_log_.AddEvent(NetLogEventType::HTTP_TRANSACTION_SEND_REQUEST_HEADERS, - base::Bind(&HttpRequestHeaders::NetLogCallback, - base::Unretained(&headers), &request_line)); + NetLogRequestHeaders(net_log_, + NetLogEventType::HTTP_TRANSACTION_SEND_REQUEST_HEADERS, + request_line, &headers); DVLOG(1) << __func__ << "() request_line = \"" << request_line << "\"" << " headers = \"" << headers.ToString() << "\""; @@ -296,11 +303,9 @@ int HttpStreamParser::SendRequest( request_headers_->SetOffset(0); did_merge = true; - net_log_.AddEvent(NetLogEventType::HTTP_TRANSACTION_SEND_REQUEST_BODY, - base::Bind(&NetLogSendRequestBodyCallback, - request_->upload_data_stream->size(), - false, /* not chunked */ - true /* merged */)); + NetLogSendRequestBody(net_log_, request_->upload_data_stream->size(), + false, /* not chunked */ + true /* merged */); } if (!did_merge) { @@ -501,11 +506,9 @@ int HttpStreamParser::DoSendHeadersComplete(int result) { // !IsEOF() indicates that the body wasn't merged. (request_->upload_data_stream->size() > 0 && !request_->upload_data_stream->IsEOF()))) { - net_log_.AddEvent(NetLogEventType::HTTP_TRANSACTION_SEND_REQUEST_BODY, - base::Bind(&NetLogSendRequestBodyCallback, - request_->upload_data_stream->size(), - request_->upload_data_stream->is_chunked(), - false /* not merged */)); + NetLogSendRequestBody(net_log_, request_->upload_data_stream->size(), + request_->upload_data_stream->is_chunked(), + false /* not merged */); io_state_ = STATE_SEND_BODY; return OK; } diff --git a/chromium/net/http/http_stream_parser.h b/chromium/net/http/http_stream_parser.h index 16d24e247f2..0d559c3a828 100644 --- a/chromium/net/http/http_stream_parser.h +++ b/chromium/net/http/http_stream_parser.h @@ -303,7 +303,7 @@ class NET_EXPORT_PRIVATE HttpStreamParser { MutableNetworkTrafficAnnotationTag traffic_annotation_; - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(HttpStreamParser); }; diff --git a/chromium/net/http/http_stream_parser_fuzzer.cc b/chromium/net/http/http_stream_parser_fuzzer.cc index 1cfcb27087a..3f99250d7a9 100644 --- a/chromium/net/http/http_stream_parser_fuzzer.cc +++ b/chromium/net/http/http_stream_parser_fuzzer.cc @@ -15,7 +15,6 @@ #include "base/logging.h" #include "base/macros.h" #include "base/memory/ref_counted.h" -#include "base/test/fuzzed_data_provider.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" #include "net/base/test_completion_callback.h" @@ -25,6 +24,7 @@ #include "net/log/test_net_log.h" #include "net/socket/fuzzed_socket.h" #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" #include "url/gurl.h" // Fuzzer for HttpStreamParser. @@ -33,7 +33,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { net::TestCompletionCallback callback; net::BoundTestNetLog bound_test_net_log; - base::FuzzedDataProvider data_provider(data, size); + FuzzedDataProvider data_provider(data, size); net::FuzzedSocket fuzzed_socket(&data_provider, bound_test_net_log.bound().net_log()); CHECK_EQ(net::OK, fuzzed_socket.Connect(callback.callback())); diff --git a/chromium/net/http/http_stream_parser_unittest.cc b/chromium/net/http/http_stream_parser_unittest.cc index 16b77a305fd..a74972cfe23 100644 --- a/chromium/net/http/http_stream_parser_unittest.cc +++ b/chromium/net/http/http_stream_parser_unittest.cc @@ -24,6 +24,7 @@ #include "net/base/chunked_upload_data_stream.h" #include "net/base/elements_upload_data_stream.h" #include "net/base/io_buffer.h" +#include "net/base/load_flags.h" #include "net/base/net_errors.h" #include "net/base/test_completion_callback.h" #include "net/base/upload_bytes_element_reader.h" @@ -71,7 +72,7 @@ class ReadErrorUploadDataStream : public UploadDataStream { enum class FailureMode { SYNC, ASYNC }; explicit ReadErrorUploadDataStream(FailureMode mode) - : UploadDataStream(true, 0), async_(mode), weak_factory_(this) {} + : UploadDataStream(true, 0), async_(mode) {} private: void CompleteRead() { UploadDataStream::OnReadCompleted(ERR_FAILED); } @@ -93,7 +94,7 @@ class ReadErrorUploadDataStream : public UploadDataStream { const FailureMode async_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(ReadErrorUploadDataStream); }; @@ -200,7 +201,7 @@ TEST(HttpStreamParser, DataReadErrorAsynchronous) { class InitAsyncUploadDataStream : public ChunkedUploadDataStream { public: explicit InitAsyncUploadDataStream(int64_t identifier) - : ChunkedUploadDataStream(identifier), weak_factory_(this) {} + : ChunkedUploadDataStream(identifier) {} private: void CompleteInit() { UploadDataStream::OnInitCompleted(OK); } @@ -212,7 +213,7 @@ class InitAsyncUploadDataStream : public ChunkedUploadDataStream { return ERR_IO_PENDING; } - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(InitAsyncUploadDataStream); }; diff --git a/chromium/net/http/http_transaction_test_util.cc b/chromium/net/http/http_transaction_test_util.cc index ce61d097826..28b65dd1704 100644 --- a/chromium/net/http/http_transaction_test_util.cc +++ b/chromium/net/http/http_transaction_test_util.cc @@ -263,8 +263,7 @@ MockNetworkTransaction::MockNetworkTransaction(RequestPriority priority, sent_bytes_(0), socket_log_id_(NetLogSource::kInvalidId), done_reading_called_(false), - reading_(false), - weak_factory_(this) {} + reading_(false) {} MockNetworkTransaction::~MockNetworkTransaction() { // Use request_ as in ~HttpNetworkTransaction to make sure its valid and not diff --git a/chromium/net/http/http_transaction_test_util.h b/chromium/net/http/http_transaction_test_util.h index 745a31f1b9d..f1724b0b4bd 100644 --- a/chromium/net/http/http_transaction_test_util.h +++ b/chromium/net/http/http_transaction_test_util.h @@ -291,8 +291,7 @@ class MockNetworkTransaction CompletionOnceCallback resume_start_callback_; // used for pause and restart. - base::WeakPtrFactory weak_factory_; - + base::WeakPtrFactory weak_factory_{this}; }; class MockNetworkLayer : public HttpTransactionFactory, diff --git a/chromium/net/http/mock_gssapi_library_posix.cc b/chromium/net/http/mock_gssapi_library_posix.cc index b043361298c..e492bd99425 100644 --- a/chromium/net/http/mock_gssapi_library_posix.cc +++ b/chromium/net/http/mock_gssapi_library_posix.cc @@ -16,6 +16,14 @@ namespace test { struct GssNameMockImpl { std::string name; gss_OID_desc name_type; + + static GssNameMockImpl* FromGssName(gss_name_t name) { + return reinterpret_cast(name); + } + + static gss_name_t ToGssName(GssNameMockImpl* name) { + return reinterpret_cast(name); + } }; } // namespace test @@ -56,8 +64,10 @@ void ClearBuffer(gss_buffer_t dest) { if (!dest) return; dest->length = 0; - delete [] reinterpret_cast(dest->value); - dest->value = nullptr; + if (dest->value) { + delete[] reinterpret_cast(dest->value); + dest->value = nullptr; + } } void SetBuffer(gss_buffer_t dest, const void* src, size_t length) { @@ -101,7 +111,7 @@ void BufferFromString(const std::string& src, gss_buffer_t dest) { void ClearName(gss_name_t dest) { if (!dest) return; - test::GssNameMockImpl* name = reinterpret_cast(dest); + auto* name = test::GssNameMockImpl::FromGssName(dest); name->name.clear(); ClearOid(&name->name_type); } @@ -112,24 +122,15 @@ void SetName(gss_name_t dest, const void* src, size_t length) { ClearName(dest); if (!src) return; - test::GssNameMockImpl* name = reinterpret_cast(dest); + auto* name = test::GssNameMockImpl::FromGssName(dest); name->name.assign(reinterpret_cast(src), length); } -std::string NameToString(const gss_name_t& src) { - std::string dest; - if (!src) - return dest; - test::GssNameMockImpl* string = - reinterpret_cast(src); - dest = string->name; - return dest; -} - -void NameFromString(const std::string& src, gss_name_t dest) { - if (!dest) - return; +gss_name_t NameFromString(const std::string& src) { + gss_name_t dest = test::GssNameMockImpl::ToGssName( + new test::GssNameMockImpl{"", {0, nullptr}}); SetName(dest, src.c_str(), src.length()); + return dest; } } // namespace @@ -252,7 +253,7 @@ void MockGSSAPILibrary::ExpectSecurityContext( expected_security_queries_.push_back(security_query); } -bool MockGSSAPILibrary::Init() { +bool MockGSSAPILibrary::Init(const NetLogWithSource&) { return true; } @@ -279,7 +280,7 @@ OM_uint32 MockGSSAPILibrary::import_name( // Save the data. output->name = BufferToString(input_name_buffer); CopyOid(&output->name_type, input_name_type); - *output_name = reinterpret_cast(output); + *output_name = test::GssNameMockImpl::ToGssName(output); return GSS_S_COMPLETE; } @@ -293,10 +294,10 @@ OM_uint32 MockGSSAPILibrary::release_name( return GSS_S_BAD_NAME; if (!*input_name) return GSS_S_COMPLETE; - GssNameMockImpl* name = *reinterpret_cast(input_name); + GssNameMockImpl* name = GssNameMockImpl::FromGssName(*input_name); ClearName(*input_name); delete name; - *input_name = nullptr; + *input_name = GSS_C_NO_NAME; return GSS_S_COMPLETE; } @@ -324,12 +325,13 @@ OM_uint32 MockGSSAPILibrary::display_name( return GSS_S_CALL_BAD_STRUCTURE; if (!output_name_type) return GSS_S_CALL_BAD_STRUCTURE; - std::string name(NameToString(input_name)); + GssNameMockImpl* internal_name = GssNameMockImpl::FromGssName(input_name); + std::string name = internal_name->name; BufferFromString(name, output_name_buffer); - GssNameMockImpl* internal_name = - *reinterpret_cast(input_name); - if (output_name_type) - *output_name_type = internal_name ? &internal_name->name_type : nullptr; + if (output_name_type) { + *output_name_type = + internal_name ? &internal_name->name_type : GSS_C_NO_OID; + } return GSS_S_COMPLETE; } @@ -340,15 +342,47 @@ OM_uint32 MockGSSAPILibrary::display_status( const gss_OID mech_type, OM_uint32* message_context, gss_buffer_t status_string) { - if (minor_status) - *minor_status = 0; - std::string msg = base::StringPrintf("Value: %u, Type %u", - status_value, - status_type); - if (message_context) - *message_context = 0; + OM_uint32 rv = GSS_S_COMPLETE; + *minor_status = 0; + std::string msg; + switch (static_cast(status_value)) { + case DisplayStatusSpecials::MultiLine: + msg = base::StringPrintf("Line %u for status %u", ++*message_context, + status_value); + if (*message_context >= 5u) + *message_context = 0u; + break; + + case DisplayStatusSpecials::InfiniteLines: + msg = base::StringPrintf("Line %u for status %u", ++*message_context, + status_value); + break; + + case DisplayStatusSpecials::Fail: + rv = GSS_S_BAD_MECH; + msg = "You should not see this"; + EXPECT_EQ(*message_context, 0u); + break; + + case DisplayStatusSpecials::EmptyMessage: + EXPECT_EQ(*message_context, 0u); + break; + + case DisplayStatusSpecials::UninitalizedBuffer: + EXPECT_EQ(*message_context, 0u); + return GSS_S_COMPLETE; + + case DisplayStatusSpecials::InvalidUtf8: + msg = "\xff\xff\xff"; + EXPECT_EQ(*message_context, 0u); + break; + + default: + msg = base::StringPrintf("Value: %u, Type %u", status_value, status_type); + EXPECT_EQ(*message_context, 0u); + } BufferFromString(msg, status_string); - return GSS_S_COMPLETE; + return rv; } OM_uint32 MockGSSAPILibrary::init_sec_context( @@ -459,9 +493,9 @@ OM_uint32 MockGSSAPILibrary::inquire_context( reinterpret_cast(context_handle); GssContextMockImpl& context = *internal_context_ptr; if (src_name) - NameFromString(context.src_name, *src_name); + *src_name = NameFromString(context.src_name); if (targ_name) - NameFromString(context.targ_name, *targ_name); + *targ_name = NameFromString(context.targ_name); if (lifetime_rec) *lifetime_rec = context.lifetime_rec; if (mech_type) diff --git a/chromium/net/http/mock_gssapi_library_posix.h b/chromium/net/http/mock_gssapi_library_posix.h index 1488be70f02..d04ca82bb33 100644 --- a/chromium/net/http/mock_gssapi_library_posix.h +++ b/chromium/net/http/mock_gssapi_library_posix.h @@ -113,7 +113,7 @@ class MockGSSAPILibrary : public GSSAPILibrary { // Initializes the library, including any necessary dynamic libraries. // This is done separately from construction (which happens at startup time) // in order to delay work until the class is actually needed. - bool Init() override; + bool Init(const NetLogWithSource& net_log) override; // These methods match the ones in the GSSAPI library. OM_uint32 import_name(OM_uint32* minor_status, @@ -128,6 +128,28 @@ class MockGSSAPILibrary : public GSSAPILibrary { const gss_name_t input_name, gss_buffer_t output_name_buffer, gss_OID* output_name_type) override; + + // These special status values can be used to trigger specific behavior in + // |display_status()|. + enum class DisplayStatusSpecials : OM_uint32 { + // A multiline status message. + MultiLine = 128, + + // Multiline, execept there's no ending message. + InfiniteLines, + + // Causes |display_status()| to fail. + Fail, + + // Returns an empty message. + EmptyMessage, + + // Returns successfully without modifying |status_string|. + UninitalizedBuffer, + + // Returns a message that's invalid UTF-8. + InvalidUtf8 + }; OM_uint32 display_status(OM_uint32* minor_status, OM_uint32 status_value, int status_type, @@ -181,6 +203,8 @@ class MockGSSAPILibrary : public GSSAPILibrary { } // namespace test +using MockAuthLibrary = test::MockGSSAPILibrary; + } // namespace net #endif // NET_HTTP_MOCK_GSSAPI_LIBRARY_POSIX_H_ diff --git a/chromium/net/http/mock_http_cache.cc b/chromium/net/http/mock_http_cache.cc index cf2ff7e28d0..3ab7e86742f 100644 --- a/chromium/net/http/mock_http_cache.cc +++ b/chromium/net/http/mock_http_cache.cc @@ -11,9 +11,11 @@ #include "base/bind.h" #include "base/callback_helpers.h" +#include "base/feature_list.h" #include "base/location.h" #include "base/single_thread_task_runner.h" #include "base/threading/thread_task_runner_handle.h" +#include "net/base/features.h" #include "net/base/net_errors.h" #include "net/http/http_cache_writers.h" #include "testing/gtest/include/gtest/gtest.h" @@ -54,6 +56,11 @@ int GetTestModeForEntry(const std::string& key) { if (base::StartsWith(url, "_dk_", base::CompareCase::SENSITIVE)) { auto const pos = url.find(" http"); url = url.substr(pos + 1); + if (base::FeatureList::IsEnabled( + net::features::kAppendFrameOriginToNetworkIsolationKey)) { + auto const pos = url.find(" http"); + url = url.substr(pos + 1); + } } const MockTransaction* t = FindMockTransaction(GURL(url)); diff --git a/chromium/net/http/mock_sspi_library_win.h b/chromium/net/http/mock_sspi_library_win.h index b042ebf6ca1..c0b76925c38 100644 --- a/chromium/net/http/mock_sspi_library_win.h +++ b/chromium/net/http/mock_sspi_library_win.h @@ -106,6 +106,8 @@ class MockSSPILibrary : public SSPILibrary { std::set expected_freed_packages_; }; +using MockAuthLibrary = MockSSPILibrary; + } // namespace net #endif // NET_HTTP_MOCK_SSPI_LIBRARY_WIN_H_ diff --git a/chromium/net/http/partial_data.cc b/chromium/net/http/partial_data.cc index fa6b488e104..e0eb396c7a3 100644 --- a/chromium/net/http/partial_data.cc +++ b/chromium/net/http/partial_data.cc @@ -41,8 +41,7 @@ PartialData::PartialData() final_range_(false), sparse_entry_(true), truncated_(false), - initial_validation_(false), - weak_factory_(this) {} + initial_validation_(false) {} PartialData::~PartialData() = default; diff --git a/chromium/net/http/partial_data.h b/chromium/net/http/partial_data.h index 0ca5926586c..3e8b1a406dc 100644 --- a/chromium/net/http/partial_data.h +++ b/chromium/net/http/partial_data.h @@ -159,7 +159,7 @@ class PartialData { bool truncated_; // We have an incomplete 200 stored. bool initial_validation_; // Only used for truncated entries. CompletionOnceCallback callback_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(PartialData); }; diff --git a/chromium/net/http/transport_security_persister.cc b/chromium/net/http/transport_security_persister.cc index 804ea45d7d9..0df5a0f78e3 100644 --- a/chromium/net/http/transport_security_persister.cc +++ b/chromium/net/http/transport_security_persister.cc @@ -219,8 +219,7 @@ TransportSecurityPersister::TransportSecurityPersister( : transport_security_state_(state), writer_(profile_path.AppendASCII("TransportSecurity"), background_runner), foreground_runner_(base::ThreadTaskRunnerHandle::Get()), - background_runner_(background_runner), - weak_ptr_factory_(this) { + background_runner_(background_runner) { transport_security_state_->SetDelegate(this); base::PostTaskAndReplyWithResult( diff --git a/chromium/net/http/transport_security_persister.h b/chromium/net/http/transport_security_persister.h index bfc85cb336c..c8ba1d88216 100644 --- a/chromium/net/http/transport_security_persister.h +++ b/chromium/net/http/transport_security_persister.h @@ -131,7 +131,7 @@ class NET_EXPORT TransportSecurityPersister scoped_refptr foreground_runner_; scoped_refptr background_runner_; - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(TransportSecurityPersister); }; diff --git a/chromium/net/http/transport_security_state.cc b/chromium/net/http/transport_security_state.cc index b7a2bca7bf4..275553cd42b 100644 --- a/chromium/net/http/transport_security_state.cc +++ b/chromium/net/http/transport_security_state.cc @@ -218,7 +218,7 @@ std::string HashHost(const std::string& canonicalized_host) { bool HashesIntersect(const HashValueVector& a, const HashValueVector& b) { for (const auto& hash : a) { - if (base::ContainsValue(b, hash)) + if (base::Contains(b, hash)) return true; } return false; diff --git a/chromium/net/http/transport_security_state_static.json b/chromium/net/http/transport_security_state_static.json index a249501191f..abd1519f4a1 100644 --- a/chromium/net/http/transport_security_state_static.json +++ b/chromium/net/http/transport_security_state_static.json @@ -2525,7 +2525,6 @@ { "name": "bit-sentinel.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bitnet.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "buildkite.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "calvin.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cklie.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ckliemann.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ckliemann.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -2914,7 +2913,6 @@ { "name": "collabornation.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cloudflareonazure.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chrismckee.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cobalt.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dealbanana.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cydia-search.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dotsiam.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -3435,7 +3433,6 @@ { "name": "anfsanchezo.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bcvps.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beautykat.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bevapehappy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bouncyballs.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cafe-scientifique.org.ec", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "caveclan.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -3520,7 +3517,6 @@ { "name": "koerperimpuls.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lostinsecurity.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mailinabox.email", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "malash.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "masjidtawheed.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "newodesign.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nicolaelmer.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -3770,7 +3766,6 @@ { "name": "atgseed.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "atgseed.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "authint.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "basnoslovno.com.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "basnoslovno.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bettrlifeapp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "billninja.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -3873,7 +3868,6 @@ { "name": "perfektesgewicht.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "perfektesgewicht.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "perplex.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pettsy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "please-deny.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pm13.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "postbox.life", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -3893,7 +3887,6 @@ { "name": "ryansmithphotography.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schnell-gold.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "selectel.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "sevsopr.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "silver-heart.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "slamix.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "smartpolicingplatform.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -4181,7 +4174,6 @@ { "name": "jlkhosting.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "juniwalk.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kiebel.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "kimmel.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kynaston.org.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "larrysalibra.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lateralsecurity.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -4360,7 +4352,6 @@ { "name": "dmxledlights.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "docemeldoces.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "doctorwho.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "domainstaff.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dopost.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dot.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dyrenesverden.no", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -4393,7 +4384,6 @@ { "name": "gilly.berlin", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "globalcomix.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "globalperspectivescanada.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "goat.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gotocloud.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gpfclan.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "grandmasfridge.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -4882,7 +4872,6 @@ { "name": "comitesaustria.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "consonare.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "custodyxchange.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cvursache.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cyph.im", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cyph.video", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cysec.biz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -5437,7 +5426,6 @@ { "name": "realgarant-shop.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "remodela.com.ve", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "restchart.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "richmondsunlight.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rightcapital.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rolemaster.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "room208.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -5619,7 +5607,6 @@ { "name": "basnieuwenhuizen.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beanjuice.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beardydave.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "beframed.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beinad.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "believablebook.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bely-mishka.by", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -5763,7 +5750,6 @@ { "name": "deinballon.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dementiapraecox.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "denniskoot.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "dennogumi.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dersoundhunter.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "derwolfe.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "detoxsinutritie.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -5786,7 +5772,6 @@ { "name": "doublefun.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dovecotadmin.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "downsouthweddings.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "drahcro.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "drdevil.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "driesjtuver.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "drivenes.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -5813,7 +5798,6 @@ { "name": "emilyhorsman.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eminovic.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "emnitech.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "endlessdark.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "enterprisey.enterprises", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eoldb.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "epicwalnutcreek.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -6039,7 +6023,6 @@ { "name": "kirara.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kirschbaum.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kirstin-peters.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "kisalt.im", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "klausimas.lt", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kolaykaydet.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "konata.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -6285,7 +6268,6 @@ { "name": "reachr.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "reactivarte.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "readonly.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "redmbk.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rednsx.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "regionale.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "regmyr.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -6316,7 +6298,6 @@ { "name": "samifar.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "samwu.tw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sanglierhurlant.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "sarakas.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sash.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "satrent.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "saturne.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -6702,13 +6683,11 @@ { "name": "enteente.space", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "enveloppenopmaat.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "epanurse.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "erawanarifnugroho.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "erotalia.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "erp-band.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "erp.band", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "erpband.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "errolz.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "estan.cn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "esteam.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "euanbaines.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eulenleben.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -7401,7 +7380,6 @@ { "name": "adderall.space", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "agwa.name", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alanlee.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "anoncom.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "antocom.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "atletika.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "auto-anleitung.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -7456,7 +7434,6 @@ { "name": "mediawikicn.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mikeg.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nalao-company.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nodi.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pekoe.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "php-tuning.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "prytkov.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -7464,7 +7441,6 @@ { "name": "s13d.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "saorsat.ie", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sazuz.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "scotbirchfield.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sectia22.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shiftplanning.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shinju.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -7579,7 +7555,6 @@ { "name": "comparamejor.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "compareandrecycle.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "comparetravelinsurance.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "connectingconcepts.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "contarkos.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cookinglife.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cookmedical.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -7716,7 +7691,6 @@ { "name": "jennybeaned.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jr5proxdoug.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "juhakoho.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "kairion.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kaisers.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "karmaplatform.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "katekligys.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -7730,7 +7704,6 @@ { "name": "kriegt.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "krizek.cc", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kum.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "kuponrazzi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kynastonwedding.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lacentral.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ldarby.me.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -7800,7 +7773,6 @@ { "name": "olafnorge.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "onmarketbookbuilds.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ononpay.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "oost.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "openvz.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "optumrxhealthstore.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "orcamoney.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -7865,7 +7837,6 @@ { "name": "sat4all.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schont.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schwarzkopfforyou.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "selectorders.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "serveradminz.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shawnh.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shoplandia.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -7961,7 +7932,6 @@ { "name": "vinilosdecorativos.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vitta.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vivaldi.club", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "vivatv.com.tw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vizeat.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vorodevops.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vpn.ht", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -8327,13 +8297,11 @@ { "name": "antscript.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ao-dev.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "apervita.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "api-geek.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "apmg-certified.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "apmg-cyber.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "app-arena.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "appdrinks.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "appleoosa.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "applic8.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "appointed.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "appraisal-comps.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "appreciationkards.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -8346,7 +8314,6 @@ { "name": "arnesolutions.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arpa.ph", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arrowgrove.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "artetrama.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "artisanhd.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "artistnetwork.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arubasunsetbeach.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -8953,7 +8920,6 @@ { "name": "foxtrot.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fragnic.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fraho.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "francescopalazzo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "franckgirard.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "frank.fyi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fransallen.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9003,7 +8969,6 @@ { "name": "gamingmedia.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gamingreinvented.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ganhonet.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "gar-nich.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gasbarkenora.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gatapro.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gateworld.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9011,7 +8976,6 @@ { "name": "geeq.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "geli-graphics.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gemeentemolenwaard.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "generationnext.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "genyhitch.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "georgesonarthurs.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "georgmayer.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9093,7 +9057,6 @@ { "name": "hansen.hn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hansvaneijsden.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hanu.la", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "haomwei.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "happyandrelaxeddogs.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "harmoney.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hartie95.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9108,7 +9071,6 @@ { "name": "hd-gaming.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hdhoang.space", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "heartmdinstitute.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "heavensinferno.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hebikhiv.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hedgeschool.ie", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "heinpost.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9235,7 +9197,6 @@ { "name": "izoox.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "izzzorgconcerten.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ja-publications.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "jaispirit.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jaketremper.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jan27.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "janbrodda.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9503,7 +9464,6 @@ { "name": "mein-webportal.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "meincenter-meinemeinung.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "meine-email-im.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "melissaadkins.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "melody-lyrics.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "melvinlow.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mensagemdaluz.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9535,7 +9495,6 @@ { "name": "missrain.tw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mixposure.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mizi.name", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mjcaffarattilaw.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mkes.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mkp-deutschland.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mktemp.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9679,7 +9638,6 @@ { "name": "nutleyef.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nuttyveg.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nwra.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nwwc.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nyip.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nzbs.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "o0o.one", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9698,7 +9656,6 @@ { "name": "olymp-arts.world", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "omniasl.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "onefour.ga", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "oneminute.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "oneweb.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "oneworldbank.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "onguardonline.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -9745,7 +9702,6 @@ { "name": "paperwork.co.za", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "paragreen.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "parentinterview.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "parentmail.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "parleu2016.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "partnerbeam.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pastaenprosecco.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -10036,7 +9992,6 @@ { "name": "serverpedia.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "servious.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sesha.co.za", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "setphaserstostun.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "setuid.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sevenmatches.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shadowsocks.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -10167,7 +10122,6 @@ { "name": "static.or.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stationnementdenuit.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "statuschecks.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "stealsaga.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "steidlewirt.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "steigerplank.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stevensononthe.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -10461,7 +10415,6 @@ { "name": "warhaggis.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "warhistoryonline.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "warmservers.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "warped.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "watchium.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wave.is", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wavefrontsystemstech.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -10846,7 +10799,6 @@ { "name": "digitaldeliarchive.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "depijl-mz.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "developerfair.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "dieselgalleri.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dgt-portal.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dmcibulldog.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dinepont.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -11281,7 +11233,6 @@ { "name": "nukute.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "numero-aleatorio.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ockendenhemming.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "oh14.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ojls.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ons.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "onearth.one", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -11331,7 +11282,6 @@ { "name": "pokeinthe.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pixi.chat", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pocketsix.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "playflick.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "poris.web.id", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "portercup.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pornstars.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -11721,12 +11671,10 @@ { "name": "agotnes.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aistockcharts.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ajmahal.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "akovana.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "akvorrat.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alecrust.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aljaspod.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aljaspod.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "alkel.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "allmystery.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alltubedownload.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alternativet.party", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -11844,7 +11792,6 @@ { "name": "danieliancu.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "danielthompson.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "danielvoogsgerd.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "danny.fm", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "darcymarshall.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "darth-sonic.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "davidadrian.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -11991,7 +11938,6 @@ { "name": "howtocuremysciatica.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hpbn.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hsts-preload-test.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "iftrue.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ime.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "imitza.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "immunicity.date", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -12417,10 +12363,7 @@ { "name": "yoga-prive.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yooooex.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "youngandunited.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "youran.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yoyoost.duckdns.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ytec.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "yukontec.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yux.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "z3liff.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "z3liff.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -12480,7 +12423,6 @@ { "name": "addtoany.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "adfa-1.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "adhoc.is", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "adonnante.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "advocatenalkmaar.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "adxperience.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aerialmediapro.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -12689,7 +12631,6 @@ { "name": "cheapticket.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chelseafs.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chennien.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cherryonit.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chicisimo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "choiralberta.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chourishi-shigoto.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -13117,7 +13058,6 @@ { "name": "ironcarnival.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "isbc-telecom.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "isdf.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "isgp-studies.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "istgame.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "istherrienstillcoach.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "it-rotter.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -13193,7 +13133,6 @@ { "name": "kartec.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kasadara.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kashmirobserver.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "kat.al", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kateduggan.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kati-raumplaner.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "katproxy.al", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -13224,7 +13163,6 @@ { "name": "kncg.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "knthost.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "koethen-markt.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "koldanews.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "komidoc.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kommune42.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "konkurs.ba", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -13236,7 +13174,6 @@ { "name": "kundenerreichen.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kundenerreichen.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kuschku.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "kutukupret.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kwok.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kyliehunt.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kyy.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -13273,7 +13210,6 @@ { "name": "lew.im", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "liaoshuma.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lichess.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "liduan.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lightarmory.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lightcloud.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "likeablehub.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -13396,15 +13332,12 @@ { "name": "mutuals.cool", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "muusikoiden.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mwba.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "my-hps.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myadself.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "myfedloan.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myfrenchtattoo.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mygpsite.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myimmitracker.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mymotor.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mypaperwriter.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "myptsite.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myrepublic.co.id", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myschoolphoto.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mythengay.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -13810,7 +13743,6 @@ { "name": "streetspotr.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "studiomarcella.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "suborbital.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "subsys.no", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sudoschool.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "suitocracy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "superpase.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -13907,7 +13839,6 @@ { "name": "treinaweb.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tributh.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tripcombi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "trueinstincts.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tsuyuzakihiroyuki.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tts.co.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ttt.tt", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -14223,7 +14154,6 @@ { "name": "borderlinegroup.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "awaremi-tai.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bewerbungsfibel.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "besnik.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bemsoft.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bluebill.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beyondalderaan.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -14602,11 +14532,9 @@ { "name": "endohaus.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fuvpn.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ff-obersunzing-niedersunzing.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "film.photos", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fnzc.co.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "galardi.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "garden.trade", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "frdl.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fwei.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gdv.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ezhik-din.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -14707,7 +14635,6 @@ { "name": "heiland.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "glitzmirror.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hanimalis.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "hillcity.org.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hokieprivacy.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gyu-raku.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hans-natur.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -14864,7 +14791,6 @@ { "name": "kovnsk.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kamikatse.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kpumuk.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "jankoepsel.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kisa.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kennethaasan.no", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kaela.design", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -14940,7 +14866,6 @@ { "name": "limiteddata.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lim-light.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lirion.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "legendary.camera", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "leanplando.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lacicloud.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "librends.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -15138,7 +15063,6 @@ { "name": "notify.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nabu-bad-nauheim.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nitropur.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mustardking.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nossasenhoradaconceicao.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "montand.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "oauth-dropins.appspot.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -15321,7 +15245,6 @@ { "name": "radreisetraumtreibstoff.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "randomkoalafacts.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rapidshit.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "radionicabg.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "randomprecision.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "quantum-cloud.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pretzlaff.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -16010,7 +15933,6 @@ { "name": "bandiga.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chxdf.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "breckle.com.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cnwage.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bmros.com.ar", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "clickclock.cc", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "christensenplace.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -16072,7 +15994,6 @@ { "name": "clubeohara.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "curtissmith.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "curtis-smith.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "danbarrett.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cleanmta.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bityes.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "correct.horse", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -16147,7 +16068,6 @@ { "name": "elliotgluck.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ebiografia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dinmtb.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "dianefriedli.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ebiografias.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dronexpertos.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "doyoulyft.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -16219,7 +16139,6 @@ { "name": "f1minute.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "factbytefactbox.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ewuchuan.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "favorit.club", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eve0s.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "defi-metiers.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "f1bigpicture.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -16280,7 +16199,6 @@ { "name": "forcewave.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "flurrybridge.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "godrive.ga", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fotoallerlei.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "geofox.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fuechschen.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gamingwithcromulent.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -16298,7 +16216,6 @@ { "name": "glasfaser-im-hanseviertel.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "greger.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fwww7.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "gzitech.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "espanova.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "getsecure.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "grupopgn.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -16604,7 +16521,6 @@ { "name": "minitruckin.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "meincloudspeicher.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "migrator.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "medzinenews.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mimemo.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "medialab.nrw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "miguelmoura.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -16690,7 +16606,6 @@ { "name": "ofda.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "olanderflorist.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "noclegi-online.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "monpc-pro.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "norrkemi.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "oldoakflorist.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "opic.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -17110,7 +17025,6 @@ { "name": "wirsol.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xtom.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wyday.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "wv-n.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yabrt.cn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xilkoi.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "webtechgadgetry.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -17293,7 +17207,6 @@ { "name": "aov.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "anita-mukorom.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arewedubstepyet.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "antikvariat.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arados.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "artlifeisgood.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aschaefer.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -17599,7 +17512,6 @@ { "name": "creepypastas.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "csmainframe.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cryptoshot.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "creativeliquid.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "codedump.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "countryoutlaws.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "codebrahma.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -17644,7 +17556,6 @@ { "name": "cranems.com.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "david-pearce.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cube-cloud.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "danwillenberg.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cornishcamels.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cubecart-demo.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cuni-cuni-club.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -17841,7 +17752,6 @@ { "name": "exhalespa.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "estcequonmetenprodaujourdhui.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "facebook.ax", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ecolesrec.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eganassociates.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "escapeplaza.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "evafojtova.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -18016,7 +17926,6 @@ { "name": "hannah.link", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hac30.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hakugin.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "guideo.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "getpublii.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hiltonhyland.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "habtium.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -18287,7 +18196,6 @@ { "name": "knaake.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kgnk.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "knapp.noip.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "kristjanrang.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kohlistkool.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "klempnershop.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kprog.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -18339,7 +18247,6 @@ { "name": "lifanov.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lemuslimpost.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lel.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "kids-at-home.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kuaza.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lijero.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lexicography.online", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -18613,7 +18520,6 @@ { "name": "nootropic.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "neartothesky.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "normaculta.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nicolas-hoffmann.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mystown.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mutuelle-obligatoire-pme.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nexusconnectinternational.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -18931,7 +18837,6 @@ { "name": "schwarztrade.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "scoolcode.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sciencemonster.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "seccom.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pchospital.cc", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "serverlauget.no", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "security-thoughts.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -18963,7 +18868,6 @@ { "name": "shang-yu.cn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shiftdevices.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "snekchat.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "smartwelve.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "seobot.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "smartcheck.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "salmonvision.com.tw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19290,7 +19194,6 @@ { "name": "valeriansaliou.name", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "viosey.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vorangerie.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "vldkn.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "visikom.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vicenage.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vodpay.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19338,7 +19241,6 @@ { "name": "ujob.com.cn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "whistleblower.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vjeff.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "unquote.li", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "voodoochile.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "webcontentspinning.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vbazile.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19403,7 +19305,6 @@ { "name": "wereldplanner.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "worldeventscalendars.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wmawri.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "yukonconnector.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wiz.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zao.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xn--rdiger-kuhlmann-zvb.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19553,8 +19454,6 @@ { "name": "akalashnikov.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "advokat-romanov.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "a-ix.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "2bcompany.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "abimelec.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alibip.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "akkadia.cc", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aolabs.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19595,15 +19494,12 @@ { "name": "120dayweightloss.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "altunbas.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "andrew.london", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "airmail.cc", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ansas.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "appdb.cc", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aocast.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aidhan.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "appartement-andrea.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "andruvision.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "alca31.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "alainbaechlerphotography.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ashleyfoley.photography", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "2krueger.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "247quickbooks.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19628,7 +19524,6 @@ { "name": "ares-trading.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "astraalivankila.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "archivesdelavieordinaire.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "antcas.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "armleads.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arcusnova.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "abeontech.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19636,7 +19531,6 @@ { "name": "aristilabs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "araleeniken.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "azrazalea.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "apef.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "attilavandervelde.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ato4sound.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arthur.cn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19650,10 +19544,8 @@ { "name": "backterris.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "awan.tech", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "amlvfs.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "arteshow.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "artstopinc.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "azamra.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ans-ge.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ayahuascaadvisor.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "asseenfromthesidecar.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bankstownapartments.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19692,7 +19584,6 @@ { "name": "bashstreetband.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "2048-spiel.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "avi9526.pp.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "automotivegroup-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bandito.re", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aquilalab.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "automobiles5.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19703,7 +19594,6 @@ { "name": "agridir.site", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "asepms.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ac-epmservices.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "arveron.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bbwteens.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "begabungsfoerderung.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "betseybuckheit.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19725,7 +19615,6 @@ { "name": "bebetrotteur.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "biswas.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bitplay.space", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "artisans-libres.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bitbucket.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bey.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bitbucket.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19742,7 +19631,6 @@ { "name": "belgien.guide", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bergland-seefeld.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bernat.im", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "aubonmanger.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "blinking.link", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bina.az", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bodygearguide.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19758,7 +19646,6 @@ { "name": "blockxit.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "berdu.id", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "blechinger.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bauthier-occasions.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "battle-game.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "boldmediagroup.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "betterscience.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19766,7 +19653,6 @@ { "name": "bolwerk.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "blacknetwork.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bazziergraphik.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bch7al.ma", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bienoubien.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brando753.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bruun.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19777,14 +19663,12 @@ { "name": "bestfitnesswatchreview.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "blogaid.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "burke.services", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "batlab.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "board-buy.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "blumen-garage.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "benjakesjohnson.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "blogconcours.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "black.host", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "blogabout.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "biscoint.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "boss.az", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "biovalue.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "britneyclause.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19872,7 +19756,6 @@ { "name": "chatxtutti.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chriswbarry.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ccl-sti.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cantatio.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chocolatesandhealth.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "canlidoviz.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chatt-gratis.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19898,7 +19781,6 @@ { "name": "bitcoinrealestate.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "charlotte-touati.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cloudservice.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "chantalguggenbuhl.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cocinoyo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chytraauta.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "backintomotionphysiotherapy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19944,7 +19826,6 @@ { "name": "corderoscleaning.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cmso-cal.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cernega.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "coinpit.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "coolrc.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "commoncode.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "common.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19952,7 +19833,6 @@ { "name": "commoncode.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "childrendeservebetter.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "citylights.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cinq-elements.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cpy.pt", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "crge.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "crackslut.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -19990,7 +19870,6 @@ { "name": "cynoshair.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "crecket.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "csgf.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cotwe-ge.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dearfcc.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "conkret.mobi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "data.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20032,7 +19911,6 @@ { "name": "dflcares.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "denimtoday.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "darkeststar.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "csp.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "diccionariodedudas.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dieser.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "das-tyrol.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20085,7 +19963,6 @@ { "name": "driverless.id", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dreamlighteyeserum.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dtub.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "curieux.digital", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dochitaceahlau.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "diversityflags.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "domprojects.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20108,12 +19985,10 @@ { "name": "duckbase.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "doska.by", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "csgoshifter.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "demarle.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dracisvet.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "educationevolving.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dprb.biz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "doli.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "didche.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "doclassworks.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ebooki.eu.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eickhofcolumbaria.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20139,7 +20014,6 @@ { "name": "elektro-pfeiffer.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "elektro-hornetz.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "deadmann.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "diegogelin.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "effdocs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ehazi.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ec-baran.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20172,7 +20046,6 @@ { "name": "elektrokarges.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eichel.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eprofitacademy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "dzeina.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "epickitty.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "emanga.su", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "etk2000.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20180,7 +20053,6 @@ { "name": "ellemental.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "evades.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "envant.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "domainedemiolan.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "erudicia.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ejdv-anmeldung.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "elektro-stock.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20221,14 +20093,12 @@ { "name": "europeantransportmanagement.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fabianackle.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eurora.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ecole-attalens.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ewanm89.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eupay.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "europapier.bg", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eutram.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ewanm89.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "evergladesrestoration.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "esafar.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "esquisse.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "euroscot.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fearghus.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20239,7 +20109,6 @@ { "name": "femdombbw.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "expokohler.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "femaledom.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fed51.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "felicifia.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fashionunited.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "erasmusplusrooms.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20269,7 +20138,6 @@ { "name": "firegoby.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "filme-online.eu.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fliptable.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "eyes-berg.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "filebox.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fight215.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fight215.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20410,7 +20278,6 @@ { "name": "grekland.guide", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hashidays.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "grapholio.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ggl-luzern.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "guyot-tech.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "guge.gq", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gotoxy.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20468,7 +20335,6 @@ { "name": "hosts.cf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "higilopocht.li", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hitter.family", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "hec-espace-entreprise.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hotartup.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "heello.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gers-authentique.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20514,10 +20380,8 @@ { "name": "huirongis.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hoowhen.cn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ic-lighting.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "hopconseils.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hosyaku.gr.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "idealmykonos.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "hopconseils.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hugi.is", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hotel-huberhof.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ih8sn0w.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20544,7 +20408,6 @@ { "name": "hypothecairelening.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hyphenpda.co.za", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "illich.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "iceberg.academy", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "imaginarymakings.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ifsclist.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "infosoph.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20598,7 +20461,6 @@ { "name": "iplife.cn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jake.ml", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "iteke.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "infirmieredevie.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "iteke.ml", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "javascriptlab.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jeff.is", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20638,7 +20500,6 @@ { "name": "idinby.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "how2fsbo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "joshuajohnson.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ipura.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jomo.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jncie.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jonscaife.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20666,7 +20527,6 @@ { "name": "keypersonins.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kaketalk.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "frodriguez.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "jlr-luxembourg.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kayscs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "johncardell.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "joseetesser.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20746,7 +20606,6 @@ { "name": "koha.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jichi.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "laredsemanario.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "julienpaterne.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kuponydoher.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "learnedhacker.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kowalmik.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20809,7 +20668,6 @@ { "name": "lowson.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lostwithdan.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lilapmedia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "laclaque.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "isognattori.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lilyfarmfreshskincare.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lbarrios.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20827,10 +20685,8 @@ { "name": "logitel.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "londoncalling.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kingpincages.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lapparente-aise.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "linux-mint-czech.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lifeqa.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lghfinancialstrategy.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "locksport.org.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "likemovies.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lovelyfriends.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20848,7 +20704,6 @@ { "name": "mamadea.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "loyaltech.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "load-ev.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lesmamy.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lyngvaer.no", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "koelbli.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lotos-ag.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20856,7 +20711,6 @@ { "name": "magictable.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lotw.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "maceinturecuir.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "luc-oberson.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "majahoidja.ee", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "madoka.nu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "langkahteduh.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20913,15 +20767,12 @@ { "name": "mikusinec.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mensagensperfeitas.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mileme.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "margecommunication.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mikk.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mimobile.website", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mbeo.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mdosch.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mendy.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mfedderke.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "menaraannonces.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "malysvet.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "memoryex.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "meshotes.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lifenexto.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20932,7 +20783,6 @@ { "name": "minnesotamathcorps.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "meinezwangsversteigerung.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "minnesotareadingcorps.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "maze.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "michalspacek.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "meteosmit.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mitior.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -20979,7 +20829,6 @@ { "name": "morpheusx.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mannford.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mrd.ninja", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mind-box.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mygrotto.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mode-marine.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "macsandcheesedreams.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21012,7 +20861,6 @@ { "name": "nbari.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "necessaryandproportionate.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "necessaryandproportionate.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "monsieursavon.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mikkelvej.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mycr.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mystic-welten.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21037,9 +20885,7 @@ { "name": "monpermismoto.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "navitime.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myweb360.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mon22.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nalepky-na-zed.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "modemaille.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mytripcar.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nagios.by", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nesolabs.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21062,7 +20908,6 @@ { "name": "netdex.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "murz.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "neoclick.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nexthop.co.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nidsuber.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "noncombatant.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nellen.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21076,7 +20921,6 @@ { "name": "netapps.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nginxyii.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "numbercult.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nexthop.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nylonfeetporn.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nyanpasu.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "neolaudia.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21093,7 +20937,6 @@ { "name": "ntzwrk.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "noexec.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nstd.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "newcityinfo.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ngvf.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "netguide.co.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nitrokey.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21109,10 +20952,8 @@ { "name": "odinkapital.no", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "northeastcdc.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mardelcupon.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ninofink.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nu3tion.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "oceanvisuals.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nezrouge-geneve.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "newcityinfo.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "olback.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "one-tab.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21127,7 +20968,6 @@ { "name": "offgames.pro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "musehelix.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ohyooo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "newcitystudio.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nstremsdoerfer.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "optimalsetup.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "openrealestate.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21147,7 +20987,6 @@ { "name": "neyer-lorenz.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "openconcept.no", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "olightstore.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nova-dess.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nuiguru.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "paigeglass.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nosbenevolesontdutalent.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21270,7 +21109,6 @@ { "name": "planktonholland.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "premiership-predictors.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pikeitservices.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "philia-sa.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "proxybay.eu.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "projectte.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pseudo.coffee", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21290,7 +21128,6 @@ { "name": "projectsecretidentity.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pkov.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pianetaottica.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pianetaottica.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pianetaottica.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pianetaottica.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "privasphere.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21298,10 +21135,8 @@ { "name": "promocao.email", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pizzadoc.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "qetic.co.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "physiovesenaz.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pianetaottica.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "r3nt3r.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pex.digital", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "profinetz.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "prostohobby.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "radiomodem.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21355,7 +21190,6 @@ { "name": "richonrails.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "respectmyprivacy.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "remonttitekniikka.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "polletmera.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "proteinnuts.sk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rechtsanwalt-koeppen-feucht.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "qirinus.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21408,7 +21242,6 @@ { "name": "safe.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "romarin.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "reinaldudrasfamily.ee", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "roseliere.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rugs.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rodevlaggen.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "robert-flynn.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21416,10 +21249,8 @@ { "name": "sanatorionosti.com.ar", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "roelsworld.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rozeapp.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "rlds.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "restaurant-rosengarten.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rotex1840.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "roseliere.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rumtaste.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rumtaste.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "psicologoforensemadrid.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21494,7 +21325,6 @@ { "name": "scriptenforcer.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shadowsocks.com.hk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schadevergoedingen.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "salmotierra-salvatierra.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "securita.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shootpooloklahoma.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "security.xn--q9jyb4c", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21512,7 +21342,6 @@ { "name": "shipmile.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shitposts.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "saumondefrance.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "seeclop.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shirosaki.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "saumon-france.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "securitybrief.co.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21627,7 +21456,6 @@ { "name": "studiograou.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "super-radiant-skin.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "super-ripped-power.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "sinergy.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "super-slim-coffee.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stern.koeln", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "streklhof.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21639,7 +21467,6 @@ { "name": "tallcraft.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sunfox.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stellarium-gornergrat.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "suggestim.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sweharris.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stampederadon.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "superlandnetwork.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21698,7 +21525,6 @@ { "name": "tech-director.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tempo.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thcpbees.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "systemeprod.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thamesfamilydentistry.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "testbirds.sk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thefutureharrills.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21780,9 +21606,7 @@ { "name": "trinary.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tmtradingmorocco.ma", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "too.gy", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "therapysxm.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "trafficmanager.xxx", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "tir-pistolet-chexbres.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "top10mountainbikes.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thedailyupvote.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tretail.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21881,7 +21705,6 @@ { "name": "weils.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vinarstvimodryhrozen.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thesocialmediacentral.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "urbalex.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vsestiralnie.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vasileruscior.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vitaminler.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21908,7 +21731,6 @@ { "name": "we-run-linux.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "webuni.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "we-use-linux.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "valoremtax.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "winbuzzer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "windholz.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "windwoodmedia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21920,7 +21742,6 @@ { "name": "vrijstaandhuis-in-alphen-aan-den-rijn-kopen.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "treasuredinheritanceministry.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "whoneedstobeprimaried.today", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "valorem-tax.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "walkhighlandsandislands.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wifimapa.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ts-publishers.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21932,7 +21753,6 @@ { "name": "wisper.net.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tpolemis.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wimbo.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "weidmannfibertechnology.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wilhelm-nathan.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "worldsgreatestazuredemo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wheatley.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21944,7 +21764,6 @@ { "name": "visaop.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wonderbill.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xkcd.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "whitefm.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "willeminfo.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wpblog.com.tw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wissl.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21957,7 +21776,6 @@ { "name": "x69.biz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "winter-elektro.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wsyy.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "weemakers.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xgn.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wsb-immo.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xhadius.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -21985,10 +21803,7 @@ { "name": "xn--90accgba6bldkcbb7a.xn--p1acf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xninja.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "youdungoofd.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "wheelwork.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xn--d1acj9c.xn--90ais", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "xn--roselire-60a.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "xn--roselire-60a.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yukonrefugees.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yubi.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zeds-official.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22018,7 +21833,6 @@ { "name": "zrt.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yoimise.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yama.su", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "whyopencomputing.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zuzumba.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zigi.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yourgames.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22047,12 +21861,9 @@ { "name": "xpenology-fr.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yin.roma.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xperiacodes.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "whyopencomputing.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "wyssmuller.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zenwears.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "watermonitor.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yugege.cf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "tirs4ne.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zenfusion.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "0c3.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "0x00ff00ff.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22068,7 +21879,6 @@ { "name": "3ags.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "3chat.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "3dproteinimaging.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "762.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "9651678.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "a3workshop.swiss", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "abdullah.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22111,7 +21921,6 @@ { "name": "anthony-rouanet.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "antipa.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "antoined.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "antoineschaller.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "antragsgruen.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "apartmanicg.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "apila.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22233,7 +22042,6 @@ { "name": "cdburnerxp.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "censurfridns.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "censurfridns.nu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "centos.pub", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "certificatedetails.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cf-ide.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chancat.blog", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22241,7 +22049,6 @@ { "name": "chat40.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chatfacile.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chatt-gratis.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cherrett.digital", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chiaseeds24.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chorkley.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chorkley.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22262,7 +22069,6 @@ { "name": "classics.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "click-licht.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cmweller.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cock.li", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "coconutoil24.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "code.taxi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "colaborativa.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22284,9 +22090,7 @@ { "name": "creativeink.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "creators-design.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "creerunsitepro.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cretdupuy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cristarta.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "croixblanche-haguenau.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cryoit.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "csvalpha.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cyberdos.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22318,7 +22122,6 @@ { "name": "destinationsofnewyorkstate.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "develop.fitness", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "devpgsv.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "dhconcept.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dicando.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "diegorbaquero.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "diemattels.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22343,7 +22146,6 @@ { "name": "dragonsmoke.cloud", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dreiweiden.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "drheibel.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "drone-it.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "drostschocolates.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dugunedavet.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "duongpho.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22353,7 +22155,6 @@ { "name": "earlyyearshub.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eattherich.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "edisonnissanparts.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "egami.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "einheft.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "einsatzstiefel.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ekedp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22374,7 +22175,6 @@ { "name": "evtripping.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ewus.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "exousiakaidunamis.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "eyes-berg.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ezgif.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "faderweb.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "faldoria.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22387,7 +22187,6 @@ { "name": "feastr.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "feedstringer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "felixkauer.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "feng.si", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ferdies.co.za", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ffprofile.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "figura.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22420,7 +22219,6 @@ { "name": "fruchtikus.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fuckcf.cf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fullytrained.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fundeego.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fuorifuocogenova.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "futurope.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "g10e.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22435,8 +22233,6 @@ { "name": "gearev.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "geekzone.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gelb-computer.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "georgiastuartyoga.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "geschenkly.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gfk-kunststoff-luebben.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ghislainphu.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gianlucapartengo.photography", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22444,7 +22240,6 @@ { "name": "giochi-online.ws", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "girlan.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "glamour4you.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "glloq.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "globalhorses.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "globalinsights.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gloucesterphotographer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22456,12 +22251,10 @@ { "name": "gradsm-ci.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gratis-app.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "grettogeek.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "groepjam-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "grow-shop.lv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "grusenmeyer.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gtcprojects.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "guesthouse-namaste.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "guide-peche-cantal.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "guim.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "guineafruitcorp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gulleyperformancecenter.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22491,7 +22284,6 @@ { "name": "hrabogados.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hs-arbeitsschutz.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hukkatavara.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "hydroturbine.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hypothes.is", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ibcmed.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "icecars.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22505,7 +22297,6 @@ { "name": "immobilien-badlippspringe.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "impactfestival.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "inceptionradionetwork.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ineardisplay.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "infinitioflynnwoodparts.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "infopagina.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "informaticapremium.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22513,7 +22304,6 @@ { "name": "inobun.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "internetaanbieders.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "intl-webs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "intmissioncenter.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "iojo.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "iostream.by", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ipfirebox.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22545,7 +22335,6 @@ { "name": "johnroberts.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jongha.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "joshua-kuepper.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "juls.cloud", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "justgalak.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "justinellingwood.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jwatt.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22571,7 +22360,6 @@ { "name": "kiesuwkerstkaart.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "killerit.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kipin.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "kitbag.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kmashworth.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kniga.market", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kolkataflowermall.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22582,12 +22370,10 @@ { "name": "kusdaryanto.web.id", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "l0re.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lambauer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lancyvbc.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "land-links.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lanna.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lasrecetasdeguada.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lastrada-minden.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lausannedentiste.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "law-peters.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lawrence-institute.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "leafandseed.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22599,9 +22385,7 @@ { "name": "legiscontabilidade.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "legland.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lemon.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lepsos.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "les-voitures-electriques.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lespagesweb.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "letteringinstitute.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "levensbron.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "leveredge.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22646,7 +22430,6 @@ { "name": "maxibanki.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "maximdens.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "maximiliankaul.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "maximov.space", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "maxkaul.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "may24.tw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mbs-journey.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22681,7 +22464,6 @@ { "name": "mistybox.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "miyako-kyoto.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mk89.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mkimage.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mo.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mobilebay.top", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mobileritelushi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22711,7 +22493,6 @@ { "name": "nadelholzkulturen.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nagel-dentaltechnik.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nakama.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nakandya.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nanpuyue.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nasmocopati.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nasralmabrooka.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22724,7 +22505,6 @@ { "name": "neonnuke.tech", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nepovolenainternetovahazardnihra.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "net-navi.cc", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "netto-service.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "newspsychology.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nfz.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "niagara.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22749,7 +22529,6 @@ { "name": "nyored.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "o3.wf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "object.earth", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ocim.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "oklahomamoversassociation.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "onee3.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ontheten.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22870,7 +22649,6 @@ { "name": "scriptgates.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sebastian-janich.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "secondbyte.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "secretsanta.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "section-31.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "secwise.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "seeworkdone.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22943,11 +22721,8 @@ { "name": "studport.rv.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stuka-art.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stuvel.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "suprem.biz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "suprem.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "svennd.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "swd.agency", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "swissfreshaircan.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "swu.party", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "syleam.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "symphonos.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -22961,7 +22736,6 @@ { "name": "tdfbfoundation.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "teamcombat.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "teammathics.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "tec3000.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tech-blog.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "telefon.report", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "testbirds.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23049,7 +22823,6 @@ { "name": "vacuumpump.co.id", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vadodesign.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "valesdigital.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "valoremtax.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vandeput.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vaphone.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vawebsite.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23081,10 +22854,8 @@ { "name": "witneywaterpolo.org.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wlci.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wmkowa.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "wohnbegleitung.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wolfram.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wollekorb.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "women-only.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wpsharks.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wstx.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wxh.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23119,7 +22890,6 @@ { "name": "yubikey.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yubikey.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yubiking.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "yveslegendre.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yyc.city", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zahyantechnologies.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zamos.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23183,7 +22953,6 @@ { "name": "379700.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "393335.ml", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "3circlefunding.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "3cs.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "3dcart.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "3dprintsondemand.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "3haeuserprojekt.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23198,7 +22967,6 @@ { "name": "4freepress.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "4hvac.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "4plebs.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "4u.services", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "5c1fd0f31022cbc40af9f785847baaf9.space", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "64616e.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "6541166.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23253,10 +23021,8 @@ { "name": "absolutewaterproofingsolutions.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ac-admin.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "academytv.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "acbrussels-used.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "accentthailand.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "accesloges.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "accessauto-occasions.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "acecerts.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "acerislaw.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "achterhoekseveiligheidsbeurs.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23296,15 +23062,12 @@ { "name": "aheng.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ahlaejaba.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aicial.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "aiden.link", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aikido-club-limburg.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aiponne.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "air-shots.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "airdur.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "airicy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "airplayradio.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "airpurifierproductsonline.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "aiutodomestico.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aixxe.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ajarope.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ajces.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23329,7 +23092,6 @@ { "name": "aliwebstore.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aljammaz.holdings", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aljmz.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "allaboutbelgaum.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "allamericanmuslim.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "allcovered.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "allensun.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23361,7 +23123,6 @@ { "name": "amorim.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "analgesia.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ancientcraft.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ancolies-andre.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "andrerose.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "andrespaz.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "andreundnina.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23391,7 +23152,6 @@ { "name": "anon-next.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "anongoth.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "anothermilan.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ansermet.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ansgar-sonntag.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ansgarsonntag.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "anti-bible.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23402,7 +23162,6 @@ { "name": "anymetrix.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "anyon.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aozora.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ap-swiss.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "apertis.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "apila.care", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aplikaceproandroid.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23438,14 +23197,10 @@ { "name": "ashleakunowski.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ashleyadum.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "asperti.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "assguidesporrentruy.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "astenretail.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "astronomie-fulda.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "asvsa.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "at-one.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "at1.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ateliersantgervasi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "atgoetschel.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "athena-bartholdi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "atkdesign.pt", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "atlantareroof.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23459,15 +23214,12 @@ { "name": "auri.ga", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aurora-terraria.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aurorarecordings.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ausec.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "austinmobilemechanics.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "authinfo-bestellen.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "author24.biz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "autoecolebudget.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "auxquatrevents.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "averen.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "avonlearningcampus.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "avpres.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "avtoforex.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "awei.pub", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "awningsaboveus.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23476,7 +23228,6 @@ { "name": "axtux.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ayothemes.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ayuru.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ayurveda-mantry.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "azia.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "b-b-law.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "b-pi.duckdns.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23490,7 +23241,6 @@ { "name": "badam.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bakaproxy.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bakim.li", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "balatoni-nyar.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "balnearionaturaspa.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bals.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "banburybid.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23498,7 +23248,6 @@ { "name": "banri.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "baptistboard.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bariller.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "baripedia.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "baropkamp.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "barracuda.blog", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "barracuda.com.tr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23515,11 +23264,9 @@ { "name": "bayerstefan.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bayherbalist.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bazisszoftver.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bbgeschenke.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bbimarketing.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bbkworldwide.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bbrinck.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bcbulle.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bcpc-ccgpfcheminots.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beadare.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beagreenbean.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23542,9 +23289,6 @@ { "name": "benjaminjurke.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "benleemd.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "benscobie.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bernardcontainers.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bersierservices.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bersotavocats.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bertholdsson.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bertoliniodontoiatria.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "best10websitebuilders.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23576,7 +23320,6 @@ { "name": "biohappiness.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "biomax-mep.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "biometrics.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "biosafe.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bioshine.com.sg", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "birbaumer.li", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "birkengarten.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23592,7 +23335,6 @@ { "name": "bitmainwarranty.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bitrush.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bixservice.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bizeau.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bizniskatalog.mk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bizzi.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "blackdiam.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23615,7 +23357,6 @@ { "name": "bluteklab.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "blutopia.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bnty.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bobazar.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bobep.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "boboates.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bogdanepureanu.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23651,11 +23392,7 @@ { "name": "brahmins.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "braiampeguero.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brain-force.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "brainserve.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "brainserve.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "brainserve.swiss", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brainvoyagermusic.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "brandcodestyle.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brasal.ma", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brasserie-mino.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brasspipedreams.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23671,7 +23408,6 @@ { "name": "britishmeat.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brodowski.cc", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brompton-cocktail.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "brouillard.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bruna-cdn.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bs-network.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bsdracing.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23683,7 +23419,6 @@ { "name": "buckypaper.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "buildingcostestimators.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bulkingtime.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bulledair-savons.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bullettags.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bullterrier.nu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bunadarbankinn.is", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23694,7 +23429,6 @@ { "name": "burrowingsec.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "buryat-mongol.cf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bushbaby.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "buxum-communication.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "buyerdocs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "byronr.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bytes.fyi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23712,7 +23446,6 @@ { "name": "campula.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "campuswire.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "campwabashi.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "canada-tourisme.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "canadiantouristboard.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "candidasa.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "candygirl.shop", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23736,7 +23469,6 @@ { "name": "casburggraaf.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cashless.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "casinolegal.pt", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cassimo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "castlecms.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "catalin.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "catbold.space", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23751,15 +23483,12 @@ { "name": "ce-pimkie.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cebz.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cecilwalker.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cedriccassimo.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cedriccassimo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ceebee.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cefak.org.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "centerpoint.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "centruvechisv.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cerber.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cert.or.id", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cgbassurances.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cgsshelper.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chaisystems.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chalker.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23779,7 +23508,6 @@ { "name": "charp.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chaseganey.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chateau-de-lisle.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "chateaudestrainchamps.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chatint.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chatu.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chatu.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23814,7 +23542,6 @@ { "name": "cira.email", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "circ-logic.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "citymoobel.ee", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "citysportapp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cityworksonline.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "civillines.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cjtkfan.club", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23844,7 +23571,6 @@ { "name": "cnetw.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "co-driversphoto.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "co-factor.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "coaching-impulse.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "coalitionministries.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cobrax.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "code-digsite.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23894,7 +23620,6 @@ { "name": "complt.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "computerassistance.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "computertal.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "concept-web.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "conception.sk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "congz.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "conservatoriesincornwall.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23916,7 +23641,6 @@ { "name": "corsa-b.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cosplayer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "costow.club", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "counstellor.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "countrybrewer.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "course.pp.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "courseworkbank.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23931,24 +23655,18 @@ { "name": "craftination.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "crandall.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "crdmendoza.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "crea-etc.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "crea-shops.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "creadstudy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "createursdefilms.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "creations-edita.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "creativesurvey.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "creators.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "credex.bg", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "creepycraft.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "crepa.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "creusalp.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "crisissurvivalspecialists.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cristianhares.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "crizin.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "croco.vision", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "crop-alert.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "croquette.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "crossorig.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cruzeiropedia.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cryothanasia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "crypted.chat", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -23967,7 +23685,6 @@ { "name": "curveprotect.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "customwritings.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cutimbo.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cve-le-carrousel.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cvninja.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cwrcoding.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cyber-computer.club", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24003,7 +23720,6 @@ { "name": "darinkotter.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "darkengine.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dartsdon.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "datalysis.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "datovyaudit.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dave-pearce.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "davecardwell.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24021,12 +23737,10 @@ { "name": "dcaracing.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dccraft.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "deanosplace.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "debie-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "debtprotectionreporting.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "decidetreatment.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "decodeanddestroy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "decormiernissanparts.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "decrousaz-ceramique.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "deepvision.com.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "defrax.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "defrax.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24049,9 +23763,6 @@ { "name": "desmo.gg", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "despotika.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "det-te.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "detecte-fuite.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "detecte.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "detectefuite.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "detroit-english.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dev-aegon.azurewebsites.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "develop.cool", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24098,7 +23809,6 @@ { "name": "docabo.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "doclot.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "docxtemplater.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "dofuspvp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dolorism.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "domain-ermittlung.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "domenicocatelli.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24145,7 +23855,6 @@ { "name": "dylanknoll.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dynamicyou.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dynastic.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "dynn.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dynorphin.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dynorphins.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dysthymia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24164,8 +23873,6 @@ { "name": "ebayinc.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ebooksgratuits.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ecelembrou.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ecoccinelles.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ecoccinelles.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ecodigital.social", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ecolala.my", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "econativa.pt", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24238,8 +23945,6 @@ { "name": "esh.ink", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eskdale.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "espo.com.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "espritrait.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "essencesdeprana.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "etenendrinken.nu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "etherpad.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "etys.no", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24284,10 +23989,8 @@ { "name": "expressmarket.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eyecandy.gr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eyeglasses.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "f1classement.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "f42.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "f5nu.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fabriceleroux.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fabriko.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "facciadastile.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "facealacrise.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24296,9 +23999,7 @@ { "name": "falkhusemann.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "falkus.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fame-agency.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "familiaperez.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "familyreal.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fanfareunion.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fanflow.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fantasticgardenersmelbourne.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fantastichandymanmelbourne.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24325,7 +24026,6 @@ { "name": "fhsseniormens.club", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ficklenote.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fickweiler.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fiduciaire-ratio.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fifichachnil.paris", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "figura.im", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "file-cloud.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24367,25 +24067,19 @@ { "name": "flyingrub.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fmapplication.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fminsight.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fmodoux.biz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "foairbus.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "foairbussas.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "focusministries1.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fokan.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fol.tf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "foodattitude.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "forcamp.ga", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "forces.army", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "foregroundweb.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "foreverssl.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "formation-assureur.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "formation-mac.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "formersessalaries.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "forrestheller.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "forsyththeatre.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fortress.no", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "forty8creates.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "forvisualdesign.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "foryourhealthybody.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fosdem.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fossgruppen.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24413,23 +24107,17 @@ { "name": "freifunk-in-solingen.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "freifunk-lindlar.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "freifunk-remscheid.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "frequencebanane.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "freshdesigns.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "freshmaza.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "friedrich-foto-art.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "friedsamphotography.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "frigi.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "frinkiac.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "front-end.dog", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "frontline6.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "frugalmechanic.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "frumious.fyi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fsckd.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fsvt.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fudanshi.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fuite.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fuitedeau.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fuites.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fukuoka-cityliner.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fulilingyu.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fuliwang.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24451,7 +24139,6 @@ { "name": "gagnerplusdargent.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gainesvillegoneaustin.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gajas18.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "galeries.photo", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "galileanhome.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gameconservation.org.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gameparagon.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24500,7 +24187,6 @@ { "name": "gibraltar-firma.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gigantism.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gigawattz.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "gilnet.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gina-architektur.design", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "giraffes.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "girsa.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24543,7 +24229,6 @@ { "name": "gpws.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "graeber.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "grandcapital.cn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "grandchene.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "grantmorrison.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "grapeintentions.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "greditsoft.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24558,7 +24243,6 @@ { "name": "grillteller42.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "groenewoud.run", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "grow-shop.ee", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "growy.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gruenprint.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gsmsecurity.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gt-mp.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24572,8 +24256,6 @@ { "name": "gulfcoast-sandbox.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gulshankumar.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "guusvandewal.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "gvi-timing.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "gvitiming.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gymhero.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gympap.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gzitech.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24606,7 +24288,6 @@ { "name": "hangtenseo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hanksservice.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "happycarb.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "happydoq.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hapsfordmill.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hardesec.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hardforum.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24617,7 +24298,6 @@ { "name": "hashcat.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hashish.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hauntedhouserecords.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "hauteslatitudes.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "havenmoon.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "haz.cat", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hcbj.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24666,7 +24346,6 @@ { "name": "hire-a-coder.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hirefitness.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hirokilog.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "histoire-cite.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hiwiki.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hjartasmarta.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hjf-immobilien.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24678,21 +24357,17 @@ { "name": "hodamakade.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hodgephotography.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hoeft-autolackierung.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "hoewler.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "holebedeljek.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hollermann.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "holymolycasinos.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "holywhite.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "homeandyarddetailing.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "homecarpetcleaning.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "homeogenium.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "hommeatoutfaire.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hongyd.online", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hoppyx.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hostgigz.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hostmodern.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hostserv.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "hot-spa.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hottaro.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "houdremont-la-courneuve.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "house-sparrow.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24706,7 +24381,6 @@ { "name": "hppub.site", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hrk.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hrtraining.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "htsure.ma", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "httpsecured.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "huangguancq.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "huduser.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24725,7 +24399,6 @@ { "name": "hundter.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "huntingdonlifesciences.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "huwcbjones.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "hydrante.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hylians.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hyperalgesia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hypersomnia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24746,14 +24419,12 @@ { "name": "idealwhite.space", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "idmanagement.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "iemas.azurewebsites.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ifixe.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ignatovich.by", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ignatovich.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ikkoku.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ilamparas.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ilamparas.com.ve", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ilazycat.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "illambias.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "illuminationis.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ilya.pp.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "im-design.com.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24788,8 +24459,6 @@ { "name": "inmusrv.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "innerfence.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "innsalzachsingles.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "inondation.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "insblauehinein.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "inscript.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "inst.mobi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "instinctive.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24841,7 +24510,6 @@ { "name": "isuzupartscenter.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "isv.online", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "itactiq.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ital-gamma.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "itamservices.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "itchimes.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "iteecafe.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24849,7 +24517,6 @@ { "name": "itnews-bg.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "itproject.guru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "itshka.rv.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "itsnotquitethehilton.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "itsupport-luzern.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ivfausland.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ivvl.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24908,7 +24575,6 @@ { "name": "johannaojanen.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "johannes-bauer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "johannes-zinke.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "johnsiu.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jomp16.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jonandnoraswedding.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jonathansanchez.pro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24970,7 +24636,6 @@ { "name": "kermadec.blog", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kernelpanics.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ketamine.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ketty-voyance.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kevinhill.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kevinlocke.name", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kewego.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -24982,7 +24647,6 @@ { "name": "kibibit.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kibriscicek.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kickasscanadians.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "kidsneversleep.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kiekko.pro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kiel-kind.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kikbb.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25039,8 +24703,6 @@ { "name": "kyonagashima.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kyoto-tomoshibi.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kyunyuki.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "la-baldosa.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "la-maison.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "labande-annonce.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lacarpesaintaubinoise.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lachlan.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25063,11 +24725,8 @@ { "name": "lavaux.lv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lawnuk.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ldcraft.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "le-creux-du-van.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "le-palantir.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "le-traiteur-parisien.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "le23.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "leap-it.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lebourgeo.is", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lechaudrondupertuis.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "leebiblestudycenter.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25078,7 +24737,6 @@ { "name": "leebiblestudycentre.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "leetgamers.asia", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "leflibustier.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lefonddeloeil.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "legit.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "legymnase.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "leipzig.photo", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25091,7 +24749,6 @@ { "name": "lesancheslibres.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lespecialiste-pradelexcellence.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lessets-graphiques.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lesyndicat.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lets-go-acoustic.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lets.nu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lettland-firma.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25132,7 +24789,6 @@ { "name": "loandolphin.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lobivia.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "logic8.ml", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "loichot.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "loli.world", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lolicon.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "londongynaecologist.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25142,7 +24798,6 @@ { "name": "loss.no", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lostkeys.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lou.lt", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "louange-reconvilier.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "louisvillecarguys.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "loveandloyalty.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lovelive-anime.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25161,7 +24816,6 @@ { "name": "lucy.science", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lukeistschuld.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lumi.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lunar6.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lunartail.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "luolikong.vip", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lutoma.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25315,7 +24969,6 @@ { "name": "meterhost.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "methamphetamine.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "methylone.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "metropop.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mevo.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mflodin.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mgknet.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25337,7 +24990,6 @@ { "name": "miki.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mikro-inwestycje.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mikropixel.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mil-spec.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "milesapart.dating", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "militarycarlot.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "milkingit.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25349,7 +25001,6 @@ { "name": "minecraft-server.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "minecraftforum.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "minepod.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mingwah.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mingyueli.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "minigolf-reisinger.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "minikidz.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25357,7 +25008,6 @@ { "name": "mintosherbs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "minube.co.cr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mipymesenlinea.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mirshak.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "missguidedus.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "missionsgemeinde.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "misssex.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25392,12 +25042,10 @@ { "name": "mon-a-lisa.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "moneychangersoftware.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "montagne-tendance.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "montpreveyres.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "montsaintaignan.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "moodzshop.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mopsuite.club", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "morbotron.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "morchino.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mordrum.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mosin.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mosos.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25409,7 +25057,6 @@ { "name": "mozillians.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mpe.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mpg.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mplanetphl.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mpy.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mr-anderson.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mscenter.cf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25439,7 +25086,6 @@ { "name": "mwohlfarth.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mxawei.cn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "my-floor.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "myconsulting.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mycreativeartsconsulting.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mycrypnet.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mydaywebapp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25448,7 +25094,6 @@ { "name": "mydjsongbook.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mydriversedge.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myfantasysportstalk.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "myfirenet.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mygeotrip.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mygreatjob.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mygymer.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25465,7 +25110,6 @@ { "name": "myrig.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myrsa.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mysocialporn.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "myswissmailaddress.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mywebinar.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "n2servers.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "n3twork.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25479,13 +25123,10 @@ { "name": "nanubo.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "napolinissanctparts.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "narko.space", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "narmos.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "naroska.name", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nastoletni.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nataliedawnhanson.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "natatorium.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nathaliebaron.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nathaliebaroncoaching.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nationalmap.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "natur-udvar.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "naturesorganichaven.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25533,7 +25174,6 @@ { "name": "niva.synology.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nmadda.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nmnd.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "no-xice.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nodejs.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "noellabo.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "noisebridge.social", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25562,7 +25202,6 @@ { "name": "nuclearcrimes.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nuclearcrimes1.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nulltime.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "numero1.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "numerossanos.com.ar", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "numis.tech", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nuriacamaras.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25577,28 +25216,22 @@ { "name": "oberhof.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "oberhofdrinks.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "oberhofjuice.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "objectif-terre.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "objekt-textil.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "observatory.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "obyvateleceska.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ocelot.help", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ocsigroup.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "odzyskaniedomeny.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ofcampuslausanne.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ofcss.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "off-the-clock.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "offroadeq.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "offshore-unternehmen.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "offshorefirma-gruenden.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "offtherails.ie", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "oge.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ohai.su", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "okburrito.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "oldnews.news", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "olegs.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "olgiati.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "olympic-research.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "omanko.porn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ometepeislandinfo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "omf.link", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "omi-news.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25661,7 +25294,6 @@ { "name": "ourwedding.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ovuscloud.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ownc.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "oxelie.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ozonitron.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ozonitron.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ozonitron.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25670,14 +25302,12 @@ { "name": "ozonytron.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "p-pc.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "p3ter.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pacifictilkin-occasions.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "packetapp.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "packetcrash.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pactf-flag-4boxdpa21ogonzkcrs9p.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pactocore.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "paleosquawk.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "palletflow.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "palli.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pammbook.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pan.tips", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "panascais.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25685,7 +25315,6 @@ { "name": "panpsychist.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "panzer72.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "papakatsu-life.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "parachute70.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "paradise-engineer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "paradise-engineers.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "paragon.edu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25702,13 +25331,10 @@ { "name": "partsestore.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "passpilot.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "passwd.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "patsyforyou.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "patsytoforyou.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "paulbramhall.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "paulbunyanmls.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "paulus-foto.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pautadiaria.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pavando.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pawsr.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pback.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pbcknd.ml", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25719,8 +25345,6 @@ { "name": "peep.gq", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "peerless.ae", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "peippo.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pelopogrund.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pelopoplot.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pepwaterproofing.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pernatie.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "perniciousgames.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25735,20 +25359,15 @@ { "name": "phasme-2016.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "phdsupply.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "philippa.cool", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "philipperoose.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "phillipgoldfarb.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "philonas.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "philosoftware.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "philux.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "photographe-reims.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "photomodelcasting.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "photon.sh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "phpliteadmin.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "picture.team", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pidatacenters.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pidjipi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pierrefv.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pimpmyperf.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pinemountainnursery.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pinemountbaptistchurch.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pinimg.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25757,7 +25376,6 @@ { "name": "pizzafest.ddns.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pjbet.mg", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pkschat.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pl-cours.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "plan-immobilier.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "planetbeauty.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "planeteroliste.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25787,12 +25405,9 @@ { "name": "poinsot.beer", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pokemondb.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pol-expo.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pole-emotion.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "polyfill.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "polytechecosystem.vc", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pommedepain.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pompiers-martigny.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "poneypourtous.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ponychan.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ponyfoo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "poopjournal.rocks", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25829,7 +25444,6 @@ { "name": "prefix.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "preludes.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "prepare-job-hunting.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "prestige-car-location.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pretachique.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "prettygrouse.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "prifo.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25922,7 +25536,6 @@ { "name": "ranegroup.hosting", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ranking-deli.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ranos.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "raphaelcasazza.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rapidstone.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rareative.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rastreie.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25978,8 +25591,6 @@ { "name": "resl20.servehttp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ressl.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "restaurantesimonetti.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "reto.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "retokromer.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "retro.sx", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "revelaciones.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "review.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -25995,7 +25606,6 @@ { "name": "richardlugten.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "riddims.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rievo.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "righini.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rijnmondeg.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rile5.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rimcountrymuseum.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26049,11 +25659,9 @@ { "name": "rteone.ie", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rubyquincunx.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rudelune.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ruedirrenggli.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ruk.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rulu.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "run-forrest.run", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "runagain.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rushpoppershop.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rusi-ns.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rutiger.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26112,10 +25720,8 @@ { "name": "schmelzle.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schmitt.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schmitt.ws", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "schnegg.name", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schnyder-werbung.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schsrch.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "schull.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schwarzwald-flirt.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "scintilla.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "scintillating.stream", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26150,7 +25756,6 @@ { "name": "seiler-bad.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "seiryokuzai-ch.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sektor.team", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "selected-properties.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "selfdefenserx.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "selfishness.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "selfloath.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26180,7 +25785,6 @@ { "name": "shadowsocks.wiki", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shadowsocksvpn.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shadowsoks.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "shakan.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shamka.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sharanyamunsi.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sharejoy.cn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26196,8 +25800,6 @@ { "name": "shockercityservices.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shoemuse.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shoestringeventing.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "shred.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "shredoptics.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sidelka-tver.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sigmalux.sarl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sigsegv.run", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26260,7 +25862,6 @@ { "name": "sklepsamsung.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sklotechnik.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sktan.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "skynet233.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "skyris.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "slash64.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "slash64.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26273,7 +25874,6 @@ { "name": "slowgames.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "slvh.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "slwilde.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "slytech.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "smime.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "smksultanismail2.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "snapserv.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26287,8 +25887,6 @@ { "name": "sociopathy.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sockscap64.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "softprayog.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "solacyre.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "solfegiator.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "solidwebnetworks.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "solvemethod.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "somali-derp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26307,13 +25905,11 @@ { "name": "specialedesigns.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "speciesism.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "spedition-transport-umzug.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "speechndraw.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "spellcheck24.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "spha.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sphinx.network", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "spidermail.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "spiders.org.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "spiga.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "spinspin.wtf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "spoketwist.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "spokonline.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26336,7 +25932,6 @@ { "name": "starfeeling.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stastka.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "static-692b8c32.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "stationa.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "std-home-test.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "steef389.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "steelbea.ms", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26374,7 +25969,6 @@ { "name": "supa.sexy", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "supercalorias.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "superklima.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "supern0va.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "support4server.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "supportericking.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "surasak.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26389,17 +25983,11 @@ { "name": "swarlys-server.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "swfloshatraining.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "swipetv.ie", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "swissfreshaircan.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "swisstranslate.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "swisstranslate.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "swissxperts.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "syllogi.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "sylve.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "system.cf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "system12.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "systemd.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "szyndler.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "tac-volley.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tacoma-games.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tagesmutter-in-bilm.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tahosalodge.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26408,7 +25996,6 @@ { "name": "takemoto-ped.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "talkitup.mx", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "talkitup.online", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "tango-ouest.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tangyue.date", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tarasecurity.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tarasecurity.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26418,8 +26005,6 @@ { "name": "targimieszkaniowe.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tateesq.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tatsidou.gr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "taysonvodao.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "tc-st-leonard.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tchoukball.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tdsb.cf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tdsb.ga", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26452,12 +26037,10 @@ { "name": "tengu.cloud", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tenthousandcoffees.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "teranacreative.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "teranga.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "terminalvelocity.co.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "terralimno.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "terralimno.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "terraluna.space", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "terresmagiques.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "teschenhausen.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tessai.ga", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "testgeomed.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26495,12 +26078,10 @@ { "name": "thepiabo.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "theprivacysolution.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thequillmagazine.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "thermique.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "theroyalmarinescharity.org.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thesearchnerds.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thethirdroad.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "theyearinpictures.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "thiry-automobiles.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thiscloudiscrap.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thiswasalreadymyusername.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thm.vn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26530,7 +26111,6 @@ { "name": "tinyhousefinance.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tipaki.gr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tiste.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "titusetcompagnies.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tjandpals.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tkacz.pro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tkts.cl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26562,7 +26142,6 @@ { "name": "tostu.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "totalhomecareinc.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "totalsystemcare.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "tournevis.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tourtransferitaly.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "touslesdrivers.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tousproducteurs.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26618,12 +26197,10 @@ { "name": "tunca.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tuner.cloud", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tupa-germania.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "tupeuxpastest.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "turncircles.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tuto-craft.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tutoragency.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tutorio.ga", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "tuttimundi.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tuxpeliculas.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tuxtimo.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tvc.red", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26650,12 +26227,8 @@ { "name": "ukrnet.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ultimateanu.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "unblocked.cam", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "unefuite.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "unga.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "unhu.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "unique-pathways.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "unique-pathways.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "uniquepathways.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "unite-ka.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "unitedpsychological.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "universal-happiness.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26681,20 +26254,16 @@ { "name": "valenhub.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "valenhub.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "valenscaelum.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "valentinritz.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "validatis.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vanajahosting.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "vandenbroeck-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vanderkrieken.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vanessabalibridal.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "vanhoudt-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vapor.cloud", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "varta.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vaskulitis-info.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vasyharan.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vatelecom.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vayaport.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "vc.gg", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vcam.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vdisk24.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "veganism.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26705,17 +26274,14 @@ { "name": "venoom.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "verliebt-in-bw.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "verliebt-in-niedersachsen.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "verrerie-mousseline.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "versagercloud.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vertebrates.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vfn-nrw.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vhummel.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "vidbooster.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "videorullen.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "videoueberwachung-set.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vider.ga", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "viekelis.lt", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "viemontante.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vierpluseins.wtf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vieux.pro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vigenebio.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26723,7 +26289,6 @@ { "name": "villainsclothing.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vilog.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vinolli.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "vinsetchampagne.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vintagecaskandbarrel.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vintagejeeps.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "viral8.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26741,7 +26306,6 @@ { "name": "voice-of-design.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "void-zero.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "volcanconcretos.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "vonauw.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vonniehudson.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vorderklier.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vorkbaard.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26751,7 +26315,6 @@ { "name": "vsc-don-stocksport.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vsesrazu-raiffeisen.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vstehn.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "vsx.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vuakhuyenmai.vn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vulpine.club", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vuojolahti.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26768,7 +26331,6 @@ { "name": "walksedona.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wallabag.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wallabies.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "walnutis.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "walruses.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wanashi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wangjiatun.com.tw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26828,7 +26390,6 @@ { "name": "wiredcut.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wireframesoftware.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wiseflat.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "withlocals.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wkennington.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wmustore.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wodboss.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26854,14 +26415,12 @@ { "name": "writereditor.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wsdcap.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wssv.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "wstudio.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wug.news", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wwgc2011.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "www-507.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "www-746.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "www-771122.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "www-jinshavip.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "wxrlab.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wygibanki.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wygluszanie.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wygodnie.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26901,7 +26460,6 @@ { "name": "ycm2.wtf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yeesker.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yemekbaz.az", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "yep-pro.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yepbitcoin.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yfengs.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yffengshi.ml", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -26953,7 +26511,6 @@ { "name": "zinniamay.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zinoui.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zip.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "zivmergers.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zixo.sk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zoners.si", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zooish.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27071,7 +26628,6 @@ { "name": "adzuna.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "adamwallington.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "af-internet.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "2stv.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "acpinformatique.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aebian.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "abrakidabra.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27092,7 +26648,6 @@ { "name": "8azino777.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "adentalsolution.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alaxyjewellers.co.za", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "acperu.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "agreor.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "afavre.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "allscammers.exposed", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27106,8 +26661,6 @@ { "name": "aip-marine.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "akul.co.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alexander-beck.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "achalay.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "acoustique-tardy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "allplayer.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aintevenmad.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "akoch.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27115,11 +26668,9 @@ { "name": "alfaponny.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "3dmusiclab.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "andrewdavidwong.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "agalliasis.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alpha.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "americanmediainstitute.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alex97000.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "alainmargot.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "anime1video.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "anime1.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "andschwa.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27130,7 +26681,6 @@ { "name": "anedot.space", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "allangirvan.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alexandre-blond.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "agamsecurity.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "angusmak.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "amiciidogrescue.org.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alleskomtgoed.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27153,10 +26703,8 @@ { "name": "apiary.blog", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "apiary.supplies", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "annedaniels.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "amicalecanyon.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "apiary.supply", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "apis.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ambholding-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "altstipendiaten.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "amicsdelbus.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "angeloroberto.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27170,10 +26718,8 @@ { "name": "apartmentkroatien.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "archsec.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "antoinemary.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "alize-theatre.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alpinepubliclibrary.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "albanien.guide", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "agsb.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "andreasanti.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ankwanoma.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "amoozesh98.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27203,8 +26749,6 @@ { "name": "arresttracker.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ajnasz.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "anipassion.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "api-connect.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "animationsmusicales.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "antama.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "armyofbane.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "apm.com.tw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27228,18 +26772,13 @@ { "name": "asuka.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "artansoft.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "au2pb.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ar-informatique.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "appel-aide.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "asialeonding.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "atzenchefin.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "airportlimototoronto.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "anons.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arnaudminable.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aussieservicedown.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "aquadonis.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "astaninki.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "aquabio.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "asdyx.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "asanger.biz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "armil.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "assumptionpj.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27256,12 +26795,9 @@ { "name": "awsmdev.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aspatrimoine.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "australianfreebets.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "arnoldkontz-occasions.lu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "avspot.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "art-et-culture.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "andrea-m.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "audiolibri.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ataton.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "auvernet.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "autos-retro-plaisir.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "360live.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27271,7 +26807,6 @@ { "name": "avnet.ws", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "assistance-personnes-agees.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "azu-l.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "atelier-coiffure.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "babeleo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "autoxy.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bandarifamily.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27285,12 +26820,10 @@ { "name": "atracaosexshop.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "avtogara-isperih.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alter-news.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "artdeco-photo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "babycamapp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "austromorph.space", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aveapps.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "avedesk.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "atds.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ateliernihongo.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bangdream.ga", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "autostop-occasions.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27298,8 +26831,6 @@ { "name": "babai.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "antoinemary.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ax25.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "b-services.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "avvcorda.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "barnrats.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bananensap.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "b-ticket.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27307,8 +26838,6 @@ { "name": "balcaonet.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "b4z.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "avid.blue", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "atraverscugy.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "autoterminus-used.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "awen.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "barlotta.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "audiorental.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27316,13 +26845,8 @@ { "name": "answers-online.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "baumannfabrice.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "battleboxx.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "autotechschool.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "baby-digne.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bearingworks.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bdenzer.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "backsideverbier.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "baladecommune.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "balade-commune.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beekeeper.blog", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beekeeper.clothing", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beekeeper.supplies", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27339,10 +26863,8 @@ { "name": "aurora-multimedia.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "balidesignshop.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "around-the-blog.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bariseau-mottrie.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "banned-bitches.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "averam.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "baciu.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beautyevent.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aqua-fotowelt.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bc-diffusion.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27355,7 +26877,6 @@ { "name": "bernhard-seidenspinner.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bedandbreakfast.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bedandbreakfasteuropa.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bda-boulevarddesairs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "belewpictures.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bichonfrise.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bghost.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27364,18 +26885,14 @@ { "name": "betterworldinternational.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "berlin-flirt.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "berthelier.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "better.fyi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "beaute-eternelle.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bentphotos.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "biaggeo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "arfad.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beraru.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "birdbrowser.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bestwarezone.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "biletua.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bedouille.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "biletru.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "belien-tweedehandswagens.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bikkelbroeders.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "binaryappdev.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bikkelbroeders.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27384,16 +26901,12 @@ { "name": "bibliotekarien.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beacinsight.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bestbyte.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "becs.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bernhardkau.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "belastingdienst-in-beeld.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bison.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "batipresta.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "blenderrecipereviews.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "biblioblog.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "belloy.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bladesmith.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "belloy.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bestschools.top", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "blizhost.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bijoux.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27405,7 +26918,6 @@ { "name": "bitpoll.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "blackhillsinfosec.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bakersafari.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "b-cyclesshop.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bilalkilic.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bitsync.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "baugemeinschaftbernstein.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27418,7 +26930,6 @@ { "name": "bookingready.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bookmakersfreebets.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bitwrought.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "beexfit.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bnin.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bohyn.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bodyconshop.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27428,9 +26939,6 @@ { "name": "batolis.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bradypatterson.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "blumenwiese.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bioligo.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "biogecho.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "biogecho.swiss", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "booox.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "boschee.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bornfiber.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27446,13 +26954,10 @@ { "name": "blakecoin.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bondarenko.dn.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brettelliff.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bonnant-associes.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aprpullmanportermuseum.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brianfoshee.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "braeunlich-gmbh.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bress.cloud", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bouckaert-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "boscoyacht.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bls-fiduciaire.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bsidesf.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "biologis.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27463,11 +26968,9 @@ { "name": "brightonchilli.org.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "botserver.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "boutiquedecanetas.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bonnant-partners.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brrd.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bubhub.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brainfpv.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "boimmobilier.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brewsouth.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "btserv.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "broerweb.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27492,8 +26995,6 @@ { "name": "byji.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "buyessays.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "byatte.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bretzner.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "brainball.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "c2o-library.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "burckardtnet.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bronetb2b.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27501,7 +27002,6 @@ { "name": "by1898.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "boyan.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "buttercupstraining.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bm-immo.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "butarque.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ca5.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "caliderumba.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27517,8 +27017,6 @@ { "name": "caferagazzi.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bytecode.no", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bodyworkbymichael.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "businesscentermarin.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cadetsge.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "calleveryday.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "camelservers.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "caerostris.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27528,8 +27026,6 @@ { "name": "cardelmar.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "buronwater.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cashmaxtexas.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "brave-foods.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "brave-foods.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "catchersgear.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cata.ga", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "carre-lutz.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27555,7 +27051,6 @@ { "name": "cafefresco.pe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cfneia.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "celigo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cdda.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ccv-deutschland.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cc-brantomois.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "catburton.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27577,24 +27072,17 @@ { "name": "cheapessay.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "catalogoreina.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cheah.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "celiendev.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chordso.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "charitylog.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "celuliteonline.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "centreoeil.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "c3-compose.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "chaletpierrot.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "chazalet.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chronic101.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "casbia.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "churchlinkpro.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "catharisme.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "catharisme.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chemicalguys-ruhrpott.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chinwag.im", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "catharisme.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cheapestgamecards.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "chevymotor-occasions.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chrispstreet.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chesspoint.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cityoftitans.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27647,30 +27135,23 @@ { "name": "coincealed.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chocolat-suisse.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cloudfren.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cie-theatre-montfaucon.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cncbazar365.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "conservados.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chsh.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cielbleu.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "comparesoft.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cloppenburg-automobil.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "clubscannan.ie", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cloppenburg-autmobil.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "conmedapps.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "colasjourdain.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "chiropratique-neuchatel.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "coolbutbroken.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "collard.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "chirosphere.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cocquyt-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cloud2go.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "capachitos.cl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "chiro-neuchatel.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "continuation.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "comyuno.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cloud.bugatti", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "coastline.net.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "chiropraticien-neuchatel.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "copycrafter.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "coorpacademy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "computernetwerkwestland.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27687,29 +27168,23 @@ { "name": "controleer-maar-een-ander.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cosmofunnel.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cptoon.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "clindoeilmontagne.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cestunmetier.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chaifeng.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "conceptatelier.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "corlinde.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "claudia-urio.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "comunidadmontepinar.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cpcheats.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cometonovascotia.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "consejosdenutricion.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "conkret.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cncrans.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "condroz-motors.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "comefollowme2016.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "connectmy.car", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ctj.im", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "coptic-treasures.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "compagniemartin.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "crossfunctional.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "curiouscat.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cosmiatria.pe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "conkret.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "colson-occasions.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "conkret.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "colarelli.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "conformist.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27720,7 +27195,6 @@ { "name": "creeks-coworking.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "costa-rica-reisen.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "crunchy.rocks", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "congobunkering.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cuongthach.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "currynissanmaparts.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "customwritingservice.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27736,11 +27210,9 @@ { "name": "curvesandwords.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "coroasdefloresonline.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "crox.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cqn.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cryptofan.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "d3njjcbhbojbot.cloudfront.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cypressinheritancesaga.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "counter-team.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cruikshank.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ctnguyen.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ctnguyen.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27760,16 +27232,13 @@ { "name": "cryptography.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "create-ls.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cryptology.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "csinterstargeneve.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "daisuki.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "davetempleton.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "d1ves.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cotonmusic.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "danwin1210.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cyberspace.today", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "darookee.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "crawl.report", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cordeydesign.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "daktarisys.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cspeti.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "datacubed.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27780,9 +27249,7 @@ { "name": "darkanzali.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "darylcumbo.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cutner.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cospol.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cyumus.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "darioackermann.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dallaslu.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cs2016.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "defender-pro.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27798,7 +27265,6 @@ { "name": "cutelariafiveladeouro.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dcw.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dctxf.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "daoro.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "danotage.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dbyz.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "deniszczuk.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27807,9 +27273,7 @@ { "name": "dawnbringer.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "demo-server.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dermot.org.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "dchatelain.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "d-academia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "davo-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "deepsouthsounds.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "d-parts24.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dennisvandenbos.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27817,12 +27281,10 @@ { "name": "danskringsporta.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "defxing.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "depaddestoeltjes.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "decock-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "diamondpkg.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dental-misaki.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dhaynes.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "demotivatorbi.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "delbecqvo.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "diabolic.chat", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "decofire.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "depone.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27830,14 +27292,11 @@ { "name": "destileria.net.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dalmatiersheusden.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "devalps.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "depotter-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "deliandiver.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "desktopfx.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "dc-occasies.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "developersclub.website", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "depth-co.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "diccionarioabierto.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "coteries.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "digitaldatacenter.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dicionariopopular.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "datumou-osusume.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27845,15 +27304,10 @@ { "name": "diwei.vip", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "digitaldeli.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dissertationhelp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "designskin.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "degata.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "devjack.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "demeyere-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dhl-smart.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "devillers-occasions.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "digitalewelten.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "digitaltechnologies.ltd.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "dermatologie-morges.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "diskbit.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "discha.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dieselanimals.lt", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27893,13 +27347,11 @@ { "name": "domythesis.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "djangogolf.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dewapress.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "disrupters.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dm4productions.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "drdipilla.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "doujin.nagoya", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "disinisharing.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dog-blum.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "dessinemoilademocratie.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "disadattamentolavorativo.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "doomoo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "doop.im", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27945,7 +27397,6 @@ { "name": "dsancomics.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dormebebe.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "doveholesband.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "do-prod.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dullapp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "droidwave.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ebertek.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -27969,7 +27420,6 @@ { "name": "digitalcraftmarketing.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dtdsh.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eeetrust.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "duriaux-dentiste.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "elite-box.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "elhamadimi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "divvyradio.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28004,7 +27454,6 @@ { "name": "elliff.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dovenzorgmalawi.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "efa-football.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "dvnatura.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "emil.click", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "elektro-roth.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eolme.ml", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28017,7 +27466,6 @@ { "name": "eickhof.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "envoyglobal.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eickhof.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ecoledusabbat.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "epiphyte.network", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eigenbubi.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "elternverein-utzenstorf.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28045,11 +27493,7 @@ { "name": "elodieclerc.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "essenceofvitalitydetox.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "essayforsale.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "emivauthey.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eltern-verein.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "economies.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "emond-usedcars.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ellevit.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dynts.pro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "etaoinwu.win", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "enemiesoflight.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28067,22 +27511,18 @@ { "name": "eworksmedia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "exeintel.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "evolutionpets.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "energie-sante.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "example.wf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "evilarmy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "epistas.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "etienne.cc", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "epossystems.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "echoworld.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ethiobaba.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ethicsburg.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "evertonarentwe.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "esquirou-trieves.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "evrica.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "expowerhps.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eron.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "essentiel-physique.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "entrecieletpierres.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ergovitanet.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "esteticanorte.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "etangs-magazine.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28093,11 +27533,8 @@ { "name": "exmoe.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "exploravacations.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "exembit.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "etoile-usedcars.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "etre-soi.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eth-faucet.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "falconwiz.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "essteebee.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "faberusa.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "extradesktops.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "evodation.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28111,7 +27548,6 @@ { "name": "ezwritingservice.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "faithmissionaries.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "efag.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "etudesbibliques.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "exceed.global", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fantasticcleaners.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ecococon.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28125,10 +27561,8 @@ { "name": "euroalter.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fads-center.online", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "faxite.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "etudesbibliques.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fabienne-roux.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "faluninfo.ba", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "etudesbibliques.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "felixbarta.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fermanacuratampaparts.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fireboxfood.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28160,7 +27594,6 @@ { "name": "filoitoupediou.gr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "finvantage.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "followback.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "florianschmitt.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "faraslot8.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fassi-sport.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "faraslot8.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28178,7 +27611,6 @@ { "name": "fougner.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eswap.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "filo.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fini-de-jouer.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "flagshop.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fonseguin.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fidelis-it.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28217,13 +27649,10 @@ { "name": "franklinhua.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "friller.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fs-fitness.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "feuetgloire.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "format-paysage.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "freergform.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fussell.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gafunds.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "futrou.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "forge-goerger.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gadabit.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "funniestclip.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fsck.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28236,7 +27665,6 @@ { "name": "frino.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gdb-tutorial.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "friezy.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "francoislepage.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "funnybikini.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fukakukeiba.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fid-elite.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28247,11 +27675,9 @@ { "name": "fokan.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fsck.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "foerster-kunststoff.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "francois-occasions.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ftgho.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fwest98.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "geh.li", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fuelingyourdreams.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "espigol.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "g-i-s.vn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "freifamily.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28260,12 +27686,9 @@ { "name": "fusa-miyamoto.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gdgrzeszow.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fussball-xxl.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "forward-fly-fishing.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fit-4u.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gemsoftheworld.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "geekles.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "geass.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "g3dev.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gamenerd.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "genesismachina.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gginin.today", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28273,9 +27696,7 @@ { "name": "gethow.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gestormensajeria.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "erf-neuilly.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "frtrains.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "getyourphix.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "gachter.name", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gentoo-blog.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "georgebrighton.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "george-brighton.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28286,9 +27707,7 @@ { "name": "geldimblick.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "getmerch.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gamblersgaming.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "gegeco.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "getfilterlive.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fumerolles.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "globalelite.black", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gleanview.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "getyeflask.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28311,11 +27730,9 @@ { "name": "gmx.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "geektopia.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gmx.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "geoscope.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gmx.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ginniemae.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gelis.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "gapfa.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gottfridsberg.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fysiovdberg.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "glutenfreelife.co.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28325,15 +27742,12 @@ { "name": "grande.coffee", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gigin.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "grayhatter.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "gentianes.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "festival.house", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "galak.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gfxbench.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "goldfelt.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "givastar.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gpalabs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gendundrupa.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ginionusedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "goup.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "grayson.sh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "global.hr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28341,14 +27755,10 @@ { "name": "gmanukyan.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gronau-it-cloud-computing.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "goup.com.tr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "gillesmorelle.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "gagygnole.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "freesourcestl.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gmat.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gioielleriamolena.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "global-office.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gregoryrealestategroup.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "geneve-naturisme.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gilmoreid.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "govtjobs.blog", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gmx.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28403,7 +27813,6 @@ { "name": "guichet-entreprises.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "globalnewsdaily.cf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hdguru.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "gregoirow.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "healthlabs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "haschrebellen.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "harmfarm.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28417,8 +27826,6 @@ { "name": "gvpt.sk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hanashi.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hexapt.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "hd1tj.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "groupghistelinck-cars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "heroicpixel.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "helenaknowledge.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "heinzelmann.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28464,7 +27871,6 @@ { "name": "hopglass.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hizzacked.xxx", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "howtogeekpro.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "hinrich.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hostingfirst.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hoiku-navi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "humanity.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28494,7 +27900,6 @@ { "name": "hydrodipcenter.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "home-cloud.online", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "i1place.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "hugolynx.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "horodance.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hvdbox.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "i-geld.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28548,16 +27953,13 @@ { "name": "immobiza.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "innovativebuildingsolutions.co.za", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "holidayincotswolds.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "igimusic.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "icsadviseurs.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ingalabs.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "internetbugbounty.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "indecipherable.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ingjobs.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "indogermantrade.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "idc-business.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "industrybazar.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "huguesditciles.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "investigazionimoretti.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ifan.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ibrom.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28572,14 +27974,11 @@ { "name": "instagramtweet.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "int-ext-design.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "innolabfribourg.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "imagerive.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ifosep.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "inventtheworld.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "irugs.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ingresscode.cn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "inlink.ee", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "invinsec.cloud", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "hockeymotion.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "istheservicedown.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "istheservicedowncanada.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "istheservicedown.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28605,7 +28004,6 @@ { "name": "iwpbk.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "isdn.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ivi-co.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ip-hahn.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "j-eck.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "internetinhetbuitengebied.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jabergrutschi.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28614,7 +28012,6 @@ { "name": "insolent.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jaberg-rutschi.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "innwan.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "inventaire.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "iteha.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "its-future.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jhaveri.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28626,8 +28023,6 @@ { "name": "janking.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "javilacat.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jamesforman.co.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "jaguarlandrover-asse.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "jaguarlandrover-occasions.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jakobkrigovsky.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "itpro-mg.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jimenacocina.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28641,7 +28036,6 @@ { "name": "jmarciniak.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "johnrockefeller.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "impacter.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "investir.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jasonmili.online", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jardinderline.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jardin-exotique-rennes.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28650,7 +28044,6 @@ { "name": "joelmunch.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "josefottosson.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jmbelloteau.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "jbs-jardins.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jobsuchmaschine.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jobs4sales.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jelena-adeli.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28672,13 +28065,11 @@ { "name": "jumpinchat.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jordikroon.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jsbentertainment.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "izuba.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jongcs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jasonradin.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jvn.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jungleducks.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "julianickel.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "joi-dhl.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "juliawebber.co.za", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jornalalerta.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "joyjohnston.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28686,12 +28077,10 @@ { "name": "johnfulgenzi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "just-pools.co.za", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jskoelliken.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "jasongerber.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kakolightingmuseum.or.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kasnoffskinclinic.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jyggen.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kaydan.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "je-vends.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "keb.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "k1cp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jonathanmassacand.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28724,7 +28113,6 @@ { "name": "kazuhirohigashi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "karlic.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kanscooking.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "k-pture.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jsjyhzy.cc", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jouetspetitechanson.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "keishiando.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28739,7 +28127,6 @@ { "name": "kiehls.pt", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kelm.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "keezin.ga", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "julianskitchen.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kolin.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kanuvu.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "knegten-agilis.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28792,7 +28179,6 @@ { "name": "kteen.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "la-serendipite.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lafayette-rushford.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "kode.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ladylucks.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kuko-crews.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "krag.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28829,10 +28215,8 @@ { "name": "lenyip.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "launchpad-app2.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lernerspersonalinjury.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lapassiondutrading.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "labella-umbrella.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lenyip.works", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "laled.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "latabledebry.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kiwiplace.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "klaim.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28858,22 +28242,18 @@ { "name": "lesquatredauphins.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "limeburst.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lilygreen.co.za", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "legendesdechine.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "linky.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lichess4545.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lichess4545.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "likenosis.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lingeriesilhouette.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lightning-ashe.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lapotagere.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "le-page.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lidl-holidays.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "leponton-lorient.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "laemen.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "librairie-asie.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jordanstrustcompany.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "locker3.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "latitudesign.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lidl-shop.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "locker.email", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lithianissaneugeneparts.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28882,9 +28262,6 @@ { "name": "laforetenchantee.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lezard-com.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lexxyn.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lacledor.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "laclefdor.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "les-ateliers-de-melineo.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "leavesofchangeweekly.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jwolt-lx.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "libdeer.so", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28901,7 +28278,6 @@ { "name": "limules.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kotausaha.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "linuxiuvat.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lesberger.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "linearaudio.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lostarq.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lissabon.guide", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28934,9 +28310,7 @@ { "name": "luk.earth", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lovetravel360.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "loyaleco.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lausannelovers.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lodgesdureynou.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lordofthebrick.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lucid-light.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lojasviavento.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lojamascate.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28961,7 +28335,6 @@ { "name": "malikussa.id", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "magebankin.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "manavgabhawala.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "loperetti.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "madirc.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "maomihz.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lzh.one", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28971,15 +28344,12 @@ { "name": "mailflank.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "maartenprovo.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "makeshiftco.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mac-i-tea.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "malasuk.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "maedchenflohmarkt.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "littlepincha.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "manipulatedtme.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "le-blog.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "m-orthodontic.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "maedchenflohmarkt.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "loveysa.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "marcianoandtopazio.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "marakovits.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "maliar.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -28988,15 +28358,11 @@ { "name": "massagecupping.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "marshmallow.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "madbin.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "macnetwork.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mastichor.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lune-indigo.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "macnetwork.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "markus-ullmann.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mainston.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "maroc-bivouac.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "markllego.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "macnetwork.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "marqueswines.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "main-unit.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mckinleytk.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29004,11 +28370,9 @@ { "name": "maleexcel.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "marcelparra.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "massage-vitalite.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lyonelkaufmann.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mattisam.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "marykshoup.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "magazinedabeleza.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lovesmagical.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mannheimbloggt.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "makenaiyo-fx.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mckenry.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29017,14 +28381,11 @@ { "name": "matthijssen.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ma-plancha.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "me-dc.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "memfrob.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "me-center.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "marin-business-center.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "martingansler.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "me-groups.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mazda626.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "melnessgroup.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "marinbusinesscenter.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "maxims-travel.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "manipil.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mathers.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29045,8 +28406,6 @@ { "name": "mbdrogenbos-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mbwemmel-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mgsisk.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mbcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "maxipcalls.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "metin2sepeti.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mercanix.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mhatlaw.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29066,11 +28425,9 @@ { "name": "millhousenchurch.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "metrans-spedition.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mikedugan.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mirco-grams.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "microblading.pe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mikegarnett.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "medifab.online", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "marin-tullet.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "minebier.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mgiay.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mfrsgb45.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29118,7 +28475,6 @@ { "name": "momstableonline.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "miguelmartinez.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "monteurzimmerfrei.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "moreserviceleads.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "moneytoday.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "moonrhythm.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "moonrhythm.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29126,10 +28482,8 @@ { "name": "moppeleinhorn.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mojefilmy.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mrca-sharp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "moncoach.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mosaique-lachenaie.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "migueldominguez.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mobilisation-generale.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "modcasts.video", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "multipleservers.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "moritztremmel.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29137,7 +28491,6 @@ { "name": "mizipack.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mindbodytherapymn.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mrbmafrica.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mieuxgrandir.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mstd.tokyo", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mindercasso.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mrstat.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29177,7 +28530,6 @@ { "name": "mycamda.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "music-is-my-life.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myrent.quebec", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mycofairtrade.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "munirajiwa.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myoptumhealthcomplexmedical.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mariage-photo.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29186,7 +28538,6 @@ { "name": "muenchberger.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mystorymonster.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mtfgnettoyage.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mullens-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nahura.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "moderatorenpool.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "my-ebook.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29207,7 +28558,6 @@ { "name": "myrig.com.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mzorn.photography", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nbtparse.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "moha-swiss.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "moudicat.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "netki.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "napcae.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29217,7 +28567,6 @@ { "name": "nedwave.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "newbownerton.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mysteryblog.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "monbudget.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nacin.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "newsquantified.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nalukfitness.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29227,7 +28576,6 @@ { "name": "nehoupat.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "netde.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nesolabs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nailattitude.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "musikverein-elten.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ndcpolipak.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "neostralis.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29236,7 +28584,6 @@ { "name": "nbur.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "newaccess.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nicolasiung.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mysterymind.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "night2stay.cn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nebulae.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nexgeneration-solutions.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29268,7 +28615,6 @@ { "name": "nexus-vienna.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myspicer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nodeselect.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mitaines.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nirvanashop.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nipe-systems.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nihon-no-sake.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29291,15 +28637,12 @@ { "name": "nsfw-story.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nopaste.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "notboring.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nativs.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "needstyle.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "menanwc.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "northernhamsterclub.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nordinfo.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nowcost.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "newguidance.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "munch.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nanarose.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "noudjalink.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "niceguyit.biz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nofrillsdns.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29308,7 +28651,6 @@ { "name": "nystudio107.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nothing.org.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "officemovepro.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "niesstar.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nucleuscore.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "newsmotor.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nodesturut.cl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29316,7 +28658,6 @@ { "name": "nullpointer.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nuel.cl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nsbfalconacademy.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nikimix.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "oklahomanotepro.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "netbows.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nlrb.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29355,20 +28696,16 @@ { "name": "omertabeyond.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "netbows.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "natuterra.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "numerik-games.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "overstockpromote.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "olivlabs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "opengateway.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "osakeannit.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nxinfo.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "oficinadocelular.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "openstem.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "novelinglife.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "orians.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "oswalds.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "owennelson.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "paizinhovirgula.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "oftamedic.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "owapi.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "p3.marketing", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "paavolastudio.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29384,14 +28721,12 @@ { "name": "ofo2.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pasadenasandwichcompany.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "padrepio.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "oneclic.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "papersmart.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "paperwritinghelp.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "onnee.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "panascais.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "papayame.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "panascais.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "olasouris.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "passwordscon.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "panascais.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "panascais.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29425,7 +28760,6 @@ { "name": "pdfconvert.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "noc.wang", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "party-kneipe-bar.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "paf-events.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pawelnazaruk.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "paranoidpenguin.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "peterjohnson.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29455,7 +28789,6 @@ { "name": "peraparker.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "paulomonteiro.pt", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pinterest.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "olizeite.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "piccirello.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pinterest.engineering", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "peterandjoelle.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29476,7 +28809,6 @@ { "name": "pinterest.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pivotanimation.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pinkapple.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "parentheseardenne.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pirateproxy.cc", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pikmy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "phoenicis.com.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29529,16 +28861,13 @@ { "name": "plus-u.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "plasvilledescartaveis.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "plumpie.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pharmacieplusfm.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "proctorio.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pornomens.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "potatopro.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pbosquet.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pardnoy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "plutopia.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "poeg.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "poseidonwaterproofing.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pleine-conscience.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "prac.to", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "post.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "plumnet.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29554,7 +28883,6 @@ { "name": "projectunity.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "phcimages.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pornohub.su", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ploofer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pmconference.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "proovn.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "project.supply", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29563,7 +28891,6 @@ { "name": "procharter.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "primaconsulting.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "proxyportal.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "plantastique.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "power-fit.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "profitablewebprojects.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "programsupport300procent.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29572,11 +28899,8 @@ { "name": "privacyscore.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "propepper.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "prodinger.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "plantastique.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "poleacademie.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "proactive.run", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "productpeo.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "planetbreath.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "qbnt.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "puentes.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "py-amf.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29584,14 +28908,10 @@ { "name": "prestigerepairs.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "premiumwebdesign.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ptrl.ws", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "prevenir.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "presses.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "protonvpn.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "psychic-healer-mariya-i-petrova-boyankinska-b-borovan-bg.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "prepaid-cards.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "polizeiwallis.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pythonic.training", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "procert.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "queensrdapartments.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pieterbos.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "quickandroid.tools", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29609,18 +28929,15 @@ { "name": "packagingproject.management", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "quaggan.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "raryosu.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "queroreceitasoberana.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rationalcreation.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pulsedursley.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "prestigesigns.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "puzzlepoint.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "psyao.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rabota-x.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "reath.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "qiannews.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "redeemingbeautyminerals.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "raghavdua.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "puissancemac.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rcraigmurphy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "realraghavgupta.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rakugokai.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29642,7 +28959,6 @@ { "name": "propagandablog.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "realworldholidays.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rdyrda.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "query-massage.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "qrcontagion.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "redshiftlabs.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rebelz.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29697,7 +29013,6 @@ { "name": "revapost.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rigabeerbike.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "prague-swim.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "rgcomportement.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "richardson.systems", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "reimann.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "retetenoi.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29750,16 +29065,13 @@ { "name": "said.my.id", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "s3n.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "runklesecurity.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "rrg-partner.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "robertrijnders.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "samaritan.tech", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sagarhandicraft.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "rogersaam.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rtvi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ruurdboomsma.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rogersremovals.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rage-overload.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "roulinfo.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pragueswim.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "richardson.software", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sanskritiyoga.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29771,8 +29083,6 @@ { "name": "s4tips.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rummel-platz.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "savingbytes.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "rvnoel.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "rrdesignsuisse.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "salonestella.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sbobetfun.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sanatrans.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29782,10 +29092,8 @@ { "name": "sandraindenfotografie.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "regily.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sayura.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "risaphuketproperty.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rychlikoderi.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rnt.cl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "salensmotors-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rucnerobene.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "savisasolutions.co.za", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sanatorii-sverdlovskoy-oblasti.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29794,7 +29102,6 @@ { "name": "sanitairwinkel.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "redperegrine.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schippendale.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "santenatureetcie.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schmaeh-coaching.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schraugerrun.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sanitairwinkel.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29825,7 +29132,6 @@ { "name": "redcomet.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sentinelproject.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "scm-2017.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "sapprendre.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sebastian-kraus.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schnell-abnehmen.tips", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "seo.tl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29844,7 +29150,6 @@ { "name": "serbien.guide", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "semacode.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "servpanel.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "sdvigpress.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "serviceboss.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "securocloud.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "seoprovider.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29871,16 +29176,13 @@ { "name": "shopsouthafrican.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sfhobbies.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "securityarena.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "sgtt.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "santorinibbs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sharezen.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sha2017.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "santevie.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shaharyaranjum.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "seo-portal.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shieldofachilles.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shichibukai.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "schwarzhenri.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sexshopnet.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sheying.tm", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shining.gifts", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29913,13 +29215,11 @@ { "name": "sirena.co.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "singles-berlin.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "skinpwrd.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "sfo-fog.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "slik.ai", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "single-in-stuttgart.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sjdaws.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shoshin-aikido.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "silvergoldbull.mw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "sigismonda.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "skylgenet.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "smartwritingservice.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "skatingchina.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29932,7 +29232,6 @@ { "name": "sl0.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "scistarter.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "silvergoldbull.cm", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "smutek.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "snap.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "securoswiss.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "silvergoldbull.ws", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -29964,13 +29263,11 @@ { "name": "songsmp3.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "smit.com.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sgtsnookums.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "smartandcom.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "southcoastswords.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "seanstrout.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "softclean.pt", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "silvergoldbull.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sodafilm.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "skyloisirs.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sluplift.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "some.rip", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sm2016.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30050,10 +29347,8 @@ { "name": "sportscollection.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stratmann-b.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "spisoggrin.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "souris.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "strozik.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "syneart.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "sterchi-fromages.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "strila.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sportovnidum.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sukrie.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30068,7 +29363,6 @@ { "name": "supercreepsvideo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stylewish.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sja-se-training.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "stadm.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "survivebox.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stlukesbrandon.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sylvaindurand.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30079,14 +29373,12 @@ { "name": "systoolbox.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tam7t.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tattvaayoga.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "studiovaud.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tdsbhack.cf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "szybkiebieganie.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sysadm.guru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tapestries.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tbonejs.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tastystakes.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "soinvett.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "talon.rip", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "svenskaservern.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tankfreunde.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30094,7 +29386,6 @@ { "name": "tadtadya.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tdsbhack.ml", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "student-eshop.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "stringvox.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "student-eshop.sk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tdsbhack.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tajper.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30112,10 +29403,8 @@ { "name": "teamupturn.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tabithawebb.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tabino.top", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "symbiose-immobilier.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "snafarms.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "teddybradford.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "swisselement365.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "taartenfeesies.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "suzi3d.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tatiloley.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30136,7 +29425,6 @@ { "name": "spillersfamily.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tantei100.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tenerife-villas.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "taxicollectif.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "talkreal.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "taniku-succulent.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "textpedia.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30144,23 +29432,16 @@ { "name": "tenberg.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tandblekningidag.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tele-online.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "taxiscollectifs.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "taxi-collectif.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "taxi-chamonix.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "taxis-collectifs.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thebasementguys.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "symbiose-com.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tenseapp.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thailandpharmacy.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "takeitoffline.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "telecharger-open-office.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "telecharger-winrar.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "the-zenti.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "symb.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thebrightons.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "theebookkeepers.co.za", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thajskyraj.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "symbiosecom.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thefbstalker.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tf2calculator.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thepathsofdiscovery.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30187,7 +29468,6 @@ { "name": "sundanceusa.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thecsw.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thunderkeys.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "thalmann.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ticketsource.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ticketsource.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tillberg.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30201,7 +29481,6 @@ { "name": "thunderfield-boat.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ti-js.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "therumfordcitizen.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "thierry-daellenbach.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tiew.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thomas-ferney.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thgros.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30210,14 +29489,11 @@ { "name": "todaciencia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thinkswap.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tibovanheule.site", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "thecherryship.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tele-alarme.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tommounsey.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tilient.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "todosrv.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "telealarme.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thuthuatios.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "thomasstevensmusic.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "totoro.pub", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thisistheserver.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "teleallarme.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30228,7 +29504,6 @@ { "name": "tircentrale.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tpansino.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "toka.sg", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "thierrybasset.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tokumei.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tinf15b4.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tobyx.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30240,7 +29515,6 @@ { "name": "themacoaching.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tkjg.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "startup.melbourne", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "tjp.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tobischo.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "trangcongnghe.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "top-obaly.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30288,7 +29562,6 @@ { "name": "twem.ddns.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "twenty71.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ttll.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "thaiforest.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tsukuba.style", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tuts4you.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "twincitynissantxparts.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30340,7 +29613,6 @@ { "name": "upwork.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "twohuo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thebeginningisnye.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "trustfield.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vccmurah.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "umaimise.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vasports.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30355,7 +29627,6 @@ { "name": "vernonchan.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "u-tokyo.club", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "usebean.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "totalforcegym.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "unleash.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vicyu.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "united-schools.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30377,10 +29648,8 @@ { "name": "vionicbeach.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "urgences-valais.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "torbay.ga", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "teoleonie.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vandermeer.frl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vegepa.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "univercite.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "visistruct.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "victornet.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vermuetje.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30392,18 +29661,15 @@ { "name": "verzick.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "veverusak.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vaud-fleurs.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "univitale.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "viptamin.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vallutaja.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vitalyzhukphoto.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vlvvl.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "visaexpert.co.za", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vrlaid.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "vaperolles.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "voidshift.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vladislavstoyanov.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "uniformecomgas.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "verstraetenusedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "versfin.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vagabondgal.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "virtualvaults.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30413,8 +29679,6 @@ { "name": "ventzke.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vivianmaier.cn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "viceversa.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ucch.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "vima.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vpn.pics", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vancouvercosmeticsurgery.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vamoaeturismo.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30437,16 +29701,11 @@ { "name": "wafni.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "webproshosting.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wadsworth.gallery", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "voicu.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vlsm.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "webfox.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wearesouthafricans.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "viabemestar.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "viralpop.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "viteoscrm.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "waaw.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "vriesdonkow.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "visapourailleurs.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "websharks.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wellopp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "we.serveftp.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30481,10 +29740,8 @@ { "name": "web2ldap.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wellbeing360.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wildboaratvparts.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "votresiteweb.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "waytt.cf", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "weedypedia.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "webrentcars.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wjm2038.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "werehub.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "webliberty.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30507,7 +29764,6 @@ { "name": "vocalviews.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wprevs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "webcookies.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "wiliquet.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vos-fleurs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vos-fleurs.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "willkommen-fuerstenberg.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30527,7 +29783,6 @@ { "name": "wsup.social", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "writing-expert.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "writecustomessay.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "wirbatz.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wpturnedup.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "victoreriksson.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "writingcities.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30551,9 +29806,7 @@ { "name": "wrongware.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vpnservice.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wieobensounten.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "whatsupoutdoor.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wubify.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "xferion.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xkblog.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "woodev.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wrapitup.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30561,7 +29814,6 @@ { "name": "www.re", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xmedius.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xn--gmq92k.nagoya", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "wikipeter.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xn--l8j9d2b.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xn--baron-bonzenbru-elb.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "woheni.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30601,7 +29853,6 @@ { "name": "yelp.com.tr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xubo666.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yelp.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "whitealps.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yelp.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yelp.co.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xyzulu.hosting", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30615,16 +29866,12 @@ { "name": "yelp.com.ar", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yelp.cl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yelp.com.sg", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "whitealps.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yelp.com.ph", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "www-1116.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yelp.com.tw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xn--uist1idrju3i.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "whitealps.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yelp.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "whitealps.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yelp.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "whitealps.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yelp.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yelp.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yemalu.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30639,7 +29886,6 @@ { "name": "yelp.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yelp.ie", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yelp.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "whitealps.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yelp.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yiyuanzhong.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yelp.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30683,12 +29929,10 @@ { "name": "yumeconcert.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yggdar.ga", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zeilles.nu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "yanngraf.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yourforex.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zeilenmethans.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yue2.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zlima12.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "yanngraf.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zrniecka-pre-sny.sk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zepect.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zfree.co.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30723,7 +29967,6 @@ { "name": "xn--e--ig4a4c3f6bvc5et632i.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xn--pck4e3a2ex597b4ml.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xn--e--0g4aiy1b8rmfg3o.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "zug-anwalt.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xn--vck8crcu789ajtaj92eura.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xn--t8j4aa4nkg1h9bwcvud.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wpunpacked.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30782,7 +30025,6 @@ { "name": "4bike.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "5francs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "afbeelding.im", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "actionmadagascar.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aabanet.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alerts.sg", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alextaffe.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30828,7 +30070,6 @@ { "name": "arlenarmageddon.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alistairstowing.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arachina.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "alphafiduciaryservices.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "areyouever.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "antimatiere.space", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "afmtevents.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30852,7 +30093,6 @@ { "name": "alroniks.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "anttitenhunen.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aevpn.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "alliances-globalsolutions.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "b8a.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aqua-fitness-nacht.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "asmdz.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30862,7 +30102,6 @@ { "name": "amoozesh98.ir", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arox.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "azlo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "allo-credit.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arxell.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "astral.gq", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "acendealuz.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30885,7 +30124,6 @@ { "name": "artartefatos.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "balslev.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bargainmovingcompany.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "atelierdefrancais.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bedrocklinux.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bar-harcourt.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "apparels24.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30904,7 +30142,6 @@ { "name": "bernhardluginbuehl.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "benediktdichgans.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bagspecialist.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "audiophile.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beyondthecode.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bernhardluginbuehl.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "billrobinson.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30925,7 +30162,6 @@ { "name": "billy.pictures", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "24hrs.shopping", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "astutikhonda.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "base-autonome-durable.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bilder-designs.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bigerbio.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bgtgames.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -30985,8 +30221,6 @@ { "name": "brandcodeconsulting.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "birchbarkfurniture.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "birchbarkfurniture.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "brickheroes.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "brickvortex.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "briefhansa.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "birchbarkfurniture.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cabaladada.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31056,7 +30290,6 @@ { "name": "cd-sport.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chefgalles.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "christophebarbezat.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cftcarouge.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "citimarinestore.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ckostecki.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cjdpenterprises.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31084,7 +30317,6 @@ { "name": "commitsandrebases.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "connorsmith.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "coda.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cambiowatch.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "codefordus.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "coincolors.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "confidential.network", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31098,7 +30330,6 @@ { "name": "clubedalutashop.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "coigach-assynt.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "comprehensiveihc.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "client.coach", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "countingto.one", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cove.sh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "countyjailinmatesearch.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31121,7 +30352,6 @@ { "name": "cookingcrusade.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "csharpmarc.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cosirex.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "coachezmoi.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "controlarlaansiedad.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "csinfo.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cultofperf.org.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31159,7 +30389,6 @@ { "name": "daemwool.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cosmeticosnet.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "corpoatletico.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "club103.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "darbi.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "deborahmarinelli.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "daniel-stahl.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31172,10 +30401,7 @@ { "name": "dengode.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "deped.blog", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dataformers.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "derrickemery.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "criadorespet.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cvl.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "decalquai.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dcautomacao.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "daren.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "defme.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31200,7 +30426,6 @@ { "name": "devops.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dicoding.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "discord-chan.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "dborcard.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "designgraphic.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dev-talk.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "do13.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31296,15 +30521,12 @@ { "name": "enixgaming.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "en4rab.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "emergenzalavoro.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "economiefidu.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ecohostingservices.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ecosound.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ecole-iaf.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "elpoderdelespiritu.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "erverydown.ml", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eightyfour.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "esipublications.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "edition-bambou.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "elxsi.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "enduranceday.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eldertons.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31313,7 +30535,6 @@ { "name": "doriginal.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "evidence-based.review", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eventosenmendoza.com.ar", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "enigma.swiss", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "esports-network.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "etalent.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "drew.beer", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31330,14 +30551,12 @@ { "name": "ebolsas.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ecfnorte.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "elementalict.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "effe.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eatfitoutlet.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "evaartinger.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eyesoccer-didikh.rhcloud.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "erotpo.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fantasiapainter.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "evony.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "encretplomb.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "esb112.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ewsfeed.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eonhive.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31349,7 +30568,6 @@ { "name": "editoraacademiacrista.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "factorypartsdirect.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ezdog.press", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "diligo.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fatedata.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "expandeco.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "escueladewordpress.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31359,7 +30577,6 @@ { "name": "fashionunited.no", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "exside.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "expresswins.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "escontact.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eyes-of-universe.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "expert.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fanzlive.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31388,11 +30605,9 @@ { "name": "emporiopatanegra.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "figan.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "emporiovinareal.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "findingkorea.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "facanabota.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fotohome.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "filewall.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "film.photography", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "faixaazul.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "florinlungu.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fontawesome.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31430,7 +30645,6 @@ { "name": "ferreteriaxerez.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "finnclass.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ftng.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "fhconseil.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fullhub.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fyodorpi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "frickelmeister.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31459,7 +30673,6 @@ { "name": "geyduschek.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "girlsgenerationgoods.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fortricks.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "garagevanhulle-used.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "genfaerd.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fullautomotivo.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gochu.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31498,7 +30711,6 @@ { "name": "hackmeplz.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hamking.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "flyspace.ml", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "grupomakben.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gruenderlehrstuhl.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gzom.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "health-match.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31567,7 +30779,6 @@ { "name": "illuxat.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hostarea51.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "increasetestosteronelevels.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "hothbricks.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "infotainworld.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "img.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "igi.codes", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31581,7 +30792,6 @@ { "name": "ilamparas.com.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hoshimaquinas.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "inorder.website", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "illusionephemere.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ilmataat.ee", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "imperialmiami.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "inkhor.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31599,7 +30809,6 @@ { "name": "indilens.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "instava.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "irvinepa.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "imi-rhapsody.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "infoweb.ee", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "into.technology", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "irisjieun.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31641,17 +30850,14 @@ { "name": "imperialonlinestore.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jameshemmings.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "intertime.services", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "itecor.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jeffmcneill.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ispsoft.pro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "joaosampaio.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "josemikkola.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "invisibles.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "inflexsys.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jawnelodzkie.org.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "italyinspires.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jose.eti.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ivyshop.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jpmelos.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jpmelos.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "janaundgeorgsagenja.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31674,7 +30880,6 @@ { "name": "jez.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "juanxt.ddns.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kandec.co.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "jeanneret-combustibles.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "josoansi.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "k82.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kambodja.guide", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31694,7 +30899,6 @@ { "name": "kakoo.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kd.net.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kakoomedia.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "jpdeharenne.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "judc-ge.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jundimax.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "judosaintdenis.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31705,9 +30909,7 @@ { "name": "khs1994.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kalifornien-tourismus.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kloia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "kelgtermans-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "katoju.co.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "jimmyroura.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kostya.ws", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "klimchuk.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kleberstoff.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31777,7 +30979,6 @@ { "name": "liehuojun.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "logymedia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kyusyu.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lesecuadors.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "linkmauve.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "legjobblogo.hu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ledecologie.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31799,7 +31000,6 @@ { "name": "lineauniformes.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lgpecasoriginais.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "locvis.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "kreativelabs.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "loadwallet.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "linuxchick.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lepiquillo.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31825,7 +31025,6 @@ { "name": "lojavirtualfct.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "la-petite-entreprise.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lisowski-photography.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lirlandais.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "localdecor.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lojafilipaper.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lojashowdecozinha.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31833,7 +31032,6 @@ { "name": "mac-world.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mailbox.mg", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "kitchenaccessories.pro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "kohsandra.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lz.sb", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lojafazendoarte.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lojavisamed.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31873,21 +31071,18 @@ { "name": "martin-arend.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mentalhealthmn.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "meu-smartphone.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "masta.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "markrobin.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mallonline.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mariacristinadoces.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "maisalto.ind.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "masterofbytes.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "matjaz.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "marche-contre-monsanto.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "marcaudefroy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "marketizare.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "materiaischiquinho.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mgoessel.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "madcatdesign.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ltechnologygroup.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "margo-co.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "megamarkey.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "meehle.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mikehamburg.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31898,7 +31093,6 @@ { "name": "mi-so-ji.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "matlabjo.ir", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "minnit.chat", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mdf-bis.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "metacoda.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mestr.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "marvinkeller.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -31961,7 +31155,6 @@ { "name": "mr-labo.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "manager-efficacement.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "museumstreak.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "monachatdeco.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "milhoazul.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mystudycart.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nba-2k.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32072,8 +31265,6 @@ { "name": "notablog.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nyphox.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "numwave.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nohkan.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "noorsolidarity.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "octosys.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "octosys.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mrksk.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32107,7 +31298,6 @@ { "name": "novfishing.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "passrhcsa.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "parksubaruoemparts.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "onlfait.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nuovamoda.al", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "passrhce.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "palavatv.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32199,9 +31389,7 @@ { "name": "powersergusercontent.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "premiumweb.co.id", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "personnedisparue.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "parts4phone.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "postdeck.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "perroquet-passion.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "plantarum.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "planetasuboficial.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pc-tweak.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32213,7 +31401,6 @@ { "name": "printery.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pixelesque.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "placassinal.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "projectvault.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "purplez.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "psycho.space", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pumperszene.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32259,7 +31446,6 @@ { "name": "replaceits.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "redgatesoftware.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "regulations.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "planify.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "regnix.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rebirthia.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "raykitchenware.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32280,12 +31466,10 @@ { "name": "rissato.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "renscreations.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rinvex.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "repaik.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "reposaarenkuva.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "redwoodpaddle.pt", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "qoqo.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "resursedigitale.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "rtwcourse.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pethelpers.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rinj.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rteplayer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32309,7 +31493,6 @@ { "name": "rocketgnomes.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "runschrauger.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "saikou.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "resoplus.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rejushiiplotter.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rehabthailand.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "saimoe.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32346,7 +31529,6 @@ { "name": "santmark.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "priorite-education.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schraebanowicz.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pzgreni.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "saxol-group.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "samuirehabcenter.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "santmark.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32361,7 +31543,6 @@ { "name": "secureheaders.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "searchbrothers.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "santafemacas.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "salle-quali.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "searchbrothers.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "searchdatalogy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "searchbrothers.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32481,7 +31662,6 @@ { "name": "stavros.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stephensol.is", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stephensolisrey.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "springfieldbricks.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "steph3n.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sunshinesf.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sonoecoracao.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32489,7 +31669,6 @@ { "name": "staxflax.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stephsolis.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "steinbergmedia.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "soldout-app.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sqroot.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stephensolis.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stephensolis.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32523,7 +31702,6 @@ { "name": "svj-stochovska.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "taoburee.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "street-smart-home.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "sudmotor-occasions.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "taidu.news", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "spdepartamentos.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "stayme.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32555,7 +31733,6 @@ { "name": "texhnolyze.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tetedelacourse.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "t2i.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "swissdojo.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shopcoupons.my", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tgexport.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tenispopular.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32592,12 +31769,10 @@ { "name": "tjl.rocks", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "titanlab.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "theroks.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "thebakers.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thomasetsophie.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tomticket.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "timbishopartist.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thuisverpleging-meerdael.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "tissot-mayenfisch.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "the.ie", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "transcriptionwave.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tomwassenberg.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32728,8 +31903,6 @@ { "name": "trush.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "weareincognito.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "valentineapparel.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "usipvd.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "unerosesurlalune.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wearewithyou.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vonborstelboerner.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "tutiendarosa.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32761,8 +31934,6 @@ { "name": "webfronten.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "victorenxovais.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "windowwellexperts.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "vsl-defi.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "vm-co.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "viniferawineclub.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wedding-m.jp", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vyshivanochka.in.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32799,10 +31970,8 @@ { "name": "wir-bewegen.sh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wmaccess.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "workplaces.online", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "weemake.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "webwolf.co.za", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vapesense.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "welcome26.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "x-lan.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wikibulz.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "windowwellcovers.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32841,7 +32010,6 @@ { "name": "yubico.biz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yubico.cloud", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yubico.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "voyagesaufildespages.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yubico.mobi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yosheenetwork.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "yubico.online", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32869,7 +32037,6 @@ { "name": "zlatakus.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zdx.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xn--q9jb1h5dvcspke3218b9mn4p0c.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "zone-produkte.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xn--n8j7dygrbu0c31a5861bq8qb.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zerosource.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xn--u9j0ia6hb7347cg8wavz0avb0e.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -32886,7 +32053,6 @@ { "name": "yandere.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xn--6x6a.life", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "xiaoyu.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "welcome-tahiti.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "westcentenaryscouts.org.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aiforsocialmedia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "digitalrights.center", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33349,7 +32515,6 @@ { "name": "rockuse.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rohanbassett.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rpine.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "rtsr.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rubymartin.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "salishseawhalewatching.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "samsungxoa.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33452,7 +32617,6 @@ { "name": "7delights.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "7delights.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "8tuffbeers.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "aalstmotors-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ac0g.dyndns.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "actu-film.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "adelightfulglow.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33475,19 +32639,12 @@ { "name": "andrewpeng.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "antirepressionbayarea.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "anyfood.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "appartement-evolene.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "apponic.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "apps4inter.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "araro.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "areaclienti.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arenns.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arislight.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arminc.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "artmaxi.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "asge-handel.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "astroscopy.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "astural.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "atelierssud.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "atelierssud.swiss", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "august.black", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "autozane.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33504,9 +32661,6 @@ { "name": "beehive.govt.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ben2.co.il", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bengalurugifts.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "benjaminpiquet.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bergevoet-fa.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bernadetteanderes.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "besthotsales.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bet-99.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beyondtodaymediagroup.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33517,7 +32671,6 @@ { "name": "bititrain.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bizpare.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bkhpilates.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "blogpentrusuflet.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bluemeda.web.id", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bobstronomie.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bodymusclejournal.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33531,21 +32684,16 @@ { "name": "bouchonville-knifemaker.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bourqu.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bowlsheet.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "boz.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bqr.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brasilien.guide", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "breathedreamgo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bretcarmichael.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bricolajeux.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bs.sb", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "btku.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "businessmodeler.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "butikvip.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bynder.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "capitainebaggy.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "casa-mea-inteligenta.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "catchief.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cdbf.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cenatorium.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "centurialeonina.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "certmonitor.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33562,7 +32710,6 @@ { "name": "clayandcottonkirkwood.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "codejunkie.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "codespromo.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "compliance-management.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "compuplast.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "convexset.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "coonelnel.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33578,23 +32725,18 @@ { "name": "darlastudio66.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dasgeestig.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "datakick.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "datascience.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "datenschutzgrundverordnung.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "datingticino.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ddel.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "de-mail.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "deeparamaraj.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "denis-martinez.photos", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "digicert-support.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dingcc.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "disanteimpianti.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "discoverwellness.center", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dismail.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "divenwa.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "donmaldeamores.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "doriangirod.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dotnetsandbox.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "doyoutax.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "doze-cloud.tech", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "dreamhack.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "drivewithstatetransit.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33606,7 +32748,6 @@ { "name": "easy-factures.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "echodio.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ecovision.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ecrandouble.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "electricgatemotorgermiston.co.za", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "elinevanhaaften.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "elixir.bzh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33615,7 +32756,6 @@ { "name": "entaurus.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eoitek.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "equinox.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "erath.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "esb111.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "espacio-cultural.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "evelienzorgt.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33654,7 +32794,6 @@ { "name": "gisgov.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gitep.org.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "glavsudexpertiza.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "globalventil.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gosciencegirls.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gourmetfestival.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gozadentro.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33669,9 +32808,6 @@ { "name": "grothoff.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "guides-peche64.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gustaff.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "gymnaserenens.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "gyre.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "gyrenens.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "haloobaloo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "harald-pfeiffer.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "haven-staging.cloud", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33684,7 +32820,6 @@ { "name": "hhidr.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hialatv.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hidedd.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "highlatitudestravel.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hill.selfip.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hippo.ge", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hoast.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33704,12 +32839,10 @@ { "name": "hybridiyhdistys.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hybridklubben.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ibrainmedicine.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "icmhd.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "idatha.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ifort.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ima-tourcoing.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "imgul.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "immo-passion.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "independencerecovery.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "inexlog.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ingo-schlueter.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33717,7 +32850,6 @@ { "name": "inter-corporate.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "intraobes.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ioslo.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ip3office.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "iplantom.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ipo-times.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "islandpumpandtank.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33726,7 +32858,6 @@ { "name": "ivanpolchenko.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "izumi.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jakewalker.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "james-parker.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "janada.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jeremy-chen.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "jevisite.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33791,7 +32922,6 @@ { "name": "matthewtester.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "maxhorvath.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mayoristassexshop.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mazda-thermote.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mcuexchange.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "meincoach.at", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "melonstudios.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33812,9 +32942,6 @@ { "name": "mubiflex.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "multimail.work", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "multivpn.com.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "my-contract.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "my-contract.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "my-contract.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "my-host.ovh", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mybb.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "myday.eu.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33822,12 +32949,9 @@ { "name": "myspa.asia", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nataldigital.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nathumarket.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "natives-team.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nawroth.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "neavision.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nerot.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "neuch.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nezrouge-est-vaudois.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ngiemboon.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nico.st", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "niess.space", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33838,11 +32962,9 @@ { "name": "nosyu.pe.kr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nova-wd.org.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "noyocenter.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "nrev.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "nuamooreaindonesia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "obamalibrary.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "obrienlab.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "oc-sa.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "octohedralpvp.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "officium.tech", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ogis.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33886,19 +33008,14 @@ { "name": "primordialsnooze.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "principalstest.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "probiv.cc", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "prof.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "projectx.top", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "projest.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "promolover.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "proplan.co.il", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "provence-appartements.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pscleaningsolutions.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "purrfect-box.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pwi.agency", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "qhse-professionals.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "qualite-ecole-et-formation.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "quality-life.gr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "quanterra.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "quantor.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "r-ay.cn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ragnaroktop.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33909,13 +33026,11 @@ { "name": "recantoshop.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "redair.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "renascentia.asia", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "renaultclubticino.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "report-incident.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "restoruns.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rivercruiseadvisor.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "robinflikkema.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "roeldevries.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "rootsbar.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rosesciences.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "roussos.cc", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rove3d.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33933,11 +33048,9 @@ { "name": "santmark.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "saxojoe.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sb-tuning.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "scswam.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "seatshare.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "secutrans.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "seraph.tokyo", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "serrano-chris.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "serw.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "setuid0.kr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "severine-trousselard.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -33949,7 +33062,6 @@ { "name": "shoprsc.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "shrinidhiclinic.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "silashes.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "simmis.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "simon-mueller.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "simpbx.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sinkip.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34003,8 +33115,6 @@ { "name": "thehivedesign.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thepaulagcompany.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thepromisemusic.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "thesharedbrain.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "thesharedbrain.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thestrategyagency.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thewebflash.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thiepcuoidep.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34043,11 +33153,9 @@ { "name": "variablyconstant.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "varimedoma.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vbcdn.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "verbierfestival.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vidiproject.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vierdaagsehotel.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "viltsu.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "vinticom.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "virtusaero.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "visual-cockpit.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vivirenelmundo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34061,12 +33169,6 @@ { "name": "watchfreeonline.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wbci.us", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wbx.support", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "webneuch.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "webneuch.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "webneuch.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "webneuch.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "webneuch.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "webneuch.swiss", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "weyland-yutani.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "widegab.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "wintermeyer-consulting.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34105,8 +33207,6 @@ { "name": "899699.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "98laba.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "98laba.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "abvlbasketviganello.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "academie-de-police.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "allesisonline.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alphabetsigns.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "andrewdaws.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34215,7 +33315,6 @@ { "name": "risiinfo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "royalcitytaxi.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sahb.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "samaritainsmeyrin.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sat7a-riyadh.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sbanken.no", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "schlueter-software.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34274,7 +33373,6 @@ { "name": "a1scubastore.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "abaapplianceservice.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "abcdentalcare.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "abeilles-idapi.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "academy4.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "achtzehnterachter.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "actionlabs.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34306,7 +33404,6 @@ { "name": "ais.fashion", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ajibot.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alaboard.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "alchimic.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alexeykopytko.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "alexmol.tk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "algoentremanos.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34335,15 +33432,11 @@ { "name": "anthedesign.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "antoinebetas.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "aomberg.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "appt.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "aprefix.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "araxis.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "area3.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arethsu.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "arganaderm.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ariba.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arizonaautomobileclub.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "arjanvaartjes.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arjunasdaughter.pub", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "armeni-jewellery.gr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arnoudraeven.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34359,7 +33452,6 @@ { "name": "astutr.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "asustreiber.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "atmocdn.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "aubergegilly.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "augrandinquisiteur.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "auroraassociationofrealtors.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "auslandsjahr-usa.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34396,9 +33488,7 @@ { "name": "baychimo.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bazaarcompass.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bb37roma.it", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bblsa.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bclogandtimberbuilders.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "beatrizaebischer.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bebes.uno", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bedfordnissanparts.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "beermedlar.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34420,7 +33510,6 @@ { "name": "bewerbungsfoto-deinfoto.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bewertet.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bezemkast.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "bft-media.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bhost.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "biaoqingfuhao.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "biaoqingfuhao.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34457,7 +33546,6 @@ { "name": "brecknell.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brecknell.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "briangarcia.ga", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "brianwesaala.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "bridgingdirectory.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brilliantproductions.co.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "brinkmann.one", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34494,7 +33582,6 @@ { "name": "carrierplatform.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "carthedral.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "casamariposaspi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cashlogic.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "caspicards.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "catbull.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "catdecor.ru", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34502,11 +33589,9 @@ { "name": "cavevinsdefrance.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ccgx.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "centralcountiesservices.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "centredaccueil.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "certmonitor.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cfno.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cgsmart.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "chambion.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "charakato.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "charlimarie.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chatsworthelectrical.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34519,7 +33604,6 @@ { "name": "chessreporter.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "childrenandmedia.org.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chinatrademarkoffice.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "chocolatier-tristan.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "chowii.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "christian-liebel.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "christianfaq.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34551,7 +33635,6 @@ { "name": "colorectalcompounding.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "comicrelief.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "comicwiki.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "commechezvous.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "community-cupboard.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "comopuededejardefumar.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "compostatebien.com.ar", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34579,7 +33662,6 @@ { "name": "cross-link.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "crypalert.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "csilies.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "cstb.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cuanhua3s.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "customgear.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "cuxpool.club", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34680,8 +33762,6 @@ { "name": "e2feed.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "e64.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "easycoding.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "eauxdespleiades.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ecolemathurincordier.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "edenvalerubbleremovals.co.za", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "edhesive.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "edstep.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34710,7 +33790,6 @@ { "name": "enrollapp.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "enterprivacy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "epave.paris", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "epi.one", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "epilis.gr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eposkent.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eposleeds.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34722,12 +33801,10 @@ { "name": "esball.tv", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "eshepperd.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "esp.community", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "espace-caen.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "esslm.sk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "estespr.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "etccooperative.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "etincelle.ml", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "etre-vivant.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "evailoil.ee", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "everydaywot.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "everytruckjob.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34795,7 +33872,6 @@ { "name": "formkiq.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "forourselves.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fortran.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "foxphotography.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "frantorregrosa.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "frauenarzt-zinke.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "fredliang.cn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34828,12 +33904,10 @@ { "name": "gamesplanet.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gameswitchers.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "garage-door.pro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "garage-leone.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gautham.pro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gauthier.dk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gazette.govt.nz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gbit.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "gboys.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gdhzcgs.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "geekbaba.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "gehrke.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34938,7 +34012,6 @@ { "name": "hulet.tech", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "humanexperiments.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "hyckenberg.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "i-proswiss.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "iacono.com.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "iberiaversicherungen.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ibiz.mk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -34957,7 +34030,6 @@ { "name": "ilhan.name", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "iligang.cn", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "imlinan.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "impactpub.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "inchcape-fleet-autobid.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "indianaantlersupply.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "indieethos.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35082,7 +34154,6 @@ { "name": "kyle.place", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "la-tourmaline.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "laatikko.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "labiblioafronebrulepas.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "labobooks.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ladybugjam.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ladylikeit.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35094,7 +34165,6 @@ { "name": "lakehavasuhouserentals.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lakehavasuhouses.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lakehavasuwebsites.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lalyre-corcelles.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lanetix.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lanturtle.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "larraz.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35110,9 +34180,6 @@ { "name": "leinfelder.in", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lennyfaces.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "leon.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "leretour.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lesplatanes.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lesterrassesdusoleil.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lexpartsofac.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lianwen.kim", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "libmpq.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35138,8 +34205,6 @@ { "name": "lstma.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "lubar.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "luganskservers.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lunidea.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "lunidea.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "luso-livros.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "luvare.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "luxcraft.eng.br", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35165,7 +34230,6 @@ { "name": "mamospienas.lt", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mandm.servebeer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "manfredgruber.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mankans.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "manneguiden.no", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "manualscollection.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "manuel-schefczyk.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35192,12 +34256,9 @@ { "name": "mbits.solutions", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "media-pi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mediadandy.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mediagenic.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "mediationculturelleclp.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "medstreaming.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "medtankers.management", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "meetingfriends.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "meeusen-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mehmetakif.edu.tr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mehr-schulferien.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "meierhofer.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35215,14 +34276,12 @@ { "name": "merimatka.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "merlet.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "messagescelestes.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "metalu.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "meteo-parc.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "metrix.design", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "meupedido.online", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mfgod.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mhi.web.id", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "micaiahparker.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "micalodeal.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "michael-schefczyk.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "michael-schilling.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "michaelasawyer.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35262,7 +34321,6 @@ { "name": "mszavodumiru.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "mullen.net.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "multi-vpn.biz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "multirep.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "multivpn.cn.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "multivpn.com.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "multivpn.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35341,7 +34399,6 @@ { "name": "on-te.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "on-tech.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "onestepfootcare.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "oniria.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "onlinebillingform.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "onlinecasino.vlaanderen", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "onlinerollout.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35364,14 +34421,11 @@ { "name": "oskrba.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "otakurumi.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "outdoorimagingportal.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "overdrive-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "owl-stat.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "owlishmedia.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "paazmaya.fi", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "painlessproperty.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "paktolos.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pantallasled.com.mx", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pantographe.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "parisescortgirls.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "parleamonluc.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "partycentrumdebinnenhof.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35393,7 +34447,6 @@ { "name": "photodeal.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "piedfeed.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "piercing-store.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "pilani.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "piratepay.io", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "piratepay.ir", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pitot-rs.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35417,7 +34470,6 @@ { "name": "pokomichi.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "polandb2b.directory", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "polish.directory", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "poly-fast.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ponga.se", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ponteus.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "pop-corn.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35453,8 +34505,6 @@ { "name": "probely.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "processesinmotion.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "proft.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "progiscad.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "project-splash.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "project-stats.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "projectherogames.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "promoterms.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35509,7 +34559,6 @@ { "name": "ricknox.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rienasemettre.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "risada.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "rivierasaints.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "rmcbs.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "robinvdmarkt.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "robpol86.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35565,7 +34614,6 @@ { "name": "scis.com.ua", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "scorp13.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "scripo-bay.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "scuolaguidalame.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "scw.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "se7ensins.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "search-job-in.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35581,7 +34629,6 @@ { "name": "selkiemckatrick.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sellguard.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sentinel.gov", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "septfinance.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sergos.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "serve-a.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "servea.com.au", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35608,8 +34655,6 @@ { "name": "silviamacallister.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "simpleinout.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "simplewire.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "simplylovejesus.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "sin.swiss", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "singerwang.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sistel.es", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "skei.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35673,7 +34718,6 @@ { "name": "suuria.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "suvidhaapay.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "sw33tp34.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "sweepay.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "swiftconf.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "switch.moe", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "switzerland-family-office.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35706,7 +34750,6 @@ { "name": "thedrunkencabbage.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "theeducationchannel.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "theevergreen.me", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "theferrarista.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thefrk.pw", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thehookup.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "thestoritplace.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35773,7 +34816,6 @@ { "name": "uploadbro.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ursae.co", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "urukproject.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "ussuka.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "ut-addicted.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "uuit.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "uzaymedya.com.tr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35784,8 +34826,6 @@ { "name": "valika.ee", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "valkor.pro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vanderkroon.nl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "vareillefoundation.fr", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "vareillefoundation.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "variable.agency", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vcdn.xyz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vcsjones.codes", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35797,7 +34837,6 @@ { "name": "venturum.de", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "venturum.eu", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "venturum.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "vernaeve-usedcars.be", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vernonhouseofhope.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "vernonsecureselfstorage.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "verteilergetriebe.info", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35830,7 +34869,6 @@ { "name": "webaeon.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "webapky.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "webappky.cz", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "webclimbers.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "webkeks.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "webnoob.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "websites4business.ca", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35913,7 +34951,6 @@ { "name": "yuxuan.org", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zach.codes", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zaoext.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "zavec.com.ec", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zebbra.ro", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zeguigui.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zestylemon.co.uk", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -35930,7 +34967,6 @@ { "name": "zuppy.pm", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zuralski.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zutsu-raku.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, - { "name": "zwy.ch", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "zyciedlazwierzat.pl", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "188522.com", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, { "name": "arai21.net", "policy": "bulk-18-weeks", "mode": "force-https", "include_subdomains": true }, @@ -36649,7 +35685,6 @@ { "name": "akkbouncycastles.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "albbounce.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "alchemia.co.il", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "alexvdveen.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "alice-noutore.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "allaboutfunuk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "allactioneventhire.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -37410,7 +36445,6 @@ { "name": "katscastles.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kbbouncycastlehire.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kbleventhire.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "keinanung.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kellyskastles.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kensbouncycastles.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "keycontainers.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -37724,7 +36758,6 @@ { "name": "prestigeeventshire.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "primalinea.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pristineevents.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "proautorepairs.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "projectcastle.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "promarketer.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "provokator.co.il", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -38339,7 +37372,6 @@ { "name": "drdavidgilpin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dreyfussplasticsurgery.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dstamou.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "duan.li", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dujsq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dujsq.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dziurdzia.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -39244,7 +38276,6 @@ { "name": "prosenseit.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "puhka.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "qswoo.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ranyeh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "raspberryultradrops.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rathbonesonline.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "raven.dog", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -39268,7 +38299,6 @@ { "name": "servers4all.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "shellj.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "shellshock.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "shoxmusic.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sigma-signalisation.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "significantbanter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "simpleindianrecipes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -39406,7 +38436,6 @@ { "name": "accessoripersmartphone.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "acemypaper.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "acordes.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "adorade.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "africanimpact.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "agoodmind.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "agoravox.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -39469,7 +38498,6 @@ { "name": "bran.soy", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "brandweertrainingen.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bravehearts.org.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "bridgevest.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "brokervalues.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bsdunix.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "buy-thing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -39693,8 +38721,6 @@ { "name": "lostandcash.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lsvih.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "luckyfrog.hk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "lukestebbing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "lunis.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lusynth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lv5.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lyoness.digital", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -39936,7 +38962,6 @@ { "name": "00660066.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "00770077.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "00880088.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "00990099.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "110110110.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "112112112.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "113113113.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -40005,7 +39030,6 @@ { "name": "aboutyou.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aboutyou.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "abstractbarista.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "accredit.ly", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aceanswering.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "acroso.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "actom.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -40419,7 +39443,6 @@ { "name": "checkspf.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cheladmin.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "chemicalcrux.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "chemiphys.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cherie-belle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cherylsoleway.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "chiboard.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -40837,7 +39860,6 @@ { "name": "getteamninja.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gfms.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gfw.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ghid-pitesti.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "giethoorn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gigime.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ginza-luce.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -41896,7 +40918,6 @@ { "name": "ybscareers.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yenibilgi.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yetishirt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "yimgo.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yocchan1513.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yoga-alliance-teacher-training.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yongbin.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -42094,7 +41115,6 @@ { "name": "chatzimanolis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "checkmypsoriasis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cheesehosting.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "chicagolug.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "chilio.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "chrislane.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "christianpeltier.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -42183,7 +41203,6 @@ { "name": "druznek.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dso-imaging.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "duchyoffeann.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "duct.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dunamiscommunity.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dushu.cat", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "e-tonery.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -42318,7 +41337,6 @@ { "name": "hazukilab.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hcaz.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "heatershop.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "hermes.cat", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hiv.com.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hnfertilizermachine.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "holmq.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -42497,9 +41515,7 @@ { "name": "noobswhatelse.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nordicirc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nova.com.hk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "novojet.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nv.gw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "nybiz.nyc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nytrafficticket.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ochrepoint.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ochsenfeld.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -42524,7 +41540,6 @@ { "name": "padberx-marketing-consultants.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "paintball-shop.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "paketo.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "paleotraining.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "panaxis.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "panaxis.li", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "panpa.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -42708,7 +41723,6 @@ { "name": "strategiccapital.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "strongpassword.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "stubbings.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "studentfinancecountdown.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "studiogavioli.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "studiolegalepaternostro.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "studipro-formation.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -42975,7 +41989,6 @@ { "name": "blupig.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "boat-engines.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "boskeopolis-stories.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "brainbuxa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "breadofgod.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bremen-restaurants.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "briefvorlagen-papierformat.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -43029,7 +42042,6 @@ { "name": "craftsmandruggets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cretica.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "croceverdevb.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "crosslifenutrition.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "crownchessclub.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "csi.lk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "customdissertation.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -43110,7 +42122,6 @@ { "name": "expoort.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "exporo.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fackovec.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "fai.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fansided.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "faxvorlagen-druckvorlagen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fdn.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -43613,7 +42624,6 @@ { "name": "wafelland.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "warekit.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wasserburg.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "wdol.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "web-dl.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "webcreation.rocks", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wedotrains.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -43745,7 +42755,6 @@ { "name": "autospurgo.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "awxg.eu.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "b72.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "baches-piscines.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "badgesenpatches.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "balia.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "balticnetworks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -43863,7 +42872,6 @@ { "name": "dietacelulitis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dietafeliz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "divi-experte.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "djsk.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dko-steiermark.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dmailshop.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dmmultionderhoud.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -44056,7 +43064,6 @@ { "name": "laranjada.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "larbertbaptist.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lavasing.eu.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "laylo.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lemouillour.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lespret.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "letraba.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -44195,7 +43202,6 @@ { "name": "poopr.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "portofala.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "posyperfume.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "precision.st", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "prijsvergelijken.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "primalbase.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pristinegreenlandscaping.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -44377,7 +43383,6 @@ { "name": "wallacehigh.org.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wallacequinn.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "waterdrop.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "webgaff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "weedcircles.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wella-download-center.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "welpo.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -45390,7 +44395,6 @@ { "name": "dsteiner.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dubaosheng.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dumont.ovh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "dung-massage.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "duonganhtuan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dwbtoftshit.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dwellstudio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -45617,7 +44621,6 @@ { "name": "meraseo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mes-bouquins.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "metanodo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "mijnetz.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "moc.ac", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "modalrakyat.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "molokai.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -46320,7 +45323,6 @@ { "name": "midgawash.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mightymillionslottery.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mikumaycry.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "milanstephan.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mirepublic.co.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "misanci.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mizuho-trade.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -46335,7 +45337,6 @@ { "name": "mr-coffee.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "msopopop.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "multitec.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "mumakil.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "murashun.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "my4thtelco.com.sg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mydreamshaadi.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -47018,7 +46019,6 @@ { "name": "f13cybertech.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fastforwardsociety.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ffsociety.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "fojing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "freakyawesome.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "freakyawesome.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "freakyawesome.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -47033,9 +46033,7 @@ { "name": "giuem.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "glykofridis.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "golfpark-bostalsee.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "guoke.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gut8er.com.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "h404bi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hackreone.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hahay.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hajekj.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -47113,7 +46111,6 @@ { "name": "office-discount.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "onionplay.live", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "onyxgen.duckdns.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "opticaltest.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "orbu.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "oryva.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "overwall.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -47184,12 +46181,10 @@ { "name": "verwayen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "viris.si", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vistec-support.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "vreaulafacultate.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vwhcare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wakandasun.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "walshbanks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "warofelements.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "websec.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wenchieh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wine-tapa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wisal.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -47281,7 +46276,6 @@ { "name": "basementfinishingohio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "batch.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bbj.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "bednar.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "betterweb.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bezr.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "biehlsoft.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -47574,7 +46568,6 @@ { "name": "jimbiproducts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jmcataffo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jtl-software.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "juusujanar.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jydemarked.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kabarlinux.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kagitreklam.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -48075,7 +47068,6 @@ { "name": "bytesign.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cad-noerdlingen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cangku.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "cangku.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "carassure.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cascadesjobcorpscca.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "casio-caisses-enregistreuses.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -48268,7 +47260,6 @@ { "name": "geektimes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "genderidentiteit.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "geomex.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "geschichtscheck.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "getpei.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gigis-pizzeria.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gigseekr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -48322,7 +47313,6 @@ { "name": "ignacjanskiednimlodziezy.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "illumed.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "import-shopping.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "imwnk.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "instant-thinking.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "intelhost.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "intergozd.si", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -48425,7 +47415,6 @@ { "name": "massive.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "material-ui.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "matratzentester.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "matthiasheil.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "matway.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "max-mad.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "maya-ro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -48499,13 +47488,11 @@ { "name": "oosoo.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "oreskylaw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "orgsyn.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "orkiv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "osworx.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ourls.win", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pacatlantic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "packair.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pahnid.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "paranormalweirdo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "parksland.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "parry.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "paste.gg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -48532,7 +47519,6 @@ { "name": "qaz.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "qtn.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "qwallet.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "r18.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rai-co.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "readingrats.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "reakyaweso.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -48603,7 +47589,6 @@ { "name": "ssmca.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ssready.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ssuc.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "st-antonius-kuenzell.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "staticline.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "stationatbuckscounty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "stationatlyndhurst.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -48635,7 +47620,6 @@ { "name": "theosblog.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thereaper.net.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thestationatwillowgrove.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "thestonegroup.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thewinstonatlyndhurst.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thiagohersan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thienteakee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -48672,7 +47656,6 @@ { "name": "urcentral.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "use.ci", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "uwelilienthal.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "vacationsbyvip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "varztupasaulis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "varztupasaulis.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "varztupasaulis.lt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -48865,7 +47848,6 @@ { "name": "brand-foo.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bsee.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "buchwegweiser.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "burotec-sarl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "buurtpreventiefraneker.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bvgg.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bytes.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -48949,7 +47931,6 @@ { "name": "divari.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "divorciosmurcia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dk-kromeriz.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "domainwatch.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dowellconsulting.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dozecloud.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dpi-design.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -49152,7 +48133,6 @@ { "name": "intelhost.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "invuite.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ipssl.li", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "irgendeine.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "isabellavandijk.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "isarklinikum.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "isastylish.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -49213,7 +48193,6 @@ { "name": "lapix.com.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lauxzahnheilkunde.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "legalinmotion.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "legendarycamera.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lehti-tarjous.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lethbridgecoffee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "leviscop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -49389,7 +48368,6 @@ { "name": "photographersdaydream.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "phpinfo.in.th", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "physiotherapie-seiwald.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "pianyigou.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pikimusic.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pildat.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pineapplesapp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -49838,7 +48816,6 @@ { "name": "discord4j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dkstage.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dns-swiss.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "domain-swiss.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "domeconseil.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "donkennedyandsons.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "doomtech.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -49951,7 +48928,6 @@ { "name": "fegame.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fgdc.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fijnefeestdageneneengelukkignieuwjaar.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "finecocoin.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "firmen-assekuranz.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "flashbeing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fnfpt.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -50065,7 +49041,6 @@ { "name": "klebeband.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "koe.hn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "koyo.kr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kroy.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kunstschule-krabax.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kyoto-sake.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lagodny.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -50270,7 +49245,6 @@ { "name": "piscine.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pj881988.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "plantes.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "plantezcheznous.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "plzz.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "poncho-bedrucken.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "porchdaydreamer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -50762,7 +49736,6 @@ { "name": "onepointsafeband.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "onepointsafeband.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "online-horoskop.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "onnext.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "openbankproject.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "openstreetmap.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "orangenuts.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -50793,7 +49766,6 @@ { "name": "qqrss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "qqvrsmart.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "r-t-b.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "rendre-service.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rnbjunk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "robtatemusic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "romanticfirstdance.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -50853,7 +49825,6 @@ { "name": "transgendernetwerk.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "truckgpsreviews.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "truessl.shop", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ttwt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tutu.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "uldsh.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vat.direct", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -51374,7 +50345,6 @@ { "name": "mivzakim.mobi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mivzakim.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mivzakim.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "mixinglight.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mlytics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mmaps.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mo2021.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -51564,7 +50534,6 @@ { "name": "sms.storage", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "snowyluma.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sociability.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "somewherein.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sondersobk.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "soquee.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "soundbytemedia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -51910,7 +50879,6 @@ { "name": "jeroldirvin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jessicahrehor.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jisha.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "joaoaugusto.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jockbusuttil.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jockbusuttil.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jockbusuttil.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -51962,7 +50930,6 @@ { "name": "nazigol.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nebenbeiblog.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nevergreen.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "nexril.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nextcloud.nerdpol.ovh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nhgteam.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ninverse.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -52149,7 +51116,6 @@ { "name": "adwokatzdunek.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "affordableblindsexpress.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ag8-game.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "agendatelefonica.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "agostinhoenascimento.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "agscinemas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "agscinemasapp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -52293,7 +51259,6 @@ { "name": "bztraveler.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "c0rporation.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cabineritten.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "caleb.cx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "calendly.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "calrotaract.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cambridge-security.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -52823,7 +51788,6 @@ { "name": "milsonhypnotherapyservices.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "minetracker.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "misinstrumentos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "mitre10.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mivzaklive.co.il", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mizu.coffee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mobisium.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -52844,7 +51808,6 @@ { "name": "mrprintables.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mrtunnel.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mu3on.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "muitadica.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "murray.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "my-best-wishes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "myamihealth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -52907,7 +51870,6 @@ { "name": "oldita.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "oles-hundehaus.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "olifant.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "onesnzeroes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "onionbot.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "opportunity.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "oppwa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -52955,7 +51917,6 @@ { "name": "photography-workshops.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "phumin.in.th", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pie-express.xxx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "pigs.pictures", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pilatescenteraz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pintosplumbing.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pizza-show.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -53215,7 +52176,6 @@ { "name": "thebinarys.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thebulletin.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thecookiejar.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "thefourthmoira.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thefuckingtide.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thehoryzon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thelatedcult.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -53293,7 +52253,6 @@ { "name": "vandorenscholars.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vandyhacks.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vangoghcoaching.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "vantaio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "varalwamp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vendermicasarapido.com.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "verifiedjoseph.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -53311,7 +52270,6 @@ { "name": "vrjetpackgame.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vsestoki.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vuojolahti.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "vv1234.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vwfsrentacar.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "w1221.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wandystan.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -53369,7 +52327,6 @@ { "name": "xoonth.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yellowfly.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yhfou.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "yiheng.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yogahealsinc.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yourtrainingsolutions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yrjanheikki.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -53429,7 +52386,6 @@ { "name": "aquelarreweb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "arnevankauter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "arose.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "arrowheadflats.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "atelierfantazie.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "austinlockout.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "austintxacrepairtoday.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -53723,7 +52679,6 @@ { "name": "mchel.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mcon.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mds-paris.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "mebanesteakhouse.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "meditel.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "medmarkt24.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "medvedikorenka.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -53840,7 +52795,6 @@ { "name": "qualpay.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "queene.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "queextensiones.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "quizstore.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "r3bl.blog", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "radarnext.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rail24.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -53999,13 +52953,11 @@ { "name": "vitra-showrooms.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vrij-links.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vwo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "waldkinder-ilmenau.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "waligorska.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "walksfourpaws.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wanlieyan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wapking.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "waterbrook.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "weaspireusa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "webauthority.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "webdollarvpn.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "webexpertsdirect.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -54144,7 +53096,6 @@ { "name": "cursossena.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cybercrime.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cypherpunk.observer", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "deadinsi.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "denwauranailab.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "devnull.zone", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "devragu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -54195,7 +53146,6 @@ { "name": "gfwno.win", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gimme.money", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "grandcapital.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "grippe-impftermin.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hagiati.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hatpakha.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "healthcultureexpo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -54247,7 +53197,6 @@ { "name": "lormansas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lucafontana.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lumminary.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "lunastrail.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "m-gh.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "magic-cards.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "magiccards.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -54447,7 +53396,6 @@ { "name": "233bwg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "291167.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "2h-nagoya.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "2nics.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "2y.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "51tiaojiu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "66bwf.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -54468,7 +53416,6 @@ { "name": "ad13.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "adra.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ae-construction.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "aelisya.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aerapass.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "afcompany.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "afcurgentcarelyndhurst.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -54629,7 +53576,6 @@ { "name": "chabik.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "chang-feng.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "chbk.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "checkmyip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "chilimathwords.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "chovancova.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ciiex.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -54906,7 +53852,6 @@ { "name": "lignite.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "likesforinsta.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "likui.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "linux.pizza", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "liquipedia.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "littleboutiqueshop.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "littleboutiqueshop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -55131,7 +54076,6 @@ { "name": "puralps.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pursuedtirol.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pushphp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "pyxo.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "qlix.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "qualityhvacservices.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "quarus.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -55272,7 +54216,6 @@ { "name": "softbebe.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "solepurposetest.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "solitairenetwork.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "somepills.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "southernlights.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "southernstructuralsolutions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "space-y.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -55422,7 +54365,6 @@ { "name": "yoppoy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "you2you.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yourstake.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "yuntong.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zacco.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zerowastesavvy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zionnationalpark.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -55567,7 +54509,6 @@ { "name": "bejarano.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "berger-chiro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bernardez-photo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "berndklaus.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bescover.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "best-accounting-schools.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "best-art-colleges.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -55656,7 +54597,6 @@ { "name": "cloudcrux.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "club-climate.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cnlau.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "codein.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "codemill.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cognixia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cololi.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -55721,7 +54661,6 @@ { "name": "docusearch.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "doge.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "doge.town", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "doki.space", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dorpshuis-dwarsgracht.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dr-it.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "drump-truck.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -55753,7 +54692,6 @@ { "name": "eosol.zone", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "eromon.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "esgen.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "eslint.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "essayace.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "estherlew.is", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "esuretynew.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -56307,12 +55245,10 @@ { "name": "thevoya.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thewayofthedojo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ticketdriver.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "timelessskincare.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tlyphed.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tmas.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "todoereaders.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tohochofu-sportspark.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "toldositajuba.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tom94.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tomik.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "toontownrewritten.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -56330,7 +55266,6 @@ { "name": "trustedbody.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "truyenfull.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tuev-hessen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "tuimprenta.com.ar", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tweedehandslaptophardenberg.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "uaci.edu.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ubcani.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -56576,7 +55511,6 @@ { "name": "fateitalia.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "faultlines.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fbi.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "fccarbon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "feeeei.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "feuerwehr-gebirge.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "finkmartin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -56622,7 +55556,6 @@ { "name": "indiecongdr.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "info-screen-usercontent.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "interpol.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "introverted.ninja", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "invasivespeciesinfo.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "invinoaustria.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "invinoaustria.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -56785,7 +55718,6 @@ { "name": "rteguide.ie", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rteworld.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rths.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "rthsoftware.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rttss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ryssl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "saidtezel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -56822,7 +55754,6 @@ { "name": "spartacuslife.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "spectroom.space", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "spectrum.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "sportabee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "st-bede.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "steemyy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "stfrancisnaugatuck.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -56988,7 +55919,6 @@ { "name": "buyebook.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "buzzcontent.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "calculadoraconversor.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "canyons.media", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "carroattrezzimilanodaluiso.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "casa-lunchbreak.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "case-vacanza-salento.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -57010,7 +55940,6 @@ { "name": "coffeetime.fun", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cognicom-gaming.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "communitymanagertorrejon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "computerbas.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "conpath.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "conradsautotransmissionrepair.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "consultoriadeseguranca.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -57184,7 +56113,6 @@ { "name": "margots.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "margots.life", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "margots.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "markus-blog.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "martialarts-wels.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "massvow.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "maxbachmann.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -57388,7 +56316,6 @@ { "name": "wxkxsw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wyysoft.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xeryus.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "xfcy.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xgzepto.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xlui.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xn--irr.xn--fiqs8s", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -57750,7 +56677,6 @@ { "name": "epi-lichtblick.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "epspolymer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ericschwartzlive.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ero.ink", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "eshspotatoes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "espanolseguros.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "espower.com.sg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -57895,7 +56821,6 @@ { "name": "indie.dog", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "indigotreeservice.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "inframint.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "inno.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "innotas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "insidesolutions.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "inspiredrealtyinc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -57960,7 +56885,6 @@ { "name": "kontrolapovinnosti.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kornrunner.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "krusesec.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "krypmonet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kuchen-am-stiel.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kwoll.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lachyoga-schwieberdingen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -58036,7 +56960,6 @@ { "name": "modern-family.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "moderncommercialrealestate.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "moeclue.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "monsterx.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "montanteaesthetics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "moreniche.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "morgansjewelerspv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -58085,7 +57008,6 @@ { "name": "ocalaflwomenshealth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "oceancity4sales.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "of2m.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "offroadhoverboard.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ofsetas.lt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "okaidi.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "okaidi.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -58396,7 +57318,6 @@ { "name": "tonigallagherinteriors.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "toomy.pri.ee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "toool.nyc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "tot-radio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "totaldragonshop.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "touchstone.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tradeshowfreightservices.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -58699,7 +57620,6 @@ { "name": "bavartec.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "baykatre.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bayportbotswana.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "bayportfinance.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bayportghana.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bayporttanzania.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bayportuganda.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -58784,7 +57704,6 @@ { "name": "callantonia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "camara360grados.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "canariculturacolor.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "candelec.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "capebretonpiper.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "career.support", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "carlinmack.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -58948,7 +57867,6 @@ { "name": "dreemurr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "driessoftsec.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dronebl.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "drpure.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "drtimothybradley.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dryjersey.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dstvinstallfourways.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -59031,7 +57949,6 @@ { "name": "etssquare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "eurheilu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "euwid-energie.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "evansdesignstudio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "evrotrust.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "evtscan.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ewhitehat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -59112,7 +58029,6 @@ { "name": "geluk.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "genevachauffeur.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "geocar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "geoinstinct.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "geomonkeys.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gesundheitszentrum-am-reischberg.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ghettonetflix.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -59266,7 +58182,6 @@ { "name": "it-support.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "it-supportistockholm.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "it-tekniker.nu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "it-uws.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ithink.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ithjalpforetag.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "itm-c.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -59433,7 +58348,6 @@ { "name": "mariatash.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "marketingeinnovacion.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "martel-innovate.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "martinfranc.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "maryhaze.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mastafu.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "matheusmacedo.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -59448,7 +58362,6 @@ { "name": "mediabogen.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mediapath.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "medikalakademi.com.tr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "megafilmesplay.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "megamp3.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "meia.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "meimeistartup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -59980,7 +58893,6 @@ { "name": "testsvigilantesdeseguridad.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tfb.az", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tfk.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "thamtubinhminh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "the-arabs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thebeardedrapscallion.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thebluub.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -60009,13 +58921,11 @@ { "name": "timbrado.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tittelbach.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tjcuk.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "tnd.net.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tobi-server.goip.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tobi-videos.goip.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "toddmath.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tofliving.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tombroker.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "toni-dis.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tonifarres.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tonnygaric.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "toolbox-bodensee.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -60097,7 +59007,6 @@ { "name": "vinigas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vitalium-therme.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vocescruzadasbcs.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "volqanic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vsl.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vulyk-medu.com.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "w889-line.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -60255,7 +59164,6 @@ { "name": "chrisvannooten.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cica.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ciel.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "cityextra.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "clearer.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "colorguni.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "crazybulk.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -60493,7 +59401,6 @@ { "name": "sicurezzalavoro24.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "siemencaes.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "skateaustria.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "skywalkers.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "slatko.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "smitug.pw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "smokefreerowan.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -60638,7 +59545,6 @@ { "name": "amazingraymond.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aminullrouted.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ampleroads.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ance.lv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "anlovegeek.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "anopan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "antiaz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -60683,7 +59589,6 @@ { "name": "benjaminbedard.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bensokol.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bepsvpt.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "beringsoegaard.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bestdoc.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "besti.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bestpractice.domains", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -60790,7 +59695,6 @@ { "name": "desertmedaesthetics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "devswag.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dexonrest.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "dexonsoftware.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dhbr.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dia.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "diccionarqui.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -60809,7 +59713,6 @@ { "name": "dophys.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dox-box.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dragon.nu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "drainagedirect.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "draintechnorthwest.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "driftingruby.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "droidandy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -61804,7 +60707,6 @@ { "name": "decor-live.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "deep-labs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "deepinnov.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "degrasboom.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dein-trueffel.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dejting-sidor.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "deleenheir.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -61933,7 +60835,6 @@ { "name": "g3circuit.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gabrielkoo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gadget-tips.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "gadgetadvisor.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gailbartist.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gallmeyer-consulting.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "galoserver.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -61964,19 +60865,9 @@ { "name": "gostargazing.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "goufaan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "graandco.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "grasboomamersfoort.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "grasboombinnendoor.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "grasboomclophaemer.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "grasboomderoos.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "grasboomleusden.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "grasboommax.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "grasboommeerbalans.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "grasboomveenendaal.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "grasboomvondellaan.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "grenlandkiropraktor.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "grupodatco.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gtn-pravda.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "guchengf.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gx3.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gyakori.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gzriedstadt.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -62027,7 +60918,6 @@ { "name": "igdn.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "igrarium.com.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ijsclubdwarsgracht.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ikkakujuku.work", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ikmx.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "iliasdeli.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ima.re", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -62156,7 +61046,6 @@ { "name": "legionminecraft.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "legnami24.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lehrermarktplatz.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "lequateur.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lesummeira.is", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "letson.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "level6.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -62212,7 +61101,6 @@ { "name": "marietrap.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "maroismasso.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "martian.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "massageishealthy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "massagetherapyschoolsinformation.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "math-coaching.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "matocmedia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -62410,7 +61298,6 @@ { "name": "pawspuppy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "paxchecker.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pbren.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "pcs.org.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pearlsonly.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pearlsonly.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pearlsonly.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -62422,7 +61309,6 @@ { "name": "pepfar.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "peppelmedi.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "performancegate.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "perge.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "permaseal.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "peruvianphotography.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "peterboweycomputerservices.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -62439,7 +61325,6 @@ { "name": "plastic-id.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "plumbercincoranch.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "plusminus30.si", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "plutonx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ponio.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ponxel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "porncompanions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -62526,7 +61411,6 @@ { "name": "ryuanerin.kr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "saga-umzuege.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sajtoskal.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "samdrewtakeson.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "samorazvitie.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sangyoui.health", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sanovnik.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -62879,7 +61763,6 @@ { "name": "bezposrednio.net.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bicycleuniverse.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bioastin.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "biopronut.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "blackbyte.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "blatnice.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "blatnice.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -62915,7 +61798,6 @@ { "name": "climaticarus.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cloudsec.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cognixia.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "collage.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "compitak.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "conraid.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cookingperfected.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -62929,7 +61811,6 @@ { "name": "d-imitacion.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "d2qa61rbluifiq.cloudfront.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "danielfeau.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "danskoya.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dax.guide", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "daxpatterns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "degroupage.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -62963,7 +61844,6 @@ { "name": "fakeemergency.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "familienportal.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "faradrive.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "farizizhan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "farleymetals.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "farmaciacorvi.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fishlanestudios.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -63068,7 +61948,6 @@ { "name": "movestub.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "multimediapc.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "museclef.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "mybakkupakku.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ncarmine.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ndime.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nerdrockshop.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -63181,7 +62060,6 @@ { "name": "wuav.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wyldfiresignage.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xanderbron.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "xenum.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xn--solidaritt-am-ort-yqb.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yuyiyang.eu.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zhy.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -63390,7 +62268,6 @@ { "name": "nagrad.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "naivetube.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "netfeeds.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "networkmas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nevalogic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nevivur.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "newbernpost539.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -63400,7 +62277,6 @@ { "name": "ninjasquad.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nomaster.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nomik.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "o0o.st", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "onesearay.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "oolsa.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "oroscopodelmese.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -63488,7 +62364,6 @@ { "name": "stlouisinsuranceco.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "stonegateapartmentsstl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "strengthinyoufitness.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "swey.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "syskit.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tacticalavocado.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "telegra.ph", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -63796,7 +62671,6 @@ { "name": "murphycraftbeerfest.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mvbug.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mycreditunion.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "mypt3.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nailsart.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nan.ge", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "napkins-wholesale.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -64059,8 +62933,6 @@ { "name": "diethood.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "distinctdesign2009.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "diysec.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "dizzie.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "dizzieforums.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dnastatic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "doc.ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "doeren.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -64121,14 +62993,12 @@ { "name": "iinix.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ikparis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "industrial-remote-control.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "infoteka.pw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "infravoce.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "intellihr.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "isdr-bukavu.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jaamaa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "janz.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jcvidroseespelhos.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "jeremy.codes", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "joelving.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jogjacar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jungidee.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -64339,7 +63209,6 @@ { "name": "ypfr.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yunsoupian.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yuucchi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zeit.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zstgmnachod.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "intercom.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "06804.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -64433,7 +63302,6 @@ { "name": "continental-zermatt.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "contourheating.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "controllertech.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "cookiee.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cradle.ph", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "crowdspire.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "current-usa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -64649,7 +63517,6 @@ { "name": "raccoon.fun", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "reissnehme.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rentta.fashion", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "resepi.my", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rhycloud.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rhymc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "riffelhaus.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -64687,14 +63554,12 @@ { "name": "startablog.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "startmail.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "stavnager.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "stdemianabookstore.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "studiodentisticomasi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "surefleet.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "swi.sytes.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "takipone.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tech-ninja.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "teetje-doko.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "terrorismattacks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "terrybutler.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "textbrawlers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tgbabyzoo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -64868,7 +63733,6 @@ { "name": "esmincg2t1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "etduvindemoselle.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "eventsframe.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "evitacion.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "executiveresolutions.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "f1nal-lap.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "factory-f.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -64925,7 +63789,6 @@ { "name": "jesiensredniowiecza.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jmwap.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jobbuddy.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "jpoirierlavoie.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kappie.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kapsalonlinds.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "keez.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -65393,7 +64256,6 @@ { "name": "laan247.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lachlanallison.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "landoncreekapartments.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "laresistencia.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lartduportrait.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "laurencball.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "letsflyinto.space", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -65417,7 +64279,6 @@ { "name": "madpsy.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "madridagency.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "maikoloc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "malacat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "martinbaileyphotography.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mcblain.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "medeurope.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -65514,7 +64375,6 @@ { "name": "sexedrescue.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "shadowsocks.live", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sheaspire.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "siwyd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sketch.jpn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "skorovsud.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "skylarker.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -65624,7 +64484,6 @@ { "name": "367553.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "367556.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "387763.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "3ve.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "638566.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "666618.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "7f.is", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -65963,7 +64822,6 @@ { "name": "tvteam.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "twwd.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ugy.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "unknown.kyoto", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vdio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "venzagroup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "veronicaphotography.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -65971,7 +64829,6 @@ { "name": "vetpraxis.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vifsoft.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "viku.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "vuasinhly.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "washoedems.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "watchcow.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wb2288.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -65987,7 +64844,6 @@ { "name": "xn--anyd-7na.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xn--int-ru8ea.xn--6qq986b3xl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xn--kkcon-fwab.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "xn--l8jydta9i239uzq6aqz9a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xtremeperformance.co.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xtri.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ys6888.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66107,7 +64963,6 @@ { "name": "freeaf.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "furniturezoneboone.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ga-part.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "gabehoban.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "galaxus.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "galaxus.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "galaxus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66138,7 +64993,6 @@ { "name": "houseandgarden.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "htmanager.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hydracommunity.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "hypehost.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "idleleo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "im-in.space", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "imbiancatura.milano.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66297,7 +65151,6 @@ { "name": "tanovar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tauflight.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tchverheul.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "tech-banker.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thc-stadvdzon.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thecyberaid.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tmadev.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66305,7 +65158,6 @@ { "name": "topshelf.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "totalaccessnicaragua.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "touhou.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "tradavenue.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "trastornoevitacion.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tronlaserarena.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tsrv.pw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66475,7 +65327,6 @@ { "name": "flexve.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "floodsmart.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "floristmou.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "forever.cat", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "forthetoys.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "founderio.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fuzenet.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66577,7 +65428,6 @@ { "name": "miaololi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "midart.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "midweb.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "miku.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "millionen-von-sonnen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mirazperu.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "misini.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66712,9 +65562,7 @@ { "name": "vamosbets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vanwa.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vertigo-rec.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "viantours.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vizionnetwork.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "vkikaku.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vorbrodt.blog", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vrifox.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vygeja.lt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66771,7 +65619,6 @@ { "name": "acp-integrative.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "adarshcloud.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aditibhatia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "aduthapa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "advancedelectricalservicesqld.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ae86x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "afree.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66782,7 +65629,6 @@ { "name": "alexglover.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "allerstorfer.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "altco.group", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "alvin.cool", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ankaraevdenevenakliyat.name.tr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "antoineelizabe.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aqarategypt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66888,7 +65734,6 @@ { "name": "empatico.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "enersolelectrical.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "entropy.su", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "equiac.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "eringmaguire.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "estintori.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "etni-cidade.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66942,7 +65787,6 @@ { "name": "impactplumbingdrainage.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "indiapur.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "intoparking.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ip-ra.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "iparkki.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ipslsig.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ironpony.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -66978,7 +65822,6 @@ { "name": "lianhongrui.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "libbywinberginteriors.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "limo.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "lion-tech.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "litebit.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "literaki123.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "liubliu.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67024,7 +65867,6 @@ { "name": "notequal.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nxcd.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "odden.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "onair.ovh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "onlinehaircuts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "orthodocspro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ourocg.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67264,10 +66106,8 @@ { "name": "aei-asc.edu.my", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aero.parts", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ag88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ageragrosirdistro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "agilicus.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "agilicus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ahmedknowmadic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ai00.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aisin.ae", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ajgroup-me.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67287,11 +66127,8 @@ { "name": "alteria.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "am-39.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "am156.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "am5039.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "am5199.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "am6118.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "am8213.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "am9588.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "am9d104.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "amaranthinewanderlust.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "amateurpornhours.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67334,7 +66171,6 @@ { "name": "b2families.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bachkhoa.net.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "badedesign.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "baldy.blog", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ban.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "batiskaf.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "batteryboys.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67412,7 +66248,6 @@ { "name": "bytepark.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "byteterrace.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "c0o.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "c2media.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cabuna.hr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cakeoffencesact.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "calendriergratuit.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67479,7 +66314,6 @@ { "name": "customcontract.network", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cwwise.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cybermotives.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d8853.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dagmarhamalova.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dahliacake.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dakin.nyc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67498,7 +66332,6 @@ { "name": "defiantrust.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "delkniga42.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "denariu.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "denied.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dental-cloud.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "depedclub.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "depedsurigaodelnorte.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67571,7 +66404,6 @@ { "name": "elgrecohotel.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "elitsa.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ell888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "email-pipeline.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "emigratieplanner.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "emiliobonelli.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "enderle.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67652,7 +66484,6 @@ { "name": "gruper.mk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gutenbergthemes.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gvwgroup.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "gwilken.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "h-ealthy.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hackhouse.sh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hackingarise.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67752,7 +66583,6 @@ { "name": "k8668.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kaloni.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kartbird.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "karuna.community", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "katieriker.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kaypasocks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kb09.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67780,10 +66610,6 @@ { "name": "koreaninhd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "korem011-tniad.mil.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "krikorianconstruction.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks0718.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks0768.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks0877.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks0996.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ks5000.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ks5660.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ks88.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -67814,7 +66640,6 @@ { "name": "limsia.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "limsia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "linge-ma.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "linuxhub.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "linuxno.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "litebit.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "littlenlargeevents.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68150,7 +66975,6 @@ { "name": "shopunilever.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "shsh.host", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "shunliandongli.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "sieuthigomviet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "siggi.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sik-it.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "silverblog.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68231,7 +67055,6 @@ { "name": "superlisa.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "survivingmesothelioma.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "svatbamisiaviti.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "svc4u.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "svdesign.su", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "swisscypher.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "swy.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68352,7 +67175,6 @@ { "name": "voidnya.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vojtekpince.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vonimus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "vonitsanet.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vpsvz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "vtul.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "w4solutions.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68382,7 +67204,6 @@ { "name": "workplace.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "workshopengine.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wound-doc.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "wpabu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wpbox.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wrestling.net.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "wsetech.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68438,9 +67259,7 @@ { "name": "xn--die-hrercharts-zpb.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xn--t8jo9k1b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xpiuat.global", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "yamei1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yamei8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "yamei88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yao28.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yesogovinpetcare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ym039.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68469,14 +67288,12 @@ { "name": "01-edu.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "123birthdaygreetings.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "373816.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "5197dh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "68hvip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "731716.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "731783.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "736371.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "736381.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "961621.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9728dh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "977hghg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9988ty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aaa-racing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68567,7 +67384,6 @@ { "name": "dragcave.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "e-referendum.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "echomall.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "edsinet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "edugundavetiyesi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ej.uz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "elblogdegoyo.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68630,8 +67446,6 @@ { "name": "ivocopro.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ivocotec.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jeancafe.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "jms8.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "jmsjms.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jmsjms.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jmsjms.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jmsjms.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68672,7 +67486,6 @@ { "name": "lvtrafficticketguy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lycetre.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "magicroom.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "makariza.com.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "malenaamatomd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "maniaiti.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mantachiepharmacy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68711,7 +67524,6 @@ { "name": "noxx.solutions", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "olitham.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "oneearthapp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "onevpn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "opcare.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ortho-europe.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ourfavorite-kakamigahara.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68719,7 +67531,6 @@ { "name": "parsdev.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pechonova.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pentagonreviewcenter.com.ph", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "peter-hurtenbach.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pirapiserver.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "planningsagenda.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "plumbingkingsllc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -68952,9 +67763,6 @@ { "name": "504737.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "518558.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "5197.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "5197dns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "5197dz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "5197sx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "52051.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "52051a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "52051b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69020,7 +67828,6 @@ { "name": "6133feng.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6859551.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "715805617.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "758m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "7717411.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "781371.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "781376.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69045,20 +67852,11 @@ { "name": "8666213.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "8880005555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "919093590.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "91d27.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9297.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9297dns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9297e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9297hb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9297hd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9297p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "962312.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9728.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9728dns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9728dz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9728hb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9728hd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9728sx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "98198823.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "989868888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "99818adc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69211,7 +68009,6 @@ { "name": "epiclub.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "eppione.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "equi.ac", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ertir.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "escapejoplin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "esu.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "etajerka.spb.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69220,7 +68017,6 @@ { "name": "expromo.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fabianbeiner.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "facchinaggio.milano.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "facfox.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fafa106.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fallenmoons.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fallin.space", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69265,7 +68061,6 @@ { "name": "hingston.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hm5189.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "houhaoyi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "howson.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hpvtimmerwerken.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "html2gutenberg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hugonote.ovh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69469,7 +68264,6 @@ { "name": "tagtoys.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tarfin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "taxi-edessas.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "techzjc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "televizeseznam.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "testvocacional.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "texasurodoc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69591,7 +68385,6 @@ { "name": "1sand0s.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "293921.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "3615jacky.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "5197.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "5197a.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "5197aa.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "5197b.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69600,7 +68393,6 @@ { "name": "5197cc.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "5197d.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "5197dd.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "5197dh.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "5197e.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "5197ee.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "5197f.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69652,10 +68444,7 @@ { "name": "8228d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "8230d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "842844.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "91d52.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "91d58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "91d89.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9297.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9297a.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9297aa.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9297b.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69818,11 +68607,9 @@ { "name": "9721yy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9721zz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9728.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9728a.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9728aa.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9728b.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9728bb.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9728c.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9728cc.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9728d.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69873,7 +68660,6 @@ { "name": "9728yy.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9728z.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9728zz.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "9k886.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "a30.tokyo", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "a5197.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "a9297.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69904,7 +68690,6 @@ { "name": "asfaleianet.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "attendanceondemand.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "auvidos.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "awakenedmind.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "awesomenamegenerator.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "b5197.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "b9297.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69915,7 +68700,6 @@ { "name": "bb9721.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bb9728.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "beardboys.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "bernama.com.my", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bernbrucher.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bernbrucher.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "blideobames.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69926,7 +68710,6 @@ { "name": "brandonlui.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "brandweerbarboek.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "briansemrau.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "broerict.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bsaft.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "business-creators.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "c5197.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -69957,7 +68740,6 @@ { "name": "corruptsamurai.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cyberfamily.network", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "d5197.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "d8872.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "d9297.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "d9397.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "d9721.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -70172,7 +68954,6 @@ { "name": "managedservicesraleighnc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "maorx.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "marinat2012.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "marsble.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mazepa.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "medcorfu.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "medicinasaludvida.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -70226,7 +69007,6 @@ { "name": "o9728.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "oasiristorantebagno.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "octavus.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "offtopic.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "okazoo.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "olmik.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "omerefe.av.tr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -70247,7 +69027,6 @@ { "name": "paratlantalalkozas.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "partin.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "passionate.org.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "pd2bans.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pentatec.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "permisecole.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "persefonne.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -70343,7 +69122,6 @@ { "name": "sicurled.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sidi-smotri.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "skulblaka.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "skyparlourfilms.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "solarloon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sondebase.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "spilnu.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -70522,14 +69300,9 @@ { "name": "z9721.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "z9728.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zacco.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd1313.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zebranolemagicien.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zhaotongjun.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl016.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl7373.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zl8849.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl9292.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zl9696.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zz5197.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zz9297.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zz9397.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -70587,7 +69360,6 @@ { "name": "9181187.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "9181189.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "99321365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "aaminntourtravel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "abmackenzie.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "academica.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "account4u.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -70598,7 +69370,6 @@ { "name": "adrian.web.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "affairefacile.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aguarani.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "akuseorangtraveler.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "alamowellnessalliance.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ambulari.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "apachezone.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -70661,7 +69432,6 @@ { "name": "brooklynentdoc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bsmn.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "buscasimple.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "businesscircle.com.my", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "caiben.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "californiawomensmedicalclinic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "campgesher.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -70694,7 +69464,6 @@ { "name": "cristianrasch.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "crux.camp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "csd-slovenije.si", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "curatedtaste.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cureatr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cyclonebikes.com.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cyphar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -70739,7 +69508,6 @@ { "name": "fabservicos.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "factorio.tools", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "factoriotools.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "farzli.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fashioneditor.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "feministspectrum.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "findaffordablehousing.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -70791,7 +69559,6 @@ { "name": "invuite.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "isamay.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "isterfaslur.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "isusemasa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "it-meneer.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "itsburning.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "itsynergy.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -70818,7 +69585,6 @@ { "name": "jake.wales", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jake1.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jakewales.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "japansm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jbeta.is", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "johngmchenrymd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "juristique.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -70826,16 +69592,11 @@ { "name": "katalogkapsli.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kb8882.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kb88dc23.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "keyyek.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "khairul-zamri.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "koboldmalade.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kotke.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kouponboket.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kpopsource.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "krasnodar-pravoved.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks080.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks191.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks381.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ks628.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kulturmel.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kuwichitagastro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -70858,7 +69619,6 @@ { "name": "lorenzocompeticion.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lsiq.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "luckystorevn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "mac101hq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "madsstorm.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "manicuradegel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "manicuradegel.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71253,7 +70013,6 @@ { "name": "rejoice1009.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rene-eizenhoefer.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rentsbg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "resepimok.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "reuzenplaneten.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "reviewu.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rexxworld.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71325,7 +70084,6 @@ { "name": "thsc.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "thscpac.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tmachinery.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "tojannah.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tomjepp.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "towzone.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "traslocatore.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71421,10 +70179,6 @@ { "name": "yellowparachute.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yoelelbaz.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "yr8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd1717.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd6565.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd8863.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zd8869.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zingpetfood.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zl9889.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "01918.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71458,11 +70212,9 @@ { "name": "567666365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "616f88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "618btt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "618btt.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "666365app.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "666365ios.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "666365iosapp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729aa.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71497,8 +70249,6 @@ { "name": "6729gg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729h.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6729hb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6729hd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729hh.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729i.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71538,7 +70288,6 @@ { "name": "6729s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729ss.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729ss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6729sx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729t.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729tt.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71556,7 +70305,6 @@ { "name": "6729x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729xx.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729xx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6729xy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729y.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729yy.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71564,58 +70312,38 @@ { "name": "6729z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729zz.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6729zz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957a.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957aa.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957apk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957app.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957b.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957bb.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957c.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957d.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957dd.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957dh.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957dz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957ee.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957f.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957ff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957g.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957gg.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957gg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957h.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957hd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957hh.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957hh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957i.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957ii.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957ii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957ipa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957j.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957jj.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957k.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957kk.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957kk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957l.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957ll.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957ll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957m.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957mm.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71624,28 +70352,17 @@ { "name": "6957nn.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957nn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957o.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957oo.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957oo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957p.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957qq.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957r.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957rr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957s.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957ss.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957ss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957sx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957t.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957tt.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957tt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957u.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957uu.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957uu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957v.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957vv.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71653,23 +70370,17 @@ { "name": "6957w.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957ww.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957ww.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957x.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957xx.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957xx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957xy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957y.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957yy.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957yy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957z.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "6957zz.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "6957zz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "7ka.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "86btt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "876666365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "8809d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "8826ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "8858ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "8868ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71702,14 +70413,11 @@ { "name": "918btty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918bttz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918ca.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "918caa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "918cch.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918ch.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918cr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918cx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918dc04.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918dc16.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "918dc20.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918dp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "918ej.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71761,7 +70469,6 @@ { "name": "aa6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aa6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aa6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "aa6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aaron-russell.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "aboutpublishers.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ac-cosmetics.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71794,13 +70501,11 @@ { "name": "barankababra.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bb6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bb6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "bb6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bc-reloaded.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "beachmarketing.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "beproduct.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bettaline.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bevhills.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "bezmlska.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "biancapulizie.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bibliotherapie-existentiale.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bilibili.sh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71809,7 +70514,6 @@ { "name": "boran.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bphostels.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bruckmuehler-kanu-club.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "brunetderochebrune.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bta00.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bta55.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt-39.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71820,7 +70524,6 @@ { "name": "btt2020.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt2121.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt213.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "btt217.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt219.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt225.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt256.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71828,7 +70531,6 @@ { "name": "btt381g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt529g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt686.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "btt776.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt8.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt88.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt88818.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71836,9 +70538,7 @@ { "name": "btt8989a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt907.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt9090.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "btt918.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt945g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "btt9797.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt9898.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btta13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btta15.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71863,7 +70563,6 @@ { "name": "cc6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cc6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cc6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "cc6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "cendata.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "center-elite.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "centralconvergence.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71890,7 +70589,6 @@ { "name": "datisstom.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dd6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dd6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "dd6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "decal-times.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "declarationlocationmeublee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "delphia.ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71925,7 +70623,6 @@ { "name": "eastwind.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ecuatask.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ee6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ee6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "elevationtech.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "elitebike.com.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "elpaseadordeperros.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71957,7 +70654,6 @@ { "name": "fe-data.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ff6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ff6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ff6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "filecloud.fun", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "files.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "fizjoterapia.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71976,7 +70672,6 @@ { "name": "gg6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gg6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "gg6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "gg6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "globecollege.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "goehler-baumpflege.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "goprimal.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -71994,7 +70689,6 @@ { "name": "hh6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hh6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hh6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "hh6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hidroshoping.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "hoofdredacteuren.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "horochx.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72036,7 +70730,6 @@ { "name": "jj6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jj6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jj6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "jj6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jobalicious.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "jobsindemedia.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "johnkraal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72055,11 +70748,9 @@ { "name": "kk6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kk6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kk6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "kk6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kli.is", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ks0618.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ks0776.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ks681.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "kupiewszystkieauta.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "l6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "l6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72077,7 +70768,6 @@ { "name": "ll6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ll6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ll6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ll6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lock.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lockme.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "lockme.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72092,7 +70782,6 @@ { "name": "madwarlock.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "maesinox.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "magdeburg.directory", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "maltarea.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mariasbonitas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "marktguru.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "marktguru.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72111,14 +70800,11 @@ { "name": "mm6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mm6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mm6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "mm6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mneti.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "modelemax.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "mononom.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "monospazzole.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mouche.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "mrichard333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ms-a.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "myparisiankitchen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "n6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "n6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72138,7 +70824,6 @@ { "name": "nn6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nn6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nn6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "nn6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nophelet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nousyukum.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "nullxsec.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72153,7 +70838,6 @@ { "name": "oo6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "oo6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "oo6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "oo6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "oo918.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "orologeria.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "p1979.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72173,7 +70857,6 @@ { "name": "poopthereitisla.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "potsdam.directory", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pp6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "pp6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "praleria.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "prepagosyescortforyou.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "primos-tech.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72188,7 +70871,6 @@ { "name": "qq6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "qq6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "qq6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "qq6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "quic.network", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "r6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "r6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72232,7 +70914,6 @@ { "name": "shibbydex.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "siikaflix.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sjamaan.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "sjp.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "skolnilogin.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "skolniweby.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sldlcdn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72248,7 +70929,6 @@ { "name": "sqdll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ss6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ss6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ss6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "sspanel.host", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "stariders.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "starvizyon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72289,7 +70969,6 @@ { "name": "tt6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tt6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tt6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "tt6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tt918.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tyree.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "u6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72300,7 +70979,6 @@ { "name": "uu6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "uu6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "uu6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "uu6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ux-designers.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "uxdesignerjobs.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "v6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72331,7 +71009,6 @@ { "name": "ww6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ww6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ww6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ww6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "x6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xinbo190.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xinbo269.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72371,7 +71048,6 @@ { "name": "xx6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xx6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xx6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "xx6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xy6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "xy6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "y6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72399,7 +71075,6 @@ { "name": "zhenggangzhao.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zz6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zz6957.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zz6957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "0--1.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "14159.gb.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "200201.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72443,8 +71118,6 @@ { "name": "a1post.bg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "a6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "adamlee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "adversus-test.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "adversus-web-staging.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ag-2.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ag-3.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ag-33.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72490,7 +71163,6 @@ { "name": "anunturitv.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "arcovix.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "arufu.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "asngear.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "asociacionbienestarinmobiliariobogota.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "auburnperio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "autopark-ost-fichtner.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72500,7 +71172,6 @@ { "name": "axom.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "backmitra.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "balafon.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "balkancrystals.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "baroloboys.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bb6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bbc67.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72514,7 +71185,6 @@ { "name": "bigbank.ee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bishoptx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "bongbabyhouse.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "boutique-giovanni.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "boxlink.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt1111.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "btt1313.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72600,7 +71270,6 @@ { "name": "defibrillateur.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "delpark.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "devops.pf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "die-partei.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dimo-analytics.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dimo-crm.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dimo-dematerialisation.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72621,7 +71290,6 @@ { "name": "dreamsxxl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "duchateaugyn.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "dunyahalleri.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "duoyin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "e-mandataires.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "e-michiganinsurance.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "ebooknetworking.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72783,7 +71451,6 @@ { "name": "payps.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "pensionecani.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "perfect-privacy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "phanmemcuocsong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "philia.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "phonefleet.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "phpmynewsletter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72808,7 +71475,6 @@ { "name": "quintenbraakman.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rabotayes.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "radicalepil-haguenau.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "ragtimeinrandall.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "raiffeisenleasing-kosovo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rambedjeans.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "rayadventure.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72857,7 +71523,6 @@ { "name": "ss6729.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "starfixreparaciones.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "stemkit4kids.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "stephenschruhl.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "stokl.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "storzrealty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "suksesbisnisonline.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72881,7 +71546,6 @@ { "name": "transferwiseturkiye.com.tr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "treeline.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "triozon.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "triplecrossfarm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "trophy-discount.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "trophy-solution.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "tukdesigns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, @@ -72913,10 +71577,11487 @@ { "name": "zell-mbc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zenways.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zhujiceping.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, - { "name": "zixin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "znakcomstva.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zoso.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, { "name": "zz6729.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "000btt.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "015kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "016kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "026kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "055kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "056kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "058kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "066kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "068kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "071k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0760ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0763ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "076k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "077k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "078kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "109k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "113k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "13-th.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "133ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "135416.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "159ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "160763.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1661618.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "170376.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "170386.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "178kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "178ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "181k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "182ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "185k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "192569.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "210k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "213k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2222k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "222k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2264707.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2isk.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3333k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36594.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "398kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "39w66.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "508kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "518k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "565kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "585kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "616btt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "660887.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66619991.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "666k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "668k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "668k8.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "673569.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "688libo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "71787777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "76668.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7666898.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "76669.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "787kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "806kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "819kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "856kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "869kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8801ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8859ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "885kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8885ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8886ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88kash.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88kb88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9108.fun", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918aac.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ayy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918cca.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918dxx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918eej.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918yy.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "97735.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "977kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9800.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "985kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "99989796.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "99989796.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9998k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9999k8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9999k8.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "99d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9h.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9to5notes.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abogadoperu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abogadoscav.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acceptancerecoverycenter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "activephoto.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adrian2023.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "advancedpestspecialists.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag600.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag800.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88086.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag978.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks08.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks11.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks133.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks19.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aglc8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agworkers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aidmycomputer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aitrust.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allram.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "almisnedrm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "andicui.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "andicui.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "animebits.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antoniogatti.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "apotheke55.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "applegun.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "appraf.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "artsmarket.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "artyengine.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asananutrition.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "axone-computers.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "azlocalbusiness.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "backmitra.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "backmitra.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "baiyu.blog", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "baiyu.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "banglets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bdupnews.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "belgraver.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bin92.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bintach.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bitcoin-wizards.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bitcoiner-or-shitcoiner.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "black-cat-seo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blondesguide.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bransive.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brettpostin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "broadyexpress.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bsimyanmar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt0707.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt269g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt932g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt996.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "butterflycare.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bytheglass.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "campaignlake.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "canine-mobility.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carefulcolor.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carloshmoreira.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cartaodigi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cashflowstrategist.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "casino-cash-flow.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "celiac.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "centricagency.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chrisx.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clearspringhealthcare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cnymenshealth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cododigital.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "comeyegroup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "comicsans.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "contabilidadebrooklin.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "contactaffix.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "correctemails.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coteetciel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "creatic.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crebita.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crmenrich.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cryptonx.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "csy.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d888818.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dachbleche24-shop.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "data-captive.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "databasez.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dddmelbourne.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "detrapdoor.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "devrim.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "diariodearaxa.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "disinfestatore.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "displaysfas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "diver-equipment.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doctorperu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "domjh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "donnabrothers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dsi7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dt688.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "duama.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dzu.life", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "e-emploi.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eaststudios.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "easyrents.com.ng", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eckstein.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "edmm.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "educaestado.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eine-andere-welt.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "emailtemporal.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "emcentrix-com-site-mvc.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "emotionalmente.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "encryptlist.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "energybank.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "esalesclub.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "escobarservice7000.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "estadoreclamos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "esthe-zukan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eve-online-com.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eventim-business.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eventim-business.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ewar.lt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "facadeforum.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "facchinaggio.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "factoriotools.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "factoriotools.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "failforward.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ferprobolivia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ff763.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ff769.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ff916.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ff967.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ffdhw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "filehippo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "firc.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fisioterapista.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fpsv.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "francisdelreal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fresh4.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fro.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "funcabinrentals.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fundamentt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "galganoboutique.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gass-transformatoren.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gemstn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "genioideal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gggggg.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "giaoxudongtri.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "glexia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gobiz.com.my", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goldenhostmyanmar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gordyf.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "habbstars.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hallaminternet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hanyingw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hashtagswimwear.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hdwalldownloads.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "he.kg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "healthyhomesofmichigan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "heijmans.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "henlich.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hepla.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ho18.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ho518.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ho68.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ho918.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hubitt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "huotuyouxi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hv-huset.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hvt.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "i-fastnet.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iceandfiremechanical.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "idealize.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ilc666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ime-a-tolerancia-eredmenye.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "imedia.com.sg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "imediamyanmar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "imediasingapore.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "immivest.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inboxceo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "industinc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inewroom.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "instantdomainsearch.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "investforum.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "italiataxi.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "itaporanga.se.gov.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "itmx.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "izs8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "japanese-cuisine.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jecurranpc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jobit.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "joeldbolivarc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "johnsongenealogy.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "judaicaganeden.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jumpbuttonnorth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "juszczak.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jvdz.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8002.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k80039.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8023.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8037.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8039.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k805.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8063.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8071.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8075.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8082.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8102.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8106.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k81111.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8125.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k816.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k816.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k82222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8268.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8268.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k829.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8368.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8368.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8370.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8403.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8421.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8437.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8463.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8487.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k851.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k852.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8524.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8533.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k86681.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k86788.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8694.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k86965.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k86988.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k87777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k88208.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k88801.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k88870.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k88891.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k89188.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k89388.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k89999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8dc01.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8dc13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8dc17.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8md01.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k8md12.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi006.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8835.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8839.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8844.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8857.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8864.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8875.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8890.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8897.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kebhanamyanmar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kf-59.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kf0000.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kf388.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kf588.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kf6464.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kf6868.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kff7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kidneydonation.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kodikom.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "koreanrandom.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kr.cm", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0098.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0168.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0188.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0288.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0388.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0550.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0577.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0588.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0599.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0858.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks098.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks15.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks16.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks16.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks1608.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks161.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks18.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks200.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks2000.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks28.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks28.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks32.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks36.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks55.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks58.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks636.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks66.la", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6601.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6602.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6603.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6605.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6607.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6609.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6612.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6615.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6617.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6618.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6619.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6620.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6621.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6623.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6625.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6627.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6628.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6629.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6630.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6631.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6632.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6635.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6637.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6638.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6650.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6651.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6652.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6653.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6656.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6657.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6659.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6670.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6671.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks68.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6808.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6860.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks81.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks86.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks86.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8600.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks888.la", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks89.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks958.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks98.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ladakhtrip.tours", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lasterhub.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc1588.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc1818.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc389.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc460.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc5998.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc68694.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc68699.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc8.fun", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc8.live", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc8.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc8841.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc8893.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc8a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc8dc12.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc8dc14.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc8dc17.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc8guidance.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc8md03.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc8md30.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc98.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc9852.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lc9910.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lecheng.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lecheng08.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lecheng88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ledspadova.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "libertas.co.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lifestorage.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "livv168.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "livv88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "locksmithsinsanantoniotx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lombri-agro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long788.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lonny.ee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "looptics.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lord.city", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "loveweddingphotosandfilm.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lucidlink.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lysbed.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "magnumwallet.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mailbro.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maximind.sg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mayper.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "md19lc8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "md21lc8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "md24lc8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "md33lc8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "medicoleads.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mein-einszueins.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mercedes-benz-kiev.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "miguelkertsman.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mikaeljansson.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mipnet.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "missivystorm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mklenterprises.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mklenterprisesacademy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mklenterprisescoaching.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mmpaymentsystem.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "momobako.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moosmaus.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "motorzone.od.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "movementdanceacademy.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mrsiding.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mueblesemporium.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mypromoshop.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nationalcashoffer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "navaneethnagesh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nerdinator.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "netsoj.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nicaise.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nikitin.photo", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nnkkserver02.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "noop.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "notablepeeps.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "o98.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "okmyanmartravels.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ommcitalflex.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "onetwosweetatelier.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orchardnh.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orembaeviajes.tur.ar", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "overmark.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p-mint.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paal.network", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pakaranggrek.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parleur.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pawnkingloansmore.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "peaceandjava.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pekinet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "philiperiksson.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "phonedoc.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "playstationtrophies.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "poke.blue", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "porondam.lk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "positiveaffirmationscenter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pranita-schals.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pranita.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pranita.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pre-renewal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "premiereco.com.sg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "princezna.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prodatalabs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "psicanalista.milano.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pterodactyl.org.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pya.org.tr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qed.ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qq6177.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qq6177.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qualbe.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "quizz.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rattattees.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rcra-uganda.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "refjob.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rheijmans.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "richieheijmans.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "richieheijmans.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "richieheijmans.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "root.vg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rubylabs.am", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sajter.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sanyasingh.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saobancrafts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sarae.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "schack.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sensorville.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "serpic.photo", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "serviceinconstanta.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sharpe.systems", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shiftsixth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sofiaestado.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "somp-rp.su", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sonderkomission.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "soptq.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sorx.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sounavholidays.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sploch.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spokesly.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ssrjiedian.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "starorusing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stlouisnativeflute.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sukoyaka-labo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "supersena.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t7ys.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tapety-na-pulpit.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tdyx-china.com.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "techdatapark.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "the-alan-parsons-project.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theoriginalmarkz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thevirtualbookkeepers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tintoria.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tohofc.co.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tomasmoberg.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "torresshop.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tqm1.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "treehole.life", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trevo-lotofacil.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "twlitek.com.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "umail2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unicode.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "universidadperu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "update-linthdcp-567app1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "upplay.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vahoshop.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "viralify.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "visitorslist.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "visualproyectos.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vonkuenheim.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w3punkt.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w66161.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6619.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6648.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w66918.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w66938.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6969.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wasgigant.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "watchmetech.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wattnow.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wb6668.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "we5688.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "we6668.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "we9988.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webcaptive.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webhostingspace.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "werd.pw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wheretogomyanmar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "win365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xboxachievements.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--90adahrqfmec.xn--p1ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--e1aaavheew.xn--p1ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--e1aaavheewr.xn--p1ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--e1adlfhcdo7h.xn--p1ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--j1aoca.xn--p1ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yuzurisa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl9814.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zlogic.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "010777a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "010kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "010ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "143918.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2030411.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3040519.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "35898a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "35898b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "35898c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "35898d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "35898e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "35898g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "35898h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "35898j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "35898k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "35898m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "35898s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "35898w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "35898x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "35898y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "35898z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5060711.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5060715.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "55d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "58d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "71787m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "71787n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "71787o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "71787p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "71787q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "71787r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "71787s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "71787t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "71787u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "71787v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "71787w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "71787x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "71787y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "71787z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "77177.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7sdre.am", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "809kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8208d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8812ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8818ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8819ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8890ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8892ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ac.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918bbt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918bby.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "98d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aartsplastics.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acg.vc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ae86nb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aghayeva-edler.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "airlock.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "akinix.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alexandreguarita.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alfacharlie.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alforto.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "all4nursesksa.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allcoveredbyac.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aloralabs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alteraro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alteraro.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "altonkey.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amusa.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antincendio.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "appizia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asart.bg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "australianstrongmanalliance.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "axin888.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ayvalikgezgini.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "baeckerei-wohlgemuth.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bank-tour.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "barca-movie.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "becquerelgroup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bestsingingbowls.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blogkuliah.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boren.shop", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt0707a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bttt111.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buybutton.store", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buycccam.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "casinorobots.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cbr-rcb.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "certificato-prevenzione-incendi.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chaboisseau.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chattingorcheating.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "checalaweb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chenx221.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chenx221.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chenx2210.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chrystus.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chun.si", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clare3dx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "claudiney.eti.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cmshangu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cnbibo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cnss.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "col-head.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "commonsenseamericanpolitics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "consertodecelulares.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "correctlydesign.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cosmohit.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "costarellos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coveredinspiders.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crosswords123.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cryptoclix.website", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cyberme.sh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cyberpathogen.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cyllos.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d1ownqs4tcx37f.cloudfront.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8118.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8228.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8787.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d881.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8811.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8816.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8819.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d886.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8864.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d887vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8886.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88877.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8898.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8998.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "davidgreig.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dbplanview.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dealdump.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "definitions360.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "degradarium.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "deluxecccam.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dennishzg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "derco.com.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "digihoc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "districtcapital.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dockstarter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dor-tak.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dor-tak.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "downunderporn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dr-royaghafourifard.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dranous.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dreamstudio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dresdner-stollen-von-reimann.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "drgeadsdavinci.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "drivermototaxi.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dryudha.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "duggtec.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "earn99.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ecpic.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "egold-keeper.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ekimma.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ellatotal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elri.blog", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eon.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eradoom.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ero-video.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "estetici.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "esyoil.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "farm-vacations.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fern.health", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fff-du.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ffmv.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fheuschen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fjco.alsace", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flonharmonymassage.space", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flowinity.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fortygordy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fraplaster.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "frasestop.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "frosty.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fulibyg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "funyirotraktor.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fuvi-clan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "getonyx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "glammybabes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goaskrose.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gopayz.com.my", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gopnikman.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gordy.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gordyforty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gpcp.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gpna.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grantpark.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "guancha.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gulcinulutuna.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "haehnel.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hawaiiwho.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "healthfitapp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "heinrich-kleyer-schule.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hereticle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "herrschaftlich-durch-dresden.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hks-ffm.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hotvideosgalleries.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hudognik.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hunngard.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "husqvarnamoped.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hvgg.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ibidyoupeace.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "idirect.com.ng", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ihre-pflege-sachsen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "immortec.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inditoot.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "infradeep.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inmag.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "integritet.com.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "intensivpflege-sachsen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ips-ihre-pflege-sachsen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ips-sachsen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ird.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ishigurodo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "istdas.lol", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "itemorder.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ja-no-me.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jaja.wtf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "janome.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "javaweb.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jcsdevelopment.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jellysquid.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jenniferlucia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jordanhamilton.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "julia-thonig.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jupuglia.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaffeeringe.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaseban.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kashbet.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb9988.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kbet168.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kensyou.network", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kill.trade", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kleyer.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "klumba.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kommx.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kriptoworld.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks009.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks058.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0788.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks081.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks086.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6658.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6665.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks680.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8802.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8812.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8825.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8831.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks902.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks912.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks921.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kvestiks.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "le-upfitter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "learncrypto.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lewdlist.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lewismcyoutube.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lichform.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "listsothebysrealtyhk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lodus.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long388.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long510.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long8039.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long918.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long988.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lovingbody.yoga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ltheinrich.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mangowave.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mansarda-life.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marex.host", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "martian.community", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "matchpointusa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mattadams.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mediation-mv.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "merza.is", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "method.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mfsquad.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mickgrimesgamingpodcast.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "model.earth", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "modul8infinity.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mondonet.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mousemade.art", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mrsheep.win", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "muratatifsayar.com.tr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "murmashi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "n3ro.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "n3ro.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nahouw.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nasladko.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "naslovi.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ncascade.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nednex.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "networkmas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newdirectionsolar.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nobleandlore.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nodebb-cn.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nolte-imp.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nooben.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "noticiasymas.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "noustramits.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "numeritelefonici.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oncotarget.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "onsudoku.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "onzerelaties.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "opbedbugcanines.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "openai.community", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "operationsafeescape.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "optimo.com.tr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ordermygear.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "osterlensyd.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pandiora.pw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pay.mg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pcr24.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pixelabs.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "planet.live", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "popitsnack.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "proctorauth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "programyburian.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "proj3ct.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "projectobs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "puntasiho.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "raistrick.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reviewcenter.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rfxt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rheijmans.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "richie.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rthsoftware.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ru-e-business.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "russianrandom.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "russianrandom.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saludnutrivida.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "salzerperu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "samuelebencini.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sanctumwealth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "santanderibc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sasquatt.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "savebees.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "schneckenhilfe.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scolasti.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sen.bo", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sevengang.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "signmycode.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "singer.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smaltimento.salerno.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smartpatika.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smartvita.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smilesondemand.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smtvonline.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "snapintegrations.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "softwaresen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spstaticfiles.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "startle.studio", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "studyportal.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "swdiscount.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "syogainenkin119.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taichichuanyang.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tanshin.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tappezziere.milano.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "techmunchies.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "technotronikcanada.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tentacletank.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "terudon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "texier.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thaimega.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thenewclassics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thooka.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tomthorogood.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tomthorogood.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "toparkinfo.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tourdatenarchiv.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tranvia.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unclebens-specials.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "universovalve.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "upmon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uze-mobility.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uze-mobility.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uzemobility.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vademekum.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "valuecashhomes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "valuecashoffers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "verified.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vipd88.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vladimir-chanaev.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wanlieyan.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "waroengkopigazebo.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wav.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webtrek.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wellcareliving.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "westernparts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wheredoi.click", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wieloswiat.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wikijugos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wikiversus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wittywomaniyaa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wot-zadrot.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wotzadrot.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wyckoff.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wyckoff.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--bckerei-wohlgemuth-ltb.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xtremealaskainsulation.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "youngvoicesmatter.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8193.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zaadnet.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zombie-40th.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ztk.im", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "010888a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "10365a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "135374.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "17187q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "177ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1ag777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1ag88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1ticks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "233hub.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "233hub.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "23lhb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "291.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "501117.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7893.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7894.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7l00p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "82ag88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "89386.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "89386a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "89386b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "89386c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "89386d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "89386e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8ag88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9ag88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acatec.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acquaparrucchieri.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acquire.media", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adidasrunningpartners.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adpkdsim.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adventureworldtour.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aeksistem.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aetherlink.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "afterpay.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag0101g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag0202a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag0707a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag1515a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag1588.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag2020a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag3131a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag3232g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag4141a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag4848g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag4949g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag5688.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag6005.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag6016.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag6033.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag6037.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag6072.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag6086.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag6211.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag6215.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag6225.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag6306.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag660.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag698.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag700.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag80808.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag80880.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag855.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag87777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88-guide.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88001.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88018.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88028.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88056.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88068.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88080.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88081.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88089.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88090.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88094.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88098.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88110.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88158.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88220.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88309.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88518.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88550.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88618.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag887.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag8876.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88799.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88801.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88818.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag8890.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88905.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88906.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag8891.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88988.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88dc22.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag89000.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag998.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agaa41.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks008.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aglh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agm2525.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agm8383.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agvip168.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agvip88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agvip8800.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agwin7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agyacht.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ai-media.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aj-foster.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aktca.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alchemy.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allcarespecialty.pharmacy", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allied.sh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alpharail.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amsfoodhk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anora.ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "approval-workflow.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "apt-one.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "archina.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aresanel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "as5158.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asaabforever.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "atheist-faq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "autospurgo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "axiodl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ba47.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bakersfieldhomeoffer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "becomeabricklayer.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "beizsley.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "beizsoft.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "beizsoft.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "benjaminmarket.com.ar", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bettyweber.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "big-tits-video.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blackstrapsecurity.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blaumedia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blenderman.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blogdefarmacia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "botnam.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bouwplaatscheckin.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "briangosnell.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brianpagan.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buddy-development-rabodirectconnect-api.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buddytop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buggmedia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buggshop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "byraje.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "caetanoflotas.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cafedelahalle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carbonating.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "casino-cash-flow.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "casino-cash-flow.com.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "casino-cash-flow.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "casino-cash-flow.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "casinocash-flow.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "casinocashflow.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "casinocashflow.su", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "casinocashflow.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cdireland.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "centumail.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chataberan.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chaturbate.com.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cheapautoinsuranceblog.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chicguay.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cifapme.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clinicaltrialpodcast.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloudclouds.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "colombiajeans.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "connexfilter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "contact.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "copticexchange.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "corriel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "creationsgate.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "creermonsite-wp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crossroads-gmbh.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cuatroymedia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cumnock.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cybersecurity.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "danbergen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dccwiki.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "defensivefirearmsinstruction.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dennisforbes.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "diarionoticia.pe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "diretashop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dnsmate.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "donaldjenkins.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dorfpark-falkenburg.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doublelist.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dreatho.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "drogavista.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "droperplus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dsgvo-analyse.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dziaduch.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ebteam.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ecalculator.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "edcaptain.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eet.nu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eikentafels.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eisblau.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elldus.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "emrullahsahin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "enodais.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "espaciosdelalma.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eve-ua.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "evearly.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "everglow.co.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "expromo.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "extrawdw.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fapp.tube", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "farmacia-lloret.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fashionflavorph.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fattyink.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fernland.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fhservices.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flywus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "frozendurian.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fundkyapp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "funmountaincanyon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gaganenterprises.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gambling-business.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "getcheapinsurancenow.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "glamur-video.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "godan.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goldlevelmarketing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goldlevelprint.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goparity.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goswak.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "graviola.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gunlukburc.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gutscheinemagic.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "guzdek.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gynem.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hannes.paris", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hellosalmon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "highpressuretech.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "holtackersleather.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "horsky.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "housemates.uk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "humanit.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "humaniza.com.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hwxvip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hyncice.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ilemonrain.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "infosexual.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ingwaz.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "init.blog", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inprotec.com.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "intakesync.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "intellimatica.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "internetstiftelsen.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inwebo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ip6.li", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iperconnessi.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ironfittings.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "irrigadorbucal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "itsuki.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ivanaleksandrov.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j-l.pw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j1879.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jean-luc.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jezeravillage.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jezibaba.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jmsjms.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "joustsec.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "joustsec.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "joustsecurity.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jouwtechnischecoach.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "joyinverse.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jpprivatehiretaxis.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jugwallonie.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "justmysocks.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jwr.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k-sails.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kawaiicon.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb0283.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb1717.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb2929.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb3636.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb7272.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb7373.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb848.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb9292.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb9797.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kbcso.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kiokoman.eu.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kk575757.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "konfekcjonowanie.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "koreanrandom.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks3636.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks5808.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kusadasiforum.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "labworks.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lamujerquesoy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lelux.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "leminhduong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lenafonster.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lesbi-porno-video.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilomatrixcorner.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "linux.pizza", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "little-bird-bayreuth.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lnhydy.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lnrsoft.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "logiccircle.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "loginmailpage.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "londontaxipr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "luctam.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lueersen.homedns.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "luu.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lxx77.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "m23cal.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "magestionfinanciere.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "magic-photo-events.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maiscelular.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mamaisondefamille.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mamasorganizedchaos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "manelli.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mangabank.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mantuo.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mastermindcesar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "media-soft-pro.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mediamaklumat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mega1.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "menh.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mifarmaciaenbarcelona.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "miyatakaikei.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mohot.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mohot.fit", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "monitorbox.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "montrealcatadoptions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "movilcelular.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mr-bills.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "msafiri.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "my-news-portal.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myhealthyday.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mynewsspot.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "neighborshop.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nekomio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newgraphics.by", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nextstart-staging.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nextstart.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nicht-blau.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "noinghene.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nonglamfarm.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nostalgische-attracties.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "notilus.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ntpana.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nvlocalbusiness.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "odensc.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "odysea.cat", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "offerhome.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ohioflockcote.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oic-ci.gc.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "omega-gaming.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "omexcables.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "open.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orbitcleaning.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ouac.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ovejabohemia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "overframe.gg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pagecdn.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paintersgc.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pandit.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pangoly.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parltrack.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parrilladasparaeventos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "partoenagua.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pborn.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pcatv.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "peertube.uno", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "peniarth.cymru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "perfumestudio.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "philippestudiopro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "phone888.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "phonemore.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "photo-castings.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "photolessya.by", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pirateproxy.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "piucellulare.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "planetofwoman.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "planetofwomen.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "plu-pro.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "plusmobile.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pointclickcare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pokeli.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "porkyx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "porno-stars-video.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "posbich.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "potature.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pravaha-elixirs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "presidentialserviceawards.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "privorot-taro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qnickx.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "redpatronus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rodrigoacevedo.com.uy", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "roh.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "roi.ovh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rotring.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rphyncice.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "russia.wtf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "s-u.pw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sacaleches.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sagagardencentre.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sampatjewelers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "schermkapot.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "searchforbeer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seats2meet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "selfiehome.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "serviciodebarralibreparaeventos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sewing-world.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sharingphotos.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shelvacu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sice-si.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sikademy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "skolni-system.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smartplace.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "southernlights.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "speedyjanes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "srb.help", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "srx.sx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stuartbell.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "suplments.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "surgenights.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "swedentelugucommunity.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "synapsepain.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sys-tm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tadamstudio.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "talis-bs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taxi-uslu.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taxichic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "technology.cx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "techzjc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "teen-porno-video.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "teleport.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "test-allegrodev.pantheonsite.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tetsai.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thehopefuture.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theleap.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thenexteducation.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theodeboer.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theperry.group", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theycallmefox.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thingsandcode.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thomaspluschris.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "threatmonitor.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tiendasmart.com.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tinyppt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tncentro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tolmaidis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tomkempers.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "toolshero.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "top2servers.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "topreit.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trianglebruins.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trutopoffer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "twin-tails.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tytod.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ubytovanihyncice.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ukari.hokkaido.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unblocked.lc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "up2mark.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uyen.party", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "veganrecipereviews.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "venditorepoa.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "venetkaarsenovart.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vigorspa.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "viki.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vinktwebdesign.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vkwebsite.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vontainment.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "voshod.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wearetuzag.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webdesigngc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wemakeit.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wincasinosmoney.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wongu.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "www63605.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wwwindows.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wzxaini9.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapeal.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ystream.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yuzzamatuzz.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zeckenhilfe.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0-24.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0-24.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "067310.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "067313.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "067360.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "067361.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "070136.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "070167.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "070183.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "077810.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "077863.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "08817a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "08817c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "08817d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "08817e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "08817f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "08817g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "08817h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "08817j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "08817k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "08817m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "08817w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "08817y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "08817z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24onlinereview.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "35898f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "44-k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "513x.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "activefootandankle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adeon.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aesthetikpiercing.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ahj.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aiat.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "airy.host", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alkusin.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amigucrochet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amirasyraf.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anarkhe.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "animehf.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "apuyou.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ariyaoil.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arizana.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "assaabloygaragedoors.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asyikbelanja.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "augehost.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aurbrowser.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "austinchase.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "avi12.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "axa.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b-tree.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "banfor.fun", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "banguilacoquette.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "barbe-n-blues.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "basebyte.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bbcomcdn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bestcarscyprus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bestproductsaudit.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bfas237blog.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bhyn.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blackrose-garden.herokuapp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blijfbij.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blijfbij.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blomberg.name", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bluestarroofing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bohan.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boresmail.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bpvr.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "breezeairportparking.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buddy-acceptance-authentication-frontend.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buddy-acceptance-backoffice-frontend.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buddy-acceptance-web-frontend.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buddy-development-backoffice-webapp.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bundito.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buttgun-tattoo.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "butz.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bvsa.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "c-3.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "calibra.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cannabislegality.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "capitaoalden.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carontetouristisoleminori.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cga.best", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "charlenew.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chaturbates.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ciudadanosbo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cliqz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "comparemymobile.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "confrerie-rp.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "connectium.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "copan.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cosentus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crossnet.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cultureshift.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cumnock.name", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cyberweightloss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d3dev.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dadycandoit.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dandia.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "datatruckers.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "datatruckers.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "decipe.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "deepblue-web.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "deltav.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "diegogonzalez.com.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dolcesalatoweb.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doubleglazingmasters.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doyleshamrock.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dphipartner.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dposit.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dposit.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dposit.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dposit.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dposit.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dr.mg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "drakoacademy.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dranktoomuchlastnight.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "drivetonortheast.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dtbw.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dtbw.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dtbw.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dtmbx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dtmbx.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dtmbx.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dtmbx.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dtmbx.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dtmbx.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eddy.ee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "educativetech.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "edwardsgrounds.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "edyou.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elitebasementsohio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ender.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "enter.eco", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ergonova.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "erodvd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "est-keyman.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "etaxigraz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eternalparking.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eternalparking.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eternalparking.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eternalparking.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eth1.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "exeye.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f00f.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f5la.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fenixportal.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "festivaldimouamaroussiou.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fieggen.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fieggen.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "filmcrewdb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "financecontrol.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "floridawaterapparel.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fmm-creative.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "forsaleinedmonton.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fossdaily.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freelancemw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "friseur-foerder.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fsavc.org.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fundingrainbows.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fyroeo.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gatewayclub.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gb-repair.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gesunddurchenergie.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gipelpsb.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gisauto.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "go2people-websites.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "golden-kamuy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "googlerecetas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gopostore.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gourgouli.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gymnastikfitness.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hackintosh.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "haindlmuehle.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hanying55.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hanying9.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hbgshop.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "heartfelttokens.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hiddout.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "himalaya-masala.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "homecareinterio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "homedatacenter.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hopeofmyheart.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "howtutu.click", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "howtutu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "howtutu.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "howtutu.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "howtutu.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "howtutu.link", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "howtutu.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "howtutu.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "httpstest.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "httpstest.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "httpstest.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "httpswatch.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "httpswatch.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "humdingersnj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hwsw.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ibestproduct.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iccorporateinteriors.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iedcommunications.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iexpert99.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ig.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iitowns.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iloveherb.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "immedia.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inclusion.tn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "incosi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "indasun.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "individualizedwellness.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inf0sec.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "infobot.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "infobot.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "infobot.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "infra-se.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "innovomuebles.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ipcyb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iternalnetworks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "itgm-consultants.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "itisyourmoney.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j9511.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jaylineko.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jjjj003.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jobs.su", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jpm-inc.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "js0204.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kadro.com.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaitori-goods.shop", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kanootours.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "karo.pc.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "karopc.com.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "karopc.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kativa.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb3939.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kcire.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kennethandersen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "khohangmadeinvietnam.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kiomara.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kirklandtriallawyer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kleinhelena.dynv6.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kmnsk.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kotonozaka.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0816.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "labavn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "labibikids.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "landassessmentservices.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lassovideos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "law-iku.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lazerengravingpros.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "learncrypto.live", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "learncrypto.show", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lenovovietnam.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lesgitesdefranca.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lightning-wallet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilai6616.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "line.red", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "little-brother.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "losingweight.coach", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "louremedi.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lucasdamasceno.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lucentioluo.space", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lyax.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "machine.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "makermiles.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "makermiles.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "makermiles.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maritimeseafoods.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "masha.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "masterton.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mawrex.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "megh.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "megh.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meow.plus", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meralda.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meralda.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meralda.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meraldamulder.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meraldamulder.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meraldamulder.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meraldamulder.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meys.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mikecameronyyc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "missfuli.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mladamoda.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mondzorgaanzee.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moow.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moowcraft.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moowdesign.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "murmashi.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myexams.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mylifeinsurancechoices.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myplaystation.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nanshy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "natcheflife.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "naturalbijou.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "navroopsahdev.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nerofox.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "netdiode.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "netdiode.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "netdiode.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "netdiode.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nethui.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "networkdiode.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "networkdiode.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "networkdiode.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "networkdiode.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newhamyoungbloods.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newlifehempoil.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newsdiff.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newsdiff.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newsdiffs.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nfltshirt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ngmx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ngmx.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ngmx.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nickserv.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nickserve.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nickserve.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nickserve.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nickserve.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "niyen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "niyen.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "niyen.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "niyen.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nycfilmcrew.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ocnjapartment.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "okasurfbali.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oliverah.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orebolt.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orged.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ostechnix.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "otoma.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oxygenit.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pactandoconlamoda.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "panoramichq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "patriciaandpaul.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "patrikzk.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pcprkolo.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pentechealth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "phive.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "physiobiggerawaters.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "physiobroadbeach.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "picka.gift", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pinheirofrio.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pipeuro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pkdhungthinh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "plaintextpledge.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "plasticstare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "plexbpvr.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pozitive.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "poznajrynek.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "premierrange.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prestigesoundandlight.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "products88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "productsblockbuster.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "productsbrandleader.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "productscastle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "productsmansion.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "projectionpictures.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "proteh.com.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "psychopersonnalite.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "q8igh228tq.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "que-debo-regalar.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "queenmargaret.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "quentinaurat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "quichante.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "quickbookssupportphonenumber.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "quitsmoking.coach", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qybot.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "railto.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "raketenwolke.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rbt.sx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "redion.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rednumberone.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reroboto.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reroboto.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reroboto.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reroboto.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "resqdesk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "resumeshoppe.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "retro-game.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reviveplumbingmelbourne.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "roalogic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rosalindgreenllc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rosecrance.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "royalkitchensandfurniture.co.ug", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rrbt.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rrbt.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rsec.kr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "safetynetwork.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sagenesykkel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sainikbiswas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "salesblackbelt.coach", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saluddecalidad.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sam-cousins.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sampleappservice.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sduconnect.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sellmymobile.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sender.services", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "simplycateringequipment.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sindarina.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sindarina.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sindarina.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "slow.social", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "slowsocial.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "slowsocial.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "slowsocial.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "slowsocial.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "socialsecurityhelpcenters.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "softwaregeek.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "soniadoras.pe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sony-psvita.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sparkar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sparklesdelivery.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sphardy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "srsforward.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "srsfwd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "srsfwd.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "srsfwd.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "srsfwd.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "srsfwd.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "startachim.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "statusboard.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "staycurrent.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "staycurrent.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stb-timmler.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stealthmodel.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "steelpoint.com.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sterlingleads.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stmosesbookstore.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "streamspouredout.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sumatphoto.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "suplments.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "suplments.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "suplments.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "suplments.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "suplments.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "swhw.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "swj.red", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "szurgot.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "technistan.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "telford.codes", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "terabyte-computing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "terminalhrd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tested.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "testmx.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "testmx.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "testmx.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tetr.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "textonly.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thailandlongtime.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thaqfni.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theapplewiki.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thedinnerdetective.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thepillclub.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thermalflowtech.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "therworth.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "therworth.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "therworth.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "therworth.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thesecurityvault.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thirtysixseventy.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tinlook.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tobias-bauer.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tobias-bauer.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tobias-bauer.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tomashouzvicka.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tomashouzvicka.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "topcarehvac.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "topproductidea.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "topproductsanalysis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trance.im", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trancehost.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trancetronic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trilon.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "troyhuntstress.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trufflepig-forensics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trustnet.co.il", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tubepro.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tuingresoonline.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ubstudygroups.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ubstudygroups.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uglycat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uglycat.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uglycat.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uglycat.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unadonna.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unityvox.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "upbeatrobot.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "upbeatrobot.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "upbeatrobot.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "upbeatrobot.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "urantiabookstudygroup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "urantiabookstudygroup.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "urantiabookstudygroups.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "urantiabookstudygroups.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "urantiastudygroup.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "urantiastudygroups.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "urantiastudygroups.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "urcentral.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vbestproduct.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vbestseller.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "velvetia.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "videot.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "videozv.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vmconnected.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "voodoocomedy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vreviewbestseller.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vtbs.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vthebest9.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vuasinhly.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w-architectes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wanekat.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webcaptive.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webtex.limited", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "whta.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wirekeep.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wit.ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "workplace.tools", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wpcdn.bid", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wsbhvac.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xinqinhai.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--80aihgal0apt.xn--p1ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--ikketenkpdet-1cb.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--j8se.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xwf.fyi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yh12366.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yomi.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "your28days.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yumiandryan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yunhu365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yuzulia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zalaxx.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zerocash.msk.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl2020.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0011d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0013d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0014d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0015d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0020d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "002d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "003d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "004d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "005d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "007d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "00d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "022kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "02d88.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "03d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "03d88.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "04d88.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "05d88.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "06d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "06d88.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "07d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "07d88.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "09am8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "09d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "09d88.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0d111.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "100up.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "100up.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1020301.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1020305.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1020307.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1020309.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1020310.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1020311.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1020312.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1020313.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1020314.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1020316.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1020317.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1020318.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1020319.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1020320.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120301.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120302.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120303.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120305.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120306.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120307.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120308.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120309.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120311.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120312.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120313.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120314.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120315.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120316.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120317.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120319.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120321.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120324.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120326.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120327.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120328.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120330.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120331.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120332.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120335.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120336.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120337.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120338.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120339.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120340.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120341.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120342.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120343.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120345.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120346.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120347.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120348.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120349.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120350.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220301.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220302.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220303.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220304.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220305.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220306.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220307.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220308.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220309.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220310.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220311.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220312.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220313.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220314.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220316.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220317.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220318.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220319.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220320.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220321.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220322.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220325.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220326.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220328.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220329.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220330.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220331.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220332.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220334.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220335.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220336.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220337.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220338.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220339.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220340.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220342.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220343.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220344.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220345.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220347.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220348.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220349.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220350.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "127ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "131ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "132kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "136ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "151ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520301.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520302.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520303.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520304.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520305.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520306.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520310.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520316.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520318.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520319.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520320.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520322.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520323.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520324.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520325.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520326.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520327.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520329.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520331.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520332.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520334.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520335.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520336.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520337.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520338.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520339.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520340.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520341.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520342.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520343.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520345.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520346.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520347.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520348.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520349.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520350.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "153z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "156ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620301.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620302.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620303.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620304.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620305.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620306.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620307.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620308.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620309.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620310.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620311.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620312.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620313.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620314.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620315.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620316.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620317.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620318.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620319.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620320.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620321.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620323.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620324.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620325.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620326.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620328.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620329.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620330.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620331.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620332.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620334.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620335.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620336.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620337.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620338.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620339.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620340.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620341.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620342.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620343.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620350.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1661618.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720301.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720302.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720303.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720304.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720305.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720306.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720307.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720308.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720309.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720310.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720311.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720312.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720314.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720315.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720316.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720317.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720318.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720319.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720322.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720323.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720324.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720325.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720326.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720327.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720329.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720330.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720331.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720334.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720335.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720336.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720337.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720338.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720339.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720340.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720341.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720342.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720343.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720344.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720345.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720346.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720347.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720348.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720349.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720350.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "175ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820301.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820302.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820304.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820305.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820306.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820307.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820308.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820309.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820310.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820311.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820313.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820314.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820315.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820316.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820317.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820318.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820319.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820320.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820321.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820322.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820323.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820324.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820325.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820326.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820328.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820329.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820330.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820332.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820334.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820335.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820336.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820337.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820338.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820340.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820341.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820342.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820343.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820344.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820345.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820346.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820350.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "182kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "182ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "182zlong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "185zlong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "187kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "188zlong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1920301.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1920302.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1920303.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1920304.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1920305.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2030404.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "222zlong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3040507.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3040508.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3040517.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "333zlong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "33btt.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "35d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "37879.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3dtootmine.ee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4050601.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4050607.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4050620.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "432web.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "456zlong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "46d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "46d88.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "47d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "47d88.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "48d88.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "518zlong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "555zlong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "588e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "58w66.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "618btt.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "61d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "62222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "64d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "64d88.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "65d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "666zlong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66d88.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "70872.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "70d88.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "74d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7minutemiles.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8001d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8002d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8006d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8006d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8007d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8008d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8010d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8011d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8012d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8013d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8015d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8016d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8017d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8019d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8021d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8022d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8027d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8030d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8038d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8039d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8050d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8051d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8053d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8059d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8060d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8071d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8071d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8072d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8077d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8078d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8092d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8100d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8102d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8109d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8116d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8121d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8153d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8170d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8173d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8197d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8198d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8200d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8202d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8216d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8217d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8222d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8223d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8226d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8227d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8229d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8229d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8230d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8802ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8805ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8809ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8830ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "886666z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88btt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918aah.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918aaj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ahh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918awx.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918bio.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918caa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ccb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918cch.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ccy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918cff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918cqq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918db.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918dc20.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ddk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ddy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918dgg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918dzz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ess.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ffk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918hs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918hzoz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918og.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918pn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918rh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918tx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ug.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ui.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918vk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918vs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918wv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918za.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91milk.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "999zlong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k228.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k287.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k295.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k586.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k587.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k589.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k632.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k655.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k656.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a2os.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acapadena.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "accadia.academy", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acilicraft.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aftonpravdan.nu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag173168.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag2983.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag775.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag81826.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag81867.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag9999.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agefriendlyri.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agencia.barcelona", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agencia.cat", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agencia.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ajfite.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alberoraydolap.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "almanssur.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aluminium-express.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alwayswanderlust.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amerion.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amtsinfo.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "andrewjphotography.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "animekaizoku.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anxietyspecialistsofatlanta.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anythinggraphic.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aptekakolska.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arco.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arkitextonico.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "artera.spb.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "artifact.spb.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asgrd.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asoagroca.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "athens-limousines.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "autocadperfmon.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aviasalon.spb.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b886666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bandeiraimoveisitu.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bankapp.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bazqux.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "beambdi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bendostore.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bernama.com.my", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blueeyedmaid.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bluetomatographics.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blumando.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bodybuilding.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bodycaredirect.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bolalocobrews.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bolamarela.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bolamarela.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boughariosbros.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boxtreeclinic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bread.red", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brickadia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btopc.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt043g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt192.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt217.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt285.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt289.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt6262a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt776.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt8383a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt918.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt9292a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt9595.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt99.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btta18.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buysoft.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "byfeldt.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "c886666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cadastroloteamento.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "calendriergn.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "careerdirectionsltd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ccuuu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cheapsharedhost.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cheapsharedhost.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chicourologist.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "childrensfurniture.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chrisseoguy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "christianmoore.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "churchofsaintbenedict.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ciliberto.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "claimflights.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "claimflights.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "claimflights.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "claimflights.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "claimflights.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "claimflights.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "claimflights.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cleary.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clinicamiracueto.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloud-screen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "codedynasty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cointosh.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "comedimagrire.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "computerguardians.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "corsisicurezza.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cuteselfie.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8812.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8812.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8813.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8815.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8817.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d881vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d882vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d883vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d884vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8850.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d885188.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8852.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8853.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8856.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8857.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88588.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d885vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8860.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8860.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8861.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8861.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d886119.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8862.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8863.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8863.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8865.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88688.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d886vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8870.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8873.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8876.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8879.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88801.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88808.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88818.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d888508.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88870.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88880.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88882.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88886.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88896.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d888vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8890.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8891.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8892.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8893.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8897.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88988.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d889vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc01.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc03.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc04.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc07.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc08.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc09.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc11.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc12.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc14.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc17.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc18.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc24.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc25.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc26.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc28.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc29.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc30.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88girls.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md01.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md02.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md03.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md05.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md06.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md09.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md11.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md12.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md14.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md15.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md17.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md18.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md19.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md20.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md21.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md22.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md23.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md24.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md25.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md26.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md27.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md29.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md30.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88promo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88zl.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "daidr.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "danel.ski", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "danelska.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "danelski.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "datasafeassurance.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "datatypes.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd112d.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd118d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd11d.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd201d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd202d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd203d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd204d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd205d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd207d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd208d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd209d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd210d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd212d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd214d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd215d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd22d.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd33d.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd44d.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd55d.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd66d.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd77d.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "deepnet.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dekasegi-supportcenter.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dentistryateastpiedmont.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dg68.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "digpath.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "distributore.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "djcatholic.or.kr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doesinfotech.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "donghochinhhang.store", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragontours.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dsreal.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dzu.fund", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "e901.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eastwesttmc.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "easy-prono.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "easynm.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "easypaymentnow.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eboardsolutions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ecmatching.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eiadaladel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elranchofeliz.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "enigmadjradio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eos-utvalget.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ermessecurity.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "expatfinancial.com.hk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f886666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fayntic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fb.gg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fgsv-heureka.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "filedesc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fireflyiii.spdns.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "firerain.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "firmajulegaver.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fite.family", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "funkydealz.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gardensquaredental.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gay-personal-ads.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "georgiadance.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "getacrane.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gku-winterling.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "golnet.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "growth-rocket.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gunshyassassin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "guzlewski.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hbweb.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "heijmans.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "helpkoil.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hhfgaming.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hokenselect.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hp-67.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hsjccconference.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "htb.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "htbplc.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hua-chuan.com.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hua-chuan.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "icasebr.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iflyi.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ikisser.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ilovestickers.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ilpl.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "imkerverenigingzaanstreek.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "imolights.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "infosubasta.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "innvision.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "innvisiondesign.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ionplesalexandru.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ipschool.spb.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ipsecurelink.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ireaco.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "israelil-leumi.co.il", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "israelil-leumidev.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "issoexiste.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "itdutchie.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jaculus.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "japansm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jehelpdesk.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jeps.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jeroendev.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jigsawplanet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "josegdigital.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k886666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kanis.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "karimunsejahtera.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kartikmohta.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kashbet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb4393.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb866.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb882.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8878.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88818.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8885.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc04.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc05.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc12.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc17.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc26.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md12.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md27.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kbk4t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kiousis.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kirkwood-smith.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kisser.name", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "klupper.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "korob-ok.com.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kreyolgym.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks-29.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks-89.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks068.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks1519.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks162.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks181.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks202.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks204.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks382.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks388.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks5888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks600.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks608.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8787.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8805.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8809.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8810.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8829.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks883.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8832.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8851.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8859.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8860.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8881.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8882.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8883.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks901.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks905.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks907.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks920.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks996.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ksvip15.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kuscheln.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "larpkalender.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "larryandprisca.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lebanonbitcoin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lichtletters-huren.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilai2222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilai5566.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilai838.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilai99.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "linosky.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "littles.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lkw-servis.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ll8807.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "llyq8866.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "llyq9988.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lofstad.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "loheprobado.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long-8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long008.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long113.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long139.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long18.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long226.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long266.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long288.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long510.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long566.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long68.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long688.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long8085.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long8097.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "loteamentoabertocapivari.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ludovic-frank.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lx-blog.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "macangus-wainwright.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "manawithtea.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "manuelguerra.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marisasitaliankitchen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "markandev.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marsble.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maxmuen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mcstaralliance.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mcwrapper.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mdconnect.asia", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mens-health.com.my", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meodihoang.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mercelo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mhcdesignstudio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "micluz.shop", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "microjovem.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "midwayrecovery.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "midyatsaklibahce.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mieresabadus.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mikerichards.gallery", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mikerichards.photos", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mikerichards.pictures", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mikerichardsphotography.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mmbhof.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moenew.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "monsitemoncommerce.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moorelawfirmaz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "motornaolja.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mrnathanpowell.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mysasiedzi.bialystok.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myunicornshops.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "n886666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nclf.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "negativeentropy.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "negocios-imatore.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newworldnewlife.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nguyenminhhung.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nhv-vintagelemans.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "noites.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "notariuszprzybylowicz.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "notariuszsych.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "novogradnje.si", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "noys.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nvfoundation.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nyerjakekszekkel.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "omie.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "on-the-wave.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "onecloud.lt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "optizym.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orangecat.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orvitdesign.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "outstandingpromotion.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pasarkoin.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paulmarc.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pcgho.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pedago.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pediatersucha.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "performio.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "peridotcapitalpartners.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "perini.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pesdacgh.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "petnow.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "petrovich.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "philanima.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "phongthuyanthinh.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "photosaloncontest.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pignus.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "podsvojostreho.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "poorstock.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pr-news.spb.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pro-clean.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "profession.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pvpheroes.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "q886666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qttransformation.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "quantumcrypto.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "raydolap.web.tr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "raydolapfiyat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rbh.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rca2015.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "recrea.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reddited.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "remont-p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "repaik.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ressupply.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rhypehost.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ricci-ingenieria.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "roachesofficial.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rt1314.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rupostel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ryanfamily.net.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "s886666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "safarimasaimara.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saletzki.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "samandej.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "satario.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saxonsink.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seabehind.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sedlex.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sembyotic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "setptusa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sheilagranger.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shigaben.or.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "simple-e-world.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "siscompt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "skelleypiano.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "skinstyleglobal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smamunir.is", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "soacompanhantes.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "softwing.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "somefe.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "southside-digital.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "steph.ninja", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stinkefingereinhorn.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stkildaosteopathy.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "styledbysally.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sudocat.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "superpi.noip.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "supplypartnersdecolombia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "susthx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "syquel-systems.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tag-coin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "takb.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taptoweb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "techwhisperer.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tecnasa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "teenpussypornvid.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "terminationsremembered.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thaiforexfamily.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theagilitychallenge.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theentertainmentcontractor.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "therapyroom.rent", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thermowood-bkh.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thoitrangsikimanh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tk2net.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tkbuilders.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "todoenunaweb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tomboy.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tq.rs", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "travelzoneshop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trekinafrica.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tritiumdisposal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trix.pw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "troyhuntstressed.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ttp-shop.com.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tugafm.eu.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tus-kikishinkyo.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tuzaginside.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tuzagtcs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "twoguyswhoblog.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tytocare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "u886666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uboratz.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uix.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ultrasdesign.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "un-instantpoursoi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unicorndesign.ninja", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "universal-village.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "universityhousemates.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "universityhousemates.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unknown-player.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "untilyouarrive.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uphuntingland.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "urbanindustriecoiffure-auray.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uscpaservices.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uvpress.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uvseh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "va11hal.la", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vamosbien.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vilafloridacapivari.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vinmmo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "voevm.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "volvoconnect.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w0185.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w0189.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w0191.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w0195.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w0198.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w0202w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w4040w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w5050w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6609.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w661122.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w66133.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w66136.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w66138.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6616.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w661616.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w66191.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w66191.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w662211.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w663w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w66918.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6698.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6886.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wallisch.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wearefrantic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "websiteboost.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "websitesmiths.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webx5.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weecarepreschool.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weightlossoutcome.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wlilai.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wormhol.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wu6v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xenox-rp.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--agncia-4ua.cat", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--prt783d.xn--6qq986b3xl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xrope.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xtremecoatingtechnologies.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xyloefarmoges.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y0bet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y1992.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y2212.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y2232.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y2242.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y2252.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y2272.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y2bet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y3343.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y3353.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y3bet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y4bet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y5545.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y5bet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y6bet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y7bet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yamei9955.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yourbetterkitchen.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yuer.sytes.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8010.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8011.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8012.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8013.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8015.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8020.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8021.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8026.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8027.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8028.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8032.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8051.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8052.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8062.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8063.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8066.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8068.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8079.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8081.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8082.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6896.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zi5.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl-49.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl-59.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl-69.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl-79.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl0783.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl0iu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl0sz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl1038.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl16h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl2085.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl2101.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl2704.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl3289.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl3597.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl3782.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl4231.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl4290.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl4454.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl4538.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl638.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl6xw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl7393.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl7615.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl9052.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl9372.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zlam2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zlf8h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zllpa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zlong6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zlong6.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zlong888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zlong888.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zls9p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zlvd7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zunlong0.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zunlong918.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "glassrom.pw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0016d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0017d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0019d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "003zl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "006d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "008d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "009d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "009zl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "010203.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "010ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "011zl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "012zl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "013zl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "015zl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "017zl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "018zl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "019zl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "020ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "020ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "022ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "025ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "029kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "029ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "03637.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "05d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0799ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "08kb88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1020302.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "10365001.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "10365002.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "10365003.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "10365005.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "10365006.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "10365007.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "10365008.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "10365009.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "103656666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "103658888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "10365app.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "10365c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "10365e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "10365f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "10365g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "10365h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120320.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120323.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120325.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120334.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "113ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "116ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "116vip.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "118vip.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220315.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220324.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220327.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220346.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "122kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "130ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "133ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "135ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "147ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520328.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520330.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1520344.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "154kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "155kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "156ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "158ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "159ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1620349.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1666ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "16agks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "170ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "171ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720313.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720320.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720321.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720328.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1720332.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "173ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "180ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "181ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820303.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820327.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820331.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820347.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820348.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1820349.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "183ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "183zlong.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "185ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "186kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "186ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "188kb.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "18agks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1941-45.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "198ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "199ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1blazing.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1onehouse.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "200ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "217778.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "23ks.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "285551.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "288kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "288kb.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "288ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "28agks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "28ks.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "299ks.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2blazing.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "301ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "33kb88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "355ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36506000.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36506011.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36506022.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36506033.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36506055.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36506066.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36506077.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36506088.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36506099.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36506111.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36506222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36506333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36506555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36506777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36506999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3666ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "399ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3elife.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "404ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "428northampton.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "456666365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4761.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4762.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "499ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "51club8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52dashboard.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "58agks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "58ks.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "599ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5agks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66.tn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "668ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66agks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "68agks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "698ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "69agks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "69ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6agks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6wbz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7214.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7214.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8001d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8013d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8057d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8061d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8069d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8083d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8092d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8093d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8109d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8111d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8115d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8130d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8133d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8133d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8135d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8139d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8150d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8151d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8158d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8171d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8176d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8178d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8181d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8182d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8183d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8190d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8191d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8192d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8193d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8193d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8195d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8196d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8197d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8198d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8199d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8207d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8209d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8210d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8211d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8215d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8216d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8217d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8218d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8219d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8219d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8220d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8221d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8223d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8225d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8227d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8228d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8232d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8236d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "82kb88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "83kb88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "85kb88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8666ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "866ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "86kb88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "87kb88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8805d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8806d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8809d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8815d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8815ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8816d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8816d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8816ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8817d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8822d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8826d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8826d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8827d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8828d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8828ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8829d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8829d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8831ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8832ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8835ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8838ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8850d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8850d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8850ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8851d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8852d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8852ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8855d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8856d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8856d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8856ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8857d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8857d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8858d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8859d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8860d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8860d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8860ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8861ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8862ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8866d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8869ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8880ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8881ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8882ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8887ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8889ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8891ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8895ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8896ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8898ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "889999vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88agks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88zl.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8918d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8925d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8926d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8927d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8927d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8928d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8929d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "898ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "89kb88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8agks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d01.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d02.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d03.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d11.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d15.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d16.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d17.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d18.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d19.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d20.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d21.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d23.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d26.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d27.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d31.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d32.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d33.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d35.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d36.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d37.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d38.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d39.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d50.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d51.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d52.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d53.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d55.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d56.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d57.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d59.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d60.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d61.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d62.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d63.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d65.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d66.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d67.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d68.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d69.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d70.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d71.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d72.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d73.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d77.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d80.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d83.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d85.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d86.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d87.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d90.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d93.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d95.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d96.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d97.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d98.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d99.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "92kb88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "93kb88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "95kb88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9666ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "96kb88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "98agks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "98kb88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "98ks.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "99agks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "99kb88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9agks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k223.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k225.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k226.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k227.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k229.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k232.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k235.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k237.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k238.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k252.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k253.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k255.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k256.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k257.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k258.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k262.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k266.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k267.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k268.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k269.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k273.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k275.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k276.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k277.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k278.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k279.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k283.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k285.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k289.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k292.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k296.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k299.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k322.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k323.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k325.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k327.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k329.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k332.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k335.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k336.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k337.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k338.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k339.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k362.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k363.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k366.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k368.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k372.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k373.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k375.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k376.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k378.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k379.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k383.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k386.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k387.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k389.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k392.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k393.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k397.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k398.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k562.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k563.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k565.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k568.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k569.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k572.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k573.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k575.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k577.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k579.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k582.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k583.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k585.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k592.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k622.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k623.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k625.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k626.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k627.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k629.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k633.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k635.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k636.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k637.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k639.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k652.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k653.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k657.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k658.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k659.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k662.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k663.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k665.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k667.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k668.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k669.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k672.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k673.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k675.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k677.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k679.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k682.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k683.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k686.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k689.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k692.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k693.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k696.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k698.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k699.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k822.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k823.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k825.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k826.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k828.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k829.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k833.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k835.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k836.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k838.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k839.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k855.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k857.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k858.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k859.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k862.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k865.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k866.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k867.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k868.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k869.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k872.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k873.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k875.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k877.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k879.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k882.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k883.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k885.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k889.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k892.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k893.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k896.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k898.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k899.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aaex.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acacia-gardens.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aceitedelcampo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ad4msan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ad4msan.win", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adonai.eti.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "advens.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag518518.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag58ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag68ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag818818.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag818818.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag88ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks0.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks006.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks007.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks009.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks06.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks09.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks10.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks111.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks112.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks113.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks114.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks115.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks12.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks131.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks132.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks134.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks136.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks137.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks138.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks15.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks150.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks18.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks188.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks3.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks4.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks66.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks68.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks89.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks9.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks95.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks96.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks988.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks99.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "airanyumi.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allthings.how", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "americorps.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amtcd88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "andesnevadotours.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "angelinaangulo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anhqv.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "apartmanidano.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aracusbienestar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "archivosmercury.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arcogb.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "areis.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arsenal-charodeya.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "artlabdentistry.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "as395.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "as397.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ashtonbromleyceramics.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "assosfi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "athomedeco.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "atlanticyellowpages.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "auditready.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "babyboutique.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "baka.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "barashek.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "barnettville.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "battleguard.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "baudlink.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bbbff.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bdtopshop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "beijesweb.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bellebakes.blog", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bestmattressforbackpain.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "betheredge.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biogiardinaggio.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "birkenwasser.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bitking-trading.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bizlatinhub.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bk622.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bk725.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blockchainmagazine.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bryanfalchuk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btshenqi.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btsou.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt9797.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "budgetinsurance.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buhex.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "burbankdental.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buzzpop.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "calbertsen.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "californialemonlaw.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "canavilage.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "capillary.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cargoguard.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carmatworld.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cartes-voyance.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cashbot.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cathy.lgbt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ccriderlosangeles.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "celebalita.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "centrederessourcement.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chifumi.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clubapk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coachapp-ipass.herokuapp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coachsystem.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "combigo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "complex-news.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "consultorioespecializado.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "copyrightcoins.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cranberry-tee.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crowter.li", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "csust.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cuanticasocialmedia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cubanross.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cuentamecomopaso.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "curexengine.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cybernetivdigital.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d868.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d881.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88118.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8867.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d887.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d8875.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88806.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88811.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88828.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88869.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88871.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88873.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88881.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88883.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88885.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88887.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88889.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc02.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc06.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc10.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc16.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88dc27.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md10.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md16.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md28.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88siteintro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "david-merkel.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "daysinnaustin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd206d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd213d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dd99d.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "deedyinc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "delvickokolo.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dizzie.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dizzieforums.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "djdeepstate.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dmerkel.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doceo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "docmed360.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dogboarding.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dogeboy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "draemar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon00.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon02.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon30.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon53.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon57.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon61.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon63.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon67.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon70.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon75.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon80.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon81.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon85.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon87.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "drcp.tokyo", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dressingmaternity.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "droidchart.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "drthalhammer.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ds915.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dumb-laws.net.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dwilawyer.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "e7180.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eichinger-stelzl.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eismaschine-vergleich.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "electrolivefest.spb.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elementarewatson.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elitedangerous.wiki", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "emergesydney.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "encd.life", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ep-cortex.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "epilepsiyle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "es-tools.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "es-tools.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "es-tools.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "es-trade.biz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "escortaccess.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "esmart.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "essayshark.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "evohomecare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "exxvip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fabrika.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fabrikafilmes.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "facedack.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "farmtoys.store", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fertigasi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fgsv-kongress.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "filmarchiv-sachsen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fimfiction.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "firegeisha.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "foodsoul.pro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "forcelink.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "forthvalleykeswick.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "foxhillshotel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fps73.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freefilesync.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fridarestaurantemexicano.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gaestehaus-leipzig.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ganpris.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gemstonz.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "get-quick-bits-fast-2018.pw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gielectrical.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goeikan.life", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug0.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug10.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug11.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug16.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug18.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug4.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug5.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug68.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug78.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug89.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug9.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug99.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gpfitness.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gqyyingshi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gqyyy.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "greentea.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "guaranteedloans.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "havedicewillsave.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hebbet.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "heijmans.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hellocyber.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "herbaldiyeti.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hes.com.cy", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hgmaranatha.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hikarinime.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hiltonsydney.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hiveopolis.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "holidaypackage.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "holunderbluetentee.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "homeable.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hosteleriauno.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hostingsrv.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "huabantxt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "huabanxs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "huimiquan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "humanlocation.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hy88win.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "idlewildflowers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "igondola.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "incrementation.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "indemnityinsurance.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "indianjewellery.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "infivalle.gov.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "infixegypt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "infotelecharge.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ingestion.life", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "injurylawyer.world", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "innotab.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "innovacoachgroup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inoio.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "insanelyelegant.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iryodatumoguide.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ishimen.co.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j3349.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jackingsolutions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jarv.is", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "javiscoffee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jerome.to", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jewelers.expert", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jiangzhuyun.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jiji.co.ke", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jijistatic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jiu99shipin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "joorshin.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jppcadvertising.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "juweliervanwillegen.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k81.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaanhaa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi002.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi003.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi005.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi009.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi02.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi05.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi07.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi08.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi11.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi22.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi55.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "karodos.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kashsports.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kathy.lgbt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kawaii.su", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kayit.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb0101.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb0202.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb03.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb0404.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb05.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb0505.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb059.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb0606.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb0707.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb0909.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb091.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb096.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb1313.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb2121.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb2323.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb2626.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb3030.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb3232.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb367.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb372.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb3737.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb3838.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb4040.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb415.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb4545.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb458.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb4646.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb4783.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb481.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb4949.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb5050.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb514.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb5151.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb545.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb5454.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb5648.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb5757.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb5959.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb6060.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb6161.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb6363.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb6464.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb6565.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb659.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb6767.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb709.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb7171.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb750.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb756.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb7575.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb7979.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8181.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8282.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8383.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb840.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8484.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8585.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8802.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8803.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8805.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8806.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8809.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb881.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8810.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8813.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8817.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8818.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8819.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8822.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8826.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8831.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8832.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8833.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8838.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8841.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8846.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb885.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8851.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8853.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8855.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8860.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb886119.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8871.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8872.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8880.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb888508.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8889.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8892.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc02.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc06.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc07.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc08.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc09.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc15.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc16.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc25.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc28.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc30.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md01.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md02.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md05.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md06.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md08.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md09.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md10.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md11.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md14.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md15.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md16.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md20.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md21.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md22.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md23.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md24.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md25.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md26.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md28.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md29.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8989.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb9090.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb9191.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb9494.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb952.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb9595.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kbjri.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kidonng.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kieskundig.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kimkhisaigon.com.vn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kinderopvangthuis.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kinfolkcoffee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kitchenwarestore.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kniga-goda.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kokosnusswasser.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kreditkoll.nu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "krumpf.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks168158.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks181.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks208.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ksvip07.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kubabrussel.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kyotokitsune.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lacuerba.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lai.zone", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lapacho-tee.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lawfirm.tips", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "learntohack.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lifeonplanetjapan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lignesante.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "limit.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "limnt.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "limstash.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lmvsci.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lohvinau.by", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lolcloud.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lolio.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long-6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long0310.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long0316.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long0317.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long0318.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long186.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long8021.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long8026.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long8040.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long8076.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long8078.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long88.la", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lotc.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lts-tec.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lulua.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lyness.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "m271809.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "magebrawl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "majormedicalinsurance.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "malond.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "malpracticeattorney.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mamabatataya.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marcberndtgen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mariasilverbutterfly.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mariendistel-tee.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "markstevenkirk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marvnet.design", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mastermindbusinesspro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "masternautconnect.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mb-demo.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mealinsider.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "medbreaker.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mediavamp.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "megaron.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meliowebweer.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meloniecharm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "metallibrarian.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "metz-metropolitain.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mgmd.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "miku.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "milieuland.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "miniclip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mojleksikon.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moosikapp.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moraffpritchard.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mundosuiri.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mygg32235.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mynaturalmood.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mysteriesandmargaritasblogspot.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nachrichten-heute.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "naide.ee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nanaimoneighbourhoods.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "natur-care.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "natureshive.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "necord.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "netcials.in", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "netexpatcommunity.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "new-jersey-online-casinos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nick-slowinski.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nuoha.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nuovavetro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "officina.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ogkw.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oreadstudios.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orifonline.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oriontravel.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "outwesthunts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "passau-webdesign.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paymyphysician.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "peers.cloud", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "personalnames.net.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pharmacistinfo.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "philomathiclife.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "piedrasblancas.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pikio.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "plagiarismcheck.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "plaintextpledge.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "plaintextpledge.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "plaintextpledge.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "plaintextpledge.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pmi.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "premrev.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "productliabilityinsurance.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "proeski.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "proseo4u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prosony.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prosperus.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "providential.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "puteulanus.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "raqoo.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ratedever.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "re-crawl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reindersfoodfashion.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "richieheijmans.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rixcloud.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "robertnankervis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rottamazioni.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "roughtime.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sacadura.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saifonvillas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sard.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scale.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sccimo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "schachtelhalm-tee.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "schafgarbe-tee.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "schat.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scislowcy.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scom.org.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sellingsherpa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seyhanlar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shanefagan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shejutu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shoulderpainrelief.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shtaiman.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shtaiman.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shtaiman.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shteiman.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shteiman.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "simonholst.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sin-el-fil.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sinmik.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sitempro.com.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smalldogbreeds.dog", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smictecniservi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smslodging.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "soora.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "speedboost.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "speedwp.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spiegels-op-maat.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sprachenlernen24.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ssmpuc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stanmed24.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "starbaese.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stemcellclinic.club", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stemcellclinic.design", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stemcellclinic.digital", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stemcellclinic.life", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stemcellclinic.live", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stemcellclinic.ltd", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stemcellclinic.network", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stemcellclinic.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stemcellclinic.services", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stemcellclinic.store", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stemcellclinic.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stemcellclinic.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stemcellclinic.website", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stemcellclinic.world", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "studay.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sulytics-tool.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "suste.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "szs.space", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tazarelax.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "teeautomat-teemaschine.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tempatwisatakeren.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "the1.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thecontentcloud.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thecraftingstrider.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thekiddz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theswimdoctors.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thutucxuatnhapkhau.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tipsdebellezaysalud.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tobimi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tomstew.art", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tracknerd.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trainingswiese.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "travelexbiz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "travelexinternational.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "travelround.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trigraph.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "troiaconsultoria.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tunsbergwhiskyfestival.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tutu.green", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tzyingshi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uat-mypfp.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uwe-arzt.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v139.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vazovia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "verbzilla.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "viflores.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "visionofcolour.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vivaldi.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vvs.spb.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w-surgeryhospital.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wagenmanswonen.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "waiwaisw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webmail.ee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weissdorntee.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wermuttee.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wf336.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "whojoo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "willi-roth-holzbau.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "williejackson.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wism.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "workersshop.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "workthings.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wtprecife.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wxxcxd88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xinetwork.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xlyingyuan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn---35-6cdk1dnenygj.xn--p1ai", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--babassul-t4a.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--bachblten-tee-1ob.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--brombeerblttertee-zqb.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--bucheckernl-0fb.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--chrysanthemenbltentee-nic.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--cisowcy-pjb5t.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--eebao6b.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--gstehaus-leipzig-vnb.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--heidebltentee-2ob.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--hibiskusbltentee-szb.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--lavendelblten-tee-c3b.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--maracujal-77a.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--nide-loa.ee", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--rosenbltentee-2ob.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--schwarzkmmeloel-6vb.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--weidenrschen-tee-swb.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yourkrabivilla.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yporti.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yuzu-tee.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z66.la", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8017.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8023.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8031.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8038.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8056.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8059.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8060.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8067.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8070.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8075.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8078.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8083.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8087.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8089.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8093.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8095.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8097.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8099.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8101.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8102.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8105.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8106.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8109.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8113.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8116.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8120.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8121.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8122.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8125.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8130.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8132.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8133.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8137.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8138.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8151.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8155.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8162.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8170.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8182.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8195.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8196.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8199.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8200.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8207.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8208.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8209.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8210.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8212.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8215.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8217.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8225.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8226.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8233.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8821.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8829.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8851.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8856.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8860.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8865.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8905.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8906.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8922.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8925.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8929.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zaffke.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zakonu.net.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd0505.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd0606.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd0808.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd1515.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd1616.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd1717.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd202.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd203.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd205.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd206.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd207.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd208.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd209.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd232.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd235.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd236.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd237.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd239.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd252.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd253.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd257.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd258.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd259.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd262.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd265.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd267.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd270.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd2727.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd273.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd275.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd276.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd279.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd280.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd282.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd283.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd286.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd287.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd289.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd290.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd293.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd295.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd297.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd302.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd303.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd305.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd306.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd307.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd3232.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd3535.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd3939.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd4747.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd4848.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd5050.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd5252.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6464.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6565.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6862.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6863.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6866.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6867.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6878.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6880.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6883.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6885.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6887.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6889.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6890.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6893.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd7575.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8585.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8787.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8826.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8828.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8829.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8832.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8835.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8836.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8839.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8852.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8853.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8857.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8858.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8859.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8863.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8878.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8882.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8898.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd9696.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd9797.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zhis.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zhou28d88vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zhuktrans.msk.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zigarn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zinniazorgverlening.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ziqijiang.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zitronengras-tee.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl-19.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl-29.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl-89.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl016.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl017.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl0202.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl026.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl031.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl036.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl0505.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl051.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl056.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl0606.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl071.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl072.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl073.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl076.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl090.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl0909.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl1010.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl1212.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl1616.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl2020.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl236.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl2424.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl2525.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl256.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl2727.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl2828.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl2929.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl335.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl3535.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl3737.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl3838.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl5050.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl5151.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl6161.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl6363.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl6475.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl6565.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl6767.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl6868.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl7171.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl738.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl760.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl7979.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl8181.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl8282.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl8484.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl850.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl861.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl8686.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl8787.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl8824.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl883.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl8853.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl8861.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl8862.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl8870.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl8897.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl9090.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl9191.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl9292.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl969.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl9696.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl9797.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl9898.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zlhgc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zlhuodong.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zltymacau.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "00004048.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "000a1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "000a2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "000a3.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "000a5.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "000a6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "000a7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "000a8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "000a9.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "000b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "000x2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "000x3.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "001yapan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "00228.am", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0022bet.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "009597.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "00b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "01234048.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "012345678365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0123456789365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0138365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0139365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0165365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0175365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0185365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "018663.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0195365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "038456.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "038663.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0393ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0393gg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0393hh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0393ii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "03region.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "040552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "041552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "042552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "046552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "049552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "050.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "050a1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "050a2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "050a3.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "050a4.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "050a5.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "050a6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "051552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "054552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "065l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0681z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "068552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "068663.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "071552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0737399.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "0768ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "078663.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "083832.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "084552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "085851.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "093113.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1-345.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1003365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1004233.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "100pudov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "100visits.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "107996.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "10n13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1112365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1116365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1119365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "111b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1120344.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1188bet.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1190america.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1199bet.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "11b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1220323.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234365z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "12344048.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "12345678365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "123456789365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1234a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "123seo.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "12n13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "131365a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "131365aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "131365b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "131365c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "131365d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "131365e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "131365ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "131365f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "131365g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "131365h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "131365i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "131365j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "131365ll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "131365qq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "142552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "146552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "146773.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "148663.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1517598.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1517668.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1517669.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1517883.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1517886.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1517889.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "153kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "154552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "154922.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "16-qw.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "16qw.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "16region.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "178btt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1831365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1832365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1834365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1837365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "188kb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1981365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990ff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990gg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990hh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990ii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990kk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990ll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990mm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990nn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990oo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990rr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990ss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990tt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990uu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990ww.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990xx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990yy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "19990zz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1baks.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1cprosto.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1hfree.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1malaysian.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2-678.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2012review.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2013review.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2015review.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2018fifaworldcup.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "202jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2033z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "205jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "207ss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "207vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "209vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "20n13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2155hg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "216vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "22245j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "22256j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "22267j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "22289j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "222b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "228668.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2288bet.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "22b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "23454048.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "23732.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "240vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "241552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "242552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "246773.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2484811.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848168.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848188.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2484822.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2484833.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2484855.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848588.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848678.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848918.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848a.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848b.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848c.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848d.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848e.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848kk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848ll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848mm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848nn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848oo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848pp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848qq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848rr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848ss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848tt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848uu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848v.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848w.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848ww.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848x.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848xx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848y.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848yy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848z.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "24848zz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "248663.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "25may.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878gg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878hh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878ii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878ll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878nn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878oo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878pp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878qq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878rr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878ss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878tt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878ww.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878xx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878yy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "27878zz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "284365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2evip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2kvn.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2lovebirdsblog.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3-789.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3-800.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3004233.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3006789.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "30n13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3165365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3175365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "317811111.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "31782222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "317822222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "31783333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "317833333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "31784444.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "317844444.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "317855555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "31786666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "317866666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178666666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "317877777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178888888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "31789999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "317899999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178aaa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178bbb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178ccc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178ddd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178eee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178fff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178iii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178jjj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178tt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178ww.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178xx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3178yy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3265623.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "333b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3344985.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "335a.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "33b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "33n13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "348663.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "350vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "351365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3539783.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3557365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3558365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3559365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "360365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "362590.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3650607.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3658200.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36588801.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365888012.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36588812.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365888123.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36588823.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365888234.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36588834.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365888345.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36588845.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36588856.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365888567.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36588867.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365888678.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36588878.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365888789.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36588889.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365888890.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "36588890.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365888dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365888ddd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365888dddd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3659801.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3659867.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3659868.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3659869.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3659980.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365eib.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365eif.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365eil.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365eiq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365eis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365eiv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365eiw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365nnn.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365nnnn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365r.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365rr.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365xxx.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365y0.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365y00.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365y1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365y11.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365y2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365y22.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365y3.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365y33.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365y5.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365y55.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365y6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365y66.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365y7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365y77.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365y9.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365y99.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365ypw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365zg.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365zg.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365zzz.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "369-7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "37987.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3800611.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "380111000.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "380111111.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "380111222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "380111333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "380111444.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "380111555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "380111666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "380111777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "380111888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3809955.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "382228.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3837z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "38irkutsk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "391231.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "392365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3957z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "396301.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "396302.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "396303.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "396304.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "396305.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3963aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3963bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3963cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3963ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3963ff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970100.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970200.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970300.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970400.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970500.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970600.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970700.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970800.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970900.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970ff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970gg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970hh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970ii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970kk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970ll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970mm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970nn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970oo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970pp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970qq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970rr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970ss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970tt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970uu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970ww.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970xx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970yy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970zz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "39news.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3danimation.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3djava.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3w-solutions.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4001365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4002365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4003365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4004233.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4004365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4005365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025360.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025361.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025362.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025363.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025364.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025366.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025367.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025368.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025369.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4025y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "40481234.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "40482345.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "40484567.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "40485678.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "40486789.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048aaa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048ccc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048ddd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048eee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048fff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048ggg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048hhh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048iii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048jjj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048kkk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048lll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048mmm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048ooo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048ppp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048qqq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048rrr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048sss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048ttt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048vvv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048www.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048xxx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048yyy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4048zzz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "408663.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "40n13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "416365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "418663.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4233330.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4233331.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4233332.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4233334.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4233335.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4233336.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4233337.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4233338.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4233339.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "426773.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4345.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "436773.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "438663.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "443658.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "444b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4455bet.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "44b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "451365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "456-3.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "45674048.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "458663.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "476773.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "486773.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "497552.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "498663.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4best.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4dillusion.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4evip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4tgw34.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5-600.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5-890.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5004233.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "500wordessay.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5017503.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5055990.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "51365a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "51365aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "51365b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "51365bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "51365c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "51365cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "51365d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "51365dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "51365ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52002y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "520xpjxpj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "538vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "55554048.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "555b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5566bet.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "55b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "55ks.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "55n13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "56784048.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5898657.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "593-7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "59759vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "59759z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981168.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981611.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981622.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981644.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981655.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981667.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981668.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981669.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981677.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981699.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981800.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981811.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981822.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981833.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981844.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981855.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981866.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981877.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981899.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981918.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "59859h.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "59859j.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "59859k.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "59859l.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "59859y.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "59859z.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "598877.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "59rus.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5ilg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6-600.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6-800.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6004233.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "605vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "60n13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "611121.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "611125.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "611165.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "611195.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "616675.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "616btt.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "621nn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "621vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "628vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "635-488.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "635-588.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "635-788.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "635-888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "635-988.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365ah.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365am.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365bj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365cq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365fj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365gd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365gs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365gx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365gz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365hb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365hh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365hk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365hlj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365hn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365jl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365js.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365jx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365ln.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365nmg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365nn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365nx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365qh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365sc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365sd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365sh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365ss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365sx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365tj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365tw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365xj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365xz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365yn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6365zj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6396000.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "63960000.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "63961111.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "639611111.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6396222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "63962222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "639622222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6396333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "63963333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "639633333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6396444.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "63964444.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "639644444.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "63965555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "639655555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "639666666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "63967777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "639677777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "63968888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "639688888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "63969999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "639699999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6396aaa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6396bbb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6396ccc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6396ddd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6396eee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6396fff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6396ggg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6396hhh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6396iii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6396jjj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6520265.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "657843.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "663365666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "663365777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "663365888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "663365a.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "663365b.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "663365c.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "663365d.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "663365e.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "663365f.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "663365g.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "663365h.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "663365i.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "663365j.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "663365k.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "664048.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "666111bet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "666222bet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "666333bet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "666555bet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66664048.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "666777bet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "666888bet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66689j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6669255.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "666999bet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "666b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "666btt.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6671365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6672365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6673365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6677bet.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "677314.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "677340.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "677341.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "677346.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "677347.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "677354.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "677364.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "677384.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "678365cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "678678365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "67894048.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "67y7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "681vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "68522.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "68522c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "68522k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "68522m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "68522s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "68622.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "68622a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "68622b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6863070.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "68722.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7-890.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7004233.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "70365365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "70n13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7111365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "71365365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "721aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "733575.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "73365365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "74365365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "753-9.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "75365365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "755204.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "755243.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "755245.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "755246.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "755249.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "755274.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "755284.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "755294.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "755a.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "76365365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "76678.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "769k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "77018aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "77018bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "77018cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "77018dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "77018ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "77774048.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "77789j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "777btt.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7788bet.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "77b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "78365aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "78365app.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "78365b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "78365bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "78365c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "78365cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "78365dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "78365ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7888813.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7888815.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7888821.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "78904048.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "789451.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "789453.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "789455.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "791188.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "792ww.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "793ww.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "80365365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "805vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "80651a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "80n13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "811121.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "812221.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "81365365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "82781111.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "82783333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "82784444.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "82785555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "82786666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "82789999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278aaa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278bbb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278bet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278ccc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278ddd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278eee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278ff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278fff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278gg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278ggg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278hh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278hhh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278ii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278iii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278jjj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278kk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278ll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278mm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278nn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278oo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278pp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278qq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278rr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278ss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278tt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278ww.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8278yy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8286hg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8289hg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "83365365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "842365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "846773.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "848663.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "852-7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8521.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8521.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8602012.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8602013.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "860vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "861365z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "866300.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "866304.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "866305.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "866308.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "866314.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "866341.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "866346.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "866349.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "866374.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "866394.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "87365365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "878365aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "878365app.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "878365b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "878365bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "878365c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "878365cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "878365d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "878365dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "878365ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "878365ii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "878365jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "878365ll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "878365mm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "878365nn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "878989.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8810ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8836ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8855650.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8855950.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8866012.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88740z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8881234j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8882345j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "888234j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8883456j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "888345j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8884567j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "888456j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "888567j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8886789j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "888789j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88884048.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "888b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88n13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8914499.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8b8888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8btt.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8me.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9009019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "906vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "908vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "90920.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "90n13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9110365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9111365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918-siteinfo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918101.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918aait.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918aav.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918aff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918agr.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918arr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918baa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918bba.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918bbd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918bbg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918bdd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918bip.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918bis.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918bit.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918bjj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918bkk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918bs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918bzz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918cce.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ccq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ccs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918cct.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ccu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ccv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ccw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ccz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918cdd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918cgg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918cjj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918cmm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918crr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918css.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ctt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918cvv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918cww.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918cxx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918dbb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918dcc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918dde.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ddf.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ddj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ddo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ddp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ddq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ddr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ddw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ddx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918dkk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918dpp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918eaa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ebb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ecc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918edd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918eea.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918eec.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918eed.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918eef.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918eek.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918eem.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918een.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918eeq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918eer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ees.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918eew.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918eex.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918eey.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918eez.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ejj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918emm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918epp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918err.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918euu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918fdd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918fee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ffa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ffb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ffc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ffd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ffe.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ffh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ffn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918hi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918hw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918iwo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ji.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918jt.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918jwo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918lwo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918mh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918mo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918mz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918mzoz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918nn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918pt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918qg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918qi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918rs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918rt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918sj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918ze.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d91.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "940365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "946773.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "953-7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "956jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "96002.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "961705.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "96678.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "966ty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "97736.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "97737.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "97738.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "97739.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9836952.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "988316.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "99123j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "99456j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9977432.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "99789j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9988551.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9988959.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "99994048.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "999b58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "99n13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a365vip1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a365vip2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a365vip3.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a365vip5.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a365vip7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a365vip9.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a66.la", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6619.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6621.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6623.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6627.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6631.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6632.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6651.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6652.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6657.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6659.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6671.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6672.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6673.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6675.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6682.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6683.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6687.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6691.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6692.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "a6695.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aa4888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aa7666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aa793.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aadv.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abanilla.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abc-solutions.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abc001.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abcode.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abdullahzubayerofficial.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abdurrahmangazidis.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abdurrehman.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abhishekkabdijain.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abitech.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "about-bangladesh.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aboutshakil.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abrahametalero.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abrightspark.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abth.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "academy-awards.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "accesoriosviaje.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "accordable.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "achinsk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acrobatic.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acyclovir-cream.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "addnewsite.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "addyourlink.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adrian-riemer.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adriatrans.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adrino.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adsviews.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "advens.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adventry.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "advokat-malinovskii.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "advokaty-onlajn.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "advokaty-yuristy.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "affektblog.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "afganistan.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "afghan.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aflebedevo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "africalebanon.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag66321.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ag878.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agarioforum.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agenux.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agiosthomas.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks01.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks116.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks135.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks139.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks158.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks16.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks5.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks55.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks668.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks688.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks966.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks998.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agrargruppe.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agroplas.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agul.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aido.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "airwolf.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ajman-realty.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ajs5.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "akhabar.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alantica.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alargarlavida.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alaskarsbc.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alatkesehatan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "albalatedelarzobispo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "albaniaonline.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alcamilo.cloudns.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aleftinka.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alevi-forum.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alevi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alexsandrasverden.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alfonsostriano.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alisondavenport.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aliziolaw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alko-stop.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alkor.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allaboutreligions.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allcat.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allenwillis.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allfaucet.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alliance-clan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allo-luxembourg.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allopurinol300mg.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allright.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allwiki.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alpha-centauri.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alsops.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "altergalaxy.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "altisnet.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "altos.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amberoad.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ambrosio.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amitriptyline-hydrochloride.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amphost.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anachronis.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anagramma.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "andrewmcfarlane.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anekdot-pr.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "angepsychedelices.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "animalz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anime-drift.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "animedon.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anirvalle.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anonaddy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anonser.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anothermusic.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antalyaescortyaren.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antarctica.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antarctida.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antarktida.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anti-nsa.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antihistory.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antijob.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antonoff.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "apart-hotel-weimar.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aperturelabs.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "apkpokemongo.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "appworld.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "apustaja.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aquabyte.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aquadecor.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arabia-news.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aral.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arandinacf.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arcanetides.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "archbishop.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "archwood.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "argumentative-essay.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arheh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arielpereira.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ariixmex.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aripiprazolee.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arithmetic.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "armcar.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "armeniaweb.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "armtopnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arpumpsonline.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "art-news.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "artcaly.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "artcar24.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arti-islam.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "artificialplants.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "artitbe.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asdyx.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asiasmi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asjas.co.za", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "assemblage.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "assignacii.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "atayia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "atfstudios.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "attractieparken.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "augesen.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "australianonlineappliances.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "auto-skills.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "autokeyinaustin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "autorama.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "autoresponder.marketing", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "autoschool.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "autotyreprest.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "autovesti.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aviconverter.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "avto-signal.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "avtoucheba.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "avtoyurist.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "awningsydney.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aypotech.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "azenot.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "azerinews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "azora.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b-honey.gr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b0000.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b0305.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b0306.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b0307.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b0308.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b0309.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b03aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b03bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b03cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b0607.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b0708.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b1111.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b3177.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b31aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b31bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b31cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b31dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b31ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b31ff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b3333.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b3390.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b3391.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b3392.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b33app.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b36510.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b36512.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b36513.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b36516.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b36517.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b36518.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b36519.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b36520.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b365cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b365ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b365h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b365k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b538.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b5706.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b5707.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b5708.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b5709.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b57bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b57cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b58365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b58app.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b58appb58app.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b58appb58appb58app.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b5901.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b5902.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b5903.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b5904.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b5905.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b5906.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b5907.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b5908.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b5909.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b5910.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b62101.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b62102.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b62103.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b62104.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b62105.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b62a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b62aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b62b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b62bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b62c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b62cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b62d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b62dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b62e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b62ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b62f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b62g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b62h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b6701.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b6702.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b6703.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b6704.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b6705.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b6710.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b6720.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b6730.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b6740.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b6750.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b67771.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b67772.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b67773.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b67774.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b67775.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b68.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b7306.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b73app.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b73bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b73dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b73ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b73ff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b750.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b7501.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b7502.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b7503.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b7505.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b7506.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b7507.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b7508.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b7509.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b83.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b830.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b83aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b83bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b83cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b83dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b83ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b83ff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b83gg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b83hh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b83ii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b83jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b83kk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b8831.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b88aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b88cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b88dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b88ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b89ff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b89gg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b89hh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b960.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b9902.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b9904.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b9905.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b9912.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b9951.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b9954.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b9957.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b9961.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b9962.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b9967.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b9970.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b9973.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b9976.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "baby-massage.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "babybuddah.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "backgroundscreenersofamerica.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bactrim-antibiotic.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bactrim.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "balaganlimited.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "balakovo-news.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ballast.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "baloncestolliria.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "baranmovie.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "barao.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "barganhanaweb.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "baseerapp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "basketball-malavan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bazar.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bb057.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bb087.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bb211.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bb321.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bb882.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "be4lead.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "beachpoint.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "beatuprobot.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "beautyspot.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "beaver-creek.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "beebeads.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bellecarmen.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bellevueowners.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "belquant.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bembee.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "benatherton.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "benazir-reaction.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "benetcasablancas.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "berksnetworking.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bernudrebes.lv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "best-book.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bestboot.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bestechgadgets.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "besthemes.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bestkeys.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bestmedsmmj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bestofbooks.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "besttrade.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bestwebcams.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet01vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet02vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet03vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet04vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet05vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet062.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet064.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet06vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet074.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet07vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet08vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet09vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet10vip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet261.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet290.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet3602.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet3607.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet3639.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365bc.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365cnq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365cnr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365cns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365cnt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365cnu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365cnv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365cnw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365cnx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365cny.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365cnz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365g8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365n1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365n2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365n6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365n8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365n9.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365q0.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365q6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365q8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365q9.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365r8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365vip1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365vip2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365vip3.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365vip4.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365vip5.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365vip6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365vip7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365vip9.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365x0.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365x1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365x2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365x3.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365x6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365x8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365x9.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet599.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet66669999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet666888.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet721.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet916.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "betaa0.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "betaa1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "betaa2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "betaa3.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "betaa5.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "betaa6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "betaa8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "betaa9.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "betb33.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "betb73.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "betxx1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "betxx2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "beverly.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "beylkin.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biaxin.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bigdiscounts.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bigprintinglasvegas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bigthunder.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biletvkrym.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "billcompare.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "billcomparison.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "binf.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biodobavki.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biomeris.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bionicman.name", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biosearch.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bisix.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bitgain-leverage.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bitmag.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bitstage.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biz-secrety.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biz-secrety.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biz-seecrets.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biznes-sekrety.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biznes-sekrety.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biznes-sekrety.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biznet.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blackoutzone.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blacktubes.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blic-zajm.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blogaram.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blogcosmeticsurgeon.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bloodpop.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bluesnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bobcoffee.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bodaneiranunez.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boffin.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bogwitch.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bolsa.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bonaemi.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bookslibrarybooks.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bordo.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boredhousewifeconfessions.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bornreality.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bosattondskap.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boxdropcc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boykovo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bozhok.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brainobeat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brainshare.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "branode.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brasiltopnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bratunaconline.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bravica.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "breakcraft.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brest-news.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brestnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brezani.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brianvalente.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brianwilson.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bridalweddingshow.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bringingbackthesweatervest.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "britania.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brosay-legko.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bruce-springsteen.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brusselsexpoloft.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brusselsexpostudio.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bryanarmijomd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bt3655.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bt3657.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bt3658.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bta22.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bta88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bte365app.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bteapp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt0101.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt0505.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt0606.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt11.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt1515.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt175.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt187.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt216.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt221.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt222g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt226.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt2323a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt236.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt238.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt2525.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt273g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt2929a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt494g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt583g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt6363a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt6868.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt690g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt7272a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt7878.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt829.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt830g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt8787a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt882.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt888g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt889g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt918958.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt9494.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btta16.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btta26.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bttp7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buddy-acceptance-authentication-api.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buddy-acceptance-profiles-api.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buddy-acceptance-users-api.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "budgetboats.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bulgariablog.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bulgariya.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bulvar.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bungabuket.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buquesdeguerra.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buselefante.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bushland.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "business-secreti.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "business-secreti.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "butterhost.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buy-an-essay.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buy-essay-online.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buy-lasix-without-a-doctor-s-prescription.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buy-los-angeles-auto-insurance.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buy-neurontin-online.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buy-seroquel.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buy-sildalis.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buy-zofran.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buycitalopram.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buydiflucan.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buydiflucan.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buyfluoxetineonline.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buylasix.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buylevaquin.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buymethotrexate.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buyrogaine.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "byemeds.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bystryj-zajm.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "c30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cabecera-descendimiento.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cabelgrano.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cabezadelcaballo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cafenix.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "calaverasmedicalcannabis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "calcioragusa.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "calposa.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cambodiainfo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cameraslyphotography.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "camisado.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "canhq.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cantosdisidentes.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "car-speed.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carfinans.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "caribuku.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carmeni.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carolicious.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carousel.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carrabiners.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carsshop.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cartfilm.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "casalcrevillent.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "casalinghedisperate.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "casalribeiro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "castalie.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "castle.network", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "castleoblivion.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "castrillodelavega.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "catalojic.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "caterbing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "catiadecastro.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ccblicense.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ccc88.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cctv-supraveghere.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cdlinares.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "celadas.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "celebritytopnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "centrum-edukacji.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cesium.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chardik.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chaussurerunning.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chaussuresmarche.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cheap-life-insurance-quote.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cheapmedrol.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chefpablito.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chezbernard.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chinastory.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chispita.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chitinfo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "christianblog.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chrixonline.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chuvashia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cilacapnews.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cinemadoma.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cinexmachina.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "city-forums.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clickforum.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clickphobia.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cliffburton.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "climatizzatore.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clipperses.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloudninelandscapedesign.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "club-leondehuanuco.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cm-loures.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "codeidea.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "codesgroup.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coeurdesushi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coginti.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "colchonminicuna.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "colley.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "comeoneileen.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "comlipa.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "communist-party.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "comprarcarteras.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "compu-ofertas.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "compusrit.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "computeradvance.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "condit.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "configurat.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "conflicting.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "consoleuniverse.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coolmath.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coomonte.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "copycenter.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "copywriting-on-demand.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "correctionsfoundation.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "corvee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cosmetique-totale.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coth.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "countrysidemarquees.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cpegypt.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cpsa.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cracksnet.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crafttalk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "craig-mullins.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crapmail.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crazyhost.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "creditif.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "creditor.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cristals.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cristianonascimento.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cross-culture.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crvegas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cubanchino.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cubigames.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cucaracha.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cursomarketingdigitalmx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "customessaystation.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "customradio.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cutlinks.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cutmylink.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cyber-yaroslavl.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cybercat-tver.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cybercave.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cybergame-host.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cyberium-planet.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cybermaniac.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cyberpanel.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cyberphoenix.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cyberquest.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cybersound.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cytat.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d-consultant.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d-soft.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d365.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d588.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "daemon-hentai.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dahobo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dailynewsclubs.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dairikab.go.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dajiadu8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dakota-spain.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dale-bancruz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "danceylove.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dannygaidateraelgar.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dannyjota.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dapoxetinagenerico.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dassolutions.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dataman.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "datenendlager.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "datingsrit.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dcareer.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "de-mossadeq.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "deantiguos.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "debauchery.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "debitterballetjes.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "deblocking.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dedmoroz.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "defektologiya.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "defifa.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "defterikebir.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "deine-gitarre.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "deinelakaien.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "deionized.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "delcan.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "delcan.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dellacasapizzasemassas.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dementieva-pennetta.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "demicrofonos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "demirdokum.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "democracy-news.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "denegmnogo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "denejki.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dengivdom.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dentals.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "denvernews.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "departmentofoncology.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "depelteau.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "depleteduranium.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "depositomerci.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "derango.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "deshevle-net.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "desportvriendenoverijse.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "destroymc.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "detiks.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "detki.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "detreannamaria.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "detyamobuv.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "detyobuv.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "devcore.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "devildog.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "devils-co.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "df5101.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "df5102.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "df5103.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "df5104.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "df5105.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "df5aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "df5bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "df5cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "df5dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "df5ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dfc52.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dieta-figura.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "differentgirleveryday.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dimitrovi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "directed.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "directlendingsolutions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dirk-dogs.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "disabuse.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "discodery.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "disconnect.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "distancelove.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dities.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "divistart.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dixi.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dj16888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dj16888a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dj16888b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dj16888c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dj16888d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "djfafafa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dji-ars.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "djlove.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "djslash.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dlyaribalki.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doc-baza.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dockysearch.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "docogo.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doctornaima.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doddy.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dodikod.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dolce-vita-mia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doll.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "domain-skachat.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "domainforfree.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "domainhostingcompany.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "domlist.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "domoset.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "donaldtrump.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doradoscampeon.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dorogaminina.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dostav.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dosyanet.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doubleness.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "downloadfiles.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doxycyclineprices.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon31.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dranik.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dream-pools.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dreamcrack.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dreamwork.financial", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dreamworldstudio.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "drianpublishing.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "driv.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "drivingacademy.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "drunkendropkes.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dubaizone.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dubrava.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "durcal.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "duxi-s-feromonami.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dy1d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dynamofanforum.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dzus.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "e-diabolo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "e-fishing.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "e-informatyk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "e-peets.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "e-yachts.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "e007.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "e30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "e365.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "earningthatis.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "earthcorporation.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "easyshare.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "easywin.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eblog.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eburg.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ecbt.co.il", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eco-flowplumbing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eden-project-insight.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "edgarz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "educationtree.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ee362.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ee367.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ee371.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ee372.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ee373.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ee396.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ee397.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ee575.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ee631.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ee632.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ee651.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ee652.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ee653.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ee735.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ee736.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ee951.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ee973.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "egonix.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elcin.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "electroforum.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "electromagnetism.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "electronicssrit.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "electroworld.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elektromotor.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elephantia.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elikers.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elite-design.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elriacdn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "em888.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "emersoncanada.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "endlesswebsite.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "enerypa.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "englandschool.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eniziolab.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "enoisdaturma.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "enrack.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "enrique-monroy.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "entertainmentblog.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "enwikipedia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "epal.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "epicenter.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "erasure.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "erevan-news.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eridas.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ersinbiltekin.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "escueladego.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "esmejor.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "essay-writing-topics-fce.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "essaymaker.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "essenerbaeder.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "estaryshop.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "euman.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "euroshop.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eusarse.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "evadental.institute", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eveaz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eventosformativos.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "everberg.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "everglowtrading.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "examsite.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "examticket.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "exciters.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "exotic-bengal-cattery.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "expert-voronezh.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "expertpaintersvt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "explosionstereo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "expouniverse.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "exsanio.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "extremfrank.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eyetooth.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ezik-ido.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f365.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f51365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f9850.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f9851.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f9852.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f9854.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f9855.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f9880.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f9881.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f9882.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f9883.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f9884.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f9885.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "factslider.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fairyth.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fake-show.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fakes-ru.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fakt.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fall.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fanclubrbdmaniaromania.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fantasyfoot.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "farberplasticsurgery.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "farmaspeed.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fashionlistify.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fasturl.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "festivalpopayan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ffvideo.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "filesuffix.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fimozin.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fimp.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "finance-news.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "findlocalproduce.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "finestrabatalera.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "finlito.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fioritic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "firenews.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fito.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fizadvocaten.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fkraiem.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flamengopi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flashgamedev.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "floorballphilippines.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "florenciasabio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flyawaybirds.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "folar.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fonline.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "footballsrit.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ford-mustang.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "forfeit.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "forum-egypte.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "forum-gilee.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "forum-noginska.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "forumirc.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "forumpakistan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fotofon.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fourscore.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "frail.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fralippolippi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "frankieburkeactor.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "frankieruiz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "free-bitco.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "free-generate.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "free-traff.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freebegames.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freedogecrypt.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freedombankva.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freedomisslavery.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freemotion.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freetrung.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freifall.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freiwuppertal.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fruit-farm.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fukt.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fungomoscow.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "futbol-tv.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fyss.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "g30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "g365.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "g3homefoods.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "g47.web.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "g51365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gablesportsga.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gabryjeluk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gadgetstock.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gaelico.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gagramore.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "galaktika-znakomstv.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "galaxyplex.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gamerspost.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gameserver-admin.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gamingx.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gammaphibeta.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gastronom.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gathegi.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gazoz.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gdesemena.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "genen.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "geoffnussmd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "geonice.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "georgekaraoglanis.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gerbang-singkolo.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "geroiplavska.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "geschaeftsideen-ebook.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "get-california-real-estate.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "getpromo.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gfac.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gfronline.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "giovannarossi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "givepenny.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "glebov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gnezdo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "go-kuwait.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "godall.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gogomail.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goldenage.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goquiqstatus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gorodrostov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gosaavd.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug3.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goug7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gougeaway.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gpswebsoft.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gpz500s.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grafik.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "greeknewspapers.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "greenews.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grekiskagudar.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "griffinsrfc.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grilllness.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grokandtonic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grumpyseb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grupdedansa.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grupoauxteclic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gruzoperevozki.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gugs.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "guidethailande.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "guillen.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "guitarangel.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gunerds.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "guzelforum.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gvitebsk.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gymnastic.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gyroscopicinvesting.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "h30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "h365.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "h51365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "h6852.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "h6853.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "h6895.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "h6913.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "h9386.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "habernet.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hackthat.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hair-guide.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "haircutideas.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hakimova.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "halilweb.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "handymanbypolli.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hardrock.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hb6365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "health24world.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "healthystyle.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "heijmans.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "helbreath.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "helloafrica.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "herqqq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hexsafe.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hg2018hg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hg61388.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hg62388.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hg67388.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hg67855.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hg67877.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hg72988.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hg97188.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hg97288.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hg97388.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hg97588.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hg97688.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hiddenimage.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hieisuki.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hightechreviews.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hilarious.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hindibaba.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hindu-temple.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "holini.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hollywoodstars.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "homophobia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "honeybrooklibrary.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hongki.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hongorw.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hongosdemexico.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hoon.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "host4me.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hostingdirectory.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hotelsrit.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hotmann.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "housedesigninfo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "houstongaragedoorsrepair.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "huaxingui.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hydrasecurity.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hyhy1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hyhy2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hyhy7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hyhy80.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hyhy81.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hyhy82.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hyhy83.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hyhy85.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hyhy89.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hyhy98.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "i30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "i365365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "i36588.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "i51365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "i7sas.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iamwill.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "icelandic.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ient.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ifconfig.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ifiveglobal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ifolder.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ignatij.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ikari-san.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ikx.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ilg.ink", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iligang.com.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iligang.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iligang.net.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ilovesamara.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iloveyoutoo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ilug-ktm.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ilumantio.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "imolights.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inalvittile.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inbound.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "indexmarket.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "indiafm.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "indianapolisnews.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "indianerschmuck24.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "indigobooks.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "indigostudios.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "indonesian-news.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "indospot.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "infinitelightofbeing.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "info-bolivia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "informat.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inglesencanada.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inin.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inlineskating.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "innico.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "insiberia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "intercrosse.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "internet42.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "internetmagaz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "intimznakomstvo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ip40.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "irajsingh.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iranfilmcity.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iranonline.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iraqinews.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ireland.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "irob.co.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ironraven.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "isae-supaero.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "isae.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "islamabadcourt.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "islamnewss.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ismadgeintrouble.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "israelnewswire.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "it4sure.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "italiatopnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "italik.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "itezu.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ittgame.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "itzkavin.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iweathernet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j32661.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j32662.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j32663.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j32664.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j32665.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j32771.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j32772.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j32773.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j32774.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j32775.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j51365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j5563.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j5573.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j70111.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j70222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j70333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j70444.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j7051.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j7052.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j7053.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j70555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j8846.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "j9943.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jackrussel.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "janelle-jamer.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "janellequintana.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "japantravel.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "javaexpert.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "javiermascherano.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jennifertilly.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jerisandoval.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jesseonline.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jesusvasquez.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jino.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jinsha1234567.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jinsha12345678.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jinsha168.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jinsha2228.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jinsha2288.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jinsha66669.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jinsha6969.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jinsha8888888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jinsha99999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "johan-koffeman.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "johnpenny.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "johnpenny.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jolfamarket.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jomsolat.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jongcaxent.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jongtonghapkido.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jose-latino.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "joseenriquegonzalez.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "josefernandomorilloardila.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "journeyfitness.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jovenescontraelaburrimiento.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jqk918.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "js636.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "js637.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "js638.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jsidefox.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "julia-clarete.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jungyonghwa.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "juppy.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "just-heberg.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "just-keep-swimming.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "justknigi.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k1958.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "k30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaatsen.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kabachok.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kafel-ufa.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kai-ruecker.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi001.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi007.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi008.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi03.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi06.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi66.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi998.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kak-pohudet-legko.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kalashnikov.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaliningrad.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kalsa.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kandhamal.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "karantholdings.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "karapuzz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kashbet666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "katalog-serverov.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "katalog-tovarov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kathleendeisher.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb021.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb0303.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb035.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb036.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb06.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb07.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb1515.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb2727.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb283.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb3131.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb3434.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb3535.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb4141.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb4242.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb4343.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb4747.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb506.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb5252.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb5656.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb5pt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb656.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb673.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb702.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb7070.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb7474.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb7676.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb786.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb864.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8811.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8815.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8816.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8828.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8852.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8869.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8881.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8883.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8886.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8887.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb8898.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc01.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc03.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc11.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc24.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc27.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88dc29.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md07.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md18.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md19.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb88md30.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb890.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb896.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb930.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb963.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb965.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb9696.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb975.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kbhgi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kbty0.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kbxlu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kegelschiene.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kemerovo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "keramed.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ketoconazole.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kevinvanderperren.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "keyworth-meadow.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "khakasiya.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "khakasiya.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "khakassia.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "khakassia.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "khakassia.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "khakassia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kilo-files.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kimberleythomson.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kinglier.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kino-doma.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kinodrom.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kinosha.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kinovsem.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kinozone.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kirov.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kirovcity.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kirovgrad.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kismy.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kleinhaneveld.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "koba.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "korancode.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "koroleva.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "korund.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "krakozyabra.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kravmagaangers.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kresimir-blazevic.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kryptologie.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks-19.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks-39.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks-49.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks-59.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks-79.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks01.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks016.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks017.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks02.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks023.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0316.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0318.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks038.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0404.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks05.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks051.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0518.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks053.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0566.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks06.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0660.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0668.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks07.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0718.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0758.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0766.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0768.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0770.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0778.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks08.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks080.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0812.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks082.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks083.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0833.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0838.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks085.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0852.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0855.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks087.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0877.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0878.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0886.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks09.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0977.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0990.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks0996.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks1010.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks143.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks156.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks182.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks191.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks196.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks209.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks210.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks213.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks214.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks256.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks257.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks2626.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks281.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks282.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks285.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks286.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks288.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks2888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks2888.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks296.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks298.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks299.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks299.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks318.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks330.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks335.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks337.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks338.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks338.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks339.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks3535.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks3737.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks380.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks381.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks383.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks385.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks386.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks388.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks3939.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks4040.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks4242.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks5014.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks5050.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks506.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks516.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks5353.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks541.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks549.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks556.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks556.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks5606.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks596.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks597.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks600.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks602.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks626.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6363.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks641.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6565.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks668.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6690.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6767.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks687.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks69.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks692.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks7272.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks7373.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks79.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8186.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8383.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks88.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8815.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8819.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8820.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8826.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks883.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8839.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8862.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8869.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8884.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8885.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8887.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks89.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8989.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks9.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks915.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks9393.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks960.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks9696.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks9797.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks9888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks99.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks996.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kst-service.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ksvip02.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ksvip04.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ksvip09.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kswinwin.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ktuluweb.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kukeri-karlovo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kupislivki.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kurd-online.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kurgancity.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kuznica.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kylie-pomada.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kyrylych.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "l30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "l3l365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "la-paco.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "labandadelamente.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lablnet.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lada-granta.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "laencina.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "laramewa.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lasdelgadas.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lavozdelamusicachilena.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lbc-podcast.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ld66999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ld699.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ld6999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "learnhowtoplayguitar.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "learningladderacademy.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lesbianlovers.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "letaman.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "letdownloads.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "leu365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lg.gz.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "li.gz.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "liberty-city.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "librarium.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "libruis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lifekirov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "liftmastercloud.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lightcraftmc.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lightfoot.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "limbaido.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "limitlessinteractive.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lindgrenracing.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "linestriperdepot.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "linkwheel.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "linonin.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lion7.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lipacom.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lisadelbo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "littlelucifercafe.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "livelink.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "livenewsrussia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "locabir.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lockerroomstories.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "locksmithservice-humble.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "locksmithssanmarcostx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "locksmithstaffordtx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "locomen.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "london-mafia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long8079.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lorimullins.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lorisfnotary.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "loveismystyle.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lucarautti.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ludolust.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "luizlopes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lukaszuk.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lukaszuk.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lukezweb.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lux-house.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "luxhome.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lyna.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "m30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "m365m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "macon.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "madeira.gov.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "madgeandpaul.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "madgech.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "madgeisawesome.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maewongaming.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "magaconnection.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maggot.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "magic-cheerleading.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "magisternegi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mailinabox.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maladie-autoimmune.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "malariaadvice.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maleperformancepills.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maltasite.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maltaultrastifo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mangaworld.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marblemosaics.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "margolis.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mariahandnasty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marufmusic.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marvaco.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "masalaband.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "masdemariette.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mass.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mathiteia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mati.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "matthieuchedidweb.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "matuslab.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mauriceje.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maveeranpasupathi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max-apk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max-phone.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max00365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max0365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max11365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max1365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max22365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max2365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max33365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max3365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max4365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max44365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max5365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max55365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max6365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max66365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max7365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max77365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max8365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max88365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "max9365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maxclean.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mayito.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mayre-idol.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mazavto.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mbetb33.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mbetb73.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mbetbtt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mbte365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mbtt365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "me-news.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "med-line.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "medalofvalor.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mediagetnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "medichat.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "medivox.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "megawebsite.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mehibo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "melatonin.fun", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "melda-agustin.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meliyb.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mesabi.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "metaljournal.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "metalliran.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "metrodemaracaibo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mevsim.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mezedokamomata.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "micontractortraining.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mido.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "miguelito.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "milan-news.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "milavica.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "militarysrit.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "milkmoovement.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mill.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "minaio.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "minibrewery.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mink-coat.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "miragg.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mirkvartir.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mitiad.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mix-channel.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "miyanaga.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mkbet.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mmcalc.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mobileague.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mobinst.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mobsitin.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mobtop.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moburst.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mogica.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moldova-online.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moldovanka.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moldovawall.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "molodost.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "momocrats.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moneta-rossii.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mongolbox.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "monkeysorce.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mononom.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moonwolfwiccanschool.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moraldehornuez.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moroccanews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moroccotodaynews.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mortengamstpedersen.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moscow-moscow.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moscow-new.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mosnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mostlymuttz.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "motoscascos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "motun.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mrlove.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "muhabbet.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mullinsfarms.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "multigamers-net.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "multischool.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "murmansk.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "musicradio.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mutualmoney.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "my-bratsk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "my-tunisia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myarcade.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mychamberlain.co.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mychamberlain.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mychamberlain.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mychemromance.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mygreatwebsite.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mykursumlija.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myliftmaster.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myliftmaster.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mylight.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mylkguys.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mymerlin.co.nz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mymerlin.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mypenza.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mypfp.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mypvhc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myqbusiness.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myraboats.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mystore24.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myxxxsite.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "n30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "na-kipre.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nabeez.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nabokov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nacocu.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nakedinkas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nameshield.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nameshield.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nancyzone.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nandito.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "napominanie.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "narrabeenlakesbikehire.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "naruto-best.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nataez.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "natasabekvalac.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "naturalcosmetics.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "naturelk.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nay.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nazarenoviso.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nba-officecenter.hu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "neboley.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "neofilia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "neoverso.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nert.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "netrabota.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nevergirl.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "new-smile.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newillusion.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newimage.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newlovers.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newlovers.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newlytricks.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "news-sy.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "news123.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "news12elite.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "news53today.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "news54.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newsbali.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newsbusiness.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newscultural.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newsinkansas.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newsinpolitics.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newsireland.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newsuk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newsvideo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newyorknews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nextpost.company", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nicoleta-prestescu.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nightwishchile.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "niituva.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nika-travel.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nikitenko.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nikolahost.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nikolai-schmidt.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nina-woerz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "no-real.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nocturnus.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nokya.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nontonfilem.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nopajam.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "norala.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nordicsrit.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "northkoreainsider.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nou9ta.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "novak.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "novanetwork.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "novokuznetsk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "novoselie.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "now101atm.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nullscripts.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "numericall.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nurmio.fi", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "o30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "o365.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "o3c.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oakparkmedicalcentre.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oaktravel.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "obmen-viz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "obnalichka.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "occultisme.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "odysseytraining.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ogamerezine.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oghost.ir", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ogo-knigi.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oimexico.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ok118.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ok7779.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "okpo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oldaine.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oldbkcom.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oldcity.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oldfieldmusic.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oldiesmusicguide.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oldriver.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "olesaradio.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "olivejs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ollo.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "omretreats.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "one-news.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "onlineautodealered.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "onlinecasinolisboa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "onurerhan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ooo-santal.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "operanavigation.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "opncld.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oposicionesprofesores.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orangtua.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orel-sait.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "organise.earth", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ortaev.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "otdyh-v-abhazii.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "otoplenie-ufa.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ouwerling.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oxymail.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ozonstyle.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p2d.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p365.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p58101.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p58102.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p58103.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p58104.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p58201.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p58202.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p58203.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p58204.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p58205.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p888010.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p9120.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p9121.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p9125.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p9136.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p9161.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p9162.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p9165.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p9167.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p9195.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p9196.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p91aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p91ab.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p91ac.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p91ad.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p91ae.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p91af.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p91ag.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p91ah.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p91aj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p9cq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paintbrush.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pakistan24.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pamc.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "panamatravel.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "panangelium.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pandithaya.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "panoramahurtowni.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "papakonstantinou.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paperplatefun.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paramaquetas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paranoidandroid.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parfumer.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parkefficient.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parrocchiadimeana.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pasnederland.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pasteht.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pastorello.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "patioroof.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pattayafruitgarden.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paulandmadge.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pavelitus.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pcbmarketing.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pcisecuritystandards.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pcissc.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pdc.wales", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "peacekeeper.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pearcom.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "peliculasonline1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "penholder.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pensioner-1000.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pentamexicali.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "penza-on-line.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "penza-today.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "penzaonline.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "perevedut.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "perevirka.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "perewall.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "perpetual.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "personvernnemnda.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "perulinks.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pervoklass.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "petrotrustlibya.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "petrozavodsk.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "peturnashes.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pharmaceuticalcannabis.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "philarmonic-abaza.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "philippinenewsvanguard.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "philosophers.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "phuket-nash.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pierreterrien.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pigb.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pilesyk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pinchuk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pionieren.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pipenav.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pivbar.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pivotanimation.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pizzariapartiupizza.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21299.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21399.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21499.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21566.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21599.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21677.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21678.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21866.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21877.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21886.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21887.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21899.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21990.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21991.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21992.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21993.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21994.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21995.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21996.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21997.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21998.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21gg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21kk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21tt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pj21z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pjshop.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pkq5.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "planeta-remontika.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "playingvideojuegos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pleasanton-daycare-childcare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pleasantonmobilenotary.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "plenkanaotrez.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "poetenblog.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "poker4all.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pokeram.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "polan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "polimer39.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "polisipati.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "politicsandnews.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "politicsnews.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "polliconstruction.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "polskienewsy.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pomorskibereg.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "popova.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "postoyanstvo.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "potgrowersunion.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "potkani.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pozharnyi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pp234.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pradeek.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "praiss.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pravoslavie.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pravoslavnayarus.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pravosudie.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "preference.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "premised.land", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "presidentdirectory.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prevention-formation.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pridnestrovye.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "progeste.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "programmatv.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "projectfreehosting.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prostitutki-narvskaja.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prosto-dengi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "protek.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prototyping-computer.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "psihotest.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "psixotest.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "psixotesty.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "psw-training.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ptupapers.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "public-measures.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pucogid.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "purchasescooters.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "purrfectlove.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "putana.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "putanypitera.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "q30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "q365.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "q88588.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qdrat.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qq6396.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qqq6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qqq63.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qqq67.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "quantumfinance.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qubhockey.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "queirozmiotto.adv.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "quiqstatus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "r30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "raballder.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "racaliz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "radioh.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "radionrg.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "radiopharereims.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "radiorainbow.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "radmehrco.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rainbowsmoothies.win", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rajaealhoceima.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ralix.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rapport.link", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rascals.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ratgeber-guide.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "razgon.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "razvlekuha.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "razvlekuhablog.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rdviitd.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reallycooljobs.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "realpaella.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "recherchegruppe.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "redeyeguatemala.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "redunion.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "refluxogastroesofagico.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "regata2015.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "region-vologda.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rejido.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "remedee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reminisceaudio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "remont-kvartirvmoskve.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "requena.tv", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rescuer.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reshka.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "retailing.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reut42.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "revisoronline.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "revizor-online.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rezka-burenie.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rgpdkit.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "riba-lov.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "riddickthemovie.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rido.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ridvan-vllasaliu.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "roadtripusa.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "roamfreun.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "robertoullan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "robuxemporium.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rockslideengineering.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rodinka.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rolandozarate.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "roofer.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "roomee.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rosa-spain.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rosbiznes.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rosstroj-balashiha.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rotaractclubtucuman.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rothbruederlein.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "roxburytech.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rssfeedonline.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rubbaduckee.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ruchka-mashinka.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ruexpert.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rufartabs.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ruffnecks.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ruknguk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rumenka.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "runame.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ruoskachile.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rusexmany.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rushmyessay.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "russian-page.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rust.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ruthiehallarsis.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ryabinushka.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "s30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sabians.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sacians.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sadoun.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "safefreehost.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "safesoundcounselingllc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sainshand.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saint-peterburg.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saint-petersburg.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saint-petersburg.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saint-petersburg.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saintip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saintpetersburg.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saintpetersburg.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saintpetersburg.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "salesactivities.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "salvadorinfantil.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sambuchanan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "samiratv.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "samvui.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sandwichcouncil.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sanfranciscopersonalinjuryattorney.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sangen.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sanluisdequillota.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "santibanezdetera.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "santjoandevilassar.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sapibatam.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saratov24.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saratovlive.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saratovnews.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saratovtime.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sarhua.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sbgroup.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sc21.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scandinaviancorner.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scarinex.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "schellebelle.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "schoolroom.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "schoolstats.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "schwarzenberg.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scooter-experts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scotthelmesucks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scoutsanbartolome.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scrapbookdecorations.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scriptomania.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scurtam.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seabrooklocksmith.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "second-life-partner-ichien.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "secretagentclub.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "secumailer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "secumailer.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "secumailer.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "selimcerkezi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "selo-cer.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "senhorst.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seo-obmen.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seo-phpbb.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seo-piar.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seoonline.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seoserfing.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seoviziti50.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seozel.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "septonol.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "serverninja.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "serviefectivo.com.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "setevik.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sevastopol.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shadowfight2.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shanhay.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sharik-msk.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shaytan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shechipin.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sheffield-wednesday-fc.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shelehov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shenderman.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shijij.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shirevirtual.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shiriforum.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shiva-temple.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shola.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shop-slivki.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shopera.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shost.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shouldbetaught.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "showmethegadgets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "showslivki.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shrapnel.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sidmax.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sikaranbrotherhood.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "silvertorrents.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sim-mobile.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "simsimi.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sincronizateconlosmilagros.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sinews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sinluzvenezuela.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sion-colony.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sirandorung.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "siscompbolivia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "site-ua.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "site.mu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sitekatalog.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sitesdesign.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "skaiman.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "skante.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "skateswagger.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "skirts.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sky-live.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "slipknot-site.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smartcover.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smartleads.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smartphone-blog.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smcasino.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smcasino.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smiblog.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sms-pro.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "snatch-note.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sngnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "snowboardforum.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "snsirius.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sochionline.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "socialair.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sociedadsostenible.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "softbit.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sokak-sanati.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "soldierangels.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "solidsteel.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "solunci-loznica.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "someserver.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "somosabc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "son-onlajn.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "son-tolkovatel.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sonodrom.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sosaka.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sot-te.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "soundtube.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spacewallpaperhd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spaenny.tf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sparkl.fm", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sparklesvt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sparklingessentials.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spartancoin.ooo", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spiritous.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sporemasters.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sports-sites.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spotzlight.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "springhow.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sritalaska.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sritcities.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "srithunters.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sritidaho.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sritspanish.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sritvermont.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "standartgost.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "starsandmanifolds.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stealthpressurewashers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stebenkov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stefchapman.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sterlitamak.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stevemario.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stevemason.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stilsvadba.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stonetribute.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stoplossoff.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "storefront.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "strikers.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stroiproect.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "studio-abok.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stupidthoughts.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stupino-stroy.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stylebeat.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "subdivider.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "successemails.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sucessclick.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sudanindependent.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sudanindependent.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "suecaunitedfc.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sugatime.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sugos.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "suicide.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sumatrabarat.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sumatrautara.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sumatriptan365.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "summarized.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sunshilin.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sunshinelife.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "suomenkielisetnettikasinot.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "superbestpalsclub.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "superdrillers.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "supermagna.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "superservers.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "superstargossip.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "superstarhost.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "supertrade.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "surnganet.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "surveer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "suseki.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "swissurf.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sy635.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t8803.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t8805.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t8807.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t8809.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t8815.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t8816.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t8817.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t8819.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t8830.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88gg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88hh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88kk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88ll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88mm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88nn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88oo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88rr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88ss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88uu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88vip0.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88vip1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88vip2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88vip3.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88vip4.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88vip5.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88vip6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88vip7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88ww.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88xx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t88yy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taanishsaifu.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tabacundo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tablerocksbestrealtors.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tadalafilindia.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taggigkaktus.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taigamehack.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tambov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tamoxifen-citrate.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tarotistasvidentes.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tatary.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tattoo-art.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tauriscia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taxce.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "teamrevolution.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "teazer.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "technowise.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "techserve.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "techwalker.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "teka.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "telephoni-cdma.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tempdomain.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "templete.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "temporarysanity.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "terengganudaily.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "termoidraulico.roma.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "test-school.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "testthis.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "textpages.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tgo0000.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tgo0088.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tgo1111.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tgo2222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tgo3333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tgo4444.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tgo456.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tgo5555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tgo58.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tgo6688.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tgo7777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tgo7788.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tgo789.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tgo8899.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tgo9988.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tgoaa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tgoall.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tgoasia.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thaiboystory.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thaihotmodels.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thaiportal.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "the51news.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theandroidsoul.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thebacteriafight.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thebestlaos.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thecarpenters.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theknockout.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theminiacs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thenest.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theparoxetine.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theproject.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thetopmovie.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thewashingmachine.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thomastestor.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thomsons.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "threepercentrealty.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thuongtravel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tiagosimao.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tierarzt-karlsruhe-durlach.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tigerfm.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tigergroup.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tihvin.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tiles-for-facing.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "time-business.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "time-hotel.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "timerace.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "timgame.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "timich.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "timmi6790.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tips4india.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tirteafuera.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "titanforged.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tixio.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tobiasfischer.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tolerance-zero.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tomsk.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tonorosario.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "top-russian.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "top10media.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "topknot.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "topspin.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "topurls.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tormox.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "torontonews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "torrance.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "totalhost.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "touchka.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tourism-exegetai.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "toursinvietnam.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "toyschina.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "toysplace.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tracking-app.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tradebotcompany.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "traderinside.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trafic-wap.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trapkitchen.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "travelphilippines.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "travelwithsearats.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trazodononline.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "treatmentforkennelcough.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trials.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tribalwarsstyles.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tribistovo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tricountyathome.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tridentmedia.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trilogyforce.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "triplicate.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "troop89medfield.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trotter.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trusthook.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tryingtotakeovertheworld.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tt0766.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tt0866.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tt0966.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tt2866.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tt2966.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tt3666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tt3699.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tt3766.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tt3999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tt6396.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tt7199.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tt7299.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tt7399.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tt8166.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tt8266.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tt8366.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tt9799.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tula-city.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tula-news.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tuneotune.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tunisiapress.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "turbosuflantecluj.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "turciya.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "turkey-portal.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "turkishhackers.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "turkmannews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "turtlehead.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tutdevki.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tutorialcoding.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tvoia-dietka.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "twainhartehotels.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "twodrinksaway.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty513.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty525.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty529.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty561.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty562.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty573.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty583.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty587.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty593.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty613.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty632.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty637.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty650.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty679.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty705.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty715.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty716.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty723.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty736.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty737.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty739.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty750.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty756.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty767.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty783.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty785.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty791.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty793.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty812.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty835.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty853.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty857.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty927.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty935.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty937.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty953.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty962.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty965.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ty980.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tyumen.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tyva.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tyva.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "u30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uareferat.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uberhorny.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uborka-kvartir-moskva.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ucmatedeveloper.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "udbina.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "udien.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ulsters.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ultimate-fireworks.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ultimatebabyshowergifts.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ultrafine.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unasim.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unbolt.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unboxed.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "undertow.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unexpectedcompany.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unitir.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uniuni.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "universidadcatolica.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unixhost.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unxcoconsulting.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uplinkgame.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uppfinnarenc.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ural-emal.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "urlfly.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "usercompare.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "utahrealestatepodcast.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "utbosbeekhuuske.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "utevai.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uu378.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uzbekkizlari.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uzbektumblers.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uzhas-uzhasny.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v05666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v1.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v10006.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v10008.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v1951.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v3025.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v33v33.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v44v44.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v5075.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v55510.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v55520.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v55530.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v55565.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v55569.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v55580.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v55590.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v55593.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v55v55.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v6021.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v6170.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v6350.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v637.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v6506.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v66233.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v66255.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v66557.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v66615.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v66618.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v66619.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v66629.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v66635.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v66638.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v6752.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v6791.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v700a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v700b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v700w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v76555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v88299.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v88511.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v88559.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v88656.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v88799.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v9285.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v9286.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v9289.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v9812.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v9820.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v9821.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v9823.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v9831.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vacati0n.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "valencianisme.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "valeravi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vardenafilhcl.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "varianto25.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "varjo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vasheradio.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vatav.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vbm11.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vbm22.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vbm33.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vegetarier-sind-moerder.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "veggies.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vektlofting.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "velib.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vendi.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "venezianischemasken.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vengriya.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "veredadelaestrella.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "verstka.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vestlundbolargen.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "veusveus.cat", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "victorcarrasco.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "victorhorta.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vidassemfronteiras.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vietnam-tours.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vildlaithailand.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "villablino.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vinit.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vip-moda.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vipcp.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "visionxcreative.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "visit-thailand.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "visiter-tunis.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "visual-design.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vitaliyshepotkov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vkarpaty.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vladimir.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vlcentre.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vmf365.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vneftekamske.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns168.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns377a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns377b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns377c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns377d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns377e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns377f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns377g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns377h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns377i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns377j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns5151.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns5353.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns5656.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns5757.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns5858.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns5959.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns6161.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns6262.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns6363.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns6565.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns6767.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns68611.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns68655.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns68669.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns6868.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns6868.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns68722.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vns6969.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vnsr112233.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "voetbalclubinfo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "volosnet.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vovkamagazine.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vremyachko.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vrostove.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs106.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs107.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs1177.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs1717.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs2277.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs2828.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs303.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs313.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs5050.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs5151.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs601.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs603.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs6060.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs6161.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs680.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs7711.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs8899.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs9911.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vs9977.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vsaratove.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vsem-privet.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vstavropole.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vulcancycling.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vulgar-teens.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vysokoe.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w000999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w123123.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w234234.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w365.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w456456.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w567567.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w66w66.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w678678.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w789789.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w888022.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w888033.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w888044.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w888066.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w888077.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w888088.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w888099.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w9710.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w9720.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w9730.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w9740.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w9750.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w97a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w97aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w97app.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w97app2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w97app3.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w97bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w97cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "waermekabine.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "waimanu.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wajs1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wajs2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wangshengze.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wapbet365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wapnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wash-house.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "water-polo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wealthcreationsolutions.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "web-format.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "web-test.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webdesignersinchennai.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webinator.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weblights.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webmaster16.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webranking.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "websitedesignersmalappuram.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "websitedesignprice.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "websitepromotion.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wellnesshotel-weimar.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "west-raptors.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "whisperwashonline.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "whiterabbit.group", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wicontractortraining.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wien52.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wikisorg.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wildandwonderfulbodycare.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wildberries.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wilgo.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wing-tsun.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wither.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wizardschool.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wkhs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wns68123.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wns6852.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wns6862.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wns68622.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wns6865.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wns68666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wns6872.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wnsr3970.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wolflambert.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wonderlab.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "woorocket.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wordops.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wordpresssetup.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "worldcarding.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "worldoflegion.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wulfrun-invicta.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ww6396.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x10006.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x2816.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x3515.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x3618.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x3789.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x3801.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x3802.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x3803.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x3804.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x3805.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x3807.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x3815.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x3816.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x3828.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x3927.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x58.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x58e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x58f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x58h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x58i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x58j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x58l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x58n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x58o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x58p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x58q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x58t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x58u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x58v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x58w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x58z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x5901.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x5902.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x5903.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x5904.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x5905.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x5906.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x5907.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x5908.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x5910.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x7008.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x7713.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x7715.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x7716.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x7718.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x7719.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x7782.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x7785.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x7795.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x77dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x77ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x77hh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x77jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x77kk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x77mm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x77nn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x77pp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x77qq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x77tt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x77ww.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x8100000.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x8111111.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x8122222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x8133333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x8144444.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x8155555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x8166666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x8177777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x8188888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x8199999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81ff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81gg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81hh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81ii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81kk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81ll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81mm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81nn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81oo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81pp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81qq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81rr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81ss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81tt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81uu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81ww.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81xx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81yy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x81zz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x9015.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x9701.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x98z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x993.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "x998.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xab123.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xab199.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xab4.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xab456.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xab678.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xab678a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xab678b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xab678c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xab678d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xab789.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xab799.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xab899.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xaba.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xacker.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xarangallomangallo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xenical.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xerdeso.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xh7aaa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xh7bbb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xh7ccc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xh7ddd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xh7e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xh7eee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xh7f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xh7fff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xh7ggg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xh7hhh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xh7iii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xh7jjj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xh7xx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xloud.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xmyy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--4brt03c.xn--io0a7i", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--7or43h.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--bcher-bestseller-jzb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--bcherbestseller-zvb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--eebao6b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--schcke-yxa.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xpj000444.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xpj000555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xpj000666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xpj567088.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xpj567288.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xpj567388.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xpj567888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xpj678678.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xpjai.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xpjbeting.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xpjcs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xucha.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xx6396.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09app.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09app.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y09x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y3650.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y36500.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y3651.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y36511.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y3653.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y3654.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y3656.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y36577.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y6180.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68ah.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68am.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68bet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68bj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68cd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68cq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68fj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68gd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68gl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68gs.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68gx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68gz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68heb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68hf.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68hk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68hlj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68hn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68hz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68jl.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68jn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68jx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68ln.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68nj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68nm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68nx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68qh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68sc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68sd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68sh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68sjz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68sx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68sy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68sz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68tj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68tw.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68xg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68xj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68xz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68yn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y68zj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y70101.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y70102.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y70103.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y70104.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y70105.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y7091.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y7092.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y7093.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y890000.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y891111.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y892222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y893333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y894444.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y895555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y896666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y897777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y898888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89aaa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89bbb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89ccc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89ddd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89eee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89fff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89gg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89ggg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89hh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89hhh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89ii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89iii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89jjj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89kk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89ll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89p.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "y89zz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yagoda-malina.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yangfamily.tw", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yantox.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan008.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan1.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan2.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan3.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan33.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan365.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan4.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan44.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan444.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan5.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan55.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan6.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan66.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan7.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan77.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan99.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapanwang.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yaws.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yellowsquid.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yemenlink.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yenbainet.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yeniexpo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yepmom.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yerbasbuenas.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yesteryear-chronicle.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yiluup.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yoloyolo.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yordanisp.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "youcanhelp.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "youla.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "youngmodelsagency.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "your-forum.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "your-greece.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "youreward.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yourmagicstory.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yuandan.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yukoslibrary.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yy153.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yy393.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yy6396.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z30365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zackiarfan.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zadrot.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zagruz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zaija.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zaim15min.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zajm-ehkspress.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zajmy-contact.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zajmy-contact.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zajmy-contact.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zajmy-contact.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zala.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zambianewsforum.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zamenim.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zandra.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zappingarahal.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zapreaders.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zaruhi.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zcrypto.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd8883.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zegriesalmansa.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zemlyaki.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zen-zone.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zepter.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zepter.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zero-knigi.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zhivoj-dom.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zinabnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zindan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ziroux.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zizibook.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl8585.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl8873.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zloybot.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "znanje.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "znich.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zoepolitics.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zok-ambicija.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zoko.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zonaperu.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zowe.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zsoltbereczki.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zumberak.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zverskij-site.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zzzz365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "011ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "015ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "017ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "019ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "026ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "031ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "032ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "033ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "036ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "039ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "050ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "052ks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "05am8.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1080.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "181lilai.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "188188688.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "188lilai.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "188wei.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "198wei.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1lc11.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1lc22.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1lc55.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "1vpns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2000meter.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2018j95.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2019j95.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2020j95.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2021j95.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2022j95.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2023j95.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2024j95.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2025j95.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2026j95.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2226321.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "228wns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "230110.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "233wns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2346321.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "253205.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "2earn-online.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "308wns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "318wns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3336321.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "333wei.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365888456.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365securitymg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "365yapan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "369028.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "369038.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "380wns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3963dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "3970.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "400wns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "4566321.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5017501.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5017502.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5017504.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5017505.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5017601.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5017602.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5017603.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5017604.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "518wns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "52062z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "535wns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5536z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5539z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5556321.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5676321.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "586540.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5981688.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "5goglobal.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "611136.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "611151.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "632017.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "632025.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "632026.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "632027.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "632035.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "632040.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "632045.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "632046.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "632047.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6321000.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6321007.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6321008.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6321009.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6321222.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6321333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "632140.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "632142.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "632143.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "632144.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "632147.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "632148.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "632174.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "65131a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "65131c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "65131e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "65131h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "65131i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "65131m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "65131o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "65131w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "65131x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "65131z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "66321o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6638s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6639s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6810app.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "6830521.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "690918.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "690928.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "700wns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "707wns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "757wns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7666321.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7776321.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7g31.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "7win.am", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "800139.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8122d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8191d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8192d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8200d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8220d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8238d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8666321.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "868wns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8809d88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8852d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8859d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "888xpjxpj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "88yabo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8900d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "898wns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "8win.am", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "900823.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "907vv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918duu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918eeg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918exx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918izoz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918lzoz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918mwo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "918nwo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d12.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d28.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d30.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d75.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d76.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d78.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d79.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d81.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d82.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "91d92.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "939wns.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "946321.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499060.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499066.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499068.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499113.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499115.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499118.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499125.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499151.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499238.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499263.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499292.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499293.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499369.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499399.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499403.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499459.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499558.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499565.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499568.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499575.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499588.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499668.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499682.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499855.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499869.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499958.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499aaaa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499cccc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499dddd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499eeee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499ffff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499gggg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499hhhh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499iiii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499jjjj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499kkkk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499llll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499mmmm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499nnnn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499oooo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499pppp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499qqqq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499rrrr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499ssss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499tttt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499uuuu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499vvvv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499wwww.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499xxxx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499yyyy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9499zzzz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "95am8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "988am8.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "998wei.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k233.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k236.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k239.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k259.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k265.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k272.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k288.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k297.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k298.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k326.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k328.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k367.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k377.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k382.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k385.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k388.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k395.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k396.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k399.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k566.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k576.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k578.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k628.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k638.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k687.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k827.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k832.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k837.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k852.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k856.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k863.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k876.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k878.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k895.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "9k897.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ab2web.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abashevo.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abdulawal.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abelbarretto.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abogadocriminalorlando.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "abusive-host.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "accessibilityguidelines.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "achiksongs.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "acronis.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "activescreenshots.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "adceuta.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "advantis.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aerorecords.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "affinity.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "africanhosting.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agaveandpine.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks02.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks05.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks20.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks21.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks26.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks30.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks31.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks32.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks36.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks38.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks39.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks46.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks49.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks52.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks53.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks56.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks57.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks59.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks60.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks61.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks69.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks71.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks72.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks75.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks79.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks80.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks82.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks83.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks85.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks86.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks87.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks90.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks92.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks93.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agks97.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agrodronechile.cl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agweili.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "agzlapp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aimare-web.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "airmash.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ajaxtime.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alabamacoastalradiology.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aladintechnologies.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alalivre.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alcobendas.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alcoholrehab.website", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alcubillas.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aldenmiamibeach.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alfa-host.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alfagroup.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alfavit.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alineonline.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alkopedia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "all-things.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allfoodrecipes.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allgosts.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "allnovosibirsk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alpha-bet.com.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alternatiwa.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alushta-vostorg.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "alwayshowher.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "am2288m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "am5188.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "am615.am", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "am8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "am8136.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "am8833.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "am8883.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amandahamilton.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "americanunicornparty.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amm6610.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amoxil.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "amputated.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anabolickdieta.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anabolics.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anandchowdhary.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ananiev.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anarcho-copy.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anarhija.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "andreyjuravlev.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "andreysmirnov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "andrianova.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "angelcorpus.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "angora.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "angorarental.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "animalliberation.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "animamega.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aniviasport.store", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ankaraotokiralama.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anonaddy.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anonymousbitcoinexchange.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "anouncer.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antabuse.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antfarm.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "antonimos.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "any-download.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "any-download.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "any-download.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "any-download.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "apocalypseboard.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "app6810.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "appliquette.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "architectus.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "areacinquentaeum.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "arquitet.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "artcenter.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "as398.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asabacortoscaseros.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asana.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "asdchieti.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ashleyashbee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "associationhorizon.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "astrociencia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "astroloeches.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "atomnetworks.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "attengo.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "attimec.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aubonheurdeshuiles.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "authanet.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "avangvpn.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "avarcom.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "avengersonlinemovie.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "aviationmilitaire.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "avrora-nov.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ayporealestate.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "azithromycine.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b70661.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b70663.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b70664.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b70665.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b70771.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b70772.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b70773.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b70774.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b70775.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b86255.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b89aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b89bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b89cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b89dd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b89ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b89jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b979333.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b979555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b979666.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "b979999.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bacanora.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "badodds.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "baloch-intelligence.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "baptisteplanckaert.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "barcelonawinewalk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "barsukas.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bashkirlife.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "basradio.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bassrhymeposse.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bd-media.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "begintravel.co.th", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "behar-selimi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "belgraver.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "belgraver.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "beritanow.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bestsgadgets.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365cn-casino.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365cn-game.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365cn-keno.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365cn-livecasino.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365cn-sports.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bet365cn-vegas.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "betty-baloo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bhavansvidyamandir.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biaggeo-prod.herokuapp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bibliatodo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bienvenidoamerica.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bigfatbetty.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bigsam.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biolack.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "biowtage.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "birthright.host", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bitcoin-fauset.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bitcoinbot.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bitcoinrush.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bitjunkiehosting.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blackminds.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blackspark.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blackthrone.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blog-garage.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "blognews.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bloguser.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bluegifts.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bluetoothspecialist.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bob-dylan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bodas.com.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boevik.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bonbini.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bonusov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "borba-umov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "borein.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "borriquillacuenca.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "boscq.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bounouh.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bramois.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bridgedigest.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brigittefontaine.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bromo.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "brownwolfstudio.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "browsbybecca.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bssolvfagen-pre-storeswa-wap.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btc-alpha.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btc-doge.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt113.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt128.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt229.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt230.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "btt789g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buddy-acceptance-banking-api.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "businesspartner.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "busphotos.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buswiki.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "buysildenafil.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "bwashing.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "byggonline.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cactuspedia.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "caddyfashionshop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cadifit.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "calandrahosting.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "capitalist.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "capitein.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carapax.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cardiagnostics.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carepan.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carltontownfc.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carolinaoliveira.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carontetourist.hr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carpetcleaning-cypress.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carplus.es", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "carpuya.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "casinotokelau.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "castellet.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "catalog-underwear.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cernac.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "challengerinvestors.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "channydraws.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cheapsmall.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cheazey.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cheazey.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "checkmin.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "checkwebsiteonline.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chelpogoda.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chelyaba.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cheneypartners.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chesterman.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chetanrana.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chicofc.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chiksfashion.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "china-online-news.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chocope-peru.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "chrisshort.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "citypro.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "citywisdom.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clan-hosting.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clan-wars.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "climatgate.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clomid100mg.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cloudix.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "club-eclipse.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clubatleticonacionalpotosi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clubdeportivocieza.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cluberiks.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "clubtamarugal.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cola-host.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "commons-mayflower.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "compositedevtec.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "comprarparaguas.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "computron.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "comumlab.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "conalpedis.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "confiscate.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "conradcartagena.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "construred.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "contratti.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "contrisur.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coolshirt.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coralcanticorumbarcelona.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "corehealthberks.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cornitek.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "corruptos.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cosec.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cosmos-software.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cotswoldflatroofing.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "coworking.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cpchur.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "craftshiponline.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "craigdavis.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crazygifts.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "creategyx.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "creativesectors.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "credit-default-swaps.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "criptomoneylite.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "criticalgenesis.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "crossfiremovies.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cryptopaste.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cs-algeria.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cs3334.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cs3336.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cs3338.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cs3339.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "css-tricks.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ctir.gov.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "culaneenergycorp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "culturabrasilia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "culturalparadiso.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "custer.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cwaclub.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cybergroup.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "cz.ma", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "czprothz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d-vision-web.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88-livechat.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d882.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d885.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d886.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88868.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d889.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88agqj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md04.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d88md13.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "d898.app", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dagrs.se", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dakinecoupons.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "daniel-leblanc.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "danskoya.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "danzka.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dark-crystal.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dark-nova.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ddosguard.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "deadroot.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "deal-runners.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "decode.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "defunct-engineers.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "degrasboom.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "delio.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "delta-host.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "demonbuster.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "demopanel.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "denatured.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dendelft.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "denkmalsetzung.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "departmentofdefense.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "desish.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "despertartransforma.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "deti-vse.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "devopsish.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "diebetriebsraete.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "digitai.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "directorydashboard.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "directorydisc.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "discovermuscatine.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dizayner.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dlyatepla.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doc-baza.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "domain-speicher.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "domain-speicher.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "domain-swiss.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "domenaru.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "domhos.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dominicandfelixroco.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "domowe-potrawy.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doramamusic.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "download-knigi.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "doxepin1.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dozor.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon05.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon06.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon07.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon23.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon25.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon26.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon27.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon29.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon59.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon62.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon71.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon72.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon86.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon91.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon92.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon93.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon95.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dragon96.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "drogariasantoantonio.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dukeandduchessdrivingschool.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "durin-art.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dx2o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dzu.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "dzu.works", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "easyfiles.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "easylogics.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "easytube.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eaugenethomas.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ebookabc.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ebooks-pdf.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eclipseforum.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ed-studios.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "edify.space", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "edrosd.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eduart.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "edyhenry.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "egomaniaque.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "einsurancetraining.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ekspoint-mods.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "electras.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "electroniko.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elegantlatex.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elektrotango.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elite-nakhodka.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "elite-tools.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "emoforum.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "emreaydinfan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "emulator.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ep-plus.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "epicentar.mk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "erektion1.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "escortlareryaman.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "escovator-records.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "esperantio.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "european-hospital.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "european-hospital.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "european-hospital.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eva-briegel-fanpage.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "evaalordiah.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eventblog2017.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "eviction.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "evil-empire.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "evsinemasistemleri.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "expeditions.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f8003.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "f8007.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "familleshilton.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fashionusa.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fashionxmas.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fast-cargo.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fastknigi.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fcapollo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fcarsenal.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fcic.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "feministreview.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "festesuniversitaries.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fifacup.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "filedoom.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "filmwallpapers.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "financenews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "findautoloan.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "findsingledating.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "finestreview.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "finma.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "firstbooks.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "firstwebring.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fixfm.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flipmusic.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "flipphotography.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "florausa.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "forex-giants.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "forexcity.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "formalgrammar.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "formality.one", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "forum-tutorapide.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "forumcarriocity.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fotopalacedigitalstudio.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "founded.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "foxtrotfm.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fran.id", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "france-news.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fredhook.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freecookies.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freelancerinc.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freelanceunleashed.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "freundinnenausflug.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "frode.win", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "fulige.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "funnychristianjokes.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gabriella.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gamingtilltheend.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gaopindy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gastrobox.com.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gazizov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gbthatcher.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "geekyquiz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gemwire.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gennerator.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "germanicvs.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "germantrip.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "germany-board.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "germanytravel.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "germanytravelguide.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gestus.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "getpaidclub.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "getwork.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gezinnenhilton.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gfxworld.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gibreel.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gigasoft.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gigsoupmusic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gimnazjum-miloslaw.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "givemylife.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "globalshippinglimited.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "globalzone.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "go-srx.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "golosok.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gorodabakan.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gosti-dom.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "goszakupki.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gourmetvitamins.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gps-fleettracking.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grafittikontroll.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grandisco.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grasboomamersfoort.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grasboombinnendoor.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grasboomclophaemer.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grasboomderoos.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grasboomleusden.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grasboommax.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grasboommeerbalans.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grasboomveenendaal.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grasboomvondellaan.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "gratisonlinespel.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "greeks.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "green-anarchy.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "greendrive.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "grupoinassa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "guiacursos.online", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "guys-reviews.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "habitable.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hafer.tech", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hairpins.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hakkariradyo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hallcouture.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hamarimarriage.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hamiltonzinelibrary.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hamsystems.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "harabar.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hardcore-bodybuilding.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hbaa.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hbxianghang.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "healthcarereviews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "healthierweight.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "healthylifeelite.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "heijmans.blog", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hentamanga.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hiddenpalms.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hilalnews.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hirel.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "histkult.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hittop.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hoffmancorporation.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "holidaylocal.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "holyriders.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "horclan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hosiery.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hotelconsulado.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hotlog.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "howtechvalley.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "humanidad.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "hwjkk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "i-house.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iceshopy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "icetechy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ihuir.men", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "importsign.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "imstocker.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inanam.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inbound.menu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inefin.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "infoland.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "informspb.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ingermany.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inlt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "innovationgarage.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "input.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "inspiringfuture.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "integ.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "integsystem.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "interminsk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "internet-tv4u.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "internetk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "investactiv.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iotorq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iptvmaxx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "irandex.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "irkutsk38.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "islamicnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "israelportalk.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "itemcreator.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ithot.ro", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "itraffic.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "iubuniversity.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ivahbbiz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ivendi.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "izamulhakeem.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "izmirescort.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ja-hypnose.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jabber.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jailfood.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jaimepumarejo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jeans-shopping.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jerrywang.website", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jerusalempersonals.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jewadvert.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jfgselbitztal.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jhw3d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jimmiestore.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "johncam.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jordanprogrammer.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jordibelgraver.email", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jordibelgraver.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jordibelgraver.xyz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jose-manuel-benito-alvarez.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "js86.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jucocauca.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "judybai.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "juragan.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jurassicworldfilmen.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "justcalm.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "justquoteme.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jvlfinance.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jwimps.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "jysk-kornteknik.dk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kadvi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaishi77.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kalamos.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kaliboairport.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kamildrozd.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kapelya.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kareltrans.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "karhoo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "karimsaadati.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kariyam.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kateysagal.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "katherineswynford.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kavatasygarety.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb22.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb28.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb35.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb38.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb57.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb65.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb68.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kb99.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kemerovo.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kemerovo.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kemerovo42.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "keniff.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kerrydavisguitars.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "keyhani.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "keyphotojs.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "khmh.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kiahalchemy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kiliframework.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kindergarten-neugnadenfeld.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kinomagia.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kinoshki.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kip-ribbetjes-bestellen.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kirgistan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kitevalley.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "klassika.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kleidermarkt-vintage.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "klub.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "konstanz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "konstructdigital.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "konsul.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kopfgeld.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kosmosfestival.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kotuwa.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kovachica.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kozlekedes.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "krasnodar24.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kreditzone.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "krossakorven.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "krovatka.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks015.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks05.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks06.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks17.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks19.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks2251.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks2298.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks2375.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks2652.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks35.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks3533.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks410.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks5525.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks5531.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks5532.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks56.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks5822.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6872.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks6875.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8112.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8113.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8128.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8129.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8135.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8152.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8176.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8177.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks82.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks82.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8211.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8218.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8233.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8266.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8278.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks8281.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks85.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks87.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks96.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ks97.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kudinilam.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kulthist.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kupibilet.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kurdishphotography.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kurido-anime.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "kvest-v-moskve.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lada-plus.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ladanmokhtari.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ladocs.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lafansite.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lalegria.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lamasacre.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "laminsaho.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "langadeduero.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "laoliang.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lapolvora.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "larasm.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "larsnittve.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "laterremotodealcorcon.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "laurable.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lavalon.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lawda.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lawyer.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lazer.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "leak.media", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "leeyoungaeph.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lelux.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lenn-blaschke.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "leomwilson.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "leon-tec.co.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "leontyev.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "leshok.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "leticia.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lexikon24.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lfyhokk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "li680.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "libportal.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "libreria-ouroboros.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lierohell.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "life-in-hell.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lightsfromspace.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilai107.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilai116.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilai18.ph", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilai2211.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilai3366.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilai365.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilai520.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilai634.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilai6677.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilai777.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilai8866.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilai9898.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lilai9966.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "limstash.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lince-bonares.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lineshop.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "link-net.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "linko-pomoika.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "linkuva.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "linux-help.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "linux-taganrog.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "liress.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lisasc.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lisius.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lissajouss.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "listach.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "little-news.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "littleyokohamakennel.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "liturkey.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "livejh.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "livetopknigi.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "livfcshop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ll8819.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lldy88.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "llgj888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "llgw8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "llw0x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "llw2h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "localtownhouses.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "logicdream.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lojadkstore.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lomayko.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lonavla.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long0311.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long8032.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "long8059.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "loomis.center", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "losaucas.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lossaicos.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "louisdefunes.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "louiza.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "love-books.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lspdonline.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lstlx.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lukin.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lyfebotanicals.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lyriksidan.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "lyuda.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "m-16.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "m-beshr.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "m1gun.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ma-ze-linux.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "macaroonshindig.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "macosx86.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "macroseo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "madskauts.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "magazilla.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "magazinecards.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "magnetoscopio.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maguire.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mailer.site", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mailinaitor.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mailingproduct.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mailmaster.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mailsend.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mailstart.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mailtobiz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mailwala.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mailxpress.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "malaysianews.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mamanakormit.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mamanura.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mamtapark.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mandela-effect-wiki.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mangaboxes.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mangareactor.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "manicur-salon.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mantenimientoimpresoras.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "manure.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "manusiasosial.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marbrerie-segur.fr", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marcelabarrozo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marcelofernandez.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marina-tsvetaeva.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marketgrid.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marketgrid.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marketia.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marketingpalace.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marketingsuite.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marketking.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marketsearch.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marketvalue.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maroussia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mars.army", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mars.navy", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "martincernac.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "martinho.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marvnet.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marvnetdigit.al", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marvnetdigital.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marvnetdigital.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marvnetdigital.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marvnetdigital.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "marvnetdigital.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "masqueradecostumes.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "matejstrnad.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "matematikkulubu.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mathe.digital", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "matrimonio.com.pe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mattaki.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maxiservak.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maxrider.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "maysambotros.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mcduff.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mdir.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "medifirst.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "medvedivka.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "megaherz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "megalithe.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "megaportal.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mein-tortenladen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mekaleskirit.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "melissaofficial.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "memento-mori.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "menn.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mentalcalculations.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mentalcraft.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mercadohype.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meskiukas.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mesotheliomacentre.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "metacortex.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "metal-rock.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "metalempire.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "metallobaza.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "meteobox.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mezinfo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mgonline.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mhabdullah.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mica.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "michele.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "micoff.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "midnight-gaming-community.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mikechasejr.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mikesystems.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mind-books.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "minddrive.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "minikin.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "minivehicle.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mir-faktov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mir-multimedia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mir-pressy.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mirknighechek.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mirokon.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mistlake.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mithgol.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mixify.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mixmix.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mmwb.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mobilebooster.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mobilityworks.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moda-donna.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "modeldoll.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "modern-gaming.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mohamedhosting.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moltapor.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "molusk.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "money-fast.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moneyreal.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "monolithic.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "monzo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "morozko.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moscowlove.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mostafabanaei.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "motekforcelink.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "motichi.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "motiv-rechts.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "motoclubentresemana.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "motoland.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "motshop.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mountpost.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "moyideal.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mpgu.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mrston.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ms295.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mtcpuntosalud.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "muchotrolley.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mudasobwa.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mudcomplex.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "musicfactory.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "musiker.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "musketiers.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mvpinfo.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mvpower.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mybathroom.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mycam.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mydoxod.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myedcreview.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myeditclub.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myedu.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myfursona.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mygameconsole.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mygomel.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mygrodno.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myhoor.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myhostname.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myinsiderplus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mykarelia.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mymkphotography.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mymotherlandstuffs.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myphotonics.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myphotos.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myportal.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myresidence.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "myreviews.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "mystore24.us", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "n888-qieji.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "n888388.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "n888599.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "n888677.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "n888699.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "n88890.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "n888duchang.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "n888go.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "n888ok.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nadjabenaissa.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nadoske.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "naemnuk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nagato.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nahman.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nailshop.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nakim.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nakin.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "narela.com.mx", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "natalia-in-quebec.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "natarius.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "natariusadvokat.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "natashki.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "navalarchitect.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nazbol.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "neanderthalia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "neaz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nebohost.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "necromantia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "needfire.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nethealth.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "netkigestioncomercial.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "netpenge.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "netsearch.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "new-tuning.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newblogr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newforms.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newlynamed.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "neworiflame.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "news-novoros.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "news-srilanka.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "news-technology.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newsarmenia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newsuzbekistan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newtekstil.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "newtons-erben.space", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nextfm.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nicastrosalvatore.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nichesite.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nieuwpoort.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nijniy-novgorod.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ninmegam.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nippel.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nipponkempoph.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nipponnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nivoit.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nkorolev.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nl-comunistas.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nmx.moe", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nn-vol.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "northscottsdaleloan.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "novichok.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "novinkihd.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "novinminer.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "novorossiysk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "novorussiya.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nudeimg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nwradio.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nymity.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "nyushikaikaku.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "o15y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oakwood-park.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oasisorthodontics.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "obmen-vizitami.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "obozrevatel.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "obzor-znakomstv.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ocachik.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ocenka-nedv.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "odejdamoda.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "offlimo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ofisescort.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oil-heaters.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "okulistiyoruz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oldliverpoolrailways.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "olegrpg.in.ua", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "omarsamarah.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "omsk-web.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "omsknews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "omskweb.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oneless.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "onlinesports.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "opioneers.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "opraab.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "optimall.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orbits.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ordina.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oriflamesamara.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orikos.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orologidicristina.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ortopertutti.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "orvibo.com.ec", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ostankino.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "otdelka56.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "otoplastik.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oussoren-vinetomatoes.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "overnetfaq.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "overpb.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "overps.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ovmfinancial.mortgage", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "oyunmadeni.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333aa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333aaa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333bb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333bbb.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333cc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333ccc.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333ddd.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333ee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333eee.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333ff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333fff.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333ggg.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333h.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333hh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333hhh.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333i.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333ii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333iii.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333j.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333jj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333jjj.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333kkk.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333l.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333ll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333lll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333m.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333mm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333mmm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333nn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333nnn.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333o.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333oo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333ooo.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333ppp.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333q.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333qq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333qqq.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333r.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333rr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333rrr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333s.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333sss.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333t.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333ttt.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333u.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333v.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333x.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333y.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "p333z.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "padshah.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paginamaravillosa.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "palenque.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "palermoantagonista.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pamm.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "panduan-hamil.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "papa---mama.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parket.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "parkettdielen.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "partii.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "patriciaramos.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paulocolacino.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pavernosmatao.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "paywait.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pbcables.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pcexpress.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pckurzypd.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pecheneg.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "peelland-fm.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pegundugun.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "peredoz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "permaculture.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "perron.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "personaljokes.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "petburial.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "petos.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "petrovitch.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "phantomfund.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "phero.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "philippinegreenparty.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "phonenumberfind.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "photographerforwedding.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pieterbamps.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pimanta.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "piranhaattack.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pircher.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pisanpeikot.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pistonkandidatu.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pitbooks.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pl-trans.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "plastischechirurgie-linz.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "platter.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pleger.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pmk.ddns.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "poemwall.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pointzip.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pokemonargentina.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pokemonguide.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "politvesti.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "polog.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pologalileo.eu", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "popjudge.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "populardogs.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "popupbazaar.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "porelsam.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "porevo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "porinnuotiopojat.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "portable-games.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "portal-books.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "portal-ru.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "portaleldense.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "positiverbeitrag.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "positiverbeitrag.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "positivos.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "postmusicologia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "potolok-brest.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "potomac.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "potterperfect.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "potterybroker.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "potz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "powerlifting.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pozarevac.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pozd.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pozitiffchik.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pozitiffchik.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pranksearch.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pravo911.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "predskazanie.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "premiumplusiptv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prettycities.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prisminfosys.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pritchi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "privacyget.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pro-kemerovo.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "proactivenews.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "proculsk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "productosfitness.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "produkt.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "professionallawyer.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "profuntime.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prog.sh", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "programming-solutions.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "propanesale.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "proporcer.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "proposeinspain.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prostoskidki.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "protectwrap.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "protogenbrainbooster.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "provereno-rabotaet.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "provereno-rabotaet.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "prushka.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "psa-travel-care.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "psychologbruksela.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "psychologi.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "psychologytests.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ptcbooks.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ptmp.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "publishedpaper.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pulcinella.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "punkart.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pupok.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "purpletech.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "pursuehappiness.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "put-k-uspekhuy.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "putany.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "queensfactory.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "quelle-catalog.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "quinmedia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qwantjunior.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qwd.no", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "qwq2333.top", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ra-jurochnik.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "radicaldream.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "radio-brest.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "radioborges.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "radiocartel.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "radiodiagonal.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "radioelectronic.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "radiowakeup.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "radiozetta.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "radixsalon.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "raghughphotography.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "raginggaming.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rammsteinzone.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ran-drunken.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "randomsearching.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rapwoyska.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "raquelmolinacases.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rarece.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rarename.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rastabooks.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "raya.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "razborpoletov.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "razborpoletov.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "razborpoletov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "razrabo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rbunews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reallywild.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "recycling.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "redstarpictures.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "redwiki.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "reflexionspain.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "releasepoint.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "remodeus.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "remont-naushnikov.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "remontpc.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "remoteoffice.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "renovandoingresos.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "replikatelefon.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "resanebartar.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "restoran.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "restoringhopeberks.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "revizor-online.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "revolutionaryaim-vienna.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rfid-grundlagen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ricordisiciliani.it", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rilish.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ringofglory.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "roadtochina.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rollingstocks.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rommelhuntermusic.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "root-books.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "root-books.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rosiervandenbosch.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rosrabota.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "roundaboutweb.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "roverglobal.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "royalcavaliers.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "royalmech.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rs-aktuell.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rtgnews.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rubyonline.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rudating.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rukminicarrentals.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "runrocknroll.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "rurs.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "russia-rp.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "russiahunting.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "russianbearsmotorsport.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "russianbristol.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "russianpunkrock.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ruzaevka.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saah.ae", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sabbat-wildfire.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sabedinovski.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sabghijewelers.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sabine-dicklberger-massschneiderei-muenchen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sabworldtricks.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "safc.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sagan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saglikhaber.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "samandcatonline.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sambot22.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "samiysok.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "samsebe.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sanalaile.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sancaktepehaber.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "santacruzdescargas.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "santegra.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "santippolito-borgo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sarah-jane.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "satanspowers.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "savatha.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "savemylicence.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "saveusfromavril.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "savin.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sc019.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scandalindo.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scfpensante.ca", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "schastie.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scholareducation.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "schoolantwoorden.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "schweizerbanken.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sciencetram.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "scooterinaustralia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "screenfox.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seattleshadeandawning.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sebastianjaworecki.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "selebrita.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "self-business.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "selfrealize.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "selfretire.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "semenov.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "semiotika.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "semobr.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "semops.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "senhost.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sentenza.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seo-reality.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seorus.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "seowork.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "servicemagicusa.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "servtraq-staging.azurewebsites.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "servtraqazure.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sexologist.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shadikhan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shahrsazan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shamans.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shanju.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sharik.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sharking.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shawiah.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shevet-achim.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shgw186.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shielddagger.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shiftpsych.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shilpaonline.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shitnikovo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shkololo.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shoponlinedeals.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shossain.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "shownet.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "siberia.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sierramusic.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "silken-madame.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "silveronline.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "simplecryptoconvert.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "simplelinux.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "simplyowners.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sinavyo.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sinfully.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sisirbatu.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "site2002.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sithijaya.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "skazka.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sketchbox.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "skiingnewsletter.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "skincareagent.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "skinseries.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "slavasoloviev.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sleepawaycampseries.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "slogan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "slutty-girls.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smartphonesolution.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smbeermen.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "smilecon.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sms72.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "snea-kers.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sniffing.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "snipr.gg", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sobakasite.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "socreates.cn", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "softwarecloud.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "solarfever.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "soldarizona.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "soloparati.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "somehsara.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "soniaferrer.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sophiebbeauty.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spacebestnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spaghettiphreakers.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spaghettiwesterns.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spidercrabs.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spikejeon.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "spilka-dyplomativ.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sports-online.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sriravana.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "srochnozaim.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "srochnyj-zajm.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ss-news.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ss09.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ss9288.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stajka.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stalker-eyes.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stangeland.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stardam.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stargatedesign.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "starover.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "starpoles.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "starreview.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "starsoft.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "steam-rewards.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "steamsprays.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "steering-wheel.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stenaro.ch", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "step2web-cms.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stephanao.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stephanieleonidasfan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stevebuck.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stevejobsfollowers.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stewonet.nl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stolarka.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stolensheep.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stop-activ.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stoppage.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "storeplus.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stormhub.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stormylegions.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stphilipneripreschool.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "strawberries.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "strl-tunis.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stroimvse.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "stuartbeard.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "studenti.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "studiosql.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "styleelite.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sudametrica.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sudanell.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sufarce.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sumcrevillent.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "superbintel.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "supercarrot.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "superiordetail.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "supermustang.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "supernatural-fans.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "suranganet.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "surasak.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "suzikogsm.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "svorkmofotball.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "swallowgateway.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sweat-shirts.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "symetrix.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "syonix.ru", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "sywnthkrawft.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t1209.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t1316.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t1317.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t1318.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t1319.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t2181.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t2182.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t2881.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t5881.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t6381.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t6801.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t6810.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t6820.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t6830.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t6850.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t6860.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t6870.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t68app.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t7009.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t7119.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t776633.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t7802.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t7803.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t7804.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t7805.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t7807.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t7808.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t7810.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t7880.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t8006.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t8070.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t8110.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "t8119.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tadjikistan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taginet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tagungsstaette-usedom.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tagungsstaette-zinnowitz.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taihesy.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taipei-101.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taken.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "talusan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tanveersingh.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tarakan-klopik.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taranagar.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tarija.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tarzanka.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tatiana-kpb.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taxi-domzale.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taxi-zakaz.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taximinvody.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "taylorgalleries.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tech-techno.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "technicalproblem.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "technosapien.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tecnikan.com.ar", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "teleradio.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "terrorblast.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tesdrole.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "test-iq.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "test-online.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "testforce.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "testlabs.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "the-archive.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theaterreichenhall.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theberries.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theconverter.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thedarkfusion.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thefreebay.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thekonsulthub.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thelakedistrict.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thelencystore.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theocratic.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theosophic.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theprojectx.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theptclist.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "theredsgazette.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thevanishedvoyager.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thimbros.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "thwiki.cc", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ticketscol.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "timetrade.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "timothy.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tinnhanhvietnam.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "todayupdates.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "toihoctiengtrung.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "toolspain.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "toopopular.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "toothpique.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "top-mining.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "topkorea.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "torreconta.pt", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "touchdown.co", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tovarypochtoj.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "toys-robots.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tpress.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tracesteps.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trackify.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trade-platform.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tradesmance.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tramikshop.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "transeshairtransplant.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "travelvisit.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trendingdeals.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trendingeducation.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tresmaistres.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trickgsm.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "triplethreatband.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tristanhager.i234.me", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trumanlibrary.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "trz.cz", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tulasdeportivasbless.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "turkface.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "turkmistress.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tutorialdb.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tvoyaknighka.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tvplusiptv.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "twelvecolonies.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "tyc923.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ualove.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ugeek.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "umniy-dom.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "undergrounder.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uniaofraternalraulcury.com.br", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unitedarmyofentropia.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "unpleasant.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "upbatangan.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "url1.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "user-agent.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "uslugi-voronezh.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v-novosibirske.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v12555.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v800a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v800e.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v800f.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v800k.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v800n.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "v800w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vacontractortraining.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "valencianistas.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "valeniidemunte.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "valledeleresma.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "valleystories.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vam-podarok.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vampire-studios.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vasilisa-volodina.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vchelyabinske.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vebbankir-zajm-onlajn.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vecherka.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vegtelenchat.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "velacartagena.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "velosipedi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "venlafaxine.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "verdugosxerecistas.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "viantours.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "viewmythoughts.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "villadelprado.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "villakarma.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "villalmanzo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vincura.io", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "viphackers.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "viplilai.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "viporiflame.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vippclub.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vipw6600.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vipw6603.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vipw6608.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "viraljobs.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "viraloffer.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "viralted.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "viralvids.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "virgontech.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "virtualbrestby.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "virtualcomputer.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "virtualmemento.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vitaminmovie.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vkstream.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vnovosibirske.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vodicaknapocitac.sk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "volchara.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "volqanic.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "voss-zaehne.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "voss-zaehne.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vozhatik.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vprotect.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vpswebs.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vremyapervyih-hd.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vse-potolki.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "vvvvbrest.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w-ws.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w0102.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w0115.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w0118.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w0138.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w045w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w1010w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w1515w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w158w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w1717w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w233w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w2929w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w3330.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w4141w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w556w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w5858w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w61516.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w61518.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w61616.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6363w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6603.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6612.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w66133.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w66136.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6631.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w66655.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6671.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6673.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w66816.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w66828.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6684.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w668686.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w668866.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w668899.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w668989.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w66919.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w66hao.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6803.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6805.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6808.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w682w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6863.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w6880.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w692w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w696w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w7355.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w7474w.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w8093.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w8094.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w8605.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w8609.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w8620.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w8625.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w8626.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w8628.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w8659.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w888055.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "w9196.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wa3368.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "waplumber.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wapspaces.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wartimecontracting.gov", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "washburnenglishschool.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "waytofreedom.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wbcme.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wearethreebears.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "web-studio-kzo.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webcam-model.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webcreativa.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "websiteguider.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "websitemarketers.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "webtaxi.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weili.bet", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weili1111.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weili1120.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weili1121.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weili1122.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weili1123.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weili1127.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weili1128.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weili8888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weili88888.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weilibet.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weilibet.info", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weilibet.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weilibet.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weiliyule.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "weiliyule.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wenhelpdesk.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "westhotel.com.au", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "whitepen.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "widejeans.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wiki-books.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wikizip.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wildanalysis.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "willdropphoto.co.uk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wiskundeonderzoek.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wispmaeksmusic.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wl.bet", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wl511.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wl970.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wl971.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wl972.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wl973.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wl974.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wl975.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wl976.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wl977.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wl978.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wlx678.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wlx678a.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wlx678b.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wlx678c.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wlx678d.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wmsndorgen.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wmsndorgen.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wmsndorgen.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wmsndorgen.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wmsndorgen.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wojciechowka.pl", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wolfteam.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wom-en.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "womensbiz.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wonderfulworldofwalliams.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wooblr.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wordregistrar.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "worldix.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "worldsfree4u.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "worldvisa.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wormincorporated.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wowlove.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "writers-club.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wvpbs.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "wwwwnews.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xakepctbo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xanhdecor.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xerezdeportivo.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--tagungssttte-usedom-owb.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--tagungssttte-zinnowitz-84b.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--uasacrilicas-9gb.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xn--v4q.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xpa.be", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xpj090.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xpj100.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xpj90.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xtravans.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xurl.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xxxoopz.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "xybabyshop.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yagmursoft.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yak-host.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yamal-online.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yamei1188.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yamei2233.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yamei8866.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan10.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan11.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan22.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yapan9.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yardesign.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ybvip789.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yeti.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yinduyy.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ym063.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ym069.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ym181.am", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ym2121g.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ym2727.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ym966.net", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "ymm234.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yourloan.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "yura.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8018.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8025.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8029.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8036.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8039.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8053.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8057.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8061.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8065.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8069.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8071.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8072.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8073.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8077.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8085.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8086.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8091.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8092.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8119.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8127.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8129.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8139.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8150.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8158.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8160.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8161.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8165.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8167.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8172.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8173.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8175.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8176.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8177.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8178.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8179.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8187.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8190.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8192.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8198.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8201.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8202.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8203.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8205.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8206.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8213.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8218.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8219.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8230.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8231.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8251.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8817.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8826.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8852.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8875.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8879.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "z8918.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zaimdengi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zaimexpress.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zajm-bez-poruchitelej.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zajm-bez-spravok.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zajm-na-kivi.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zajm-pod-raspisku.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zajm-pod-zalog.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zakaz.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zaracraft.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zarbis.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zaympodzalog.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd1313.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6161.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6363.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6879.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6881.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6886.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6898.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd6899.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd7474.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zd9090.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zeanweb.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zentrumfuerchemie.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zetasystem.jp", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zfyl8.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zhabababa.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zhestokiemechtyi.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zhurnalyu.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zinchenko.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl200.vip", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl2121.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl6060.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl6464.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl7070.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl7272.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl8813.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl8856.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl8857.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl8874.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zl8891.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zlatan-ibrahimovic.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zlotykameleon.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "znakomim.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "znanie-sila.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zofran-medication.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zofrancost.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zofranprice.ga", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zoloftmedication.gq", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zoloftpills.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zoloftprice.cf", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zolushka-1950.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zooforum.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zosia.org", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zovirax-cream.ml", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zrinski.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zrs-meissen.de", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zuitaotu.com", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zwergenfreiheit.at", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, + { "name": "zxfiles.tk", "policy": "bulk-1-year", "mode": "force-https", "include_subdomains": true }, // END OF 1-YEAR BULK HSTS ENTRIES // Only eTLD+1 domains can be submitted automatically to hstspreload.org, @@ -73023,8 +83164,6 @@ { "name": "mysa.is", "policy": "custom", "mode": "force-https", "include_subdomains": true }, { "name": "vensl.org", "policy": "custom", "mode": "force-https", "include_subdomains": true }, { "name": "aaron-schaal.de", "policy": "custom", "mode": "force-https", "include_subdomains": true }, - // TLS 1.3 - { "name": "glassrom.pw", "policy": "custom", "mode": "force-https", "include_subdomains": true }, // Expect-CT { "name": "crt.sh", "policy": "custom", @@ -73316,6 +83455,28 @@ { "name": "flagriculture.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, { "name": "floridaconsumerhelp.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, { "name": "sheriffpawneecountyne.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "tnwildlandfire.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "tnusedoil.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "safeathomeohio.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "sflhidta.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "ohiobusinesscentral.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "schoolsafety.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "solarium.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "cavecreekaz.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "usidfc.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "idfc.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "pbrb.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "leavenworthcounty.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "trpa.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "hudsonwi.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "woodfordcountyky.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "franklincountyny.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "townofhulbertok.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "gilsum-nh.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "ahidta.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "pleasantonca.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "elonma.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, + { "name": "carrolcountyohioelections.gov", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, { "name": "bmoattachments.org", "policy": "public-suffix-requested", "mode": "force-https", "include_subdomains": true }, // END OF ETLD-OWNER REQUESTED ENTRIES diff --git a/chromium/net/http/transport_security_state_unittest.cc b/chromium/net/http/transport_security_state_unittest.cc index 3c5ca3f1e1c..7ff717fd731 100644 --- a/chromium/net/http/transport_security_state_unittest.cc +++ b/chromium/net/http/transport_security_state_unittest.cc @@ -34,12 +34,15 @@ #include "net/cert/test_root_certs.h" #include "net/cert/x509_cert_types.h" #include "net/cert/x509_certificate.h" +#include "net/extras/preload_data/decoder.h" #include "net/http/http_status_code.h" #include "net/http/http_util.h" #include "net/net_buildflags.h" #include "net/ssl/ssl_info.h" #include "net/test/cert_test_util.h" #include "net/test/test_data_directory.h" +#include "net/tools/huffman_trie/bit_writer.h" +#include "net/tools/huffman_trie/trie/trie_bit_buffer.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" @@ -3159,6 +3162,44 @@ TEST_F(TransportSecurityStateStaticTest, UMAOnHPKPReportingFailure) { 1); } +TEST_F(TransportSecurityStateTest, WriteSizeDecodeSize) { + for (size_t i = 0; i < 300; ++i) { + SCOPED_TRACE(i); + huffman_trie::TrieBitBuffer buffer; + buffer.WriteSize(i); + huffman_trie::BitWriter writer; + buffer.WriteToBitWriter(&writer); + size_t position = writer.position(); + writer.Flush(); + ASSERT_NE(writer.bytes().data(), nullptr); + extras::PreloadDecoder::BitReader reader(writer.bytes().data(), position); + size_t decoded_size; + EXPECT_TRUE(reader.DecodeSize(&decoded_size)); + EXPECT_EQ(i, decoded_size); + } +} + +TEST_F(TransportSecurityStateTest, DecodeSizeFour) { + // Test that BitReader::DecodeSize properly handles the number 4, including + // not over-reading input bytes. BitReader::Next only fails if there's not + // another byte to read from; if it reads past the number of bits in the + // buffer but is still in the last byte it will still succeed. For this + // reason, this test puts the encoding of 4 at the end of the byte to check + // that DecodeSize doesn't over-read. + // + // 4 is encoded as 0b010. Shifted right to fill one byte, it is 0x02, with 5 + // bits of padding. + uint8_t encoded = 0x02; + extras::PreloadDecoder::BitReader reader(&encoded, 8); + for (size_t i = 0; i < 5; ++i) { + bool unused; + ASSERT_TRUE(reader.Next(&unused)); + } + size_t decoded_size; + EXPECT_TRUE(reader.DecodeSize(&decoded_size)); + EXPECT_EQ(4u, decoded_size); +} + #endif // BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) } // namespace net diff --git a/chromium/net/log/file_net_log_observer.h b/chromium/net/log/file_net_log_observer.h index 02d9a78aac5..66c80ca9024 100644 --- a/chromium/net/log/file_net_log_observer.h +++ b/chromium/net/log/file_net_log_observer.h @@ -23,8 +23,6 @@ class SequencedTaskRunner; namespace net { -class NetLogCaptureMode; - // FileNetLogObserver watches the NetLog event stream and sends all entries to // a file. // diff --git a/chromium/net/log/file_net_log_observer_unittest.cc b/chromium/net/log/file_net_log_observer_unittest.cc index b5ec383dfe8..669da0d70ff 100644 --- a/chromium/net/log/file_net_log_observer_unittest.cc +++ b/chromium/net/log/file_net_log_observer_unittest.cc @@ -24,10 +24,10 @@ #include "net/base/test_completion_callback.h" #include "net/log/net_log_entry.h" #include "net/log/net_log_event_type.h" -#include "net/log/net_log_parameters_callback.h" #include "net/log/net_log_source.h" #include "net/log/net_log_source_type.h" #include "net/log/net_log_util.h" +#include "net/log/net_log_values.h" #include "net/test/test_with_scoped_task_environment.h" #include "net/url_request/url_request.h" #include "net/url_request/url_request_context.h" @@ -55,15 +55,10 @@ void AddEntries(FileNetLogObserver* logger, size_t entry_size) { // Get base size of event. const int kDummyId = 0; - std::string message = ""; - NetLogParametersCallback callback = - NetLog::StringCallback("message", &message); NetLogSource source(NetLogSourceType::HTTP2_SESSION, kDummyId); - NetLogEntryData base_entry_data(NetLogEventType::PAC_JAVASCRIPT_ERROR, source, - NetLogEventPhase::BEGIN, - base::TimeTicks::Now(), &callback); - NetLogEntry base_entry(&base_entry_data, - NetLogCaptureMode::IncludeSocketBytes()); + NetLogEntry base_entry(NetLogEventType::PAC_JAVASCRIPT_ERROR, source, + NetLogEventPhase::BEGIN, base::TimeTicks::Now(), + NetLogParamsWithString("message", "")); base::Value value = base_entry.ToValue(); std::string json; base::JSONWriter::Write(value, &json); @@ -88,12 +83,11 @@ void AddEntries(FileNetLogObserver* logger, // String size accounts for the number of digits in id so that all events // are the same size. - message = std::string(entry_size - base_entry_size - id.size() + 1, 'x'); - callback = NetLog::StringCallback("message", &message); - NetLogEntryData entry_data(NetLogEventType::PAC_JAVASCRIPT_ERROR, source, - NetLogEventPhase::BEGIN, base::TimeTicks::Now(), - &callback); - NetLogEntry entry(&entry_data, NetLogCaptureMode::IncludeSocketBytes()); + std::string message = + std::string(entry_size - base_entry_size - id.size() + 1, 'x'); + NetLogEntry entry(NetLogEventType::PAC_JAVASCRIPT_ERROR, source, + NetLogEventPhase::BEGIN, base::TimeTicks::Now(), + NetLogParamsWithString("message", message)); logger->OnAddEntry(entry); } } @@ -253,7 +247,7 @@ class FileNetLogObserverTest : public ::testing::TestWithParam, FileNetLogObserver::CreateUnbounded(log_path_, std::move(constants)); } - logger_->StartObserving(&net_log_, NetLogCaptureMode::Default()); + logger_->StartObserving(&net_log_, NetLogCaptureMode::kDefault); } void CreateAndStartObservingPreExisting( @@ -275,7 +269,7 @@ class FileNetLogObserverTest : public ::testing::TestWithParam, std::move(file), std::move(constants)); } - logger_->StartObserving(&net_log_, NetLogCaptureMode::Default()); + logger_->StartObserving(&net_log_, NetLogCaptureMode::kDefault); } bool LogFileExists() { @@ -314,7 +308,7 @@ class FileNetLogObserverBoundedTest : public ::testing::Test, int num_files) { logger_ = FileNetLogObserver::CreateBoundedForTests( log_path_, total_file_size, num_files, std::move(constants)); - logger_->StartObserving(&net_log_, NetLogCaptureMode::Default()); + logger_->StartObserving(&net_log_, NetLogCaptureMode::kDefault); } // Returns the path for an internally directory created for bounded logs (this @@ -500,7 +494,7 @@ TEST_P(FileNetLogObserverTest, PreExistingFileBroken) { else logger_ = FileNetLogObserver::CreateUnboundedPreExisting(std::move(file), nullptr); - logger_->StartObserving(&net_log_, NetLogCaptureMode::Default()); + logger_->StartObserving(&net_log_, NetLogCaptureMode::kDefault); // Send dummy event. AddEntries(logger_.get(), 1, kDummyEventSize); @@ -954,7 +948,7 @@ TEST_F(FileNetLogObserverBoundedTest, PreExistingUsesSpecifiedDir) { logger_ = FileNetLogObserver::CreateBoundedPreExisting( scratch_dir.GetPath(), std::move(file), kLargeFileSize, nullptr); - logger_->StartObserving(&net_log_, NetLogCaptureMode::Default()); + logger_->StartObserving(&net_log_, NetLogCaptureMode::kDefault); base::ThreadPoolInstance::Get()->FlushForTesting(); EXPECT_TRUE(base::PathExists(log_path_)); diff --git a/chromium/net/log/net_log.cc b/chromium/net/log/net_log.cc index 88b3fa80475..9fbe4e68351 100644 --- a/chromium/net/log/net_log.cc +++ b/chromium/net/log/net_log.cc @@ -4,101 +4,14 @@ #include "net/log/net_log.h" -#include -#include -#include - -#include "base/base64.h" -#include "base/bind.h" -#include "base/callback.h" -#include "base/logging.h" -#include "base/stl_util.h" #include "base/strings/string_number_conversions.h" -#include "base/strings/string_util.h" -#include "base/strings/utf_string_conversions.h" #include "base/values.h" -#include "net/base/escape.h" +#include "net/log/net_log_values.h" namespace net { -namespace { - -base::Value NetLogBoolCallback(const char* name, - bool value, - NetLogCaptureMode /* capture_mode */) { - base::DictionaryValue event_params; - event_params.SetBoolean(name, value); - return std::move(event_params); -} - -base::Value NetLogIntCallback(const char* name, - int value, - NetLogCaptureMode /* capture_mode */) { - base::DictionaryValue event_params; - event_params.SetInteger(name, value); - return std::move(event_params); -} - -base::Value NetLogInt64Callback(const char* name, - int64_t value, - NetLogCaptureMode /* capture_mode */) { - base::DictionaryValue event_params; - event_params.SetKey(name, NetLogNumberValue(value)); - return std::move(event_params); -} - -base::Value NetLogStringCallback(const char* name, - const std::string* value, - NetLogCaptureMode /* capture_mode */) { - base::DictionaryValue event_params; - event_params.SetString(name, *value); - return std::move(event_params); -} - -base::Value NetLogCharStringCallback(const char* name, - const char* value, - NetLogCaptureMode /* capture_mode */) { - base::DictionaryValue event_params; - event_params.SetString(name, value); - return std::move(event_params); -} - -base::Value NetLogString16Callback(const char* name, - const base::string16* value, - NetLogCaptureMode /* capture_mode */) { - base::DictionaryValue event_params; - event_params.SetString(name, *value); - return std::move(event_params); -} - -// IEEE 64-bit doubles have a 52-bit mantissa, and can therefore represent -// 53-bits worth of precision (see also documentation for JavaScript's -// Number.MAX_SAFE_INTEGER for more discussion on this). -// -// If the number can be represented with an int or double use that. Otherwise -// fallback to encoding it as a string. -template -base::Value NetLogNumberValueHelper(T num) { - // Fits in a (32-bit) int: [-2^31, 2^31 - 1] - if ((!std::is_signed::value || (num >= static_cast(-2147483648))) && - (num <= static_cast(2147483647))) { - return base::Value(static_cast(num)); - } - - // Fits in a double: (-2^53, 2^53) - if ((!std::is_signed::value || - (num >= static_cast(-9007199254740991))) && - (num <= static_cast(9007199254740991))) { - return base::Value(static_cast(num)); - } - - // Otherwise format as a string. - return base::Value(base::NumberToString(num)); -} - -} // namespace - -NetLog::ThreadSafeObserver::ThreadSafeObserver() : net_log_(nullptr) {} +NetLog::ThreadSafeObserver::ThreadSafeObserver() + : capture_mode_(NetLogCaptureMode::kDefault), net_log_(nullptr) {} NetLog::ThreadSafeObserver::~ThreadSafeObserver() { // Make sure we aren't watching a NetLog on destruction. Because the NetLog @@ -116,26 +29,27 @@ NetLog* NetLog::ThreadSafeObserver::net_log() const { return net_log_; } -void NetLog::ThreadSafeObserver::OnAddEntryData( - const NetLogEntryData& entry_data) { - OnAddEntry(NetLogEntry(&entry_data, capture_mode())); -} +NetLog::NetLog() : last_id_(0), observer_capture_modes_(0) {} -NetLog::NetLog() : last_id_(0), is_capturing_(0) { +NetLog::~NetLog() { + MarkDead(); } -NetLog::~NetLog() = default; +void NetLog::AddEntry(NetLogEventType type, + const NetLogSource& source, + NetLogEventPhase phase) { + AddEntry(type, source, phase, [] { return base::Value(); }); +} void NetLog::AddGlobalEntry(NetLogEventType type) { AddEntry(type, NetLogSource(NetLogSourceType::NONE, NextID()), - NetLogEventPhase::NONE, nullptr); + NetLogEventPhase::NONE); } -void NetLog::AddGlobalEntry( - NetLogEventType type, - const NetLogParametersCallback& parameters_callback) { - AddEntry(type, NetLogSource(NetLogSourceType::NONE, NextID()), - NetLogEventPhase::NONE, ¶meters_callback); +void NetLog::AddGlobalEntryWithStringParams(NetLogEventType type, + base::StringPiece name, + base::StringPiece value) { + AddGlobalEntry(type, [&] { return NetLogParamsWithString(name, value); }); } uint32_t NetLog::NextID() { @@ -143,7 +57,8 @@ uint32_t NetLog::NextID() { } bool NetLog::IsCapturing() const { - return base::subtle::NoBarrier_Load(&is_capturing_) != 0; + CheckAlive(); + return GetObserverCaptureModes() != 0; } void NetLog::AddObserver(NetLog::ThreadSafeObserver* observer, @@ -158,16 +73,7 @@ void NetLog::AddObserver(NetLog::ThreadSafeObserver* observer, observer->net_log_ = this; observer->capture_mode_ = capture_mode; - UpdateIsCapturing(); -} - -void NetLog::SetObserverCaptureMode(NetLog::ThreadSafeObserver* observer, - NetLogCaptureMode capture_mode) { - base::AutoLock lock(lock_); - - DCHECK(HasObserver(observer)); - DCHECK_EQ(this, observer->net_log_); - observer->capture_mode_ = capture_mode; + UpdateObserverCaptureModes(); } void NetLog::RemoveObserver(NetLog::ThreadSafeObserver* observer) { @@ -180,18 +86,23 @@ void NetLog::RemoveObserver(NetLog::ThreadSafeObserver* observer) { observers_.erase(it); observer->net_log_ = nullptr; - observer->capture_mode_ = NetLogCaptureMode(); - UpdateIsCapturing(); + observer->capture_mode_ = NetLogCaptureMode::kDefault; + UpdateObserverCaptureModes(); } -void NetLog::UpdateIsCapturing() { +void NetLog::UpdateObserverCaptureModes() { lock_.AssertAcquired(); - base::subtle::NoBarrier_Store(&is_capturing_, observers_.size() ? 1 : 0); + + NetLogCaptureModeSet capture_mode_set = 0; + for (const auto* observer : observers_) + NetLogCaptureModeSetAdd(observer->capture_mode_, &capture_mode_set); + + base::subtle::NoBarrier_Store(&observer_capture_modes_, capture_mode_set); } bool NetLog::HasObserver(ThreadSafeObserver* observer) { lock_.AssertAcquired(); - return base::ContainsValue(observers_, observer); + return base::Contains(observers_, observer); } // static @@ -269,86 +180,45 @@ const char* NetLog::EventPhaseToString(NetLogEventPhase phase) { return nullptr; } -// static -NetLogParametersCallback NetLog::BoolCallback(const char* name, bool value) { - return base::Bind(&NetLogBoolCallback, name, value); -} +void NetLog::AddEntryInternal(NetLogEventType type, + const NetLogSource& source, + NetLogEventPhase phase, + const GetParamsInterface* get_params) { + NetLogCaptureModeSet observer_capture_modes = GetObserverCaptureModes(); -// static -NetLogParametersCallback NetLog::IntCallback(const char* name, int value) { - return base::Bind(&NetLogIntCallback, name, value); -} + for (int i = 0; i <= static_cast(NetLogCaptureMode::kLast); ++i) { + NetLogCaptureMode capture_mode = static_cast(i); + if (!NetLogCaptureModeSetContains(capture_mode, observer_capture_modes)) + continue; -// static -NetLogParametersCallback NetLog::Int64Callback(const char* name, - int64_t value) { - return base::Bind(&NetLogInt64Callback, name, value); -} + NetLogEntry entry(type, source, phase, base::TimeTicks::Now(), + get_params->GetParams(capture_mode)); -// static -NetLogParametersCallback NetLog::StringCallback(const char* name, - const std::string* value) { - DCHECK(value); - return base::Bind(&NetLogStringCallback, name, value); + // Notify all of the log observers with |capture_mode|. + base::AutoLock lock(lock_); + for (auto* observer : observers_) { + if (observer->capture_mode() == capture_mode) + observer->OnAddEntry(entry); + } + } } -// static -NetLogParametersCallback NetLog::StringCallback(const char* name, - const char* value) { - DCHECK(value); - return base::Bind(&NetLogCharStringCallback, name, value); +NetLogCaptureModeSet NetLog::GetObserverCaptureModes() const { + return base::subtle::NoBarrier_Load(&observer_capture_modes_); } -// static -NetLogParametersCallback NetLog::StringCallback(const char* name, - const base::string16* value) { - DCHECK(value); - return base::Bind(&NetLogString16Callback, name, value); -} +void NetLog::AddEntryWithMaterializedParams(NetLogEventType type, + const NetLogSource& source, + NetLogEventPhase phase, + base::Value&& params) { + NetLogEntry entry(type, source, phase, base::TimeTicks::Now(), + std::move(params)); -void NetLog::AddEntry(NetLogEventType type, - const NetLogSource& source, - NetLogEventPhase phase, - const NetLogParametersCallback* parameters_callback) { - if (!IsCapturing()) - return; - NetLogEntryData entry_data(type, source, phase, base::TimeTicks::Now(), - parameters_callback); - - // Notify all of the log observers. + // Notify all of the log observers with |capture_mode|. base::AutoLock lock(lock_); - for (auto* observer : observers_) - observer->OnAddEntryData(entry_data); -} - -base::Value NetLogStringValue(base::StringPiece raw) { - // The common case is that |raw| is ASCII. Represent this directly. - if (base::IsStringASCII(raw)) - return base::Value(raw); - - // For everything else (including valid UTF-8) percent-escape |raw|, and add a - // prefix that "tags" the value as being a percent-escaped representation. - // - // Note that the sequence E2 80 8B is U+200B (zero-width space) in UTF-8. It - // is added so the escaped string is not itself also ASCII (otherwise there - // would be ambiguity for consumers as to when the value needs to be - // unescaped). - return base::Value("%ESCAPED:\xE2\x80\x8B " + EscapeNonASCIIAndPercent(raw)); -} - -base::Value NetLogBinaryValue(const void* bytes, size_t length) { - std::string b64; - Base64Encode(base::StringPiece(reinterpret_cast(bytes), length), - &b64); - return base::Value(std::move(b64)); -} - -base::Value NetLogNumberValue(int64_t num) { - return NetLogNumberValueHelper(num); -} - -base::Value NetLogNumberValue(uint64_t num) { - return NetLogNumberValueHelper(num); + for (auto* observer : observers_) { + observer->OnAddEntry(entry); + } } } // namespace net diff --git a/chromium/net/log/net_log.h b/chromium/net/log/net_log.h index 14c9a74e49f..dd04c0ec665 100644 --- a/chromium/net/log/net_log.h +++ b/chromium/net/log/net_log.h @@ -13,7 +13,6 @@ #include "base/atomicops.h" #include "base/compiler_specific.h" #include "base/macros.h" -#include "base/strings/string16.h" #include "base/synchronization/lock.h" #include "base/time/time.h" #include "build/build_config.h" @@ -21,7 +20,6 @@ #include "net/log/net_log_capture_mode.h" #include "net/log/net_log_entry.h" #include "net/log/net_log_event_type.h" -#include "net/log/net_log_parameters_callback.h" #include "net/log/net_log_source.h" #include "net/log/net_log_source_type.h" @@ -40,12 +38,48 @@ namespace net { // is usually accessed through a NetLogWithSource, which will always pass in a // specific source ID. // -// All methods are thread safe, with the exception that no NetLog or +// All methods on NetLog are thread safe, with the exception that no NetLog or // NetLog::ThreadSafeObserver functions may be called by an observer's -// OnAddEntry() method. Doing so will result in a deadlock. +// OnAddEntry() method, as doing so will result in a deadlock. // // For a broader introduction see the design document: // https://sites.google.com/a/chromium.org/dev/developers/design-documents/network-stack/netlog +// +// ================================== +// Materializing parameters +// ================================== +// +// Events can contain a JSON serializable base::Value [1] referred to as its +// "parameters". +// +// Functions for emitting events have overloads that take a |get_params| +// argument for this purpose. +// +// |get_params| is essentially a block of code to conditionally execute when +// the parameters need to be materialized. It is most easily specified as a C++ +// lambda. +// +// This idiom for specifying parameters avoids spending time building the +// base::Value when capturing is off. For instance when specified as a lambda +// that takes 0 arguments, the inlined code from template expansion roughly +// does: +// +// if (net_log->IsCapturing()) { +// base::Value params = get_params(); +// net_log->EmitEventToAllObsevers(type, source, phase, std::move(params)); +// } +// +// Alternately, the |get_params| argument could be an invocable that takes a +// NetLogCaptureMode parameter: +// +// base::Value params = get_params(capture_mode); +// +// In this case, |get_params| depends on the logging granularity and would be +// called once per observed NetLogCaptureMode. +// +// [1] Being "JSON serializable" means you cannot use +// base::Value::Type::BINARY. Instead use NetLogBinaryValue() to repackage +// it as a base::Value::Type::STRING. class NET_EXPORT NetLog { public: @@ -95,8 +129,6 @@ class NET_EXPORT NetLog { private: friend class NetLog; - void OnAddEntryData(const NetLogEntryData& entry_data); - // Both of these values are only modified by the NetLog. NetLogCaptureMode capture_mode_; NetLog* net_log_; @@ -107,18 +139,95 @@ class NET_EXPORT NetLog { NetLog(); virtual ~NetLog(); + void AddEntry(NetLogEventType type, + const NetLogSource& source, + NetLogEventPhase phase); + + // NetLog parameter generators (lambdas) come in two flavors -- those that + // take no arguments, and those that take a single NetLogCaptureMode. This + // code allows differentiating between the two. + template + struct ExpectsCaptureMode : std::false_type {}; + template + struct ExpectsCaptureMode()( + NetLogCaptureMode::kDefault)))> + : std::true_type {}; + + // Adds an entry for the given source, phase, and type, whose parameters are + // obtained by invoking |get_params()| with no arguments. + // + // See "Materializing parameters" for details. + template + inline typename std::enable_if::value, + void>::type + AddEntry(NetLogEventType type, + const NetLogSource& source, + NetLogEventPhase phase, + const ParametersCallback& get_params) { + if (LIKELY(!IsCapturing())) + return; + + AddEntryWithMaterializedParams(type, source, phase, get_params()); + } + + // Adds an entry for the given source, phase, and type, whose parameters are + // obtained by invoking |get_params(capture_mode)| with a NetLogCaptureMode. + // + // See "Materializing parameters" for details. + template + inline typename std::enable_if::value, + void>::type + AddEntry(NetLogEventType type, + const NetLogSource& source, + NetLogEventPhase phase, + const ParametersCallback& get_params) { + if (LIKELY(!IsCapturing())) + return; + + // Indirect through virtual dispatch to reduce code bloat, as this is + // inlined in a number of places. + class GetParamsImpl : public GetParamsInterface { + public: + explicit GetParamsImpl(const ParametersCallback& get_params) + : get_params_(get_params) {} + base::Value GetParams(NetLogCaptureMode mode) const override { + return get_params_(mode); + } + + private: + const ParametersCallback& get_params_; + }; + + GetParamsImpl wrapper(get_params); + AddEntryInternal(type, source, phase, &wrapper); + } + // Emits a global event to the log stream, with its own unique source ID. void AddGlobalEntry(NetLogEventType type); + + // Overload of AddGlobalEntry() that includes parameters. + // + // See "Materializing parameters" for details on |get_params|. + template void AddGlobalEntry(NetLogEventType type, - const NetLogParametersCallback& parameters_callback); + const ParametersCallback& get_params) { + AddEntry(type, NetLogSource(NetLogSourceType::NONE, NextID()), + NetLogEventPhase::NONE, get_params); + } + + void AddGlobalEntryWithStringParams(NetLogEventType type, + base::StringPiece name, + base::StringPiece value); // Returns a unique ID which can be used as a source ID. All returned IDs // will be unique and greater than 0. uint32_t NextID(); - // Returns true if there are any observers attached to the NetLog. This can be - // used as an optimization to avoid emitting log entries when there is no - // chance that the data will be consumed. + // Returns true if there are any observers attached to the NetLog. + // + // TODO(eroman): Survey current callsites; most are probably not necessary, + // and may even be harmful. bool IsCapturing() const; // Adds an observer and sets its log capture mode. The observer must not be @@ -136,12 +245,6 @@ class NET_EXPORT NetLog { void AddObserver(ThreadSafeObserver* observer, NetLogCaptureMode capture_mode); - // Sets the log capture mode of |observer| to |capture_mode|. |observer| must - // be watching |this|. NetLog implementations must call - // NetLog::OnSetObserverCaptureMode to update the observer's internal state. - void SetObserverCaptureMode(ThreadSafeObserver* observer, - NetLogCaptureMode capture_mode); - // Removes an observer. // // For thread safety reasons, it is recommended that this not be called in @@ -177,60 +280,69 @@ class NET_EXPORT NetLog { // Returns a C-String symbolic name for |event_phase|. static const char* EventPhaseToString(NetLogEventPhase event_phase); - // Creates a NetLogParametersCallback that encapsulates a single bool. - // Warning: |name| must remain valid for the life of the callback. - static NetLogParametersCallback BoolCallback(const char* name, bool value); - - // Warning: |name| must remain valid for the life of the callback. - static NetLogParametersCallback IntCallback(const char* name, int value); - - // Creates a NetLogParametersCallback that encapsulates a single int64_t. The - // callback will return the value as a StringValue, since IntegerValues - // only support 32-bit values. - // Warning: |name| must remain valid for the life of the callback. - static NetLogParametersCallback Int64Callback(const char* name, - int64_t value); - - // Creates a NetLogParametersCallback that encapsulates a single UTF8 string. - // Takes - // |value| as a pointer to avoid copying, and emphasize it must be valid for - // the life of the callback. |value| may not be NULL. - // Warning: |name| and |value| must remain valid for the life of the callback. - static NetLogParametersCallback StringCallback(const char* name, - const std::string* value); - static NetLogParametersCallback StringCallback(const char* name, - const char* value); - - // Same as above, but takes in a UTF16 string. - static NetLogParametersCallback StringCallback(const char* name, - const base::string16* value); - private: - friend class NetLogWithSource; + class GetParamsInterface { + public: + virtual base::Value GetParams(NetLogCaptureMode mode) const = 0; + virtual ~GetParamsInterface() = default; + }; - void AddEntry(NetLogEventType type, - const NetLogSource& source, - NetLogEventPhase phase, - const NetLogParametersCallback* parameters_callback); + // Helper for implementing AddEntry() that indirects parameter getting through + // virtual dispatch. + void AddEntryInternal(NetLogEventType type, + const NetLogSource& source, + NetLogEventPhase phase, + const GetParamsInterface* get_params); + + // Returns the set of all capture modes being observed. + NetLogCaptureModeSet GetObserverCaptureModes() const; + + // Adds an entry using already materialized parameters, when it is already + // known that the log is capturing (goes straight to acquiring observer lock). + // + // TODO(eroman): Drop the rvalue-ref on |params| unless can show it improves + // the generated code (initial testing suggests it makes no difference in + // clang). + void AddEntryWithMaterializedParams(NetLogEventType type, + const NetLogSource& source, + NetLogEventPhase phase, + base::Value&& params); // Called whenever an observer is added or removed, to update - // |has_observers_|. Must have acquired |lock_| prior to calling. - void UpdateIsCapturing(); + // |observer_capture_modes_|. Must have acquired |lock_| prior to calling. + void UpdateObserverCaptureModes(); // Returns true if |observer| is watching this NetLog. Must // be called while |lock_| is already held. bool HasObserver(ThreadSafeObserver* observer); + // In debug and ASAN builds, verify that the NetLog is not used while free. + // This is a regression test for https://crbug.com/983298. +#if defined(ADDRESS_SANITIZER) || !defined(NDEBUG) + static constexpr int kAliveToken = 0xDEADBEEF; + + inline void CheckAlive() const { CHECK_EQ(alive_, kAliveToken); } + inline void MarkDead() { + CheckAlive(); + alive_ = 0; + } + int alive_ = kAliveToken; +#else + inline void CheckAlive() const {} + inline void MarkDead() {} +#endif + // |lock_| protects access to |observers_|. base::Lock lock_; // Last assigned source ID. Incremented to get the next one. base::subtle::Atomic32 last_id_; - // |is_capturing_| will be 0 when there are no observers watching the NetLog, - // 1 otherwise. Note that this is stored as an Atomic32 rather than a boolean - // so it can be accessed without needing a lock. - base::subtle::Atomic32 is_capturing_; + // Holds the set of all capture modes that observers are watching the log at. + // + // Is 0 when there are no observers. Stored as an Atomic32 so it can be + // accessed and updated more efficiently. + base::subtle::Atomic32 observer_capture_modes_; // |observers_| is a list of observers, ordered by when they were added. // Pointers contained in |observers_| are non-owned, and must @@ -245,39 +357,6 @@ class NET_EXPORT NetLog { DISALLOW_COPY_AND_ASSIGN(NetLog); }; -// Creates a base::Value() to represent the byte string |raw| when adding it to -// the NetLog. -// -// When |raw| is an ASCII string, the returned value is a base::Value() -// containing that exact string. Otherwise it is represented by a -// percent-escaped version of the original string, along with a special prefix. -// -// This wrapper exists because base::Value strings are required to be UTF-8. -// Often times NetLog consumers just want to log a std::string, and that string -// may not be UTF-8. -NET_EXPORT base::Value NetLogStringValue(base::StringPiece raw); - -// Creates a base::Value() to represent the octets |bytes|. This should be -// used when adding binary data (i.e. not an ASCII or UTF-8 string) to the -// NetLog. The resulting base::Value() holds a copy of the input data. -// -// This wrapper must be used rather than directly adding base::Value parameters -// of type BINARY to the NetLog, since the JSON writer does not support -// serializing them. -// -// This wrapper encodes |bytes| as a Base64 encoded string. -NET_EXPORT base::Value NetLogBinaryValue(const void* bytes, size_t length); - -// Creates a base::Value() to represent integers, including 64-bit ones. -// base::Value() does not directly support 64-bit integers, as it is not -// representable in JSON. -// -// These wrappers will return values that are either numbers, or a string -// representation of their decimal value, depending on what is needed to ensure -// no loss of precision when de-serializing from JavaScript. -NET_EXPORT base::Value NetLogNumberValue(int64_t num); -NET_EXPORT base::Value NetLogNumberValue(uint64_t num); - } // namespace net #endif // NET_LOG_NET_LOG_H_ diff --git a/chromium/net/log/net_log_capture_mode.cc b/chromium/net/log/net_log_capture_mode.cc index a2ff3c1b7f1..40b072aa9f8 100644 --- a/chromium/net/log/net_log_capture_mode.cc +++ b/chromium/net/log/net_log_capture_mode.cc @@ -4,86 +4,14 @@ #include "net/log/net_log_capture_mode.h" -#include - -#include "base/command_line.h" -#include "base/strings/string_piece.h" - namespace net { -namespace { - -// Integer representation for the capture mode. The numeric value is depended on -// for methods of NetLogCaptureMode, which expect that higher values represent a -// strict superset of the capabilities of lower values. -enum InternalValue { - // Log all events, but do not include the actual transferred bytes, and - // remove cookies and HTTP credentials and HTTP/2 GOAWAY frame debug data. - DEFAULT, - - // Log all events, but do not include the actual transferred bytes as - // parameters for bytes sent/received events. - // TODO(bnc): Consider renaming to INCLUDE_PRIVACY_INFO. - INCLUDE_COOKIES_AND_CREDENTIALS, - - // Log everything possible, even if it is slow and memory expensive. - // Includes logging of transferred bytes. - INCLUDE_SOCKET_BYTES, -}; - -} // namespace - -NetLogCaptureMode::NetLogCaptureMode() : NetLogCaptureMode(DEFAULT) { -} - -NetLogCaptureMode NetLogCaptureMode::Default() { - return NetLogCaptureMode(DEFAULT); -} - -NetLogCaptureMode NetLogCaptureMode::IncludeCookiesAndCredentials() { - return NetLogCaptureMode(INCLUDE_COOKIES_AND_CREDENTIALS); -} - -NetLogCaptureMode NetLogCaptureMode::IncludeSocketBytes() { - return NetLogCaptureMode(INCLUDE_SOCKET_BYTES); +bool NetLogCaptureIncludesSensitive(NetLogCaptureMode capture_mode) { + return capture_mode >= NetLogCaptureMode::kIncludeSensitive; } -bool NetLogCaptureMode::include_cookies_and_credentials() const { - return value_ >= INCLUDE_COOKIES_AND_CREDENTIALS; -} - -bool NetLogCaptureMode::include_socket_bytes() const { - return value_ >= INCLUDE_SOCKET_BYTES; -} - -bool NetLogCaptureMode::operator==(NetLogCaptureMode mode) const { - return value_ == mode.value_; -} - -bool NetLogCaptureMode::operator!=(NetLogCaptureMode mode) const { - return !(*this == mode); -} - -NetLogCaptureMode::NetLogCaptureMode(uint32_t value) : value_(value) { -} - -NetLogCaptureMode GetNetCaptureModeFromCommandLine( - const base::CommandLine& command_line, - base::StringPiece switch_name) { - if (command_line.HasSwitch(switch_name)) { - std::string value = command_line.GetSwitchValueASCII(switch_name); - - if (value == "Default") - return NetLogCaptureMode::Default(); - if (value == "IncludeCookiesAndCredentials") - return NetLogCaptureMode::IncludeCookiesAndCredentials(); - if (value == "IncludeSocketBytes") - return NetLogCaptureMode::IncludeSocketBytes(); - - LOG(ERROR) << "Unrecognized value for --" << switch_name; - } - - return net::NetLogCaptureMode::Default(); +bool NetLogCaptureIncludesSocketBytes(NetLogCaptureMode capture_mode) { + return capture_mode == NetLogCaptureMode::kEverything; } } // namespace net diff --git a/chromium/net/log/net_log_capture_mode.h b/chromium/net/log/net_log_capture_mode.h index 470a00cb8f3..cef1b25cff1 100644 --- a/chromium/net/log/net_log_capture_mode.h +++ b/chromium/net/log/net_log_capture_mode.h @@ -7,67 +7,75 @@ #include -#include - -#include "base/strings/string_piece_forward.h" #include "net/base/net_export.h" -namespace base { -class CommandLine; -} - namespace net { -// NetLogCaptureMode specifies the granularity of events that should be emitted -// to the log. It is a simple wrapper around an integer, so it should be passed -// to functions by value rather than by reference. -class NET_EXPORT NetLogCaptureMode { - public: - // NOTE: Default assignment and copy constructor are OK. - - // The default constructor creates a capture mode equivalent to - // Default(). - NetLogCaptureMode(); - - // Constructs a capture mode which logs basic events and event parameters. - // include_cookies_and_credentials() --> false - // include_socket_bytes() --> false - static NetLogCaptureMode Default(); - - // Constructs a capture mode which logs basic events, and additionally makes - // no effort to strip cookies and credentials. - // include_cookies_and_credentials() --> true - // include_socket_bytes() --> false - // TODO(bnc): Consider renaming to IncludePrivacyInfo(). - static NetLogCaptureMode IncludeCookiesAndCredentials(); - - // Constructs a capture mode which logs the data sent/received from sockets. - // include_cookies_and_credentials() --> true - // include_socket_bytes() --> true - static NetLogCaptureMode IncludeSocketBytes(); - - // If include_cookies_and_credentials() is true , then it is OK to log - // events which contain cookies, credentials or other privacy sensitive data. - // TODO(bnc): Consider renaming to include_privacy_info(). - bool include_cookies_and_credentials() const; - - // If include_socket_bytes() is true, then it is OK to output the actual - // bytes read/written from the network, even if it contains private data. - bool include_socket_bytes() const; - - bool operator==(NetLogCaptureMode mode) const; - bool operator!=(NetLogCaptureMode mode) const; - - private: - explicit NetLogCaptureMode(uint32_t value); - - int32_t value_; +// NetLogCaptureMode specifies the logging level. +// +// It is used to control which events are emitted to the log, and what level of +// detail is included in their parameters. +// +// The capture mode is expressed as a number, where higher values imply more +// information. +// +// Note the numeric values are used in a bitfield (NetLogCaptureModeSet) so must +// be sequential starting from 0, and not exceed 31. +enum class NetLogCaptureMode : uint32_t { + // Default logging level, which is expected to be light-weight and + // does best-effort stripping of privacy/security sensitive data. + // + // * Includes most HTTP request/response headers, but strips cookies and + // auth. + // * Does not include the full bytes read/written to sockets. + kDefault = 0, + + // Logging level that includes everything from kDefault, plus sensitive data + // that it may have strippped. + // + // * Includes cookies and authentication headers. + // * Does not include the full bytes read/written to sockets. + kIncludeSensitive, + + // Logging level that includes everything that is possible to be logged. + // + // * Includes the actual bytes read/written to sockets + // * Will result in large log files. + kEverything, + + kLast = kEverything, }; -// Parses a NetLogCaptureMode given an optional command-line switch. -NET_EXPORT NetLogCaptureMode -GetNetCaptureModeFromCommandLine(const base::CommandLine& command_line, - base::StringPiece switch_name); +// Bitfield of NetLogCaptureMode, that should be initialized to zero for empty +// set. Bit "i" being set means that the set contains NetLogCaptureMode with +// value "i". +// +// Use the NetLogCaptureModeSet*() functions to operate on it. +using NetLogCaptureModeSet = uint32_t; + +inline NetLogCaptureModeSet NetLogCaptureModeToBit( + NetLogCaptureMode capture_mode) { + return 1 << static_cast(capture_mode); +} + +inline bool NetLogCaptureModeSetContains(NetLogCaptureMode capture_mode, + NetLogCaptureModeSet set) { + return (set & NetLogCaptureModeToBit(capture_mode)) != 0; +} + +inline bool NetLogCaptureModeSetAdd(NetLogCaptureMode value, + NetLogCaptureModeSet* set) { + return *set |= NetLogCaptureModeToBit(value); +} + +// Returns true if |capture_mode| permits logging sensitive values such as +// cookies and credentials. +NET_EXPORT bool NetLogCaptureIncludesSensitive(NetLogCaptureMode capture_mode); + +// Returns true if |capture_mode| permits logging the full request/response +// bytes from sockets. +NET_EXPORT bool NetLogCaptureIncludesSocketBytes( + NetLogCaptureMode capture_mode); } // namespace net diff --git a/chromium/net/log/net_log_capture_mode_unittest.cc b/chromium/net/log/net_log_capture_mode_unittest.cc index a249bf1e011..ea4fa30c7c2 100644 --- a/chromium/net/log/net_log_capture_mode_unittest.cc +++ b/chromium/net/log/net_log_capture_mode_unittest.cc @@ -10,41 +10,25 @@ namespace net { namespace { -TEST(NetLogCaptureMode, DefaultConstructor) { - EXPECT_EQ(NetLogCaptureMode(), NetLogCaptureMode::Default()); -} - TEST(NetLogCaptureMode, Default) { - NetLogCaptureMode mode = NetLogCaptureMode::Default(); - - EXPECT_FALSE(mode.include_cookies_and_credentials()); - EXPECT_FALSE(mode.include_socket_bytes()); + NetLogCaptureMode mode = NetLogCaptureMode::kDefault; - EXPECT_EQ(mode, NetLogCaptureMode::Default()); - EXPECT_NE(mode, NetLogCaptureMode::IncludeCookiesAndCredentials()); - EXPECT_NE(mode, NetLogCaptureMode::IncludeSocketBytes()); + EXPECT_FALSE(NetLogCaptureIncludesSensitive(mode)); + EXPECT_FALSE(NetLogCaptureIncludesSocketBytes(mode)); } -TEST(NetLogCaptureMode, IncludeCookiesAndCredentials) { - NetLogCaptureMode mode = NetLogCaptureMode::IncludeCookiesAndCredentials(); +TEST(NetLogCaptureMode, IncludeSensitive) { + NetLogCaptureMode mode = NetLogCaptureMode::kIncludeSensitive; - EXPECT_TRUE(mode.include_cookies_and_credentials()); - EXPECT_FALSE(mode.include_socket_bytes()); - - EXPECT_NE(mode, NetLogCaptureMode::Default()); - EXPECT_EQ(mode, NetLogCaptureMode::IncludeCookiesAndCredentials()); - EXPECT_NE(mode, NetLogCaptureMode::IncludeSocketBytes()); + EXPECT_TRUE(NetLogCaptureIncludesSensitive(mode)); + EXPECT_FALSE(NetLogCaptureIncludesSocketBytes(mode)); } -TEST(NetLogCaptureMode, IncludeSocketBytes) { - NetLogCaptureMode mode = NetLogCaptureMode::IncludeSocketBytes(); - - EXPECT_TRUE(mode.include_cookies_and_credentials()); - EXPECT_TRUE(mode.include_socket_bytes()); +TEST(NetLogCaptureMode, Everything) { + NetLogCaptureMode mode = NetLogCaptureMode::kEverything; - EXPECT_NE(mode, NetLogCaptureMode::Default()); - EXPECT_NE(mode, NetLogCaptureMode::IncludeCookiesAndCredentials()); - EXPECT_EQ(mode, NetLogCaptureMode::IncludeSocketBytes()); + EXPECT_TRUE(NetLogCaptureIncludesSensitive(mode)); + EXPECT_TRUE(NetLogCaptureIncludesSocketBytes(mode)); } } // namespace diff --git a/chromium/net/log/net_log_entry.cc b/chromium/net/log/net_log_entry.cc index 16be908a4b3..10c0c98b82e 100644 --- a/chromium/net/log/net_log_entry.cc +++ b/chromium/net/log/net_log_entry.cc @@ -4,61 +4,54 @@ #include "net/log/net_log_entry.h" -#include - -#include "base/callback.h" -#include "base/values.h" #include "net/log/net_log.h" namespace net { +NetLogEntry::NetLogEntry(NetLogEventType type, + NetLogSource source, + NetLogEventPhase phase, + base::TimeTicks time, + base::Value params) + : type(type), + source(source), + phase(phase), + time(time), + params(std::move(params)) {} + +NetLogEntry::~NetLogEntry() = default; + +NetLogEntry::NetLogEntry(NetLogEntry&& entry) = default; +NetLogEntry& NetLogEntry::operator=(NetLogEntry&& entry) = default; + base::Value NetLogEntry::ToValue() const { base::DictionaryValue entry_dict; - entry_dict.SetString("time", NetLog::TickCountToString(data_->time)); + entry_dict.SetString("time", NetLog::TickCountToString(time)); // Set the entry source. base::DictionaryValue source_dict; - source_dict.SetInteger("id", data_->source.id); - source_dict.SetInteger("type", static_cast(data_->source.type)); + source_dict.SetInteger("id", source.id); + source_dict.SetInteger("type", static_cast(source.type)); entry_dict.SetKey("source", std::move(source_dict)); // Set the event info. - entry_dict.SetInteger("type", static_cast(data_->type)); - entry_dict.SetInteger("phase", static_cast(data_->phase)); + entry_dict.SetInteger("type", static_cast(type)); + entry_dict.SetInteger("phase", static_cast(phase)); // Set the event-specific parameters. - base::Value params = ParametersToValue(); if (!params.is_none()) - entry_dict.SetKey("params", std::move(params)); + entry_dict.SetKey("params", params.Clone()); return std::move(entry_dict); } -base::Value NetLogEntry::ParametersToValue() const { - if (data_->parameters_callback) - return data_->parameters_callback->Run(capture_mode_); - return base::Value(); +NetLogEntry NetLogEntry::Clone() const { + return NetLogEntry(type, source, phase, time, params.Clone()); } -NetLogEntryData::NetLogEntryData( - NetLogEventType type, - NetLogSource source, - NetLogEventPhase phase, - base::TimeTicks time, - const NetLogParametersCallback* parameters_callback) - : type(type), - source(source), - phase(phase), - time(time), - parameters_callback(parameters_callback) {} - -NetLogEntryData::~NetLogEntryData() = default; - -NetLogEntry::NetLogEntry(const NetLogEntryData* data, - NetLogCaptureMode capture_mode) - : data_(data), capture_mode_(capture_mode) {} - -NetLogEntry::~NetLogEntry() = default; +bool NetLogEntry::HasParams() const { + return !params.is_none(); +} } // namespace net diff --git a/chromium/net/log/net_log_entry.h b/chromium/net/log/net_log_entry.h index b9280844261..9de87d7a00a 100644 --- a/chromium/net/log/net_log_entry.h +++ b/chromium/net/log/net_log_entry.h @@ -5,14 +5,10 @@ #ifndef NET_LOG_NET_LOG_ENTRY_H_ #define NET_LOG_NET_LOG_ENTRY_H_ -#include - -#include "base/macros.h" #include "base/time/time.h" +#include "base/values.h" #include "net/base/net_export.h" -#include "net/log/net_log_capture_mode.h" #include "net/log/net_log_event_type.h" -#include "net/log/net_log_parameters_callback.h" #include "net/log/net_log_source.h" namespace base { @@ -21,52 +17,37 @@ class Value; namespace net { -struct NET_EXPORT NetLogEntryData { - NetLogEntryData(NetLogEventType type, - NetLogSource source, - NetLogEventPhase phase, - base::TimeTicks time, - const NetLogParametersCallback* parameters_callback); - ~NetLogEntryData(); - - const NetLogEventType type; - const NetLogSource source; - const NetLogEventPhase phase; - const base::TimeTicks time; - const NetLogParametersCallback* const parameters_callback; -}; - -// A NetLogEntry pre-binds NetLogEntryData to a capture mode, so observers will -// observe the output of ToValue() and ParametersToValue() at their log -// capture mode rather than the current maximum. -class NET_EXPORT NetLogEntry { +// Represents an event that was sent to a NetLog observer, including the +// materialized parameters. +struct NET_EXPORT NetLogEntry { public: - NetLogEntry(const NetLogEntryData* data, NetLogCaptureMode capture_mode); + NetLogEntry(NetLogEventType type, + NetLogSource source, + NetLogEventPhase phase, + base::TimeTicks time, + base::Value params); + ~NetLogEntry(); - NetLogEventType type() const { return data_->type; } - NetLogSource source() const { return data_->source; } - NetLogEventPhase phase() const { return data_->phase; } + // Moveable. + NetLogEntry(NetLogEntry&& entry); + NetLogEntry& operator=(NetLogEntry&& entry); - // Serializes the specified event to a Value. The Value also includes the - // current time. Takes in a time to allow back-dating entries. + // Serializes the specified event to a Value. base::Value ToValue() const; - // Returns the parameters as a Value. Returns a none value if there are no - // parameters. - // TODO(eroman): Make this base::Optional instead? - base::Value ParametersToValue() const; - - private: - const NetLogEntryData* const data_; + // NetLogEntry is not copy constructible, however copying is useful for + // unittests. + NetLogEntry Clone() const; - // Log capture mode when the event occurred. - const NetLogCaptureMode capture_mode_; + // Returns true if the entry has value for |params|. + bool HasParams() const; - // It is not safe to copy this class, since |parameters_callback_| may - // include pointers that become stale immediately after the event is added, - // even if the code were modified to keep its own copy of the callback. - DISALLOW_COPY_AND_ASSIGN(NetLogEntry); + NetLogEventType type; + NetLogSource source; + NetLogEventPhase phase; + base::TimeTicks time; + base::Value params; }; } // namespace net diff --git a/chromium/net/log/net_log_event_type_list.h b/chromium/net/log/net_log_event_type_list.h index c7ab2bc7a6d..b6db4a74c7b 100644 --- a/chromium/net/log/net_log_event_type_list.h +++ b/chromium/net/log/net_log_event_type_list.h @@ -2169,6 +2169,79 @@ EVENT_TYPE(SOCKS5_HANDSHAKE_READ) // ------------------------------------------------------------------------ // HTTP Authentication // ------------------------------------------------------------------------ +// +// Structure of common GSSAPI / SSPI values. +// ----------------------------------------- +// For convenience some structured GSSAPI/SSPI values are serialized +// consistently across different events. They are explained below. +// +// ** GSSAPI Status: +// +// A major/minor status code returned by a GSSAPI function. The major status +// code indicates the GSSAPI level error, while the minor code provides a +// mechanism specific error code if a specific GSSAPI mechanism was involved in +// the error. +// +// The status value has the following structure: +// { +// "function": +// "major_status": { +// "status" : , +// "message": [ +// +// ] +// }, +// "minor_status": { +// "status" : , +// "message": [ +// +// ] +// } +// } +// +// ** OID: +// +// An ASN.1 OID that's used for GSSAPI is serialized thusly: +// { +// "oid": +// "length": , +// "bytes": +// } +// +// ** GSS Display Name: +// +// A serialization of GSSAPI principal name to something that can be consumed by +// humans. If the encoding of the string is not UTF-8 (since there's no +// requirement that they use any specific encoding) the field is serialized +// using NetLogBinaryValue(). +// { +// "name" : +// "type" : +// "error": +// } +// +// ** GSSAPI Context Description +// +// A serialization of the GSSAPI context. It takes the following form: +// { +// "source" : +// "target" : +// "open" : +// "mechanism": +// "flags" : +// } // Lifetime event for HttpAuthController. // @@ -2212,11 +2285,56 @@ EVENT_TYPE(AUTH_GENERATE_TOKEN) // } EVENT_TYPE(AUTH_HANDLE_CHALLENGE) +// An attempt was made to load an authentication library. +// +// If the request succeeded, the parameters are: +// { +// "library_name": +// } +// Otherwise, the parameters are: +// { +// "library_name": +// "load_error": +// } +EVENT_TYPE(AUTH_LIBRARY_LOAD) + +// A required method was not found while attempting to load an authentication +// library. +// +// Parameters are: +// { +// "library_name": +// "method": +// } +EVENT_TYPE(AUTH_LIBRARY_BIND_FAILED) + +// Construction of the GSSAPI service principal name. +// +// Parameters: +// { +// "spn": +// "status": +// } +EVENT_TYPE(AUTH_LIBRARY_IMPORT_NAME) + +// Initialize security context. +// +// This operation involves invoking an external library which may perform disk, +// IPC, and network IO as a part of its work. +// +// The END phase has the following parameters. +// { +// "context": , +// "status": +// } +EVENT_TYPE(AUTH_LIBRARY_INIT_SEC_CTX) + // The channel bindings generated for the connection. // { -// "token": +// "token": // } EVENT_TYPE(AUTH_CHANNEL_BINDINGS) @@ -2413,53 +2531,6 @@ EVENT_TYPE(DNS_TRANSACTION_TCP_ATTEMPT) // } EVENT_TYPE(DNS_TRANSACTION_RESPONSE) -// ------------------------------------------------------------------------ -// ChromeExtension -// ------------------------------------------------------------------------ - -// TODO(eroman): This is a layering violation. Fix this in the context -// of http://crbug.com/90674. - -// This event is created when a Chrome extension aborts a request. -// -// { -// "extension_id": -// } -EVENT_TYPE(CHROME_EXTENSION_ABORTED_REQUEST) - -// This event is created when a Chrome extension redirects a request. -// -// { -// "extension_id": -// } -EVENT_TYPE(CHROME_EXTENSION_REDIRECTED_REQUEST) - -// This event is created when a Chrome extension modifies the headers of a -// request. -// -// { -// "extension_id": , -// "modified_headers": [ "
: ", ... ], -// "deleted_headers": [ "
", ... ] -// } -EVENT_TYPE(CHROME_EXTENSION_MODIFIED_HEADERS) - -// This event is created when a Chrome extension tried to modify a request -// but was ignored due to a conflict. -// -// { -// "extension_id": -// } -EVENT_TYPE(CHROME_EXTENSION_IGNORED_DUE_TO_CONFLICT) - -// This event is created when a Chrome extension provides authentication -// credentials. -// -// { -// "extension_id": -// } -EVENT_TYPE(CHROME_EXTENSION_PROVIDE_AUTH_CREDENTIALS) - // ------------------------------------------------------------------------ // CertVerifier // ------------------------------------------------------------------------ diff --git a/chromium/net/log/net_log_parameters_callback.h b/chromium/net/log/net_log_parameters_callback.h deleted file mode 100644 index 05ff3ff033d..00000000000 --- a/chromium/net/log/net_log_parameters_callback.h +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_LOG_NET_LOG_PARAMETERS_CALLBACK_H_ -#define NET_LOG_NET_LOG_PARAMETERS_CALLBACK_H_ - -#include - -#include "base/callback_forward.h" -#include "net/log/net_log_capture_mode.h" - -namespace base { -class Value; -} - -namespace net { - -// A callback that returns a Value representation of the parameters -// associated with an event. If called, it will be called synchronously, -// so it need not have owning references. May be called more than once, or -// not at all. May return a none value to indicate no parameters. -using NetLogParametersCallback = - base::RepeatingCallback; - -} // namespace net - -#endif // NET_LOG_NET_LOG_PARAMETERS_CALLBACK_H_ diff --git a/chromium/net/log/net_log_source.cc b/chromium/net/log/net_log_source.cc index 09b1daa675e..e9ffa467997 100644 --- a/chromium/net/log/net_log_source.cc +++ b/chromium/net/log/net_log_source.cc @@ -17,9 +17,7 @@ namespace net { namespace { -base::Value SourceEventParametersCallback( - const NetLogSource source, - NetLogCaptureMode /* capture_mode */) { +base::Value SourceEventParametersCallback(const NetLogSource source) { if (!source.IsValid()) return base::Value(); base::DictionaryValue event_params; @@ -49,15 +47,15 @@ void NetLogSource::AddToEventParameters(base::Value* event_params) const { event_params->SetKey("source_dependency", std::move(dict)); } -NetLogParametersCallback NetLogSource::ToEventParametersCallback() const { - return base::Bind(&SourceEventParametersCallback, *this); +base::Value NetLogSource::ToEventParameters() const { + return SourceEventParametersCallback(*this); } // static -bool NetLogSource::FromEventParameters(base::Value* event_params, +bool NetLogSource::FromEventParameters(const base::Value* event_params, NetLogSource* source) { - base::DictionaryValue* dict = nullptr; - base::DictionaryValue* source_dict = nullptr; + const base::DictionaryValue* dict = nullptr; + const base::DictionaryValue* source_dict = nullptr; int source_id = -1; int source_type = static_cast(NetLogSourceType::COUNT); if (!event_params || !event_params->GetAsDictionary(&dict) || diff --git a/chromium/net/log/net_log_source.h b/chromium/net/log/net_log_source.h index 87748454e1e..82fa6daaf89 100644 --- a/chromium/net/log/net_log_source.h +++ b/chromium/net/log/net_log_source.h @@ -8,7 +8,6 @@ #include #include "net/base/net_export.h" -#include "net/log/net_log_parameters_callback.h" #include "net/log/net_log_source_type.h" namespace base { @@ -32,15 +31,15 @@ struct NET_EXPORT NetLogSource { // using the name "source_dependency". void AddToEventParameters(base::Value* event_params) const; - // Returns a callback that returns a dictionary with a single entry - // named "source_dependency" that describes |this|. - NetLogParametersCallback ToEventParametersCallback() const; + // Returns a dictionary with a single entry named "source_dependency" that + // describes |this|. + base::Value ToEventParameters() const; // Attempts to extract a NetLogSource from a set of event parameters. Returns // true and writes the result to |source| on success. Returns false and // makes |source| an invalid source on failure. // TODO(mmenke): Long term, we want to remove this. - static bool FromEventParameters(base::Value* event_params, + static bool FromEventParameters(const base::Value* event_params, NetLogSource* source); NetLogSourceType type; diff --git a/chromium/net/log/net_log_unittest.cc b/chromium/net/log/net_log_unittest.cc index 0169afb63c3..bd7b0f7f1ea 100644 --- a/chromium/net/log/net_log_unittest.cc +++ b/chromium/net/log/net_log_unittest.cc @@ -4,23 +4,15 @@ #include "net/log/net_log.h" -#include -#include -#include - -#include "base/bind.h" -#include "base/callback.h" #include "base/stl_util.h" #include "base/synchronization/waitable_event.h" #include "base/threading/simple_thread.h" #include "base/values.h" -#include "net/base/net_errors.h" -#include "net/log/file_net_log_observer.h" #include "net/log/net_log_event_type.h" #include "net/log/net_log_source_type.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" +#include "testing/gtest/include/gtest/gtest.h" namespace net { @@ -29,26 +21,15 @@ namespace { const int kThreads = 10; const int kEvents = 100; -// Under the hood a NetLogCaptureMode is simply an int. But for layering reasons -// this internal value is not exposed. These tests need to serialize a -// NetLogCaptureMode to a base::Value, so create our own private mapping. int CaptureModeToInt(NetLogCaptureMode capture_mode) { - if (capture_mode == NetLogCaptureMode::Default()) - return 0; - if (capture_mode == NetLogCaptureMode::IncludeCookiesAndCredentials()) - return 1; - if (capture_mode == NetLogCaptureMode::IncludeSocketBytes()) - return 2; - - ADD_FAILURE() << "Unknown capture mode"; - return -1; + return static_cast(capture_mode); } base::Value CaptureModeToValue(NetLogCaptureMode capture_mode) { return base::Value(CaptureModeToInt(capture_mode)); } -base::Value NetCaptureModeCallback(NetLogCaptureMode capture_mode) { +base::Value NetCaptureModeParams(NetLogCaptureMode capture_mode) { base::DictionaryValue dict; dict.SetKey("capture_mode", CaptureModeToValue(capture_mode)); return std::move(dict); @@ -56,41 +37,41 @@ base::Value NetCaptureModeCallback(NetLogCaptureMode capture_mode) { TEST(NetLogTest, Basic) { TestNetLog net_log; - TestNetLogEntry::List entries; - net_log.GetEntries(&entries); + auto entries = net_log.GetEntries(); EXPECT_EQ(0u, entries.size()); net_log.AddGlobalEntry(NetLogEventType::CANCELLED); - net_log.GetEntries(&entries); + entries = net_log.GetEntries(); ASSERT_EQ(1u, entries.size()); EXPECT_EQ(NetLogEventType::CANCELLED, entries[0].type); EXPECT_EQ(NetLogSourceType::NONE, entries[0].source.type); EXPECT_NE(NetLogSource::kInvalidId, entries[0].source.id); EXPECT_EQ(NetLogEventPhase::NONE, entries[0].phase); EXPECT_GE(base::TimeTicks::Now(), entries[0].time); - EXPECT_FALSE(entries[0].params); + EXPECT_FALSE(entries[0].HasParams()); } // Check that the correct CaptureMode is sent to NetLog Value callbacks. TEST(NetLogTest, CaptureModes) { NetLogCaptureMode kModes[] = { - NetLogCaptureMode::Default(), - NetLogCaptureMode::IncludeCookiesAndCredentials(), - NetLogCaptureMode::IncludeSocketBytes(), + NetLogCaptureMode::kDefault, + NetLogCaptureMode::kIncludeSensitive, + NetLogCaptureMode::kEverything, }; TestNetLog net_log; for (NetLogCaptureMode mode : kModes) { - net_log.SetCaptureMode(mode); + net_log.SetObserverCaptureMode(mode); EXPECT_EQ(mode, net_log.GetObserver()->capture_mode()); net_log.AddGlobalEntry(NetLogEventType::SOCKET_ALIVE, - base::Bind(NetCaptureModeCallback)); + [&](NetLogCaptureMode capture_mode) { + return NetCaptureModeParams(capture_mode); + }); - TestNetLogEntry::List entries; - net_log.GetEntries(&entries); + auto entries = net_log.GetEntries(); ASSERT_EQ(1u, entries.size()); EXPECT_EQ(NetLogEventType::SOCKET_ALIVE, entries[0].type); @@ -99,10 +80,8 @@ TEST(NetLogTest, CaptureModes) { EXPECT_EQ(NetLogEventPhase::NONE, entries[0].phase); EXPECT_GE(base::TimeTicks::Now(), entries[0].time); - int logged_capture_mode; - ASSERT_TRUE( - entries[0].GetIntegerValue("capture_mode", &logged_capture_mode)); - EXPECT_EQ(CaptureModeToInt(mode), logged_capture_mode); + ASSERT_EQ(CaptureModeToInt(mode), + GetIntegerValueFromParams(entries[0], "capture_mode")); net_log.Clear(); } @@ -152,7 +131,9 @@ class LoggingObserver : public NetLog::ThreadSafeObserver { void AddEvent(NetLog* net_log) { net_log->AddGlobalEntry(NetLogEventType::CANCELLED, - base::Bind(CaptureModeToValue)); + [&](NetLogCaptureMode capture_mode) { + return CaptureModeToValue(capture_mode); + }); } // A thread that waits until an event has been signalled before calling @@ -218,17 +199,9 @@ class AddRemoveObserverTestThread : public NetLogTestThread { for (int i = 0; i < kEvents; ++i) { ASSERT_FALSE(observer_.net_log()); - net_log_->AddObserver(&observer_, - NetLogCaptureMode::IncludeCookiesAndCredentials()); - ASSERT_EQ(net_log_, observer_.net_log()); - ASSERT_EQ(NetLogCaptureMode::IncludeCookiesAndCredentials(), - observer_.capture_mode()); - - net_log_->SetObserverCaptureMode(&observer_, - NetLogCaptureMode::IncludeSocketBytes()); + net_log_->AddObserver(&observer_, NetLogCaptureMode::kIncludeSensitive); ASSERT_EQ(net_log_, observer_.net_log()); - ASSERT_EQ(NetLogCaptureMode::IncludeSocketBytes(), - observer_.capture_mode()); + ASSERT_EQ(NetLogCaptureMode::kIncludeSensitive, observer_.capture_mode()); net_log_->RemoveObserver(&observer_); ASSERT_TRUE(!observer_.net_log()); @@ -268,7 +241,7 @@ TEST(NetLogTest, NetLogEventThreads) { // safely detach themselves on destruction. CountingObserver observers[3]; for (size_t i = 0; i < base::size(observers); ++i) { - net_log.AddObserver(&observers[i], NetLogCaptureMode::IncludeSocketBytes()); + net_log.AddObserver(&observers[i], NetLogCaptureMode::kEverything); } // Run a bunch of threads to completion, each of which will emit events to @@ -292,24 +265,15 @@ TEST(NetLogTest, NetLogAddRemoveObserver) { EXPECT_FALSE(net_log.IsCapturing()); // Add the observer and add an event. - net_log.AddObserver(&observer, - NetLogCaptureMode::IncludeCookiesAndCredentials()); + net_log.AddObserver(&observer, NetLogCaptureMode::kIncludeSensitive); EXPECT_TRUE(net_log.IsCapturing()); EXPECT_EQ(&net_log, observer.net_log()); - EXPECT_EQ(NetLogCaptureMode::IncludeCookiesAndCredentials(), - observer.capture_mode()); + EXPECT_EQ(NetLogCaptureMode::kIncludeSensitive, observer.capture_mode()); EXPECT_TRUE(net_log.IsCapturing()); AddEvent(&net_log); EXPECT_EQ(1, observer.count()); - // Change the observer's logging level and add an event. - net_log.SetObserverCaptureMode(&observer, - NetLogCaptureMode::IncludeSocketBytes()); - EXPECT_EQ(&net_log, observer.net_log()); - EXPECT_EQ(NetLogCaptureMode::IncludeSocketBytes(), observer.capture_mode()); - EXPECT_TRUE(net_log.IsCapturing()); - AddEvent(&net_log); EXPECT_EQ(2, observer.count()); @@ -321,10 +285,11 @@ TEST(NetLogTest, NetLogAddRemoveObserver) { AddEvent(&net_log); EXPECT_EQ(2, observer.count()); - // Add the observer a final time, and add an event. - net_log.AddObserver(&observer, NetLogCaptureMode::IncludeSocketBytes()); + // Add the observer a final time, this time with a different capture mdoe, and + // add an event. + net_log.AddObserver(&observer, NetLogCaptureMode::kEverything); EXPECT_EQ(&net_log, observer.net_log()); - EXPECT_EQ(NetLogCaptureMode::IncludeSocketBytes(), observer.capture_mode()); + EXPECT_EQ(NetLogCaptureMode::kEverything, observer.capture_mode()); EXPECT_TRUE(net_log.IsCapturing()); AddEvent(&net_log); @@ -337,22 +302,18 @@ TEST(NetLogTest, NetLogTwoObservers) { LoggingObserver observer[2]; // Add first observer. - net_log.AddObserver(&observer[0], - NetLogCaptureMode::IncludeCookiesAndCredentials()); + net_log.AddObserver(&observer[0], NetLogCaptureMode::kIncludeSensitive); EXPECT_EQ(&net_log, observer[0].net_log()); EXPECT_EQ(NULL, observer[1].net_log()); - EXPECT_EQ(NetLogCaptureMode::IncludeCookiesAndCredentials(), - observer[0].capture_mode()); + EXPECT_EQ(NetLogCaptureMode::kIncludeSensitive, observer[0].capture_mode()); EXPECT_TRUE(net_log.IsCapturing()); // Add second observer observer. - net_log.AddObserver(&observer[1], NetLogCaptureMode::IncludeSocketBytes()); + net_log.AddObserver(&observer[1], NetLogCaptureMode::kEverything); EXPECT_EQ(&net_log, observer[0].net_log()); EXPECT_EQ(&net_log, observer[1].net_log()); - EXPECT_EQ(NetLogCaptureMode::IncludeCookiesAndCredentials(), - observer[0].capture_mode()); - EXPECT_EQ(NetLogCaptureMode::IncludeSocketBytes(), - observer[1].capture_mode()); + EXPECT_EQ(NetLogCaptureMode::kIncludeSensitive, observer[0].capture_mode()); + EXPECT_EQ(NetLogCaptureMode::kEverything, observer[1].capture_mode()); EXPECT_TRUE(net_log.IsCapturing()); // Add event and make sure both observers receive it at their respective log @@ -370,8 +331,7 @@ TEST(NetLogTest, NetLogTwoObservers) { net_log.RemoveObserver(&observer[1]); EXPECT_EQ(&net_log, observer[0].net_log()); EXPECT_EQ(NULL, observer[1].net_log()); - EXPECT_EQ(NetLogCaptureMode::IncludeCookiesAndCredentials(), - observer[0].capture_mode()); + EXPECT_EQ(NetLogCaptureMode::kIncludeSensitive, observer[0].capture_mode()); EXPECT_TRUE(net_log.IsCapturing()); // Add event and make sure only second observer gets it. @@ -401,139 +361,15 @@ TEST(NetLogTest, NetLogAddRemoveObserverThreads) { RunTestThreads(&net_log); } -// Calls NetLogASCIIStringValue() on |raw| and returns the resulting string -// (rather than the base::Value). -std::string GetNetLogString(base::StringPiece raw) { - base::Value value = NetLogStringValue(raw); - std::string result; - EXPECT_TRUE(value.GetAsString(&result)); - return result; -} - -TEST(NetLogTest, NetLogASCIIStringValue) { - // ASCII strings should not be transformed. - EXPECT_EQ("ascii\nstrin\0g", GetNetLogString("ascii\nstrin\0g")); - - // Non-ASCII UTF-8 strings should be escaped. - EXPECT_EQ("%ESCAPED:\xE2\x80\x8B utf-8 string %E2%98%83", - GetNetLogString("utf-8 string \xE2\x98\x83")); - - // The presence of percent should not trigger escaping. - EXPECT_EQ("%20", GetNetLogString("%20")); - - // However if the value to be escaped contains percent, it should be escaped - // (so can unescape to restore the original string). - EXPECT_EQ("%ESCAPED:\xE2\x80\x8B %E2%98%83 %2520", - GetNetLogString("\xE2\x98\x83 %20")); - - // Test that when percent escaping, no ASCII value is escaped (excluding %). - for (uint8_t c = 0; c <= 0x7F; ++c) { - if (c == '%') - continue; - - std::string s; - s.push_back(c); - - EXPECT_EQ("%ESCAPED:\xE2\x80\x8B %E2 " + s, GetNetLogString("\xE2 " + s)); - } -} - -TEST(NetLogTest, NetLogBinaryValue) { - // Test the encoding for empty bytes. - auto value1 = NetLogBinaryValue(nullptr, 0); - std::string string1; - ASSERT_TRUE(value1.GetAsString(&string1)); - EXPECT_EQ("", string1); - - // Test the encoding for a non-empty sequence (which needs padding). - const uint8_t kBytes[] = {0x00, 0xF3, 0xF8, 0xFF}; - auto value2 = NetLogBinaryValue(kBytes, base::size(kBytes)); - std::string string2; - ASSERT_TRUE(value2.GetAsString(&string2)); - EXPECT_EQ("APP4/w==", string2); -} - -template -std::string SerializedNetLogNumber(T num) { - auto value = NetLogNumberValue(num); - - EXPECT_TRUE(value.is_string() || value.is_int() || value.is_double()); - - return SerializeNetLogValueToJson(value); -} - -std::string SerializedNetLogInt64(int64_t num) { - return SerializedNetLogNumber(num); -} - -std::string SerializedNetLogUint64(uint64_t num) { - return SerializedNetLogNumber(num); -} - -TEST(NetLogTest, NetLogNumberValue) { - const int64_t kMinInt = std::numeric_limits::min(); - const int64_t kMaxInt = std::numeric_limits::max(); - - // Numbers which can be represented by an INTEGER base::Value(). - EXPECT_EQ("0", SerializedNetLogInt64(0)); - EXPECT_EQ("0", SerializedNetLogUint64(0)); - EXPECT_EQ("-1", SerializedNetLogInt64(-1)); - EXPECT_EQ("-2147483648", SerializedNetLogInt64(kMinInt)); - EXPECT_EQ("2147483647", SerializedNetLogInt64(kMaxInt)); - - // Numbers which are outside of the INTEGER range, but fit within a DOUBLE. - EXPECT_EQ("-2147483649", SerializedNetLogInt64(kMinInt - 1)); - EXPECT_EQ("2147483648", SerializedNetLogInt64(kMaxInt + 1)); - EXPECT_EQ("4294967294", SerializedNetLogInt64(0xFFFFFFFF - 1)); - - // kMaxSafeInteger is the same as JavaScript's Numbers.MAX_SAFE_INTEGER. - const int64_t kMaxSafeInteger = 9007199254740991; // 2^53 - 1 - - // Numbers that can be represented with full precision by a DOUBLE. - EXPECT_EQ("-9007199254740991", SerializedNetLogInt64(-kMaxSafeInteger)); - EXPECT_EQ("9007199254740991", SerializedNetLogInt64(kMaxSafeInteger)); - EXPECT_EQ("9007199254740991", SerializedNetLogUint64(kMaxSafeInteger)); - - // Numbers that are just outside of the range of a DOUBLE need to be encoded - // as strings. - EXPECT_EQ("\"-9007199254740992\"", - SerializedNetLogInt64(-kMaxSafeInteger - 1)); - EXPECT_EQ("\"9007199254740992\"", SerializedNetLogInt64(kMaxSafeInteger + 1)); - EXPECT_EQ("\"9007199254740992\"", - SerializedNetLogUint64(kMaxSafeInteger + 1)); - - // Test the 64-bit maximums. - EXPECT_EQ("\"9223372036854775807\"", - SerializedNetLogInt64(std::numeric_limits::max())); - EXPECT_EQ("\"18446744073709551615\"", - SerializedNetLogUint64(std::numeric_limits::max())); -} - // Tests that serializing a NetLogEntry with empty parameters omits a value for // "params". TEST(NetLogTest, NetLogEntryToValueEmptyParams) { - // NetLogEntry with a null parameters callback. - NetLogEntryData entry_data1(NetLogEventType::REQUEST_ALIVE, NetLogSource(), - NetLogEventPhase::BEGIN, base::TimeTicks(), - nullptr); - NetLogEntry entry1(&entry_data1, NetLogCaptureMode::Default()); - - // NetLogEntry with a parameters callback that returns a NONE value. - NetLogParametersCallback callback2 = - base::BindRepeating([](NetLogCaptureMode) { return base::Value(); }); - NetLogEntryData entry_data2(NetLogEventType::REQUEST_ALIVE, NetLogSource(), - NetLogEventPhase::BEGIN, base::TimeTicks(), - &callback2); - NetLogEntry entry2(&entry_data2, NetLogCaptureMode::Default()); - - ASSERT_FALSE(entry_data1.parameters_callback); - ASSERT_TRUE(entry_data2.parameters_callback); - - ASSERT_TRUE(entry1.ParametersToValue().is_none()); - ASSERT_TRUE(entry2.ParametersToValue().is_none()); + // NetLogEntry with no params. + NetLogEntry entry1(NetLogEventType::REQUEST_ALIVE, NetLogSource(), + NetLogEventPhase::BEGIN, base::TimeTicks(), base::Value()); + ASSERT_TRUE(entry1.params.is_none()); ASSERT_FALSE(entry1.ToValue().FindKey("params")); - ASSERT_FALSE(entry2.ToValue().FindKey("params")); } } // namespace diff --git a/chromium/net/log/net_log_util.cc b/chromium/net/log/net_log_util.cc index dcf2fb5d7c2..3ee03937543 100644 --- a/chromium/net/log/net_log_util.cc +++ b/chromium/net/log/net_log_util.cc @@ -9,7 +9,6 @@ #include #include -#include "base/bind.h" #include "base/logging.h" #include "base/metrics/field_trial.h" #include "base/strings/string_number_conversions.h" @@ -27,11 +26,10 @@ #include "net/http/http_network_session.h" #include "net/http/http_server_properties.h" #include "net/http/http_transaction_factory.h" -#include "net/log/net_log.h" #include "net/log/net_log_capture_mode.h" #include "net/log/net_log_entry.h" #include "net/log/net_log_event_type.h" -#include "net/log/net_log_parameters_callback.h" +#include "net/log/net_log_values.h" #include "net/log/net_log_with_source.h" #include "net/proxy_resolution/proxy_config.h" #include "net/proxy_resolution/proxy_resolution_service.h" @@ -128,13 +126,6 @@ bool RequestCreatedBefore(const URLRequest* request1, return request1->identifier() < request2->identifier(); } -// Returns a Value representing the state of a pre-existing URLRequest when -// net-internals was opened. -base::Value GetRequestStateAsValue(const net::URLRequest* request, - NetLogCaptureMode capture_mode) { - return request->GetStateAsValue(); -} - } // namespace std::unique_ptr GetNetConstants() { @@ -504,15 +495,9 @@ NET_EXPORT void CreateNetLogEntriesForActiveObjects( // Create fake events. for (auto* request : requests) { - NetLogParametersCallback callback = - base::Bind(&GetRequestStateAsValue, base::Unretained(request)); - - // Note that passing the hardcoded NetLogCaptureMode::Default() below is - // fine, since GetRequestStateAsValue() ignores the capture mode. - NetLogEntryData entry_data( - NetLogEventType::REQUEST_ALIVE, request->net_log().source(), - NetLogEventPhase::BEGIN, request->creation_time(), &callback); - NetLogEntry entry(&entry_data, NetLogCaptureMode::Default()); + NetLogEntry entry(NetLogEventType::REQUEST_ALIVE, + request->net_log().source(), NetLogEventPhase::BEGIN, + request->creation_time(), request->GetStateAsValue()); observer->OnAddEntry(entry); } } diff --git a/chromium/net/log/net_log_util_unittest.cc b/chromium/net/log/net_log_util_unittest.cc index 9208cd6cedd..165f9f86fb7 100644 --- a/chromium/net/log/net_log_util_unittest.cc +++ b/chromium/net/log/net_log_util_unittest.cc @@ -17,7 +17,6 @@ #include "net/log/net_log_source.h" #include "net/log/net_log_with_source.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" #include "net/url_request/url_request_test_util.h" #include "testing/gtest/include/gtest/gtest.h" @@ -81,8 +80,7 @@ TEST(NetLogUtil, CreateNetLogEntriesForActiveObjectsOneContext) { contexts.insert(&context); TestNetLog test_net_log; CreateNetLogEntriesForActiveObjects(contexts, test_net_log.GetObserver()); - TestNetLogEntry::List entry_list; - test_net_log.GetEntries(&entry_list); + auto entry_list = test_net_log.GetEntries(); ASSERT_EQ(num_requests, entry_list.size()); for (size_t i = 0; i < num_requests; ++i) { @@ -114,8 +112,7 @@ TEST(NetLogUtil, CreateNetLogEntriesForActiveObjectsMultipleContexts) { TestNetLog test_net_log; CreateNetLogEntriesForActiveObjects(context_set, test_net_log.GetObserver()); - TestNetLogEntry::List entry_list; - test_net_log.GetEntries(&entry_list); + auto entry_list = test_net_log.GetEntries(); ASSERT_EQ(num_requests, entry_list.size()); for (size_t i = 0; i < num_requests; ++i) { diff --git a/chromium/net/log/net_log_values.cc b/chromium/net/log/net_log_values.cc new file mode 100644 index 00000000000..fdbb443d629 --- /dev/null +++ b/chromium/net/log/net_log_values.cc @@ -0,0 +1,99 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/log/net_log_values.h" + +#include "base/base64.h" +#include "base/strings/string_number_conversions.h" +#include "base/strings/string_util.h" +#include "base/values.h" +#include "net/base/escape.h" + +namespace net { + +namespace { + +// IEEE 64-bit doubles have a 52-bit mantissa, and can therefore represent +// 53-bits worth of precision (see also documentation for JavaScript's +// Number.MAX_SAFE_INTEGER for more discussion on this). +// +// If the number can be represented with an int or double use that. Otherwise +// fallback to encoding it as a string. +template +base::Value NetLogNumberValueHelper(T num) { + // Fits in a (32-bit) int: [-2^31, 2^31 - 1] + if ((!std::is_signed::value || (num >= static_cast(-2147483648))) && + (num <= static_cast(2147483647))) { + return base::Value(static_cast(num)); + } + + // Fits in a double: (-2^53, 2^53) + if ((!std::is_signed::value || + (num >= static_cast(-9007199254740991))) && + (num <= static_cast(9007199254740991))) { + return base::Value(static_cast(num)); + } + + // Otherwise format as a string. + return base::Value(base::NumberToString(num)); +} + +} // namespace + +base::Value NetLogStringValue(base::StringPiece raw) { + // The common case is that |raw| is ASCII. Represent this directly. + if (base::IsStringASCII(raw)) + return base::Value(raw); + + // For everything else (including valid UTF-8) percent-escape |raw|, and add a + // prefix that "tags" the value as being a percent-escaped representation. + // + // Note that the sequence E2 80 8B is U+200B (zero-width space) in UTF-8. It + // is added so the escaped string is not itself also ASCII (otherwise there + // would be ambiguity for consumers as to when the value needs to be + // unescaped). + return base::Value("%ESCAPED:\xE2\x80\x8B " + EscapeNonASCIIAndPercent(raw)); +} + +base::Value NetLogBinaryValue(const void* bytes, size_t length) { + std::string b64; + Base64Encode(base::StringPiece(reinterpret_cast(bytes), length), + &b64); + return base::Value(std::move(b64)); +} + +base::Value NetLogNumberValue(int64_t num) { + return NetLogNumberValueHelper(num); +} + +base::Value NetLogNumberValue(uint64_t num) { + return NetLogNumberValueHelper(num); +} + +base::Value NetLogParamsWithInt(base::StringPiece name, int value) { + base::Value params(base::Value::Type::DICTIONARY); + params.SetIntKey(name, value); + return params; +} + +base::Value NetLogParamsWithInt64(base::StringPiece name, int64_t value) { + base::DictionaryValue event_params; + event_params.SetKey(name, NetLogNumberValue(value)); + return std::move(event_params); +} + +base::Value NetLogParamsWithBool(base::StringPiece name, bool value) { + base::Value params(base::Value::Type::DICTIONARY); + params.SetBoolKey(name, value); + return params; +} + +base::Value NetLogParamsWithString(base::StringPiece name, + base::StringPiece value) { + base::Value params(base::Value::Type::DICTIONARY); + params.SetStringKey(name, value); + return params; +} + +} // namespace net diff --git a/chromium/net/log/net_log_values.h b/chromium/net/log/net_log_values.h new file mode 100644 index 00000000000..a97be0337d2 --- /dev/null +++ b/chromium/net/log/net_log_values.h @@ -0,0 +1,63 @@ +// Copyright (c) 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_LOG_NET_LOG_VALUES_H_ +#define NET_LOG_NET_LOG_VALUES_H_ + +#include + +#include "base/strings/string_piece_forward.h" +#include "net/base/net_export.h" + +namespace base { +class Value; +} + +namespace net { + +// Helpers to construct dictionaries with a single key and value. Useful for +// building parameters to include in a NetLog. +NET_EXPORT base::Value NetLogParamsWithInt(base::StringPiece name, int value); +NET_EXPORT base::Value NetLogParamsWithInt64(base::StringPiece name, + int64_t value); +NET_EXPORT base::Value NetLogParamsWithBool(base::StringPiece name, bool value); +NET_EXPORT base::Value NetLogParamsWithString(base::StringPiece name, + base::StringPiece value); + +// Creates a base::Value() to represent the byte string |raw| when adding it to +// the NetLog. +// +// When |raw| is an ASCII string, the returned value is a base::Value() +// containing that exact string. Otherwise it is represented by a +// percent-escaped version of the original string, along with a special prefix. +// +// This wrapper exists because base::Value strings are required to be UTF-8. +// Often times NetLog consumers just want to log a std::string, and that string +// may not be UTF-8. +NET_EXPORT base::Value NetLogStringValue(base::StringPiece raw); + +// Creates a base::Value() to represent the octets |bytes|. This should be +// used when adding binary data (i.e. not an ASCII or UTF-8 string) to the +// NetLog. The resulting base::Value() holds a copy of the input data. +// +// This wrapper must be used rather than directly adding base::Value parameters +// of type BINARY to the NetLog, since the JSON writer does not support +// serializing them. +// +// This wrapper encodes |bytes| as a Base64 encoded string. +NET_EXPORT base::Value NetLogBinaryValue(const void* bytes, size_t length); + +// Creates a base::Value() to represent integers, including 64-bit ones. +// base::Value() does not directly support 64-bit integers, as it is not +// representable in JSON. +// +// These wrappers will return values that are either numbers, or a string +// representation of their decimal value, depending on what is needed to ensure +// no loss of precision when de-serializing from JavaScript. +NET_EXPORT base::Value NetLogNumberValue(int64_t num); +NET_EXPORT base::Value NetLogNumberValue(uint64_t num); + +} // namespace net + +#endif // NET_LOG_NET_LOG_VALUES_H_ diff --git a/chromium/net/log/net_log_values_unittest.cc b/chromium/net/log/net_log_values_unittest.cc new file mode 100644 index 00000000000..8810575c60b --- /dev/null +++ b/chromium/net/log/net_log_values_unittest.cc @@ -0,0 +1,123 @@ +// Copyright (c) 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/log/net_log_values.h" + +#include + +#include "base/values.h" +#include "net/log/file_net_log_observer.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { + +// Calls NetLogASCIIStringValue() on |raw| and returns the resulting string +// (rather than the base::Value). +std::string GetNetLogString(base::StringPiece raw) { + base::Value value = NetLogStringValue(raw); + std::string result; + EXPECT_TRUE(value.GetAsString(&result)); + return result; +} + +TEST(NetLogValuesTest, NetLogASCIIStringValue) { + // ASCII strings should not be transformed. + EXPECT_EQ("ascii\nstrin\0g", GetNetLogString("ascii\nstrin\0g")); + + // Non-ASCII UTF-8 strings should be escaped. + EXPECT_EQ("%ESCAPED:\xE2\x80\x8B utf-8 string %E2%98%83", + GetNetLogString("utf-8 string \xE2\x98\x83")); + + // The presence of percent should not trigger escaping. + EXPECT_EQ("%20", GetNetLogString("%20")); + + // However if the value to be escaped contains percent, it should be escaped + // (so can unescape to restore the original string). + EXPECT_EQ("%ESCAPED:\xE2\x80\x8B %E2%98%83 %2520", + GetNetLogString("\xE2\x98\x83 %20")); + + // Test that when percent escaping, no ASCII value is escaped (excluding %). + for (uint8_t c = 0; c <= 0x7F; ++c) { + if (c == '%') + continue; + + std::string s; + s.push_back(c); + + EXPECT_EQ("%ESCAPED:\xE2\x80\x8B %E2 " + s, GetNetLogString("\xE2 " + s)); + } +} + +TEST(NetLogValuesTest, NetLogBinaryValue) { + // Test the encoding for empty bytes. + auto value1 = NetLogBinaryValue(nullptr, 0); + std::string string1; + ASSERT_TRUE(value1.GetAsString(&string1)); + EXPECT_EQ("", string1); + + // Test the encoding for a non-empty sequence (which needs padding). + const uint8_t kBytes[] = {0x00, 0xF3, 0xF8, 0xFF}; + auto value2 = NetLogBinaryValue(kBytes, base::size(kBytes)); + std::string string2; + ASSERT_TRUE(value2.GetAsString(&string2)); + EXPECT_EQ("APP4/w==", string2); +} + +template +std::string SerializedNetLogNumber(T num) { + auto value = NetLogNumberValue(num); + + EXPECT_TRUE(value.is_string() || value.is_int() || value.is_double()); + + return SerializeNetLogValueToJson(value); +} + +std::string SerializedNetLogInt64(int64_t num) { + return SerializedNetLogNumber(num); +} + +std::string SerializedNetLogUint64(uint64_t num) { + return SerializedNetLogNumber(num); +} + +TEST(NetLogValuesTest, NetLogNumberValue) { + const int64_t kMinInt = std::numeric_limits::min(); + const int64_t kMaxInt = std::numeric_limits::max(); + + // Numbers which can be represented by an INTEGER base::Value(). + EXPECT_EQ("0", SerializedNetLogInt64(0)); + EXPECT_EQ("0", SerializedNetLogUint64(0)); + EXPECT_EQ("-1", SerializedNetLogInt64(-1)); + EXPECT_EQ("-2147483648", SerializedNetLogInt64(kMinInt)); + EXPECT_EQ("2147483647", SerializedNetLogInt64(kMaxInt)); + + // Numbers which are outside of the INTEGER range, but fit within a DOUBLE. + EXPECT_EQ("-2147483649", SerializedNetLogInt64(kMinInt - 1)); + EXPECT_EQ("2147483648", SerializedNetLogInt64(kMaxInt + 1)); + EXPECT_EQ("4294967294", SerializedNetLogInt64(0xFFFFFFFF - 1)); + + // kMaxSafeInteger is the same as JavaScript's Numbers.MAX_SAFE_INTEGER. + const int64_t kMaxSafeInteger = 9007199254740991; // 2^53 - 1 + + // Numbers that can be represented with full precision by a DOUBLE. + EXPECT_EQ("-9007199254740991", SerializedNetLogInt64(-kMaxSafeInteger)); + EXPECT_EQ("9007199254740991", SerializedNetLogInt64(kMaxSafeInteger)); + EXPECT_EQ("9007199254740991", SerializedNetLogUint64(kMaxSafeInteger)); + + // Numbers that are just outside of the range of a DOUBLE need to be encoded + // as strings. + EXPECT_EQ("\"-9007199254740992\"", + SerializedNetLogInt64(-kMaxSafeInteger - 1)); + EXPECT_EQ("\"9007199254740992\"", SerializedNetLogInt64(kMaxSafeInteger + 1)); + EXPECT_EQ("\"9007199254740992\"", + SerializedNetLogUint64(kMaxSafeInteger + 1)); + + // Test the 64-bit maximums. + EXPECT_EQ("\"9223372036854775807\"", + SerializedNetLogInt64(std::numeric_limits::max())); + EXPECT_EQ("\"18446744073709551615\"", + SerializedNetLogUint64(std::numeric_limits::max())); +} + +} // namespace net diff --git a/chromium/net/log/net_log_with_source.cc b/chromium/net/log/net_log_with_source.cc index 020c3404baa..5b2742a897a 100644 --- a/chromium/net/log/net_log_with_source.cc +++ b/chromium/net/log/net_log_with_source.cc @@ -7,14 +7,12 @@ #include #include -#include "base/bind.h" -#include "base/callback.h" -#include "base/debug/alias.h" #include "base/logging.h" #include "base/values.h" #include "net/base/net_errors.h" #include "net/log/net_log.h" #include "net/log/net_log_capture_mode.h" +#include "net/log/net_log_values.h" namespace net { @@ -23,12 +21,12 @@ namespace { // Returns parameters for logging data transferred events. At a minimum includes // the number of bytes transferred. If the capture mode allows logging byte // contents and |byte_count| > 0, then will include the actual bytes. -base::Value BytesTransferredCallback(int byte_count, - const char* bytes, - NetLogCaptureMode capture_mode) { +base::Value BytesTransferredParams(int byte_count, + const char* bytes, + NetLogCaptureMode capture_mode) { base::DictionaryValue dict; dict.SetInteger("byte_count", byte_count); - if (capture_mode.include_socket_bytes() && byte_count > 0) + if (NetLogCaptureIncludesSocketBytes(capture_mode) && byte_count > 0) dict.SetKey("bytes", NetLogBinaryValue(bytes, byte_count)); return std::move(dict); } @@ -41,46 +39,68 @@ void NetLogWithSource::AddEntry(NetLogEventType type, NetLogEventPhase phase) const { if (!net_log_) return; - net_log_->AddEntry(type, source_, phase, nullptr); -} - -void NetLogWithSource::AddEntry( - NetLogEventType type, - NetLogEventPhase phase, - const NetLogParametersCallback& get_parameters) const { - if (!net_log_) - return; - net_log_->AddEntry(type, source_, phase, &get_parameters); + net_log_->AddEntry(type, source_, phase); } void NetLogWithSource::AddEvent(NetLogEventType type) const { AddEntry(type, NetLogEventPhase::NONE); } -void NetLogWithSource::AddEvent( - NetLogEventType type, - const NetLogParametersCallback& get_parameters) const { - AddEntry(type, NetLogEventPhase::NONE, get_parameters); +void NetLogWithSource::AddEventWithStringParams(NetLogEventType type, + base::StringPiece name, + base::StringPiece value) const { + AddEvent(type, [&] { return NetLogParamsWithString(name, value); }); } -void NetLogWithSource::BeginEvent(NetLogEventType type) const { - AddEntry(type, NetLogEventPhase::BEGIN); +void NetLogWithSource::AddEventWithIntParams(NetLogEventType type, + base::StringPiece name, + int value) const { + AddEvent(type, [&] { return NetLogParamsWithInt(name, value); }); +} + +void NetLogWithSource::BeginEventWithIntParams(NetLogEventType type, + base::StringPiece name, + int value) const { + BeginEvent(type, [&] { return NetLogParamsWithInt(name, value); }); +} + +void NetLogWithSource::EndEventWithIntParams(NetLogEventType type, + base::StringPiece name, + int value) const { + EndEvent(type, [&] { return NetLogParamsWithInt(name, value); }); +} + +void NetLogWithSource::AddEventWithInt64Params(NetLogEventType type, + base::StringPiece name, + int64_t value) const { + AddEvent(type, [&] { return NetLogParamsWithInt64(name, value); }); } -void NetLogWithSource::BeginEvent( +void NetLogWithSource::BeginEventWithStringParams( NetLogEventType type, - const NetLogParametersCallback& get_parameters) const { - AddEntry(type, NetLogEventPhase::BEGIN, get_parameters); + base::StringPiece name, + base::StringPiece value) const { + BeginEvent(type, [&] { return NetLogParamsWithString(name, value); }); } -void NetLogWithSource::EndEvent(NetLogEventType type) const { - AddEntry(type, NetLogEventPhase::END); +void NetLogWithSource::AddEventReferencingSource( + NetLogEventType type, + const NetLogSource& source) const { + AddEvent(type, [&] { return source.ToEventParameters(); }); } -void NetLogWithSource::EndEvent( +void NetLogWithSource::BeginEventReferencingSource( NetLogEventType type, - const NetLogParametersCallback& get_parameters) const { - AddEntry(type, NetLogEventPhase::END, get_parameters); + const NetLogSource& source) const { + BeginEvent(type, [&] { return source.ToEventParameters(); }); +} + +void NetLogWithSource::BeginEvent(NetLogEventType type) const { + AddEntry(type, NetLogEventPhase::BEGIN); +} + +void NetLogWithSource::EndEvent(NetLogEventType type) const { + AddEntry(type, NetLogEventPhase::END); } void NetLogWithSource::AddEventWithNetErrorCode(NetLogEventType event_type, @@ -89,7 +109,7 @@ void NetLogWithSource::AddEventWithNetErrorCode(NetLogEventType event_type, if (net_error >= 0) { AddEvent(event_type); } else { - AddEvent(event_type, NetLog::IntCallback("net_error", net_error)); + AddEventWithIntParams(event_type, "net_error", net_error); } } @@ -99,14 +119,23 @@ void NetLogWithSource::EndEventWithNetErrorCode(NetLogEventType event_type, if (net_error >= 0) { EndEvent(event_type); } else { - EndEvent(event_type, NetLog::IntCallback("net_error", net_error)); + EndEventWithIntParams(event_type, "net_error", net_error); } } +void NetLogWithSource::AddEntryWithBoolParams(NetLogEventType type, + NetLogEventPhase phase, + base::StringPiece name, + bool value) const { + AddEntry(type, phase, [&] { return NetLogParamsWithBool(name, value); }); +} + void NetLogWithSource::AddByteTransferEvent(NetLogEventType event_type, int byte_count, const char* bytes) const { - AddEvent(event_type, base::Bind(BytesTransferredCallback, byte_count, bytes)); + AddEvent(event_type, [&](NetLogCaptureMode capture_mode) { + return BytesTransferredParams(byte_count, bytes, capture_mode); + }); } bool NetLogWithSource::IsCapturing() const { diff --git a/chromium/net/log/net_log_with_source.h b/chromium/net/log/net_log_with_source.h index e15d0bae4ae..48627900baf 100644 --- a/chromium/net/log/net_log_with_source.h +++ b/chromium/net/log/net_log_with_source.h @@ -6,13 +6,12 @@ #define NET_LOG_NET_LOG_WITH_SOURCE_H_ #include "net/base/net_export.h" +#include "net/log/net_log.h" #include "net/log/net_log_event_type.h" -#include "net/log/net_log_parameters_callback.h" #include "net/log/net_log_source.h" #include "net/log/net_log_source_type.h" namespace net { - class NetLog; // Helper that binds a Source to a NetLog, and exposes convenience methods to @@ -22,25 +21,78 @@ class NET_EXPORT NetLogWithSource { NetLogWithSource() : net_log_(nullptr) {} ~NetLogWithSource(); - // Add a log entry to the NetLog for the bound source. + // Adds a log entry to the NetLog for the bound source. void AddEntry(NetLogEventType type, NetLogEventPhase phase) const; + + // See "Materializing parameters" in net_log.h for details on |get_params|. + template void AddEntry(NetLogEventType type, NetLogEventPhase phase, - const NetLogParametersCallback& get_parameters) const; + const ParametersCallback& get_params) const { + // TODO(eroman): Should merge the nullity check with + // GetObserverCaptureModes() to reduce expanded code size. + if (net_log_) + net_log_->AddEntry(type, source_, phase, get_params); + } // Convenience methods that call AddEntry with a fixed "capture phase" // (begin, end, or none). void BeginEvent(NetLogEventType type) const; + + // See "Materializing parameters" in net_log.h for details on |get_params|. + template void BeginEvent(NetLogEventType type, - const NetLogParametersCallback& get_parameters) const; + const ParametersCallback& get_params) const { + AddEntry(type, NetLogEventPhase::BEGIN, get_params); + } void EndEvent(NetLogEventType type) const; + + // See "Materializing parameters" in net_log.h for details on |get_params|. + template void EndEvent(NetLogEventType type, - const NetLogParametersCallback& get_parameters) const; + const ParametersCallback& get_params) const { + AddEntry(type, NetLogEventPhase::END, get_params); + } void AddEvent(NetLogEventType type) const; + + // See "Materializing parameters" in net_log.h for details on |get_params|. + template void AddEvent(NetLogEventType type, - const NetLogParametersCallback& get_parameters) const; + const ParametersCallback& get_params) const { + AddEntry(type, NetLogEventPhase::NONE, get_params); + } + + void AddEventWithStringParams(NetLogEventType type, + base::StringPiece name, + base::StringPiece value) const; + + void AddEventWithIntParams(NetLogEventType type, + base::StringPiece name, + int value) const; + + void BeginEventWithIntParams(NetLogEventType type, + base::StringPiece name, + int value) const; + + void EndEventWithIntParams(NetLogEventType type, + base::StringPiece name, + int value) const; + + void AddEventWithInt64Params(NetLogEventType type, + base::StringPiece name, + int64_t value) const; + + void BeginEventWithStringParams(NetLogEventType type, + base::StringPiece name, + base::StringPiece value) const; + + void AddEventReferencingSource(NetLogEventType type, + const NetLogSource& source) const; + + void BeginEventReferencingSource(NetLogEventType type, + const NetLogSource& source) const; // Just like AddEvent, except |net_error| is a net error code. A parameter // called "net_error" with the indicated value will be recorded for the event. @@ -56,6 +108,11 @@ class NET_EXPORT NetLogWithSource { void EndEventWithNetErrorCode(NetLogEventType event_type, int net_error) const; + void AddEntryWithBoolParams(NetLogEventType type, + NetLogEventPhase phase, + base::StringPiece name, + bool value) const; + // Logs a byte transfer event to the NetLog. Determines whether to log the // received bytes or not based on the current logging level. void AddByteTransferEvent(NetLogEventType event_type, diff --git a/chromium/net/log/test_net_log.cc b/chromium/net/log/test_net_log.cc index 6814f15116a..0bb9ab11a39 100644 --- a/chromium/net/log/test_net_log.cc +++ b/chromium/net/log/test_net_log.cc @@ -14,97 +14,71 @@ namespace net { -// TestNetLog::Observer is an implementation of NetLog::ThreadSafeObserver -// that saves messages to a buffer. -class TestNetLog::Observer : public NetLog::ThreadSafeObserver { - public: - Observer() = default; - ~Observer() override = default; - - // Returns the list of all entries in the log. - void GetEntries(TestNetLogEntry::List* entry_list) const { - base::AutoLock lock(lock_); - *entry_list = entry_list_; - } - - // Fills |entry_list| with all entries in the log from the specified Source. - void GetEntriesForSource(NetLogSource source, - TestNetLogEntry::List* entry_list) const { - base::AutoLock lock(lock_); - entry_list->clear(); - for (const auto& entry : entry_list_) { - if (entry.source.id == source.id) - entry_list->push_back(entry); - } - } - - // Returns the number of entries in the log. - size_t GetSize() const { - base::AutoLock lock(lock_); - return entry_list_.size(); - } - - void Clear() { - base::AutoLock lock(lock_); - entry_list_.clear(); - } - - private: - // ThreadSafeObserver implementation: - void OnAddEntry(const NetLogEntry& entry) override { - // Using Dictionaries instead of Values makes checking values a little - // simpler. - std::unique_ptr param_dict = - base::DictionaryValue::From( - base::Value::ToUniquePtrValue(entry.ParametersToValue())); - - // Only need to acquire the lock when accessing class variables. - base::AutoLock lock(lock_); - entry_list_.push_back(TestNetLogEntry(entry.type(), base::TimeTicks::Now(), - entry.source(), entry.phase(), - std::move(param_dict))); - } - - // Needs to be "mutable" to use it in GetEntries(). - mutable base::Lock lock_; - - TestNetLogEntry::List entry_list_; - - DISALLOW_COPY_AND_ASSIGN(Observer); -}; - -TestNetLog::TestNetLog() : observer_(new Observer()) { - AddObserver(observer_.get(), - NetLogCaptureMode::IncludeCookiesAndCredentials()); +TestNetLog::TestNetLog() { + AddObserver(this, NetLogCaptureMode::kIncludeSensitive); } TestNetLog::~TestNetLog() { - RemoveObserver(observer_.get()); + RemoveObserver(this); } -void TestNetLog::SetCaptureMode(NetLogCaptureMode capture_mode) { - SetObserverCaptureMode(observer_.get(), capture_mode); +std::vector TestNetLog::GetEntries() const { + base::AutoLock lock(lock_); + std::vector result; + for (const auto& entry : entry_list_) + result.push_back(entry.Clone()); + return result; } -void TestNetLog::GetEntries(TestNetLogEntry::List* entry_list) const { - observer_->GetEntries(entry_list); +std::vector TestNetLog::GetEntriesForSource( + NetLogSource source) const { + base::AutoLock lock(lock_); + std::vector result; + for (const auto& entry : entry_list_) { + if (entry.source.id == source.id) + result.push_back(entry.Clone()); + } + return result; } -void TestNetLog::GetEntriesForSource(NetLogSource source, - TestNetLogEntry::List* entry_list) const { - observer_->GetEntriesForSource(source, entry_list); +std::vector TestNetLog::GetEntriesWithType( + NetLogEventType type) const { + base::AutoLock lock(lock_); + std::vector result; + for (const auto& entry : entry_list_) { + if (entry.type == type) + result.push_back(entry.Clone()); + } + return result; } size_t TestNetLog::GetSize() const { - return observer_->GetSize(); + base::AutoLock lock(lock_); + return entry_list_.size(); } void TestNetLog::Clear() { - observer_->Clear(); + base::AutoLock lock(lock_); + entry_list_.clear(); } -NetLog::ThreadSafeObserver* TestNetLog::GetObserver() const { - return observer_.get(); +void TestNetLog::OnAddEntry(const NetLogEntry& entry) { + base::Value params = entry.params.Clone(); + auto time = base::TimeTicks::Now(); + + // Only need to acquire the lock when accessing class variables. + base::AutoLock lock(lock_); + entry_list_.emplace_back(entry.type, entry.source, entry.phase, time, + std::move(params)); +} + +NetLog::ThreadSafeObserver* TestNetLog::GetObserver() { + return this; +} + +void TestNetLog::SetObserverCaptureMode(NetLogCaptureMode capture_mode) { + RemoveObserver(this); + AddObserver(this, capture_mode); } BoundTestNetLog::BoundTestNetLog() @@ -113,14 +87,18 @@ BoundTestNetLog::BoundTestNetLog() BoundTestNetLog::~BoundTestNetLog() = default; -void BoundTestNetLog::GetEntries(TestNetLogEntry::List* entry_list) const { - test_net_log_.GetEntries(entry_list); +std::vector BoundTestNetLog::GetEntries() const { + return test_net_log_.GetEntries(); +} + +std::vector BoundTestNetLog::GetEntriesForSource( + NetLogSource source) const { + return test_net_log_.GetEntriesForSource(source); } -void BoundTestNetLog::GetEntriesForSource( - NetLogSource source, - TestNetLogEntry::List* entry_list) const { - test_net_log_.GetEntriesForSource(source, entry_list); +std::vector BoundTestNetLog::GetEntriesWithType( + NetLogEventType type) const { + return test_net_log_.GetEntriesWithType(type); } size_t BoundTestNetLog::GetSize() const { @@ -131,8 +109,8 @@ void BoundTestNetLog::Clear() { test_net_log_.Clear(); } -void BoundTestNetLog::SetCaptureMode(NetLogCaptureMode capture_mode) { - test_net_log_.SetCaptureMode(capture_mode); +void BoundTestNetLog::SetObserverCaptureMode(NetLogCaptureMode capture_mode) { + test_net_log_.SetObserverCaptureMode(capture_mode); } } // namespace net diff --git a/chromium/net/log/test_net_log.h b/chromium/net/log/test_net_log.h index f7aff174e6b..96ba8eaa9be 100644 --- a/chromium/net/log/test_net_log.h +++ b/chromium/net/log/test_net_log.h @@ -14,40 +14,50 @@ #include "base/macros.h" #include "net/log/net_log.h" #include "net/log/net_log_with_source.h" -#include "net/log/test_net_log_entry.h" namespace net { -class NetLogCaptureMode; struct NetLogSource; -// TestNetLog is NetLog subclass which records all NetLog events that occur and -// their parameters. It is intended for testing only, and is part of the -// net_test_support project. -class TestNetLog : public NetLog { +// NetLog subclass that attaches a single observer (this) to record NetLog +// events and their parameters into an in-memory buffer. The NetLog is observed +// at kSensitive level by default, however can be changed with +// SetObserverCaptureMode(). +// +// This class is for testing only. +class TestNetLog : public NetLog, public NetLog::ThreadSafeObserver { public: TestNetLog(); ~TestNetLog() override; - void SetCaptureMode(NetLogCaptureMode capture_mode); + void SetObserverCaptureMode(NetLogCaptureMode capture_mode); + + // ThreadSafeObserver implementation: + void OnAddEntry(const NetLogEntry& entry) override; + + // Returns the list of all observed NetLog entries. + std::vector GetEntries() const; + + // Returns all entries in the log from the specified Source. + std::vector GetEntriesForSource(NetLogSource source) const; - // Below methods are forwarded to test_net_log_observer_. - void GetEntries(TestNetLogEntry::List* entry_list) const; - void GetEntriesForSource(NetLogSource source, - TestNetLogEntry::List* entry_list) const; + // Returns all captured entries with the specified type. + std::vector GetEntriesWithType(NetLogEventType type) const; + + // Returns the number of entries in the log. size_t GetSize() const; + + // Clears the captured entry list. void Clear(); - // Returns a NetLog observer that will write entries to the TestNetLog's event - // store. For testing code that bypasses NetLogs and adds events directly to + // Returns the NetLog observer responsible for recording the NetLog event + // stream. For testing code that bypasses NetLogs and adds events directly to // an observer. - NetLog::ThreadSafeObserver* GetObserver() const; + NetLog::ThreadSafeObserver* GetObserver(); private: - // The underlying observer class that does all the work. - class Observer; - - std::unique_ptr observer_; + mutable base::Lock lock_; + std::vector entry_list_; DISALLOW_COPY_AND_ASSIGN(TestNetLog); }; @@ -65,20 +75,22 @@ class BoundTestNetLog { // The returned NetLogWithSource is only valid while |this| is alive. NetLogWithSource bound() const { return net_log_; } - // Fills |entry_list| with all entries in the log. - void GetEntries(TestNetLogEntry::List* entry_list) const; + // Returns all captured entries. + std::vector GetEntries() const; + + // Returns all captured entries for the specified Source. + std::vector GetEntriesForSource(NetLogSource source) const; - // Fills |entry_list| with all entries in the log from the specified Source. - void GetEntriesForSource(NetLogSource source, - TestNetLogEntry::List* entry_list) const; + // Returns all captured entries with the specified type. + std::vector GetEntriesWithType(NetLogEventType type) const; // Returns number of entries in the log. size_t GetSize() const; void Clear(); - // Sets the capture mode of the underlying TestNetLog. - void SetCaptureMode(NetLogCaptureMode capture_mode); + // Sets the observer capture mode of the underlying TestNetLog. + void SetObserverCaptureMode(NetLogCaptureMode capture_mode); private: TestNetLog test_net_log_; diff --git a/chromium/net/log/test_net_log_entry.cc b/chromium/net/log/test_net_log_entry.cc deleted file mode 100644 index d58e4d2bfd9..00000000000 --- a/chromium/net/log/test_net_log_entry.cc +++ /dev/null @@ -1,84 +0,0 @@ -// Copyright 2014 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/log/test_net_log_entry.h" - -#include - -#include "base/json/json_writer.h" -#include "base/logging.h" -#include "base/values.h" - -namespace net { - -TestNetLogEntry::TestNetLogEntry(NetLogEventType type, - const base::TimeTicks& time, - NetLogSource source, - NetLogEventPhase phase, - std::unique_ptr params) - : type(type), - time(time), - source(source), - phase(phase), - params(std::move(params)) { - // Only entries without a NetLog should have an invalid source. - CHECK(source.IsValid()); -} - -TestNetLogEntry::TestNetLogEntry(const TestNetLogEntry& entry) { - *this = entry; -} - -TestNetLogEntry::~TestNetLogEntry() = default; - -TestNetLogEntry& TestNetLogEntry::operator=(const TestNetLogEntry& entry) { - type = entry.type; - time = entry.time; - source = entry.source; - phase = entry.phase; - params.reset(entry.params ? entry.params->DeepCopy() : nullptr); - return *this; -} - -bool TestNetLogEntry::GetStringValue(const std::string& name, - std::string* value) const { - if (!params) - return false; - return params->GetString(name, value); -} - -bool TestNetLogEntry::GetIntegerValue(const std::string& name, - int* value) const { - if (!params) - return false; - return params->GetInteger(name, value); -} - -bool TestNetLogEntry::GetBooleanValue(const std::string& name, - bool* value) const { - if (!params) - return false; - return params->GetBoolean(name, value); -} - -bool TestNetLogEntry::GetListValue(const std::string& name, - base::ListValue** value) const { - if (!params) - return false; - return params->GetList(name, value); -} - -bool TestNetLogEntry::GetNetErrorCode(int* value) const { - return GetIntegerValue("net_error", value); -} - -std::string TestNetLogEntry::GetParamsJson() const { - if (!params) - return std::string(); - std::string json; - base::JSONWriter::Write(*params, &json); - return json; -} - -} // namespace net diff --git a/chromium/net/log/test_net_log_entry.h b/chromium/net/log/test_net_log_entry.h deleted file mode 100644 index 92c0c5e8736..00000000000 --- a/chromium/net/log/test_net_log_entry.h +++ /dev/null @@ -1,71 +0,0 @@ -// Copyright 2014 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_LOG_TEST_NET_LOG_ENTRY_H_ -#define NET_LOG_TEST_NET_LOG_ENTRY_H_ - -#include -#include -#include - -#include "base/time/time.h" -#include "net/log/net_log_event_type.h" -#include "net/log/net_log_source.h" - -namespace base { -class DictionaryValue; -class ListValue; -} - -namespace net { - -// TestNetLogEntry is much like NetLogEntry, except it has its own copy of all -// log data, so a list of entries can be gathered over the course of a test, and -// then inspected at the end. It is intended for testing only, and is part of -// the net_test_support project. -struct TestNetLogEntry { - // Ordered set of logged entries. - typedef std::vector List; - - TestNetLogEntry(NetLogEventType type, - const base::TimeTicks& time, - NetLogSource source, - NetLogEventPhase phase, - std::unique_ptr params); - // Copy constructor needed to store in a std::vector because of the - // scoped_ptr. - TestNetLogEntry(const TestNetLogEntry& entry); - - ~TestNetLogEntry(); - - // Equality operator needed to store in a std::vector because of the - // scoped_ptr. - TestNetLogEntry& operator=(const TestNetLogEntry& entry); - - // Attempt to retrieve an value of the specified type with the given name - // from |params|. Returns true on success, false on failure. Does not - // modify |value| on failure. - bool GetStringValue(const std::string& name, std::string* value) const; - bool GetIntegerValue(const std::string& name, int* value) const; - bool GetBooleanValue(const std::string& name, bool* value) const; - bool GetListValue(const std::string& name, base::ListValue** value) const; - - // Same as GetIntegerValue, but returns the error code associated with a - // log entry. - bool GetNetErrorCode(int* value) const; - - // Returns the parameters as a JSON string, or empty string if there are no - // parameters. - std::string GetParamsJson() const; - - NetLogEventType type; - base::TimeTicks time; - NetLogSource source; - NetLogEventPhase phase; - std::unique_ptr params; -}; - -} // namespace net - -#endif // NET_LOG_TEST_NET_LOG_ENTRY_H_ diff --git a/chromium/net/log/test_net_log_util.cc b/chromium/net/log/test_net_log_util.cc index db79aeea33c..b09dbf3a2aa 100644 --- a/chromium/net/log/test_net_log_util.cc +++ b/chromium/net/log/test_net_log_util.cc @@ -15,7 +15,7 @@ namespace { // Takes the list of entries and an offset, and returns an index into the array. // If |offset| is positive, just returns |offset|. If it's negative, it // indicates a position relative to the end of the array. -size_t GetIndex(const TestNetLogEntry::List& entries, int offset) { +size_t GetIndex(const std::vector& entries, int offset) { if (offset >= 0) return static_cast(offset); @@ -30,14 +30,14 @@ size_t GetIndex(const TestNetLogEntry::List& entries, int offset) { } // namespace ::testing::AssertionResult LogContainsEvent( - const TestNetLogEntry::List& entries, + const std::vector& entries, int offset, NetLogEventType expected_event, NetLogEventPhase expected_phase) { size_t index = GetIndex(entries, offset); if (index >= entries.size()) return ::testing::AssertionFailure() << index << " is out of bounds."; - const TestNetLogEntry& entry = entries[index]; + const NetLogEntry& entry = entries[index]; if (expected_event != entry.type) { return ::testing::AssertionFailure() << "Actual event: " << NetLog::EventTypeToString(entry.type) @@ -53,7 +53,7 @@ size_t GetIndex(const TestNetLogEntry::List& entries, int offset) { } ::testing::AssertionResult LogContainsBeginEvent( - const TestNetLogEntry::List& entries, + const std::vector& entries, int offset, NetLogEventType expected_event) { return LogContainsEvent(entries, offset, expected_event, @@ -61,7 +61,7 @@ size_t GetIndex(const TestNetLogEntry::List& entries, int offset) { } ::testing::AssertionResult LogContainsEndEvent( - const TestNetLogEntry::List& entries, + const std::vector& entries, int offset, NetLogEventType expected_event) { return LogContainsEvent(entries, offset, expected_event, @@ -69,38 +69,38 @@ size_t GetIndex(const TestNetLogEntry::List& entries, int offset) { } ::testing::AssertionResult LogContainsEntryWithType( - const TestNetLogEntry::List& entries, + const std::vector& entries, int offset, NetLogEventType type) { size_t index = GetIndex(entries, offset); if (index >= entries.size()) return ::testing::AssertionFailure() << index << " is out of bounds."; - const TestNetLogEntry& entry = entries[index]; + const NetLogEntry& entry = entries[index]; if (entry.type != type) return ::testing::AssertionFailure() << "Type does not match."; return ::testing::AssertionSuccess(); } ::testing::AssertionResult LogContainsEntryWithTypeAfter( - const TestNetLogEntry::List& entries, + const std::vector& entries, int start_offset, NetLogEventType type) { for (size_t i = GetIndex(entries, start_offset); i < entries.size(); ++i) { - const TestNetLogEntry& entry = entries[i]; + const NetLogEntry& entry = entries[i]; if (entry.type == type) return ::testing::AssertionSuccess(); } return ::testing::AssertionFailure(); } -size_t ExpectLogContainsSomewhere(const TestNetLogEntry::List& entries, +size_t ExpectLogContainsSomewhere(const std::vector& entries, size_t min_offset, NetLogEventType expected_event, NetLogEventPhase expected_phase) { size_t min_index = GetIndex(entries, min_offset); size_t i = 0; for (; i < entries.size(); ++i) { - const TestNetLogEntry& entry = entries[i]; + const NetLogEntry& entry = entries[i]; if (entry.type == expected_event && entry.phase == expected_phase) break; } @@ -109,13 +109,13 @@ size_t ExpectLogContainsSomewhere(const TestNetLogEntry::List& entries, return i; } -size_t ExpectLogContainsSomewhereAfter(const TestNetLogEntry::List& entries, +size_t ExpectLogContainsSomewhereAfter(const std::vector& entries, size_t start_offset, NetLogEventType expected_event, NetLogEventPhase expected_phase) { size_t i = GetIndex(entries, start_offset); for (; i < entries.size(); ++i) { - const TestNetLogEntry& entry = entries[i]; + const NetLogEntry& entry = entries[i]; if (entry.type == expected_event && entry.phase == expected_phase) break; } @@ -123,4 +123,88 @@ size_t ExpectLogContainsSomewhereAfter(const TestNetLogEntry::List& entries, return i; } +base::Optional GetOptionalStringValueFromParams( + const NetLogEntry& entry, + base::StringPiece name) { + if (!entry.params.is_dict()) + return base::nullopt; + + const std::string* result = entry.params.FindStringKey(name); + if (!result) + return base::nullopt; + + return *result; +} + +base::Optional GetOptionalBooleanValueFromParams(const NetLogEntry& entry, + base::StringPiece name) { + if (!entry.params.is_dict()) + return base::nullopt; + return entry.params.FindBoolKey(name); +} + +base::Optional GetOptionalIntegerValueFromParams(const NetLogEntry& entry, + base::StringPiece name) { + if (!entry.params.is_dict()) + return base::nullopt; + return entry.params.FindIntKey(name); +} + +base::Optional GetOptionalNetErrorCodeFromParams( + const NetLogEntry& entry) { + return GetOptionalIntegerValueFromParams(entry, "net_error"); +} + +std::string GetStringValueFromParams(const NetLogEntry& entry, + base::StringPiece name) { + auto result = GetOptionalStringValueFromParams(entry, name); + if (!result) { + ADD_FAILURE() << "No string parameter " << name; + return ""; + } + return *result; +} + +int GetIntegerValueFromParams(const NetLogEntry& entry, + base::StringPiece name) { + auto result = GetOptionalIntegerValueFromParams(entry, name); + if (!result) { + ADD_FAILURE() << "No int parameter " << name; + return -1; + } + return *result; +} + +bool GetBooleanValueFromParams(const NetLogEntry& entry, + base::StringPiece name) { + auto result = GetOptionalBooleanValueFromParams(entry, name); + if (!result) { + ADD_FAILURE() << "No bool parameter " << name; + return -1; + } + return *result; +} + +int GetNetErrorCodeFromParams(const NetLogEntry& entry) { + auto result = GetOptionalNetErrorCodeFromParams(entry); + if (!result) { + ADD_FAILURE() << "No net_error parameter"; + return -1; + } + return *result; +} + +bool GetListValueFromParams(const NetLogEntry& entry, + base::StringPiece name, + const base::ListValue** value) { + if (!entry.params.is_dict()) + return false; + + const base::Value* list = entry.params.FindListKey(name); + if (!list) + return false; + + return list->GetAsList(value); +} + } // namespace net diff --git a/chromium/net/log/test_net_log_util.h b/chromium/net/log/test_net_log_util.h index 4863c46ac44..e3d1e32882a 100644 --- a/chromium/net/log/test_net_log_util.h +++ b/chromium/net/log/test_net_log_util.h @@ -7,18 +7,24 @@ #include +#include "base/optional.h" #include "net/log/net_log_event_type.h" -#include "net/log/test_net_log_entry.h" #include "testing/gtest/include/gtest/gtest.h" +namespace base { +class ListValue; +} + namespace net { +struct NetLogEntry; + // Checks that the element of |entries| at |offset| has the provided values. // A negative |offset| indicates a position relative to the end of |entries|. // Checks to make sure |offset| is within bounds, and fails gracefully if it // isn't. ::testing::AssertionResult LogContainsEvent( - const TestNetLogEntry::List& entries, + const std::vector& entries, int offset, NetLogEventType expected_event, NetLogEventPhase expected_phase); @@ -26,19 +32,19 @@ namespace net { // Just like LogContainsEvent, but always checks for an EventPhase of // PHASE_BEGIN. ::testing::AssertionResult LogContainsBeginEvent( - const TestNetLogEntry::List& entries, + const std::vector& entries, int offset, NetLogEventType expected_event); // Just like LogContainsEvent, but always checks for an EventPhase of PHASE_END. ::testing::AssertionResult LogContainsEndEvent( - const TestNetLogEntry::List& entries, + const std::vector& entries, int offset, NetLogEventType expected_event); // Just like LogContainsEvent, but does not check phase. ::testing::AssertionResult LogContainsEntryWithType( - const TestNetLogEntry::List& entries, + const std::vector& entries, int offset, NetLogEventType type); @@ -46,14 +52,14 @@ namespace net { // after. It is not a failure if there's an earlier matching entry. Negative // offsets are relative to the end of the array. ::testing::AssertionResult LogContainsEntryWithTypeAfter( - const TestNetLogEntry::List& entries, + const std::vector& entries, int start_offset, NetLogEventType type); // Check if the first entry with the specified values is at |start_offset| or // after. It is a failure if there's an earlier matching entry. Negative // offsets are relative to the end of the array. -size_t ExpectLogContainsSomewhere(const TestNetLogEntry::List& entries, +size_t ExpectLogContainsSomewhere(const std::vector& entries, size_t min_offset, NetLogEventType expected_event, NetLogEventPhase expected_phase); @@ -61,11 +67,36 @@ size_t ExpectLogContainsSomewhere(const TestNetLogEntry::List& entries, // Check if the log contains an entry with the given values at |start_offset| // or after. It is not a failure if there's an earlier matching entry. // Negative offsets are relative to the end of the array. -size_t ExpectLogContainsSomewhereAfter(const TestNetLogEntry::List& entries, +size_t ExpectLogContainsSomewhereAfter(const std::vector& entries, size_t start_offset, NetLogEventType expected_event, NetLogEventPhase expected_phase); +// The following methods return a parameter of the given name and type, or +// nullopt if there is none. +base::Optional GetOptionalStringValueFromParams( + const NetLogEntry& entry, + base::StringPiece name); +base::Optional GetOptionalBooleanValueFromParams(const NetLogEntry& entry, + base::StringPiece name); +base::Optional GetOptionalIntegerValueFromParams(const NetLogEntry& entry, + base::StringPiece name); +base::Optional GetOptionalNetErrorCodeFromParams(const NetLogEntry& entry); + +// Same as the *Optional* versions above, except will add a Gtest failure if the +// value was not present, and then return some default. +std::string GetStringValueFromParams(const NetLogEntry& entry, + base::StringPiece name); +int GetIntegerValueFromParams(const NetLogEntry& entry, base::StringPiece name); +bool GetBooleanValueFromParams(const NetLogEntry& entry, + base::StringPiece name); +int GetNetErrorCodeFromParams(const NetLogEntry& entry); + +// TODO(eroman): Remove use of base::ListValue. +bool GetListValueFromParams(const NetLogEntry& entry, + base::StringPiece name, + const base::ListValue** value); + } // namespace net #endif // NET_LOG_TEST_NET_LOG_UTIL_H_ diff --git a/chromium/net/log/trace_net_log_observer.cc b/chromium/net/log/trace_net_log_observer.cc index a6ecb034581..c549edb1b7a 100644 --- a/chromium/net/log/trace_net_log_observer.cc +++ b/chromium/net/log/trace_net_log_observer.cc @@ -47,8 +47,7 @@ class TracedValue : public base::trace_event::ConvertableToTraceFormat { } // namespace -TraceNetLogObserver::TraceNetLogObserver() - : net_log_to_watch_(nullptr), weak_factory_(this) {} +TraceNetLogObserver::TraceNetLogObserver() : net_log_to_watch_(nullptr) {} TraceNetLogObserver::~TraceNetLogObserver() { DCHECK(!net_log_to_watch_); @@ -56,29 +55,29 @@ TraceNetLogObserver::~TraceNetLogObserver() { } void TraceNetLogObserver::OnAddEntry(const NetLogEntry& entry) { - base::Value params(entry.ParametersToValue()); - switch (entry.phase()) { + base::Value params = entry.params.Clone(); + switch (entry.phase) { case NetLogEventPhase::BEGIN: TRACE_EVENT_NESTABLE_ASYNC_BEGIN2( - kNetLogTracingCategory, NetLog::EventTypeToString(entry.type()), - entry.source().id, "source_type", - NetLog::SourceTypeToString(entry.source().type), "params", + kNetLogTracingCategory, NetLog::EventTypeToString(entry.type), + entry.source.id, "source_type", + NetLog::SourceTypeToString(entry.source.type), "params", std::unique_ptr( new TracedValue(std::move(params)))); break; case NetLogEventPhase::END: TRACE_EVENT_NESTABLE_ASYNC_END2( - kNetLogTracingCategory, NetLog::EventTypeToString(entry.type()), - entry.source().id, "source_type", - NetLog::SourceTypeToString(entry.source().type), "params", + kNetLogTracingCategory, NetLog::EventTypeToString(entry.type), + entry.source.id, "source_type", + NetLog::SourceTypeToString(entry.source.type), "params", std::unique_ptr( new TracedValue(std::move(params)))); break; case NetLogEventPhase::NONE: TRACE_EVENT_NESTABLE_ASYNC_INSTANT2( - kNetLogTracingCategory, NetLog::EventTypeToString(entry.type()), - entry.source().id, "source_type", - NetLog::SourceTypeToString(entry.source().type), "params", + kNetLogTracingCategory, NetLog::EventTypeToString(entry.type), + entry.source.id, "source_type", + NetLog::SourceTypeToString(entry.source.type), "params", std::unique_ptr( new TracedValue(std::move(params)))); break; @@ -117,7 +116,7 @@ void TraceNetLogObserver::OnTraceLogEnabled() { if (!enabled) return; - net_log_to_watch_->AddObserver(this, NetLogCaptureMode::Default()); + net_log_to_watch_->AddObserver(this, NetLogCaptureMode::kDefault); } void TraceNetLogObserver::OnTraceLogDisabled() { diff --git a/chromium/net/log/trace_net_log_observer.h b/chromium/net/log/trace_net_log_observer.h index 0d7d8567ec7..eea49c8a99a 100644 --- a/chromium/net/log/trace_net_log_observer.h +++ b/chromium/net/log/trace_net_log_observer.h @@ -41,7 +41,7 @@ class NET_EXPORT TraceNetLogObserver private: NetLog* net_log_to_watch_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(TraceNetLogObserver); }; diff --git a/chromium/net/log/trace_net_log_observer_unittest.cc b/chromium/net/log/trace_net_log_observer_unittest.cc index 3d188e0659f..19ac0cf2220 100644 --- a/chromium/net/log/trace_net_log_observer_unittest.cc +++ b/chromium/net/log/trace_net_log_observer_unittest.cc @@ -22,11 +22,9 @@ #include "base/trace_event/trace_event_impl.h" #include "base/values.h" #include "net/log/net_log_event_type.h" -#include "net/log/net_log_parameters_callback.h" #include "net/log/net_log_source_type.h" #include "net/log/net_log_with_source.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/test/test_with_scoped_task_environment.h" #include "testing/gtest/include/gtest/gtest.h" @@ -205,8 +203,7 @@ TEST_F(TraceNetLogObserverTest, TracingDisabledDuringOnAddEntry) { } TEST_F(TraceNetLogObserverTest, TraceEventCaptured) { - TestNetLogEntry::List entries; - net_log()->GetEntries(&entries); + auto entries = net_log()->GetEntries(); EXPECT_TRUE(entries.empty()); trace_net_log_observer()->WatchForTraceStart(net_log()); @@ -217,7 +214,7 @@ TEST_F(TraceNetLogObserverTest, TraceEventCaptured) { net_log_with_source.BeginEvent(NetLogEventType::URL_REQUEST_START_JOB); net_log_with_source.EndEvent(NetLogEventType::REQUEST_ALIVE); - net_log()->GetEntries(&entries); + entries = net_log()->GetEntries(); EXPECT_EQ(3u, entries.size()); EndTraceAndFlush(); trace_net_log_observer()->StopWatchForTraceStart(); @@ -272,8 +269,7 @@ TEST_F(TraceNetLogObserverTest, EnableAndDisableTracing) { EndTraceAndFlush(); trace_net_log_observer()->StopWatchForTraceStart(); - TestNetLogEntry::List entries; - net_log()->GetEntries(&entries); + auto entries = net_log()->GetEntries(); EXPECT_EQ(3u, entries.size()); EXPECT_EQ(2u, trace_events()->GetSize()); const base::DictionaryValue* item1 = nullptr; @@ -312,8 +308,7 @@ TEST_F(TraceNetLogObserverTest, DestroyObserverWhileTracing) { EndTraceAndFlush(); - TestNetLogEntry::List entries; - net_log()->GetEntries(&entries); + auto entries = net_log()->GetEntries(); EXPECT_EQ(2u, entries.size()); EXPECT_EQ(1u, trace_events()->GetSize()); @@ -341,8 +336,7 @@ TEST_F(TraceNetLogObserverTest, DestroyObserverWhileNotTracing) { EndTraceAndFlush(); - TestNetLogEntry::List entries; - net_log()->GetEntries(&entries); + auto entries = net_log()->GetEntries(); EXPECT_EQ(3u, entries.size()); EXPECT_EQ(0u, trace_events()->GetSize()); } @@ -359,8 +353,7 @@ TEST_F(TraceNetLogObserverTest, CreateObserverAfterTracingStarts) { EndTraceAndFlush(); - TestNetLogEntry::List entries; - net_log()->GetEntries(&entries); + auto entries = net_log()->GetEntries(); EXPECT_EQ(3u, entries.size()); EXPECT_EQ(1u, trace_events()->GetSize()); } @@ -380,8 +373,7 @@ TEST_F(TraceNetLogObserverTest, EndTraceAndFlush(); - TestNetLogEntry::List entries; - net_log()->GetEntries(&entries); + auto entries = net_log()->GetEntries(); EXPECT_EQ(3u, entries.size()); EXPECT_EQ(0u, trace_events()->GetSize()); } @@ -389,18 +381,15 @@ TEST_F(TraceNetLogObserverTest, TEST_F(TraceNetLogObserverTest, EventsWithAndWithoutParameters) { trace_net_log_observer()->WatchForTraceStart(net_log()); EnableTraceLogWithNetLog(); - NetLogParametersCallback net_log_callback; - std::string param = "bar"; - net_log_callback = NetLog::StringCallback("foo", ¶m); - net_log()->AddGlobalEntry(NetLogEventType::CANCELLED, net_log_callback); + net_log()->AddGlobalEntryWithStringParams(NetLogEventType::CANCELLED, "foo", + "bar"); net_log()->AddGlobalEntry(NetLogEventType::REQUEST_ALIVE); EndTraceAndFlush(); trace_net_log_observer()->StopWatchForTraceStart(); - TestNetLogEntry::List entries; - net_log()->GetEntries(&entries); + auto entries = net_log()->GetEntries(); EXPECT_EQ(2u, entries.size()); EXPECT_EQ(2u, trace_events()->GetSize()); const base::DictionaryValue* item1 = nullptr; diff --git a/chromium/net/network_error_logging/OWNERS b/chromium/net/network_error_logging/OWNERS new file mode 100644 index 00000000000..7117a80a72b --- /dev/null +++ b/chromium/net/network_error_logging/OWNERS @@ -0,0 +1 @@ +chlily@chromium.org diff --git a/chromium/net/network_error_logging/network_error_logging_service.cc b/chromium/net/network_error_logging/network_error_logging_service.cc index 43c699c8be8..2f849ac056e 100644 --- a/chromium/net/network_error_logging/network_error_logging_service.cc +++ b/chromium/net/network_error_logging/network_error_logging_service.cc @@ -22,6 +22,7 @@ #include "base/values.h" #include "net/base/ip_address.h" #include "net/base/net_errors.h" +#include "net/base/registry_controlled_domains/registry_controlled_domain.h" #include "net/log/net_log.h" #include "net/reporting/reporting_service.h" #include "url/gurl.h" @@ -109,8 +110,8 @@ const struct { "tls.unrecognized_name_alert"}, // tls.failed? - {ERR_SPDY_PING_FAILED, kApplicationPhase, "h2.ping_failed"}, - {ERR_SPDY_PROTOCOL_ERROR, kConnectionPhase, "h2.protocol.error"}, + {ERR_HTTP2_PING_FAILED, kApplicationPhase, "h2.ping_failed"}, + {ERR_HTTP2_PROTOCOL_ERROR, kConnectionPhase, "h2.protocol.error"}, {ERR_QUIC_PROTOCOL_ERROR, kConnectionPhase, "h3.protocol.error"}, @@ -182,10 +183,7 @@ void RecordSignedExchangeRequestOutcome( class NetworkErrorLoggingServiceImpl : public NetworkErrorLoggingService { public: explicit NetworkErrorLoggingServiceImpl(PersistentNelStore* store) - : store_(store), - started_loading_policies_(false), - initialized_(false), - weak_factory_(this) { + : store_(store), started_loading_policies_(false), initialized_(false) { if (!PoliciesArePersisted()) initialized_ = true; } @@ -345,7 +343,7 @@ class NetworkErrorLoggingServiceImpl : public NetworkErrorLoggingService { // Backlog of tasks waiting on initialization. std::vector task_backlog_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; bool PoliciesArePersisted() const { return store_ != nullptr; } @@ -386,11 +384,20 @@ class NetworkErrorLoggingServiceImpl : public NetworkErrorLoggingService { policy.received_ip_address = received_ip_address; policy.last_used = header_received_time; HeaderOutcome outcome = ParseHeader(value, clock_->Now(), &policy); + // Disallow eTLDs from setting include_subdomains policies. + if ((outcome == HeaderOutcome::SET || outcome == HeaderOutcome::REMOVED) && + policy.include_subdomains && + registry_controlled_domains::GetRegistryLength( + policy.origin.GetURL(), + registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES, + registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES) == 0) { + outcome = HeaderOutcome::DISCARDED_INCLUDE_SUBDOMAINS_NOT_ALLOWED; + } RecordHeaderOutcome(outcome); if (outcome != HeaderOutcome::SET && outcome != HeaderOutcome::REMOVED) return; - // If a policy for |origin| already existed, remove the old poliicy. + // If a policy for |origin| already existed, remove the old policy. auto it = policies_.find(origin); if (it != policies_.end()) RemovePolicy(it); diff --git a/chromium/net/network_error_logging/network_error_logging_service.h b/chromium/net/network_error_logging/network_error_logging_service.h index 7f38335b83c..df0c4067f33 100644 --- a/chromium/net/network_error_logging/network_error_logging_service.h +++ b/chromium/net/network_error_logging/network_error_logging_service.h @@ -169,6 +169,7 @@ class NET_EXPORT NetworkErrorLoggingService { SET = 13, DISCARDED_MISSING_REMOTE_ENDPOINT = 14, + DISCARDED_INCLUDE_SUBDOMAINS_NOT_ALLOWED = 15, MAX }; diff --git a/chromium/net/network_error_logging/network_error_logging_service_unittest.cc b/chromium/net/network_error_logging/network_error_logging_service_unittest.cc index c1203fc9eae..ba7e5fef3f7 100644 --- a/chromium/net/network_error_logging/network_error_logging_service_unittest.cc +++ b/chromium/net/network_error_logging/network_error_logging_service_unittest.cc @@ -140,6 +140,7 @@ class NetworkErrorLoggingServiceTest : public ::testing::TestWithParam { const GURL kUrlDifferentPort_ = GURL("https://example.com:4433/path"); const GURL kUrlSubdomain_ = GURL("https://subdomain.example.com/path"); const GURL kUrlDifferentHost_ = GURL("https://example2.com/path"); + const GURL kUrlEtld_ = GURL("https://co.uk/foo.html"); const GURL kInnerUrl_ = GURL("https://example.net/path"); const GURL kCertUrl_ = GURL("https://example.com/cert_path"); @@ -152,6 +153,7 @@ class NetworkErrorLoggingServiceTest : public ::testing::TestWithParam { const url::Origin kOriginSubdomain_ = url::Origin::Create(kUrlSubdomain_); const url::Origin kOriginDifferentHost_ = url::Origin::Create(kUrlDifferentHost_); + const url::Origin kOriginEtld_ = url::Origin::Create(kUrlEtld_); const std::string kHeader_ = "{\"report_to\":\"group\",\"max_age\":86400}"; const std::string kHeaderSuccessFraction0_ = @@ -237,6 +239,33 @@ TEST_P(NetworkErrorLoggingServiceTest, JsonTooDeep) { EXPECT_TRUE(reports().empty()); } +TEST_P(NetworkErrorLoggingServiceTest, IncludeSubdomainsEtldRejected) { + service()->OnHeader(kOriginEtld_, kServerIP_, kHeaderIncludeSubdomains_); + + // Make the rest of the test run synchronously. + FinishLoading(true /* load_success */); + + EXPECT_EQ(0u, PolicyCount()); + + service()->OnRequest(MakeRequestDetails(kUrlEtld_, ERR_CONNECTION_REFUSED)); + + EXPECT_TRUE(reports().empty()); +} + +TEST_P(NetworkErrorLoggingServiceTest, NonIncludeSubdomainsEtldAccepted) { + service()->OnHeader(kOriginEtld_, kServerIP_, kHeader_); + + // Make the rest of the test run synchronously. + FinishLoading(true /* load_success */); + + EXPECT_EQ(1u, PolicyCount()); + + service()->OnRequest(MakeRequestDetails(kUrlEtld_, ERR_CONNECTION_REFUSED)); + + EXPECT_EQ(1u, reports().size()); + EXPECT_EQ(kUrlEtld_, reports()[0].url); +} + TEST_P(NetworkErrorLoggingServiceTest, SuccessReportQueued) { service()->OnHeader(kOrigin_, kServerIP_, kHeaderSuccessFraction1_); diff --git a/chromium/net/nqe/event_creator.cc b/chromium/net/nqe/event_creator.cc index 0161801a570..118e444fd08 100644 --- a/chromium/net/nqe/event_creator.cc +++ b/chromium/net/nqe/event_creator.cc @@ -23,12 +23,11 @@ namespace internal { namespace { -base::Value NetworkQualityChangedNetLogCallback( +base::Value NetworkQualityChangedNetLogParams( base::TimeDelta http_rtt, base::TimeDelta transport_rtt, int32_t downstream_throughput_kbps, - EffectiveConnectionType effective_connection_type, - NetLogCaptureMode capture_mode) { + EffectiveConnectionType effective_connection_type) { base::DictionaryValue dict; dict.SetInteger("http_rtt_ms", http_rtt.InMilliseconds()); dict.SetInteger("transport_rtt_ms", transport_rtt.InMilliseconds()); @@ -107,12 +106,12 @@ void EventCreator::MaybeAddNetworkQualityChangedEventToNetLog( past_effective_connection_type_ = effective_connection_type; past_network_quality_ = network_quality; - net_log_.AddEvent( - NetLogEventType::NETWORK_QUALITY_CHANGED, - base::Bind(&NetworkQualityChangedNetLogCallback, - network_quality.http_rtt(), network_quality.transport_rtt(), - network_quality.downstream_throughput_kbps(), - effective_connection_type)); + net_log_.AddEvent(NetLogEventType::NETWORK_QUALITY_CHANGED, [&] { + return NetworkQualityChangedNetLogParams( + network_quality.http_rtt(), network_quality.transport_rtt(), + network_quality.downstream_throughput_kbps(), + effective_connection_type); + }); } } // namespace internal diff --git a/chromium/net/nqe/event_creator_unittest.cc b/chromium/net/nqe/event_creator_unittest.cc index ac7a69b08b4..6bb8a49044d 100644 --- a/chromium/net/nqe/event_creator_unittest.cc +++ b/chromium/net/nqe/event_creator_unittest.cc @@ -7,7 +7,6 @@ #include "base/time/time.h" #include "net/log/net_log_with_source.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/nqe/effective_connection_type.h" #include "net/nqe/network_quality.h" #include "testing/gtest/include/gtest/gtest.h" @@ -23,15 +22,8 @@ namespace { // Returns the number of entries in |net_log| that have type set to // |NetLogEventType::NETWORK_QUALITY_CHANGED|. int GetNetworkQualityChangedEntriesCount(BoundTestNetLog* net_log) { - TestNetLogEntry::List entries; - net_log->GetEntries(&entries); - - int count = 0; - for (const auto& entry : entries) { - if (entry.type == NetLogEventType::NETWORK_QUALITY_CHANGED) - ++count; - } - return count; + return net_log->GetEntriesWithType(NetLogEventType::NETWORK_QUALITY_CHANGED) + .size(); } // Verify that the net log events are recorded correctly. diff --git a/chromium/net/nqe/network_congestion_analyzer.cc b/chromium/net/nqe/network_congestion_analyzer.cc new file mode 100644 index 00000000000..ada2a652e95 --- /dev/null +++ b/chromium/net/nqe/network_congestion_analyzer.cc @@ -0,0 +1,354 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include + +#include "base/metrics/histogram_functions.h" +#include "base/metrics/histogram_macros.h" +#include "base/strings/string_number_conversions.h" +#include "net/nqe/network_quality_estimator.h" +#include "net/url_request/url_request.h" + +namespace net { + +namespace { + +// The threshold for the observed peak queueing delay in milliseconds. +// A peak queueing delay is HIGH if it exceeds this threshold. The value is the +// 98th percentile value of the peak queueing delay observed by all requests. +static constexpr int64_t kHighQueueingDelayMsec = 5000; + +// The minimal time interval between two consecutive empty queue observations +// when the number of in-flight requests is relatively low (i.e. 2). This time +// interval is required so that a new measurement period could start. +static constexpr int64_t kMinEmptyQueueObservingTimeMsec = 1500; + +// The min and max values for the peak queueing delay level. +static constexpr size_t kQueueingDelayLevelMinVal = 1; +static constexpr size_t kQueueingDelayLevelMaxVal = 10; + +// The array of thresholds for bucketizing a peak queueing delay sample. +constexpr base::TimeDelta kQueueingDelayBucketThresholds[] = { + base::TimeDelta::FromMilliseconds(0), + base::TimeDelta::FromMilliseconds(30), + base::TimeDelta::FromMilliseconds(60), + base::TimeDelta::FromMilliseconds(120), + base::TimeDelta::FromMilliseconds(250), + base::TimeDelta::FromMilliseconds(500), + base::TimeDelta::FromMilliseconds(1000), + base::TimeDelta::FromMilliseconds(2000), + base::TimeDelta::FromMilliseconds(4000), + base::TimeDelta::FromMilliseconds(8000)}; + +// The array of thresholds for determining whether a queueing delay sample is +// low under different effective connection types (ECTs). Based on the initial +// measurement, the queueing delay shows different distributions under different +// ECTs. For example, a 300-msec queueing delay is low in a 2G connection, and +// indicates the network queue is empty. However, the delay is the 90th +// percentile value on a 4G connection, and indicates many packets are in the +// network queue. These thresholds are the 33rd percentile values from these +// delay distributions. A default value (400 msec) is used when the ECT is +// UNKNOWN or OFFLINE. +constexpr base::TimeDelta + kLowQueueingDelayThresholds[EFFECTIVE_CONNECTION_TYPE_LAST] = { + base::TimeDelta::FromMilliseconds(400), + base::TimeDelta::FromMilliseconds(400), + base::TimeDelta::FromMilliseconds(400), + base::TimeDelta::FromMilliseconds(400), + base::TimeDelta::FromMilliseconds(40), + base::TimeDelta::FromMilliseconds(15)}; + +} // namespace + +namespace nqe { + +namespace internal { + +NetworkCongestionAnalyzer::NetworkCongestionAnalyzer( + NetworkQualityEstimator* network_quality_estimator, + const base::TickClock* tick_clock) + : network_quality_estimator_(network_quality_estimator), + tick_clock_(tick_clock), + recent_active_hosts_count_(0u), + count_inflight_requests_for_peak_queueing_delay_(0u), + peak_count_inflight_requests_measurement_period_(0u) { + DCHECK(tick_clock_); + DCHECK(network_quality_estimator_); + DCHECK_EQ(kQueueingDelayLevelMaxVal, + base::size(kQueueingDelayBucketThresholds)); +} + +NetworkCongestionAnalyzer::~NetworkCongestionAnalyzer() { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); +} + +size_t NetworkCongestionAnalyzer::GetActiveHostsCount() const { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + return recent_active_hosts_count_; +} + +void NetworkCongestionAnalyzer::NotifyStartTransaction( + const URLRequest& request) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + + // Starts tracking the peak queueing delay after |request| starts. + TrackPeakQueueingDelayBegin(&request); +} + +void NetworkCongestionAnalyzer::NotifyRequestCompleted( + const URLRequest& request) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + + // Ends tracking of the peak queueing delay. + base::Optional peak_observed_delay = + TrackPeakQueueingDelayEnd(&request); + if (peak_observed_delay.has_value()) { + // Records the peak queueing delay keyed by the request priority. + base::UmaHistogramMediumTimes( + "ResourceScheduler.PeakObservedQueueingDelay.Priority" + + base::NumberToString(request.priority()), + peak_observed_delay.value()); + + // Records the peak queueing delay for all types of requests. + UMA_HISTOGRAM_MEDIUM_TIMES("ResourceScheduler.PeakObservedQueueingDelay", + peak_observed_delay.value()); + } +} + +void NetworkCongestionAnalyzer::TrackPeakQueueingDelayBegin( + const URLRequest* request) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + // Returns if |request| has already been tracked. + if (request_peak_delay_.find(request) != request_peak_delay_.end()) + return; + + request_peak_delay_[request] = base::nullopt; +} + +base::Optional +NetworkCongestionAnalyzer::TrackPeakQueueingDelayEnd( + const URLRequest* request) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + + auto request_delay = request_peak_delay_.find(request); + if (request_delay == request_peak_delay_.end()) + return base::nullopt; + + base::Optional peak_delay = request_delay->second; + request_peak_delay_.erase(request_delay); + return peak_delay; +} + +void NetworkCongestionAnalyzer::ComputeRecentQueueingDelay( + const std::map& + recent_rtt_stats, + const std::map& + historical_rtt_stats, + const int32_t downlink_kbps) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + // Updates downlink throughput if a new valid observation comes. + if (downlink_kbps != nqe::internal::INVALID_RTT_THROUGHPUT) + set_recent_downlink_throughput_kbps(downlink_kbps); + if (recent_rtt_stats.empty()) + return; + + int32_t delay_sample_sum = 0; + recent_active_hosts_count_ = 0u; + for (const auto& host_stats : recent_rtt_stats) { + nqe::internal::IPHash host = host_stats.first; + // Skip hosts that do not have historical statistics. + if (historical_rtt_stats.find(host) == historical_rtt_stats.end()) + continue; + + // Skip hosts that have one or fewer RTT samples or do not have the min + // value. They cannot provide an effective queueing delay sample. + if (historical_rtt_stats.at(host).observation_count <= 1 || + historical_rtt_stats.at(host).canonical_pcts.find(kStatVal0p) == + historical_rtt_stats.at(host).canonical_pcts.end()) + continue; + + ++recent_active_hosts_count_; + delay_sample_sum += + recent_rtt_stats.at(host).most_recent_val - + historical_rtt_stats.at(host).canonical_pcts.at(kStatVal0p); + } + + if (recent_active_hosts_count_ == 0u) + return; + + DCHECK_LT(0u, recent_active_hosts_count_); + + int32_t delay_ms = + delay_sample_sum / static_cast(recent_active_hosts_count_); + recent_queueing_delay_ = base::TimeDelta::FromMilliseconds(delay_ms); + + // Updates the peak queueing delay for all tracked in-flight requests. + for (auto& it : request_peak_delay_) { + if (it.second.has_value()) { + it.second = std::max(it.second.value(), recent_queueing_delay_); + } else { + it.second = recent_queueing_delay_; + } + } + + if (recent_downlink_per_packet_time_ms_ != base::nullopt) { + recent_queue_length_ = static_cast(delay_ms) / + recent_downlink_per_packet_time_ms_.value(); + } +} + +size_t NetworkCongestionAnalyzer::ComputePeakQueueingDelayLevel( + const base::TimeDelta& peak_queueing_delay) const { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + DCHECK_LE(base::TimeDelta(), peak_queueing_delay); + + // The range of queueing delay buckets includes all non-negative values. Thus, + // the non-negative peak queueing delay must be found in one of these buckets. + size_t level = kQueueingDelayLevelMaxVal; + while (level > kQueueingDelayLevelMinVal) { + // Stops searching if the peak queueing delay falls in the current bucket. + if (peak_queueing_delay >= kQueueingDelayBucketThresholds[level - 1]) + break; + + --level; + } + // The queueing delay level is from 1 (LOWEST) to 10 (HIGHEST). + DCHECK_LE(kQueueingDelayLevelMinVal, level); + DCHECK_GE(kQueueingDelayLevelMaxVal, level); + return level; +} + +bool NetworkCongestionAnalyzer::IsQueueingDelayLow( + const base::TimeDelta& delay) const { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + + net::EffectiveConnectionType current_ect = + network_quality_estimator_->GetEffectiveConnectionType(); + return delay <= kLowQueueingDelayThresholds[current_ect]; +} + +bool NetworkCongestionAnalyzer::ShouldStartNewMeasurement( + const base::TimeDelta& delay, + size_t count_inflight_requests) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + + // The queue is not empty if either the queueing delay is high or the number + // of in-flight requests is high. + if (!IsQueueingDelayLow(delay) || count_inflight_requests >= 3) { + observing_empty_queue_timestamp_ = base::nullopt; + return false; + } + + // Starts a new measurement period immediately if there is very few number of + // in-flight requests. + if (count_inflight_requests <= 1) { + observing_empty_queue_timestamp_ = base::nullopt; + return true; + } + + base::TimeTicks now = tick_clock_->NowTicks(); + // Requires a sufficient time interval between consecutive empty queue + // observations to claim the queue is empty. + if (observing_empty_queue_timestamp_.has_value()) { + if (now - observing_empty_queue_timestamp_.value() >= + base::TimeDelta::FromMilliseconds(kMinEmptyQueueObservingTimeMsec)) { + observing_empty_queue_timestamp_ = base::nullopt; + return true; + } + } else { + observing_empty_queue_timestamp_ = now; + } + return false; +} + +void NetworkCongestionAnalyzer::UpdatePeakDelayMapping( + const base::TimeDelta& delay, + size_t count_inflight_requests) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + + // Discards an abnormal observation. This high queueing delay is likely + // caused by retransmission packets from a previous measurement period. + if (delay >= base::TimeDelta::FromSeconds(20)) + return; + + if (ShouldStartNewMeasurement(delay, count_inflight_requests)) { + FinalizeCurrentMeasurementPeriod(); + + // Resets the tracked data for the new measurement period. + peak_queueing_delay_ = delay; + count_inflight_requests_for_peak_queueing_delay_ = count_inflight_requests; + peak_count_inflight_requests_measurement_period_ = count_inflight_requests; + } else { + // This is the logic to update the tracking data. + // First, updates the pending peak count of in-flight requests if a higher + // number of in-flight requests is observed. + // Second, updates the peak queueing delay and the peak count of inflight + // requests if a higher queueing delay is observed. The new peak queueing + // delay should be mapped to the peak count of in-flight requests that are + // observed before within this measurement period. + peak_count_inflight_requests_measurement_period_ = + std::max(peak_count_inflight_requests_measurement_period_, + count_inflight_requests); + + if (delay > peak_queueing_delay_) { + // Updates the peak queueing delay and the count of in-flight requests + // that are responsible for the delay. + peak_queueing_delay_ = delay; + count_inflight_requests_for_peak_queueing_delay_ = + peak_count_inflight_requests_measurement_period_; + } + } +} + +void NetworkCongestionAnalyzer::FinalizeCurrentMeasurementPeriod() { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + + // Does nothing if the peak count of in-flight requests is less than 3. + if (peak_count_inflight_requests_measurement_period_ < 3) + return; + + // Exports the tracked mapping data from the current measurement period. + // Updates the count of in-flight requests that would likely cause a high + // network queueing delay. + if (peak_queueing_delay_ >= + base::TimeDelta::FromMilliseconds(kHighQueueingDelayMsec)) { + count_inflight_requests_causing_high_delay_ = + count_inflight_requests_for_peak_queueing_delay_; + } + + size_t peak_queueing_delay_level = + ComputePeakQueueingDelayLevel(peak_queueing_delay_); + DCHECK_GE(kQueueingDelayLevelMaxVal, peak_queueing_delay_level); + + if (peak_queueing_delay_level >= kQueueingDelayLevelMinVal && + peak_queueing_delay_level <= kQueueingDelayLevelMaxVal) { + // Records the count of in-flight requests causing the peak queueing delay + // within the current measurement period. These samples are bucketized + // into 10 peak queueing delay levels. + base::UmaHistogramCounts100( + "NQE.CongestionAnalyzer.CountInflightRequestsForPeakQueueingDelay." + "Level" + + base::NumberToString(peak_queueing_delay_level), + count_inflight_requests_for_peak_queueing_delay_); + } +} + +void NetworkCongestionAnalyzer::set_recent_downlink_throughput_kbps( + const int32_t downlink_kbps) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + recent_downlink_throughput_kbps_ = downlink_kbps; + // Time in msec to transmit one TCP packet (1500 Bytes). + // |recent_downlink_per_packet_time_ms_| = 1500 * 8 / + // |recent_downlink_throughput_kbps_|. + recent_downlink_per_packet_time_ms_ = 12000 / downlink_kbps; +} + +} // namespace internal + +} // namespace nqe + +} // namespace net diff --git a/chromium/net/nqe/network_congestion_analyzer.h b/chromium/net/nqe/network_congestion_analyzer.h new file mode 100644 index 00000000000..3a6eecd49dd --- /dev/null +++ b/chromium/net/nqe/network_congestion_analyzer.h @@ -0,0 +1,208 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_NQE_NETWORK_CONGESTION_ANALYZER_H_ +#define NET_NQE_NETWORK_CONGESTION_ANALYZER_H_ + +#include +#include +#include + +#include "base/gtest_prod_util.h" +#include "base/macros.h" +#include "base/optional.h" +#include "base/sequence_checker.h" +#include "base/time/time.h" +#include "net/base/net_export.h" +#include "net/nqe/effective_connection_type.h" +#include "net/nqe/network_quality.h" +#include "net/nqe/network_quality_estimator_util.h" +#include "net/nqe/observation_buffer.h" +#include "net/nqe/throughput_analyzer.h" + +namespace net { + +class NetworkQualityEstimator; + +namespace nqe { + +namespace internal { + +// NetworkCongestionAnalyzer holds the network congestion information, such +// as the recent packet queue length in the mobile edge, recent queueing delay, +// recent downlink throughput. +class NET_EXPORT_PRIVATE NetworkCongestionAnalyzer { + public: + NetworkCongestionAnalyzer(NetworkQualityEstimator* network_quality_estimator, + const base::TickClock* tick_clock); + ~NetworkCongestionAnalyzer(); + + // Returns the number of hosts that are involved in the last attempt of + // computing the recent queueing delay. These hosts are recent active hosts. + size_t GetActiveHostsCount() const; + + // Notifies |this| that the headers of |request| are about to be sent. + void NotifyStartTransaction(const URLRequest& request); + + // Notifies |this| that the response body of |request| has been received. + void NotifyRequestCompleted(const URLRequest& request); + + // Computes the recent queueing delay. Records the observed queueing delay + // samples for all recent active hosts. The mean queueing delay is recorded in + // |recent_queueing_delay_|. |recent_rtt_stats| has all canonical statistic + // values of recent observations for active hosts. |historical_rtt_stats| has + // all canonical statistic values of historical observations for active hosts. + // If |downlink_kbps| is valid, updates |recent_downlink_throughput_kbps_| and + // |recent_downlink_per_packet_time_ms_| based on its value. If + // |recent_downlink_per_packet_time_ms_| has a valid value, updates + // |recent_queue_length_| as well. + void ComputeRecentQueueingDelay( + const std::map& + recent_rtt_stats, + const std::map& + historical_rtt_stats, + const int32_t downlink_kbps); + + // Updates new observations of queueing delay and count of in-flight requests + // in order to track peak queueing delay and peak count of in-flight requests. + // |delay| is a newly observed queueing delay. |count_inflight_requests| is a + // newly observed count of in-flight requests. + void UpdatePeakDelayMapping(const base::TimeDelta& delay, + size_t count_inflight_requests); + + base::Optional recent_queue_length() const { + return recent_queue_length_; + } + + base::TimeDelta recent_queueing_delay() const { + return recent_queueing_delay_; + } + + private: + FRIEND_TEST_ALL_PREFIXES(NetworkCongestionAnalyzerTest, + TestStartingNewMeasurementPeriod); + FRIEND_TEST_ALL_PREFIXES(NetworkCongestionAnalyzerTest, + TestUpdatePeakDelayMapping); + FRIEND_TEST_ALL_PREFIXES(NetworkCongestionAnalyzerTest, + TestDetectLowQueueingDelay); + FRIEND_TEST_ALL_PREFIXES(NetworkCongestionAnalyzerTest, + TestComputeQueueingDelayLevel); + + // Returns the bucketized value of the peak queueing delay (a.k.a. peak + // queueing delay level). |peak_queueing_delay| is peak queueing delay + // observation within the current measurement period. The peak queueing delay + // level is from 1 to 10. A higher value means a higher peak queueing delay. + size_t ComputePeakQueueingDelayLevel( + const base::TimeDelta& peak_queueing_delay) const; + + // Returns true if |delay| is less than the low queueing delay threshold + // corresponding to the current effective connection type (ECT). The threshold + // is the 33rd percentile value of the peak queueing delay samples. Compares + // |delay| with the default threshold if the ECT is UNKNOWN or OFFLINE. + bool IsQueueingDelayLow(const base::TimeDelta& delay) const; + + // Returns true if a new measurement period should start. A new measurement + // period should start when the observed queueing delay is small and there are + // few in-flight requests. |delay| is a new queueing delay observation. + // |count_inflight_requests| is a new observed count of in-flight requests. + bool ShouldStartNewMeasurement(const base::TimeDelta& delay, + size_t count_inflight_requests); + + // Finalizes the current peak queueing delay measurement period before a new + // measurement period starts. It exports the tracked data, such as the peak + // queueing delay and the count of in-flight requests causing the peak delay + // before they are reset. Only exports data when there are at least 3 + // concurrent requests within the current measurement period. + void FinalizeCurrentMeasurementPeriod(); + + // Starts tracking the peak queueing delay for |request|. + void TrackPeakQueueingDelayBegin(const URLRequest* request); + + // Returns the peak queueing delay observed by |request|. Also removes the + // record that belongs to |request| in the map. If the result is unavailable, + // returns nullopt. + base::Optional TrackPeakQueueingDelayEnd( + const URLRequest* request); + + // Sets the |recent_downlink_throughput_kbps_| with the estimated downlink + // throughput in kbps. Also, computes the time frame (in millisecond) to + // transmit one TCP packet (1500 Bytes) under this downlink throughput. + void set_recent_downlink_throughput_kbps(const int32_t downlink_kbps); + + base::Optional recent_downlink_throughput_kbps() const { + return recent_downlink_throughput_kbps_; + } + + base::Optional count_inflight_requests_causing_high_delay() const { + return count_inflight_requests_causing_high_delay_; + } + + // Guaranteed to be non-null during the duration of |this|. + NetworkQualityEstimator* network_quality_estimator_; + + // Guaranteed to be non-null during the lifetime of |this|. + const base::TickClock* tick_clock_; + + // Recent downstream throughput estimate. It is the median of most recent + // downstream throughput observations (in kilobits per second). + base::Optional recent_downlink_throughput_kbps_; + + // Time of transmitting one 1500-Byte TCP packet under + // |recent_downlink_throughput_kbps_|. + base::Optional recent_downlink_per_packet_time_ms_; + + // The estimate of packet queue length. Computation is done based on the last + // observed downlink throughput. + base::Optional recent_queue_length_; + + // The estimate of queueing delay induced by packet queue. + base::TimeDelta recent_queueing_delay_; + + // Mapping between URL requests to the observed queueing delay observations. + // The default value is nullopt. + typedef std::unordered_map> + RequestPeakDelay; + + // This map maintains the mapping from in-flight URL requests to the peak + // queueing delay observed by requests. + RequestPeakDelay request_peak_delay_; + + // Counts the number of hosts involved in the last attempt of computing the + // recent queueing delay. + size_t recent_active_hosts_count_; + + // The peak queueing delay that is observed within the current ongoing + // measurement period. + base::TimeDelta peak_queueing_delay_; + + // The peak number of in-flight requests that are responsible for the peak + // queueing delay within the current ongoing measurement period. These + // requests should be in-flight before the peak queueing delay is observed. + size_t count_inflight_requests_for_peak_queueing_delay_; + + // The peak number of in-flight requests during the current measurement + // period. It updates the |count_inflight_requests_for_peak_queueing_delay_| + // only if a higher queueing delay is observed later. + size_t peak_count_inflight_requests_measurement_period_; + + // Timestamp when the app started observing an empty queue. Resets to nullopt + // if the queue is unlikely to be empty or if a new measurement period starts. + base::Optional observing_empty_queue_timestamp_; + + // The count of in-flight requests that would cause a high network queueing + // delay. + base::Optional count_inflight_requests_causing_high_delay_; + + SEQUENCE_CHECKER(sequence_checker_); + + DISALLOW_COPY_AND_ASSIGN(NetworkCongestionAnalyzer); +}; + +} // namespace internal + +} // namespace nqe + +} // namespace net + +#endif // NET_NQE_NETWORK_CONGESTION_ANALYZER_H_ diff --git a/chromium/net/nqe/network_congestion_analyzer_unittest.cc b/chromium/net/nqe/network_congestion_analyzer_unittest.cc new file mode 100644 index 00000000000..8123acf76b6 --- /dev/null +++ b/chromium/net/nqe/network_congestion_analyzer_unittest.cc @@ -0,0 +1,254 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/nqe/network_congestion_analyzer.h" +#include +#include + +#include "base/macros.h" +#include "base/optional.h" +#include "base/test/simple_test_tick_clock.h" +#include "base/time/time.h" +#include "net/nqe/network_quality.h" +#include "net/nqe/network_quality_estimator_test_util.h" +#include "net/nqe/observation_buffer.h" +#include "net/test/test_with_scoped_task_environment.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace net { + +namespace nqe { + +namespace internal { + +using NetworkCongestionAnalyzerTest = TestWithScopedTaskEnvironment; + +namespace { + +constexpr float kEpsilon = 0.001f; + +// These values should remain synchronized with the values in +// net/nqe/network_congestion_analyzer.cc. +constexpr int64_t kHighQueueingDelayMsec = 5000; +constexpr int64_t kMinEmptyQueueObservingTimeMsec = 1500; +constexpr base::TimeDelta + kLowQueueingDelayThresholds[EFFECTIVE_CONNECTION_TYPE_LAST] = { + base::TimeDelta::FromMilliseconds(400), + base::TimeDelta::FromMilliseconds(400), + base::TimeDelta::FromMilliseconds(400), + base::TimeDelta::FromMilliseconds(400), + base::TimeDelta::FromMilliseconds(40), + base::TimeDelta::FromMilliseconds(15)}; + +// Verifies that the network queueing delay is computed correctly based on RTT +// and downlink throughput observations. +TEST_F(NetworkCongestionAnalyzerTest, TestComputingQueueingDelay) { + TestNetworkQualityEstimator network_quality_estimator; + base::SimpleTestTickClock tick_clock; + + NetworkCongestionAnalyzer analyzer(&network_quality_estimator, &tick_clock); + std::map recent_rtt_stats; + std::map historical_rtt_stats; + int32_t downlink_kbps = nqe::internal::INVALID_RTT_THROUGHPUT; + + // Checks that no result is updated when providing empty RTT observations and + // an invalid downlink throughput observation. + analyzer.ComputeRecentQueueingDelay(recent_rtt_stats, historical_rtt_stats, + downlink_kbps); + EXPECT_TRUE(analyzer.recent_queueing_delay().is_zero()); + + const uint64_t host_1 = 0x101010UL; + const uint64_t host_2 = 0x202020UL; + // Checks that the queueing delay is updated based on hosts with valid RTT + // observations. For example, the computation should be done by using data + // from host 1 only because host 2 does not provide a valid min RTT value. + std::map recent_stat_host_1 = {{kStatVal0p, 1100}}; + std::map historical_stat_host_1 = {{kStatVal0p, 600}}; + CanonicalStats recent_rtt_host_1 = + CanonicalStats(recent_stat_host_1, 1400, 5); + CanonicalStats historical_rtt_host_1 = + CanonicalStats(historical_stat_host_1, 1400, 15); + + std::map recent_stat_host_2 = {{kStatVal0p, 1200}}; + std::map historical_stat_host_2 = {{kStatVal50p, 1200}}; + CanonicalStats recent_rtt_host_2 = + CanonicalStats(recent_stat_host_2, 1600, 3); + CanonicalStats historical_rtt_host_2 = + CanonicalStats(historical_stat_host_2, 1600, 8); + recent_rtt_stats.emplace(host_1, recent_rtt_host_1); + recent_rtt_stats.emplace(host_2, recent_rtt_host_2); + historical_rtt_stats.emplace(host_1, historical_rtt_host_1); + historical_rtt_stats.emplace(host_2, historical_rtt_host_2); + + analyzer.ComputeRecentQueueingDelay(recent_rtt_stats, historical_rtt_stats, + downlink_kbps); + EXPECT_EQ(800, analyzer.recent_queueing_delay().InMilliseconds()); + + // Checks that the queueing delay is updated correctly based on all hosts when + // RTT observations and the throughput observation are valid. + historical_rtt_stats[host_2].canonical_pcts[kStatVal0p] = 1000; + downlink_kbps = 120; + analyzer.ComputeRecentQueueingDelay(recent_rtt_stats, historical_rtt_stats, + downlink_kbps); + EXPECT_EQ(700, analyzer.recent_queueing_delay().InMilliseconds()); + EXPECT_NEAR(7.0, analyzer.recent_queue_length().value_or(0), kEpsilon); +} + +} // namespace + +// Verifies that a measurement period starts correctly when an empty queue +// observation shows up. An empty queue observation is made when the queueing +// delay is low and the number of in-flight requests is also low. +TEST_F(NetworkCongestionAnalyzerTest, TestStartingNewMeasurementPeriod) { + TestNetworkQualityEstimator network_quality_estimator; + base::SimpleTestTickClock tick_clock; + + network_quality_estimator.set_effective_connection_type( + EFFECTIVE_CONNECTION_TYPE_2G); + NetworkCongestionAnalyzer analyzer(&network_quality_estimator, &tick_clock); + base::TimeDelta low_queueing_delay_sample = + kLowQueueingDelayThresholds[EFFECTIVE_CONNECTION_TYPE_2G]; + + // Checks that a new measurement period starts immediately if the queueing + // delay is low and the number of in-flight requests are equal or less than 1. + EXPECT_FALSE( + analyzer.ShouldStartNewMeasurement(low_queueing_delay_sample, 2)); + EXPECT_TRUE(analyzer.ShouldStartNewMeasurement(low_queueing_delay_sample, 1)); + EXPECT_TRUE(analyzer.ShouldStartNewMeasurement(low_queueing_delay_sample, 0)); + + // Checks that a new measurement period starts after waiting for a sufficient + // time interval when the number of in-flight requests is 2. + EXPECT_FALSE( + analyzer.ShouldStartNewMeasurement(low_queueing_delay_sample, 2)); + tick_clock.Advance( + base::TimeDelta::FromMilliseconds(kMinEmptyQueueObservingTimeMsec / 2)); + EXPECT_FALSE( + analyzer.ShouldStartNewMeasurement(low_queueing_delay_sample, 2)); + tick_clock.Advance( + base::TimeDelta::FromMilliseconds(kMinEmptyQueueObservingTimeMsec / 2)); + EXPECT_TRUE(analyzer.ShouldStartNewMeasurement(low_queueing_delay_sample, 2)); +} + +// Verifies that the peak queueing delay is correctly mapped to the count of +// in-flight requests that are responsible for that delay. +TEST_F(NetworkCongestionAnalyzerTest, TestUpdatePeakDelayMapping) { + TestNetworkQualityEstimator network_quality_estimator; + base::SimpleTestTickClock tick_clock; + + network_quality_estimator.set_effective_connection_type( + EFFECTIVE_CONNECTION_TYPE_2G); + NetworkCongestionAnalyzer analyzer(&network_quality_estimator, &tick_clock); + EXPECT_EQ(base::nullopt, + analyzer.count_inflight_requests_causing_high_delay()); + + // Checks that the count of in-flight requests for peak queueing delay is + // correctly recorded. + // Case #1: the peak queueing delay was observed after the max count (7) of + // in-flight requests was observed. + const size_t expected_count_requests_1 = 7; + std::vector> queueing_delay_samples_1 = { + std::make_pair(base::TimeDelta::FromMilliseconds(10), 1), + std::make_pair(base::TimeDelta::FromMilliseconds(10), 3), + std::make_pair(base::TimeDelta::FromMilliseconds(400), 5), + std::make_pair(base::TimeDelta::FromMilliseconds(800), + expected_count_requests_1), + std::make_pair(base::TimeDelta::FromMilliseconds(kHighQueueingDelayMsec), + 5), + std::make_pair(base::TimeDelta::FromMilliseconds(1000), 3), + std::make_pair(base::TimeDelta::FromMilliseconds(700), 3), + std::make_pair(base::TimeDelta::FromMilliseconds(600), 1), + std::make_pair(base::TimeDelta::FromMilliseconds(300), 0), + }; + for (const auto& sample : queueing_delay_samples_1) { + analyzer.UpdatePeakDelayMapping(sample.first, sample.second); + } + EXPECT_EQ(expected_count_requests_1, + analyzer.count_inflight_requests_causing_high_delay().value_or(0)); + + // Case #2: the peak queueing delay is observed before the max count (11) of + // in-flight requests was observed. The 8 requests should be responsible for + // the peak queueing delay. + const size_t expected_count_requests_2 = 10; + std::vector> queueing_delay_samples_2 = { + std::make_pair(base::TimeDelta::FromMilliseconds(10), 1), + std::make_pair(base::TimeDelta::FromMilliseconds(10), 3), + std::make_pair(base::TimeDelta::FromMilliseconds(400), 5), + std::make_pair(base::TimeDelta::FromMilliseconds(800), 5), + std::make_pair(base::TimeDelta::FromMilliseconds(kHighQueueingDelayMsec), + expected_count_requests_2), + std::make_pair(base::TimeDelta::FromMilliseconds(3000), 11), + std::make_pair(base::TimeDelta::FromMilliseconds(700), 3), + std::make_pair(base::TimeDelta::FromMilliseconds(600), 1), + std::make_pair(base::TimeDelta::FromMilliseconds(300), 0), + }; + for (const auto& sample : queueing_delay_samples_2) { + analyzer.UpdatePeakDelayMapping(sample.first, sample.second); + } + EXPECT_EQ(expected_count_requests_2, + analyzer.count_inflight_requests_causing_high_delay().value_or(0)); +} + +// Verifies that the network congestion analyzer can correctly determine whether +// a queueing delay sample is low or not under different effective connection +// types (ECTs). +TEST_F(NetworkCongestionAnalyzerTest, TestDetectLowQueueingDelay) { + TestNetworkQualityEstimator network_quality_estimator; + base::SimpleTestTickClock tick_clock; + NetworkCongestionAnalyzer analyzer(&network_quality_estimator, &tick_clock); + + // Checks that computations are done correctly under all different ECTs. + for (int i = 0; i != net::EFFECTIVE_CONNECTION_TYPE_LAST; ++i) { + auto type = static_cast(i); + network_quality_estimator.set_effective_connection_type(type); + base::TimeDelta low_queueing_delay = kLowQueueingDelayThresholds[type]; + + EXPECT_TRUE(analyzer.IsQueueingDelayLow(low_queueing_delay)); + EXPECT_FALSE(analyzer.IsQueueingDelayLow( + low_queueing_delay + base::TimeDelta::FromMilliseconds(1))); + } +} + +// Verifies that the network congestion analyzer can correctly bucketize the +// peak queueing delay samples, and map the peak queueing delay samples to their +// corresponding queueing delay levels from Level1 to Level10. +TEST_F(NetworkCongestionAnalyzerTest, TestComputeQueueingDelayLevel) { + TestNetworkQualityEstimator network_quality_estimator; + base::SimpleTestTickClock tick_clock; + NetworkCongestionAnalyzer analyzer(&network_quality_estimator, &tick_clock); + + std::vector> queueing_delay_level_samples = + {std::make_pair(base::TimeDelta::FromMilliseconds(0), 1), + std::make_pair(base::TimeDelta::FromMilliseconds(25), 1), + std::make_pair(base::TimeDelta::FromMilliseconds(35), 2), + std::make_pair(base::TimeDelta::FromMilliseconds(55), 2), + std::make_pair(base::TimeDelta::FromMilliseconds(65), 3), + std::make_pair(base::TimeDelta::FromMilliseconds(115), 3), + std::make_pair(base::TimeDelta::FromMilliseconds(125), 4), + std::make_pair(base::TimeDelta::FromMilliseconds(245), 4), + std::make_pair(base::TimeDelta::FromMilliseconds(255), 5), + std::make_pair(base::TimeDelta::FromMilliseconds(495), 5), + std::make_pair(base::TimeDelta::FromMilliseconds(505), 6), + std::make_pair(base::TimeDelta::FromMilliseconds(995), 6), + std::make_pair(base::TimeDelta::FromMilliseconds(1005), 7), + std::make_pair(base::TimeDelta::FromMilliseconds(1995), 7), + std::make_pair(base::TimeDelta::FromMilliseconds(2005), 8), + std::make_pair(base::TimeDelta::FromMilliseconds(3995), 8), + std::make_pair(base::TimeDelta::FromMilliseconds(4005), 9), + std::make_pair(base::TimeDelta::FromMilliseconds(7995), 9), + std::make_pair(base::TimeDelta::FromMilliseconds(8005), 10), + std::make_pair(base::TimeDelta::FromMilliseconds(20000), 10)}; + + // Checks that all queueing delay samples are correctly mapped to + // their corresponding levels. + for (const auto& sample : queueing_delay_level_samples) { + EXPECT_EQ(sample.second, + analyzer.ComputePeakQueueingDelayLevel(sample.first)); + } +} + +} // namespace internal + +} // namespace nqe + +} // namespace net \ No newline at end of file diff --git a/chromium/net/nqe/network_quality_estimator.cc b/chromium/net/nqe/network_quality_estimator.cc index 4559de2d714..8a67230db5f 100644 --- a/chromium/net/nqe/network_quality_estimator.cc +++ b/chromium/net/nqe/network_quality_estimator.cc @@ -60,7 +60,8 @@ namespace { // id concurrently. base::LazySequencedTaskRunner g_get_network_id_task_runner = LAZY_SEQUENCED_TASK_RUNNER_INITIALIZER( - base::TaskTraits(base::MayBlock(), + base::TaskTraits(base::ThreadPool(), + base::MayBlock(), base::TaskPriority::BEST_EFFORT, base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN)); #endif @@ -160,6 +161,7 @@ NetworkQualityEstimator::NetworkQualityEstimator( params_->weight_multiplier_per_signal_strength_level())}, effective_connection_type_at_last_main_frame_( EFFECTIVE_CONNECTION_TYPE_UNKNOWN), + queueing_delay_update_interval_(base::TimeDelta::FromMilliseconds(2000)), effective_connection_type_recomputation_interval_( base::TimeDelta::FromSeconds(10)), rtt_observations_size_at_last_ect_computation_(0), @@ -167,13 +169,13 @@ NetworkQualityEstimator::NetworkQualityEstimator( transport_rtt_observation_count_last_ect_computation_(0), new_rtt_observations_since_last_ect_computation_(0), new_throughput_observations_since_last_ect_computation_(0), + network_congestion_analyzer_(this, tick_clock_), effective_connection_type_(EFFECTIVE_CONNECTION_TYPE_UNKNOWN), cached_estimate_applied_(false), net_log_(NetLogWithSource::Make( net_log, net::NetLogSourceType::NETWORK_QUALITY_ESTIMATOR)), - event_creator_(net_log_), - weak_ptr_factory_(this) { + event_creator_(net_log_) { DCHECK_EQ(nqe::internal::OBSERVATION_CATEGORY_COUNT, base::size(rtt_ms_observations_)); @@ -275,6 +277,7 @@ void NetworkQualityEstimator::NotifyStartTransaction( MaybeComputeEffectiveConnectionType(); } throughput_analyzer_->NotifyStartTransaction(request); + network_congestion_analyzer_.NotifyStartTransaction(request); } bool NetworkQualityEstimator::IsHangingRequest( @@ -327,7 +330,9 @@ bool NetworkQualityEstimator::IsHangingRequest( return true; } -void NetworkQualityEstimator::NotifyHeadersReceived(const URLRequest& request) { +void NetworkQualityEstimator::NotifyHeadersReceived( + const URLRequest& request, + int64_t prefilter_total_bytes_read) { TRACE_EVENT0(NetTracingCategory(), "NetworkQualityEstimator::NotifyHeadersReceived"); DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); @@ -370,9 +375,13 @@ void NetworkQualityEstimator::NotifyHeadersReceived(const URLRequest& request) { NETWORK_QUALITY_OBSERVATION_SOURCE_HTTP); AddAndNotifyObserversOfRTT(http_rtt_observation); throughput_analyzer_->NotifyBytesRead(request); + throughput_analyzer_->NotifyExpectedResponseContentSize( + request, request.GetExpectedContentSize()); } -void NetworkQualityEstimator::NotifyBytesRead(const URLRequest& request) { +void NetworkQualityEstimator::NotifyBytesRead( + const URLRequest& request, + int64_t prefilter_total_bytes_read) { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); throughput_analyzer_->NotifyBytesRead(request); } @@ -387,6 +396,7 @@ void NetworkQualityEstimator::NotifyRequestCompleted(const URLRequest& request, return; throughput_analyzer_->NotifyRequestCompleted(request); + network_congestion_analyzer_.NotifyRequestCompleted(request); } void NetworkQualityEstimator::NotifyURLRequestDestroyed( @@ -715,6 +725,73 @@ void NetworkQualityEstimator::RecordMetricsOnMainFrameRequest() const { EFFECTIVE_CONNECTION_TYPE_LAST); } +bool NetworkQualityEstimator::ShouldComputeNetworkQueueingDelay() const { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + + const base::TimeTicks now = tick_clock_->NowTicks(); + // Recomputes the queueing delay estimate if |queueing_delay_update_interval_| + // has passed. + return (now - last_queueing_delay_computation_ >= + queueing_delay_update_interval_); +} + +void NetworkQualityEstimator::ComputeNetworkQueueingDelay() { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + + if (!ShouldComputeNetworkQueueingDelay()) + return; + + const base::TimeTicks now = tick_clock_->NowTicks(); + last_queueing_delay_computation_ = now; + // The time after which observations are considered as recent data. + const base::TimeTicks recent_start_time = + now - base::TimeDelta::FromMilliseconds(1000); + // The time after which observations are considered as historical data. + const base::TimeTicks historical_start_time = + now - base::TimeDelta::FromMilliseconds(30000); + + // Checks if a valid downlink throughput estimation is available. + int32_t downlink_kbps = 0; + if (!GetRecentDownlinkThroughputKbps(recent_start_time, &downlink_kbps)) + downlink_kbps = nqe::internal::INVALID_RTT_THROUGHPUT; + + // Gets recent RTT statistic values. + std::map + recent_rtt_stats = + rtt_ms_observations_[nqe::internal::OBSERVATION_CATEGORY_TRANSPORT] + .GetCanonicalStatsKeyedByHosts(recent_start_time, + std::set()); + + if (recent_rtt_stats.empty()) + return; + + // Gets the set of active hosts. Only computes the historical stats for recent + // active hosts. + std::set active_hosts; + for (const auto& host_stat : recent_rtt_stats) + active_hosts.insert(host_stat.first); + + std::map + historical_rtt_stats = + rtt_ms_observations_[nqe::internal::OBSERVATION_CATEGORY_TRANSPORT] + .GetCanonicalStatsKeyedByHosts(historical_start_time, + active_hosts); + + network_congestion_analyzer_.ComputeRecentQueueingDelay( + recent_rtt_stats, historical_rtt_stats, downlink_kbps); + + // Gets the total number of inflight requests including hanging GETs. The app + // cannot determine whether a request is hanging or is still in the wire. + size_t count_inflight_requests = + throughput_analyzer_->CountTotalInFlightRequests(); + + // Tracks the mapping between the peak observed queueing delay to the peak + // count of in-flight requests. + network_congestion_analyzer_.UpdatePeakDelayMapping( + network_congestion_analyzer_.recent_queueing_delay(), + count_inflight_requests); +} + void NetworkQualityEstimator::ComputeEffectiveConnectionType() { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); @@ -806,6 +883,11 @@ void NetworkQualityEstimator::ComputeEffectiveConnectionType() { new_throughput_observations_since_last_ect_computation_ = 0; } +base::Optional +NetworkQualityEstimator::GetOverrideECT() const { + return base::nullopt; +} + void NetworkQualityEstimator::ClampKbpsBasedOnEct() { // No need to clamp when ECT is unknown or if the connection speed is fast. if (effective_connection_type_ == EFFECTIVE_CONNECTION_TYPE_UNKNOWN || @@ -847,32 +929,32 @@ NetworkQualityEstimator::GetCappedECTBasedOnSignalStrength() const { if (current_network_id_.signal_strength == INT32_MIN) return effective_connection_type_; - // Capping ECT on WiFi is currently not enabled. + if (effective_connection_type_ == EFFECTIVE_CONNECTION_TYPE_UNKNOWN || + effective_connection_type_ == EFFECTIVE_CONNECTION_TYPE_OFFLINE) { + return effective_connection_type_; + } + if (current_network_id_.type == NetworkChangeNotifier::CONNECTION_WIFI) { // The maximum signal strength level is 4. UMA_HISTOGRAM_EXACT_LINEAR("NQE.WifiSignalStrength.AtECTComputation", current_network_id_.signal_strength, 4); + } else if (current_network_id_.type == NetworkChangeNotifier::CONNECTION_2G || + current_network_id_.type == NetworkChangeNotifier::CONNECTION_3G || + current_network_id_.type == NetworkChangeNotifier::CONNECTION_4G) { + // The maximum signal strength level is 4. + UMA_HISTOGRAM_EXACT_LINEAR("NQE.CellularSignalStrength.AtECTComputation", + current_network_id_.signal_strength, 4); + } else { + NOTREACHED(); return effective_connection_type_; } - if (effective_connection_type_ == EFFECTIVE_CONNECTION_TYPE_UNKNOWN || - effective_connection_type_ == EFFECTIVE_CONNECTION_TYPE_OFFLINE) { - return effective_connection_type_; - } - - // The maximum signal strength level is 4. - UMA_HISTOGRAM_EXACT_LINEAR("NQE.CellularSignalStrength.AtECTComputation", - current_network_id_.signal_strength, 4); - // Do not cap ECT if the signal strength is high. if (current_network_id_.signal_strength > 2) return effective_connection_type_; DCHECK_LE(0, current_network_id_.signal_strength); - DCHECK_LE(NetworkChangeNotifier::CONNECTION_2G, current_network_id_.type); - DCHECK_GE(NetworkChangeNotifier::CONNECTION_4G, current_network_id_.type); - // When signal strength is 0, the device is almost offline. if (current_network_id_.signal_strength == 0) { switch (current_network_id_.type) { @@ -881,6 +963,7 @@ NetworkQualityEstimator::GetCappedECTBasedOnSignalStrength() const { return std::min(effective_connection_type_, EFFECTIVE_CONNECTION_TYPE_SLOW_2G); case NetworkChangeNotifier::CONNECTION_4G: + case NetworkChangeNotifier::CONNECTION_WIFI: return std::min(effective_connection_type_, EFFECTIVE_CONNECTION_TYPE_2G); default: @@ -898,6 +981,7 @@ NetworkQualityEstimator::GetCappedECTBasedOnSignalStrength() const { return std::min(effective_connection_type_, EFFECTIVE_CONNECTION_TYPE_2G); case NetworkChangeNotifier::CONNECTION_4G: + case NetworkChangeNotifier::CONNECTION_WIFI: return std::min(effective_connection_type_, EFFECTIVE_CONNECTION_TYPE_3G); default: @@ -915,6 +999,7 @@ NetworkQualityEstimator::GetCappedECTBasedOnSignalStrength() const { return std::min(effective_connection_type_, EFFECTIVE_CONNECTION_TYPE_3G); case NetworkChangeNotifier::CONNECTION_4G: + case NetworkChangeNotifier::CONNECTION_WIFI: return std::min(effective_connection_type_, EFFECTIVE_CONNECTION_TYPE_4G); default: @@ -929,6 +1014,11 @@ NetworkQualityEstimator::GetCappedECTBasedOnSignalStrength() const { EffectiveConnectionType NetworkQualityEstimator::GetEffectiveConnectionType() const { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + + base::Optional override_ect = GetOverrideECT(); + if (override_ect) { + return override_ect.value(); + } return effective_connection_type_; } @@ -1121,6 +1211,27 @@ void NetworkQualityEstimator::RemoveEffectiveConnectionTypeObserver( effective_connection_type_observer_list_.RemoveObserver(observer); } +void NetworkQualityEstimator::AddPeerToPeerConnectionsCountObserver( + PeerToPeerConnectionsCountObserver* observer) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + DCHECK(observer); + peer_to_peer_type_observer_list_.AddObserver(observer); + + // Notify the |observer| on the next message pump since |observer| may not + // be completely set up for receiving the callbacks. + base::ThreadTaskRunnerHandle::Get()->PostTask( + FROM_HERE, + base::BindOnce(&NetworkQualityEstimator:: + NotifyPeerToPeerConnectionsCountObserverIfPresent, + weak_ptr_factory_.GetWeakPtr(), observer)); +} + +void NetworkQualityEstimator::RemovePeerToPeerConnectionsCountObserver( + PeerToPeerConnectionsCountObserver* observer) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + peer_to_peer_type_observer_list_.RemoveObserver(observer); +} + void NetworkQualityEstimator::AddRTTAndThroughputEstimatesObserver( RTTAndThroughputEstimatesObserver* observer) { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); @@ -1308,11 +1419,12 @@ void NetworkQualityEstimator::OnUpdatedTransportRTTAvailable( const base::Optional& host) { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK_LT(nqe::internal::INVALID_RTT_THROUGHPUT, rtt.InMilliseconds()); - Observation observation(rtt.InMilliseconds(), tick_clock_->NowTicks(), current_network_id_.signal_strength, ProtocolSourceToObservationSource(protocol), host); AddAndNotifyObserversOfRTT(observation); + + ComputeNetworkQueueingDelay(); } void NetworkQualityEstimator::AddAndNotifyObserversOfRTT( @@ -1488,10 +1600,12 @@ void NetworkQualityEstimator:: DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); DCHECK_NE(EFFECTIVE_CONNECTION_TYPE_LAST, effective_connection_type_); + base::Optional override_ect = GetOverrideECT(); + // TODO(tbansal): Add hysteresis in the notification. for (auto& observer : effective_connection_type_observer_list_) - observer.OnEffectiveConnectionTypeChanged(effective_connection_type_); - + observer.OnEffectiveConnectionTypeChanged( + override_ect ? override_ect.value() : effective_connection_type_); // Add the estimates of the current network to the cache store. network_quality_store_->Add(current_network_id_, nqe::internal::CachedNetworkQuality( @@ -1516,11 +1630,26 @@ void NetworkQualityEstimator::NotifyEffectiveConnectionTypeObserverIfPresent( if (!effective_connection_type_observer_list_.HasObserver(observer)) return; + + base::Optional override_ect = GetOverrideECT(); + if (override_ect) { + observer->OnEffectiveConnectionTypeChanged(override_ect.value()); + return; + } if (effective_connection_type_ == EFFECTIVE_CONNECTION_TYPE_UNKNOWN) return; observer->OnEffectiveConnectionTypeChanged(effective_connection_type_); } +void NetworkQualityEstimator::NotifyPeerToPeerConnectionsCountObserverIfPresent( + PeerToPeerConnectionsCountObserver* observer) const { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + + if (!peer_to_peer_type_observer_list_.HasObserver(observer)) + return; + observer->OnPeerToPeerConnectionsCountChange(p2p_connections_count_); +} + void NetworkQualityEstimator::NotifyRTTAndThroughputEstimatesObserverIfPresent( RTTAndThroughputEstimatesObserver* observer) const { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); @@ -1675,4 +1804,36 @@ void NetworkQualityEstimator::RecordSpdyPingLatency( AddAndNotifyObserversOfRTT(observation); } +void NetworkQualityEstimator::OnPeerToPeerConnectionsCountChange( + uint32_t count) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + + if (p2p_connections_count_ == count) + return; + + if (p2p_connections_count_ == 0 && count > 0) { + DCHECK(!p2p_connections_count_active_timestamp_); + p2p_connections_count_active_timestamp_ = tick_clock_->NowTicks(); + } + + if (p2p_connections_count_ > 0 && count == 0) { + DCHECK(p2p_connections_count_active_timestamp_); + base::TimeDelta duration = tick_clock_->NowTicks() - + p2p_connections_count_active_timestamp_.value(); + UMA_HISTOGRAM_LONG_TIMES("NQE.PeerToPeerConnectionsDuration", duration); + p2p_connections_count_active_timestamp_ = base::nullopt; + } + + p2p_connections_count_ = count; + + for (auto& observer : peer_to_peer_type_observer_list_) { + observer.OnPeerToPeerConnectionsCountChange(p2p_connections_count_); + } +} + +uint32_t NetworkQualityEstimator::GetPeerToPeerConnectionsCountChange() const { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + return p2p_connections_count_; +} + } // namespace net diff --git a/chromium/net/nqe/network_quality_estimator.h b/chromium/net/nqe/network_quality_estimator.h index bb2ca133368..b1b9cbd9227 100644 --- a/chromium/net/nqe/network_quality_estimator.h +++ b/chromium/net/nqe/network_quality_estimator.h @@ -29,6 +29,7 @@ #include "net/nqe/effective_connection_type.h" #include "net/nqe/effective_connection_type_observer.h" #include "net/nqe/event_creator.h" +#include "net/nqe/network_congestion_analyzer.h" #include "net/nqe/network_id.h" #include "net/nqe/network_quality.h" #include "net/nqe/network_quality_estimator_params.h" @@ -36,6 +37,7 @@ #include "net/nqe/network_quality_observation_source.h" #include "net/nqe/network_quality_store.h" #include "net/nqe/observation_buffer.h" +#include "net/nqe/peer_to_peer_connections_count_observer.h" #include "net/nqe/rtt_throughput_estimates_observer.h" #include "net/nqe/socket_watcher_factory.h" @@ -50,8 +52,8 @@ class NetLog; namespace nqe { namespace internal { class ThroughputAnalyzer; -} -} +} // namespace internal +} // namespace nqe class URLRequest; @@ -135,6 +137,16 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator void RemoveEffectiveConnectionTypeObserver( EffectiveConnectionTypeObserver* observer); + // Adds/Removes |observer| from the list of peer to peer connections count + // observers. The observer must register and unregister itself on the same + // thread. |observer| would be notified on the thread on which it registered. + // |observer| would be notified of the current count of peer to peer + // connections in the next message pump. + void AddPeerToPeerConnectionsCountObserver( + PeerToPeerConnectionsCountObserver* observer); + void RemovePeerToPeerConnectionsCountObserver( + PeerToPeerConnectionsCountObserver* observer); + // Returns the current HTTP RTT estimate. If the estimate is unavailable, // the returned optional value is null. The RTT at the HTTP layer measures the // time from when the request was sent (this happens after the connection is @@ -167,12 +179,16 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator RTTAndThroughputEstimatesObserver* observer); // Notifies NetworkQualityEstimator that the response header of |request| has - // been received. - void NotifyHeadersReceived(const URLRequest& request); + // been received. Reports the total prefilter network bytes that have been + // read for the response of |request|. + void NotifyHeadersReceived(const URLRequest& request, + int64_t prefilter_total_bytes_read); // Notifies NetworkQualityEstimator that unfiltered bytes have been read for - // |request|. - void NotifyBytesRead(const URLRequest& request); + // |request|. Reports the total prefilter network bytes that have been read + // for the response of |request|. + void NotifyBytesRead(const URLRequest& request, + int64_t prefilter_total_bytes_read); // Notifies NetworkQualityEstimator that the headers of |request| are about to // be sent. @@ -264,6 +280,13 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator virtual void RecordSpdyPingLatency(const HostPortPair& host_port_pair, base::TimeDelta rtt); + // Sets the current count of media connections that require low latency. + void OnPeerToPeerConnectionsCountChange(uint32_t count); + + // Returns the current count of peer to peer connections that may require low + // latency. + uint32_t GetPeerToPeerConnectionsCountChange() const; + typedef nqe::internal::Observation Observation; typedef nqe::internal::ObservationBuffer ObservationBuffer; @@ -374,10 +397,20 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator // the signal quality. virtual int32_t GetCurrentSignalStrength() const; + // Computes the recent network queueing delay. It updates the recent + // per-packet queueing delay introduced by the packet queue in the mobile + // edge. Also, it tracks the recent downlink throughput and computes the + // packet queue length. Results are kept in |network_congestion_analyzer_|. + void ComputeNetworkQueueingDelay(); + // Forces computation of effective connection type, and notifies observers // if there is a change in its value. void ComputeEffectiveConnectionType(); + // Returns a non-null value if the value of the effective connection type has + // been overridden for testing. + virtual base::Optional GetOverrideECT() const; + // Observer list for RTT or throughput estimates. Protected for testing. base::ObserverList::Unchecked rtt_and_throughput_estimates_observer_list_; @@ -386,12 +419,19 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator base::ObserverList::Unchecked effective_connection_type_observer_list_; + // Observer list for changes in peer to peer connections count. + base::ObserverList::Unchecked + peer_to_peer_type_observer_list_; + // Params to configure the network quality estimator. const std::unique_ptr params_; // Number of end to end RTT samples available when the ECT was last computed. size_t end_to_end_rtt_observation_count_at_last_ect_computation_; + // Current count of active peer to peer connections. + uint32_t p2p_connections_count_ = 0u; + private: FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest, AdaptiveRecomputationEffectiveConnectionType); @@ -413,6 +453,8 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator ObservationDiscardedIfCachedEstimateAvailable); FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest, TestRttThroughputObservers); + FRIEND_TEST_ALL_PREFIXES(NetworkQualityEstimatorTest, + TestComputingNetworkQueueingDelay); // Returns the RTT value to be used when the valid RTT is unavailable. Readers // should discard RTT if it is set to the value returned by |InvalidRTT()|. @@ -441,6 +483,9 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator // Returns true only if the |request| can be used for RTT estimation. bool RequestProvidesRTTObservation(const URLRequest& request) const; + // Returns true if the network queueing delay should be evaluated. + bool ShouldComputeNetworkQueueingDelay() const; + // Returns true if ECT should be recomputed. bool ShouldComputeEffectiveConnectionType() const; @@ -456,6 +501,10 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator void NotifyEffectiveConnectionTypeObserverIfPresent( EffectiveConnectionTypeObserver* observer) const; + // Notifies |observer| of the current count of peer to peer connections. + void NotifyPeerToPeerConnectionsCountObserverIfPresent( + PeerToPeerConnectionsCountObserver* observer) const; + // Records NQE accuracy metrics. |measuring_duration| should belong to the // vector returned by AccuracyRecordingIntervals(). // RecordAccuracyAfterMainFrame should be called |measuring_duration| after a @@ -531,6 +580,11 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator // type. void ClampKbpsBasedOnEct(); + // Earliest timestamp since when there is at least one active peer to peer + // connection count. Set to current timestamp when |p2p_connections_count_| + // changes from 0 to 1. Reset to null when |p2p_connections_count_| becomes 0. + base::Optional p2p_connections_count_active_timestamp_; + // Determines if the requests to local host can be used in estimating the // network quality. Set to true only for tests. bool use_localhost_requests_; @@ -581,6 +635,13 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator // estimating the throughput. std::unique_ptr throughput_analyzer_; + // Minimum duration between two consecutive attampts of computing the network + // queueing delay. + const base::TimeDelta queueing_delay_update_interval_; + + // Time when the computation of network queueing delay was last attempted. + base::TimeTicks last_queueing_delay_computation_; + // Minimum duration between two consecutive computations of effective // connection type. Set to non-zero value as a performance optimization. const base::TimeDelta effective_connection_type_recomputation_interval_; @@ -608,6 +669,10 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator nqe::internal::NetworkQuality network_quality_; base::Optional end_to_end_rtt_; + // Recent network congestion status cache. It has methods to update + // information related to network congestion. + nqe::internal::NetworkCongestionAnalyzer network_congestion_analyzer_; + // Current effective connection type. It is updated on connection change // events. It is also updated every time there is network traffic (provided // the last computation was more than @@ -641,7 +706,7 @@ class NET_EXPORT_PRIVATE NetworkQualityEstimator bool get_network_id_asynchronously_ = false; #endif - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(NetworkQualityEstimator); }; diff --git a/chromium/net/nqe/network_quality_estimator_test_util.cc b/chromium/net/nqe/network_quality_estimator_test_util.cc index 4ee7b4fbc0f..86d571d5be0 100644 --- a/chromium/net/nqe/network_quality_estimator_test_util.cc +++ b/chromium/net/nqe/network_quality_estimator_test_util.cc @@ -8,7 +8,7 @@ #include "base/run_loop.h" #include "net/base/load_flags.h" #include "net/log/net_log_with_source.h" -#include "net/log/test_net_log_entry.h" +#include "net/log/test_net_log_util.h" #include "net/nqe/network_quality_estimator_params.h" #include "net/test/embedded_test_server/http_response.h" #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" @@ -255,47 +255,37 @@ base::TimeDelta TestNetworkQualityEstimator::GetRTTEstimateInternal( } int TestNetworkQualityEstimator::GetEntriesCount(NetLogEventType type) const { - TestNetLogEntry::List entries; - net_log_->GetEntries(&entries); - - int count = 0; - for (const auto& entry : entries) { - if (entry.type == type) - ++count; - } - return count; + return net_log_->GetEntriesWithType(type).size(); } std::string TestNetworkQualityEstimator::GetNetLogLastStringValue( NetLogEventType type, const std::string& key) const { - std::string return_value; - TestNetLogEntry::List entries; - net_log_->GetEntries(&entries); + auto entries = net_log_->GetEntries(); for (int i = entries.size() - 1; i >= 0; --i) { - if (entries[i].type == type && - entries[i].GetStringValue(key, &return_value)) { - return return_value; + if (entries[i].type == type) { + auto value = GetOptionalStringValueFromParams(entries[i], key); + if (value) + return *value; } } - return return_value; + return std::string(); } int TestNetworkQualityEstimator::GetNetLogLastIntegerValue( NetLogEventType type, const std::string& key) const { - int return_value = 0; - TestNetLogEntry::List entries; - net_log_->GetEntries(&entries); + auto entries = net_log_->GetEntries(); for (int i = entries.size() - 1; i >= 0; --i) { - if (entries[i].type == type && - entries[i].GetIntegerValue(key, &return_value)) { - return return_value; + if (entries[i].type == type) { + auto value = GetOptionalIntegerValueFromParams(entries[i], key); + if (value) + return *value; } } - return return_value; + return 0; } void TestNetworkQualityEstimator:: @@ -316,6 +306,18 @@ void TestNetworkQualityEstimator:: observer.OnEffectiveConnectionTypeChanged(type); } +base::Optional +TestNetworkQualityEstimator::GetOverrideECT() const { + return effective_connection_type_; +} + +void TestNetworkQualityEstimator:: + SetAndNotifyObserversOfP2PActiveConnectionsCountChange(uint32_t count) { + p2p_connections_count_ = count; + for (auto& observer : peer_to_peer_type_observer_list_) + observer.OnPeerToPeerConnectionsCountChange(count); +} + void TestNetworkQualityEstimator::RecordSpdyPingLatency( const HostPortPair& host_port_pair, base::TimeDelta rtt) { diff --git a/chromium/net/nqe/network_quality_estimator_test_util.h b/chromium/net/nqe/network_quality_estimator_test_util.h index 5786f91840f..09568baf6df 100644 --- a/chromium/net/nqe/network_quality_estimator_test_util.h +++ b/chromium/net/nqe/network_quality_estimator_test_util.h @@ -209,6 +209,11 @@ class TestNetworkQualityEstimator : public NetworkQualityEstimator { void SetAndNotifyObserversOfEffectiveConnectionType( EffectiveConnectionType type); + // Updates the count of active P2P connections to |count| and notifies the + // registered observers that the active P2P connection counts has changed to + // |count|. + void SetAndNotifyObserversOfP2PActiveConnectionsCountChange(uint32_t count); + void SetTransportRTTAtastECTSampleCount(size_t count) { transport_rtt_observation_count_last_ect_computation_ = count; } @@ -245,6 +250,8 @@ class TestNetworkQualityEstimator : public NetworkQualityEstimator { nqe::internal::NetworkID GetCurrentNetworkID() const override; int32_t GetCurrentSignalStrength() const override; + base::Optional GetOverrideECT() const override; + // Net log provided to network quality estimator. std::unique_ptr net_log_; diff --git a/chromium/net/nqe/network_quality_estimator_unittest.cc b/chromium/net/nqe/network_quality_estimator_unittest.cc index 168c42575db..3caaffd0dfb 100644 --- a/chromium/net/nqe/network_quality_estimator_unittest.cc +++ b/chromium/net/nqe/network_quality_estimator_unittest.cc @@ -89,6 +89,20 @@ class TestEffectiveConnectionTypeObserver std::vector effective_connection_types_; }; +class TestPeerToPeerConnectionsCountObserver + : public PeerToPeerConnectionsCountObserver { + public: + uint32_t count() { return count_; } + + private: + // PeerToPeerConnectionsCountObserver: + void OnPeerToPeerConnectionsCountChange(uint32_t count) override { + count_ = count; + } + + uint32_t count_ = 0u; +}; + class TestRTTAndThroughputEstimatesObserver : public RTTAndThroughputEstimatesObserver { public: @@ -188,6 +202,7 @@ class TestThroughputObserver } // namespace +constexpr float kEpsilon = 0.001f; using NetworkQualityEstimatorTest = TestWithScopedTaskEnvironment; TEST_F(NetworkQualityEstimatorTest, TestKbpsRTTUpdates) { @@ -551,6 +566,88 @@ TEST_F(NetworkQualityEstimatorTest, CachingDisabled) { EXPECT_EQ(0U, throughput_observer.observations().size()); } +// Tests that the network queueing delay is updated correctly. +TEST_F(NetworkQualityEstimatorTest, TestComputingNetworkQueueingDelay) { + base::SimpleTestTickClock tick_clock; + std::map variation_params; + variation_params["add_default_platform_observations"] = "false"; + TestNetworkQualityEstimator estimator(variation_params); + estimator.SetTickClockForTesting(&tick_clock); + + // Adds historical and recent RTT observations. Active hosts are + // 0x101010-0x303030. Host 0x404040 did not receive any transport RTT sample + // recently. Host 0x505050 did not have enough RTT samples. + tick_clock.Advance(base::TimeDelta::FromMilliseconds(1000)); + const base::TimeTicks history = tick_clock.NowTicks(); + + std::map historical_rtts = { + {0x101010UL, base::TimeDelta::FromMilliseconds(600)}, + {0x202020UL, base::TimeDelta::FromMilliseconds(1000)}, + {0x303030UL, base::TimeDelta::FromMilliseconds(1400)}, + {0x303030UL, base::TimeDelta::FromMilliseconds(1600)}, + {0x303030UL, base::TimeDelta::FromMilliseconds(1800)}, + {0x404040UL, base::TimeDelta::FromMilliseconds(3000)}}; + for (const auto& host_rtt : historical_rtts) { + const uint64_t host = host_rtt.first; + NetworkQualityEstimator::Observation historical_rtt( + historical_rtts[host].InMilliseconds(), history, INT32_MIN, + NETWORK_QUALITY_OBSERVATION_SOURCE_TCP, host); + estimator.AddAndNotifyObserversOfRTT(historical_rtt); + } + + // Sets the start time of the current window for computing queueing delay. + tick_clock.Advance(base::TimeDelta::FromMilliseconds(28000)); + const base::TimeTicks window_start_time = tick_clock.NowTicks(); + estimator.last_queueing_delay_computation_ = window_start_time; + + tick_clock.Advance(base::TimeDelta::FromMilliseconds(1000)); + const base::TimeTicks recent = tick_clock.NowTicks(); + + std::map recent_rtts = { + {0x101010UL, base::TimeDelta::FromMilliseconds(1500)}, + {0x202020UL, base::TimeDelta::FromMilliseconds(2000)}, + {0x303030UL, base::TimeDelta::FromMilliseconds(2500)}, + {0x505050UL, base::TimeDelta::FromMilliseconds(2000)}}; + for (const auto& host_rtt : recent_rtts) { + const uint64_t host = host_rtt.first; + NetworkQualityEstimator::Observation recent_rtt( + recent_rtts[host].InMilliseconds(), recent, INT32_MIN, + NETWORK_QUALITY_OBSERVATION_SOURCE_TCP, host); + estimator.AddAndNotifyObserversOfRTT(recent_rtt); + } + + // Checks that the queueing delay should not be updated because the last + // computation was done within the last 2 seconds. + EXPECT_FALSE(estimator.ShouldComputeNetworkQueueingDelay()); + + // Checks that the number of active hosts is 3. Also, checks that the queueing + // delay is computed correctly based on their RTT observations. + tick_clock.Advance(base::TimeDelta::FromMilliseconds(1000)); + EXPECT_TRUE(estimator.ShouldComputeNetworkQueueingDelay()); + estimator.ComputeNetworkQueueingDelay(); + EXPECT_EQ(3u, estimator.network_congestion_analyzer_.GetActiveHostsCount()); + EXPECT_EQ(base::TimeDelta::FromMilliseconds(1000), + estimator.network_congestion_analyzer_.recent_queueing_delay()); + EXPECT_EQ(base::nullopt, + estimator.network_congestion_analyzer_.recent_queue_length()); + + // Adds a recent throughput observation. + NetworkQualityEstimator::Observation throughput_observation( + 120, recent, INT32_MIN, NETWORK_QUALITY_OBSERVATION_SOURCE_HTTP, + base::nullopt); + estimator.AddAndNotifyObserversOfThroughput(throughput_observation); + int32_t downlink_kbps = 0; + EXPECT_TRUE( + estimator.GetRecentDownlinkThroughputKbps(recent, &downlink_kbps)); + + // Checks the queue length is updated when the downlink throughput is valid. + estimator.last_queueing_delay_computation_ = window_start_time; + estimator.ComputeNetworkQueueingDelay(); + EXPECT_NEAR( + estimator.network_congestion_analyzer_.recent_queue_length().value_or(0), + 10.0, kEpsilon); +} + TEST_F(NetworkQualityEstimatorTest, QuicObservations) { base::HistogramTester histogram_tester; std::map variation_params; @@ -1100,22 +1197,33 @@ TEST_F(NetworkQualityEstimatorTest, DefaultHttpRTTBasedThresholds) { TEST_F(NetworkQualityEstimatorTest, SignalStrengthBasedCapping) { const struct { bool enable_signal_strength_capping_experiment; + NetworkChangeNotifier::ConnectionType device_connection_type; int32_t signal_strength_level; int32_t http_rtt_msec; EffectiveConnectionType expected_ect; bool expected_http_rtt_overridden; } tests[] = { // Signal strength is unavailable. - {true, INT32_MIN, 20, EFFECTIVE_CONNECTION_TYPE_4G, false}, + {true, NetworkChangeNotifier::CONNECTION_4G, INT32_MIN, 20, + EFFECTIVE_CONNECTION_TYPE_4G, false}, - // Signal strength is too low. Even though RTT is reported as low, + // 4G device connection type: Signal strength is too low. Even though RTT + // is reported as low, // ECT is expected to be capped to 2G. - {true, 0, 20, EFFECTIVE_CONNECTION_TYPE_2G, true}, + {true, NetworkChangeNotifier::CONNECTION_4G, 0, 20, + EFFECTIVE_CONNECTION_TYPE_2G, true}, + + // WiFi device connection type: Signal strength is too low. Even though + // RTT is reported as low, ECT is expected to be capped to 2G. + {true, NetworkChangeNotifier::CONNECTION_WIFI, 0, 20, + EFFECTIVE_CONNECTION_TYPE_2G, true}, // When the signal strength based capping experiment is not enabled, // ECT should be computed only on the based of |http_rtt_msec|. - {false, INT32_MIN, 20, EFFECTIVE_CONNECTION_TYPE_4G, false}, - {false, 0, 20, EFFECTIVE_CONNECTION_TYPE_4G, false}, + {false, NetworkChangeNotifier::CONNECTION_4G, INT32_MIN, 20, + EFFECTIVE_CONNECTION_TYPE_4G, false}, + {false, NetworkChangeNotifier::CONNECTION_4G, 0, 20, + EFFECTIVE_CONNECTION_TYPE_4G, false}, }; for (const auto& test : tests) { @@ -1130,8 +1238,7 @@ TEST_F(NetworkQualityEstimatorTest, SignalStrengthBasedCapping) { // does not return Offline if the device is offline. estimator.SetCurrentSignalStrength(test.signal_strength_level); - estimator.SimulateNetworkChange(NetworkChangeNotifier::CONNECTION_4G, - "test"); + estimator.SimulateNetworkChange(test.device_connection_type, "test"); estimator.SetStartTimeNullHttpRtt( base::TimeDelta::FromMilliseconds(test.http_rtt_msec)); @@ -2942,4 +3049,46 @@ TEST_F(NetworkQualityEstimatorTest, HangingRequestUsingTransportAndHttpOnly) { } } +TEST_F(NetworkQualityEstimatorTest, PeerToPeerConnectionCounts) { + TestNetworkQualityEstimator estimator; + base::SimpleTestTickClock tick_clock; + estimator.SetTickClockForTesting(&tick_clock); + base::HistogramTester histogram_tester; + + estimator.OnPeerToPeerConnectionsCountChange(3u); + base::TimeDelta advance_1 = base::TimeDelta::FromMinutes(4); + tick_clock.Advance(advance_1); + histogram_tester.ExpectTotalCount("NQE.PeerToPeerConnectionsDuration", 0); + + estimator.OnPeerToPeerConnectionsCountChange(1u); + base::TimeDelta advance_2 = base::TimeDelta::FromMinutes(6); + tick_clock.Advance(advance_2); + histogram_tester.ExpectTotalCount("NQE.PeerToPeerConnectionsDuration", 0); + + estimator.OnPeerToPeerConnectionsCountChange(0u); + histogram_tester.ExpectUniqueSample("NQE.PeerToPeerConnectionsDuration", + (advance_1 + advance_2).InMilliseconds(), + 1); +} + +TEST_F(NetworkQualityEstimatorTest, TestPeerToPeerConnectionsCountObserver) { + TestPeerToPeerConnectionsCountObserver observer; + TestNetworkQualityEstimator estimator; + + EXPECT_EQ(0u, observer.count()); + estimator.OnPeerToPeerConnectionsCountChange(5u); + base::RunLoop().RunUntilIdle(); + // |observer| has not yet registered with |estimator|. + EXPECT_EQ(0u, observer.count()); + + // |observer| should be notified of the current count on registration. + estimator.AddPeerToPeerConnectionsCountObserver(&observer); + base::RunLoop().RunUntilIdle(); + EXPECT_EQ(5u, observer.count()); + + estimator.OnPeerToPeerConnectionsCountChange(3u); + base::RunLoop().RunUntilIdle(); + EXPECT_EQ(3u, observer.count()); +} + } // namespace net diff --git a/chromium/net/nqe/network_quality_store.cc b/chromium/net/nqe/network_quality_store.cc index aa444b0560d..102ad4bedfb 100644 --- a/chromium/net/nqe/network_quality_store.cc +++ b/chromium/net/nqe/network_quality_store.cc @@ -15,7 +15,7 @@ namespace nqe { namespace internal { -NetworkQualityStore::NetworkQualityStore() : weak_ptr_factory_(this) { +NetworkQualityStore::NetworkQualityStore() { static_assert(kMaximumNetworkQualityCacheSize > 0, "Size of the network quality cache must be > 0"); // This limit should not be increased unless the logic for removing the diff --git a/chromium/net/nqe/network_quality_store.h b/chromium/net/nqe/network_quality_store.h index 5250e525999..a1aedc35d61 100644 --- a/chromium/net/nqe/network_quality_store.h +++ b/chromium/net/nqe/network_quality_store.h @@ -99,7 +99,7 @@ class NET_EXPORT_PRIVATE NetworkQualityStore { SEQUENCE_CHECKER(sequence_checker_); - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(NetworkQualityStore); }; diff --git a/chromium/net/nqe/observation_buffer.cc b/chromium/net/nqe/observation_buffer.cc index 8332ba3e727..4633ea1460c 100644 --- a/chromium/net/nqe/observation_buffer.cc +++ b/chromium/net/nqe/observation_buffer.cc @@ -21,6 +21,24 @@ namespace net { namespace nqe { namespace internal { +CanonicalStats::CanonicalStats() = default; + +CanonicalStats::CanonicalStats(std::map& canonical_pcts, + int32_t most_recent_val, + size_t observation_count) + : canonical_pcts(canonical_pcts), + most_recent_val(most_recent_val), + observation_count(observation_count) {} + +CanonicalStats::CanonicalStats(const CanonicalStats& other) + : canonical_pcts(other.canonical_pcts), + most_recent_val(other.most_recent_val), + observation_count(other.observation_count) {} + +CanonicalStats::~CanonicalStats() = default; + +CanonicalStats& CanonicalStats::operator=(const CanonicalStats& other) = + default; ObservationBuffer::ObservationBuffer( const NetworkQualityEstimatorParams* params, @@ -112,6 +130,65 @@ base::Optional ObservationBuffer::GetPercentile( return weighted_observations.at(weighted_observations.size() - 1).value; } +std::map +ObservationBuffer::GetCanonicalStatsKeyedByHosts( + const base::TimeTicks& begin_timestamp, + const std::set& target_hosts) const { + DCHECK_GE(Capacity(), Size()); + + // Computes for all hosts if |target_hosts| is empty. Otherwise, only + // updates map entries for hosts in |target_hosts| and ignores observations + // from other hosts. + bool filter_on_target_hosts = !(target_hosts.empty()); + + // Split observations into several subgroups keyed by their corresponding + // hosts. Skip observations without a host tag. Filter observations based + // on begin_timestamp. If |target_hosts| is not empty, filter obesrvations + // that do not belong to any host in the set. + std::map> host_keyed_observations; + for (const auto& observation : observations_) { + if (!observation.host()) + continue; + if (observation.timestamp() < begin_timestamp) + continue; + // Skip zero values. Transport RTTs can have zero values in the beginning + // of a connection. It happens because the implementation of TCP's + // Exponentially Weighted Moving Average (EWMA) starts from zero. + if (observation.value() < 1) + continue; + + IPHash host = observation.host().value(); + if (filter_on_target_hosts && target_hosts.find(host) == target_hosts.end()) + continue; + + // Create the map entry if it did not already exist. + host_keyed_observations.emplace(host, std::vector()); + host_keyed_observations[host].push_back(observation.value()); + } + + std::map host_keyed_stats; + if (host_keyed_observations.empty()) + return host_keyed_stats; + + // Calculate the canonical percentile values for each host. + for (auto& host_observations : host_keyed_observations) { + const IPHash& host = host_observations.first; + auto& observations = host_observations.second; + host_keyed_stats.emplace(host, CanonicalStats()); + size_t count = observations.size(); + + std::sort(observations.begin(), observations.end()); + for (size_t i = 0; i < base::size(kCanonicalPercentiles); ++i) { + int pct_index = (count - 1) * kCanonicalPercentiles[i] / 100; + host_keyed_stats[host].canonical_pcts[kCanonicalPercentiles[i]] = + observations[pct_index]; + } + host_keyed_stats[host].most_recent_val = observations.back(); + host_keyed_stats[host].observation_count = count; + } + return host_keyed_stats; +} + void ObservationBuffer::RemoveObservationsWithSource( bool deleted_observation_sources[NETWORK_QUALITY_OBSERVATION_SOURCE_MAX]) { base::EraseIf(observations_, diff --git a/chromium/net/nqe/observation_buffer.h b/chromium/net/nqe/observation_buffer.h index d352658131f..300f7b34621 100644 --- a/chromium/net/nqe/observation_buffer.h +++ b/chromium/net/nqe/observation_buffer.h @@ -33,7 +33,34 @@ class NetworkQualityEstimatorParams; namespace nqe { namespace internal { - +constexpr int32_t kStatVal0p = 0; +constexpr int32_t kStatVal5p = 5; +constexpr int32_t kStatVal50p = 50; +constexpr int32_t kStatVal95p = 95; +constexpr int32_t kStatVal99p = 99; +constexpr int32_t kCanonicalPercentiles[] = { + kStatVal0p, kStatVal5p, kStatVal50p, kStatVal95p, kStatVal99p}; + +struct NET_EXPORT_PRIVATE CanonicalStats { + CanonicalStats(); + CanonicalStats(std::map& canonical_pcts, + int32_t most_recent_val, + size_t observation_count); + CanonicalStats(const CanonicalStats& other); + ~CanonicalStats(); + + CanonicalStats& operator=(const CanonicalStats& other); + + // Canonical percentiles values for a distribution. + std::map canonical_pcts; + + // The most recent value. + int32_t most_recent_val = 0; + + // Counts the number of observations that were available for + // computing these results. + size_t observation_count = 0; +}; struct WeightedObservation; // Stores observations sorted by time and provides utility functions for @@ -79,6 +106,16 @@ class NET_EXPORT_PRIVATE ObservationBuffer { int percentile, size_t* observations_count) const; + // Computes canonical statistic values of the observations for all hosts if + // |target_hosts| is empty. Otherwise, computes canonical statistic values + // only for hosts that are in the |target_hosts| set. Only observations made + // on or after |begin_timestamp| are considered. Returns all canonical + // statistics keyed by hosts. These include canonical percentile values, the + // most recent value, and the number of observations to compute these values. + std::map GetCanonicalStatsKeyedByHosts( + const base::TimeTicks& begin_timestamp, + const std::set& target_hosts) const; + void SetTickClockForTesting(const base::TickClock* tick_clock) { tick_clock_ = tick_clock; } diff --git a/chromium/net/nqe/observation_buffer_unittest.cc b/chromium/net/nqe/observation_buffer_unittest.cc index f5d946f2839..4ccd9b50883 100644 --- a/chromium/net/nqe/observation_buffer_unittest.cc +++ b/chromium/net/nqe/observation_buffer_unittest.cc @@ -87,6 +87,91 @@ TEST(NetworkQualityObservationBufferTest, GetPercentileWithWeights) { EXPECT_LT(result_lowest, result_highest); } +// Verifies that the percentiles are correctly computed when results must be +// update for each individual host. All observations can have the same timestamp +// or different timestamps. +TEST(NetworkQualityObservationBufferTest, GetPercentileStatsForAllHosts) { + std::map variation_params; + NetworkQualityEstimatorParams params(variation_params); + base::SimpleTestTickClock tick_clock; + tick_clock.Advance(base::TimeDelta::FromMinutes(1)); + // The observation buffer holds mixed observations for different hosts. + ObservationBuffer mixed_buffer(¶ms, &tick_clock, 0.5, 1.0); + const base::TimeTicks now = tick_clock.NowTicks(); + const base::TimeTicks history = now - base::TimeDelta::FromMilliseconds(1); + const base::TimeTicks future = now + base::TimeDelta::FromMilliseconds(1); + const uint64_t host_1 = 0x101010UL; + const uint64_t host_2 = 0x202020UL; + const size_t total_observaions_count = 100; + + // Inserts samples from {1,2,3,...,100} for |host_1|. Insert samples from + // {1,1,2,2,3,3,...,50,50} for |host_2|. Verifies all percentiles are + // computed correctly for both hosts. + for (size_t i = 1; i <= total_observaions_count; ++i) { + mixed_buffer.AddObservation(Observation( + i, now, INT32_MIN, NETWORK_QUALITY_OBSERVATION_SOURCE_TCP, host_1)); + mixed_buffer.AddObservation( + Observation((i + 1) / 2, now, INT32_MIN, + NETWORK_QUALITY_OBSERVATION_SOURCE_TCP, host_2)); + } + EXPECT_EQ(total_observaions_count * 2, mixed_buffer.Size()); + + std::set empty_hosts_set; + std::map recent_rtt_stats = + mixed_buffer.GetCanonicalStatsKeyedByHosts(history, empty_hosts_set); + + // All observations are categories into two groups keyed by two hosts. + // In each group, all percentile statistics are updated and the number of + // available observations are also updated correctly. + EXPECT_EQ(2u, recent_rtt_stats.size()); + EXPECT_EQ(total_observaions_count, + recent_rtt_stats[host_1].observation_count); + EXPECT_EQ(total_observaions_count, + recent_rtt_stats[host_2].observation_count); + + // Checks all canonical percentile values are correct. + // For |host_1|, percentile_val = percentile. + EXPECT_EQ(1, recent_rtt_stats[host_1].canonical_pcts[kStatVal0p]); + EXPECT_EQ(5, recent_rtt_stats[host_1].canonical_pcts[kStatVal5p]); + EXPECT_EQ(50, recent_rtt_stats[host_1].canonical_pcts[kStatVal50p]); + EXPECT_EQ(95, recent_rtt_stats[host_1].canonical_pcts[kStatVal95p]); + EXPECT_EQ(99, recent_rtt_stats[host_1].canonical_pcts[kStatVal99p]); + // For |host_2|, percentile_val = (percentile + 1) / 2. + EXPECT_EQ(1, recent_rtt_stats[host_2].canonical_pcts[kStatVal0p]); + EXPECT_EQ(3, recent_rtt_stats[host_2].canonical_pcts[kStatVal5p]); + EXPECT_EQ(25, recent_rtt_stats[host_2].canonical_pcts[kStatVal50p]); + EXPECT_EQ(48, recent_rtt_stats[host_2].canonical_pcts[kStatVal95p]); + EXPECT_EQ(50, recent_rtt_stats[host_2].canonical_pcts[kStatVal99p]); + + // Checks results are cleared because all buffered observations expire. + // Expects the result map is empty. + recent_rtt_stats = + mixed_buffer.GetCanonicalStatsKeyedByHosts(future, empty_hosts_set); + + EXPECT_TRUE(recent_rtt_stats.empty()); + + // Checks results contain stats only for hosts that were in the set. + std::set target_hosts_set = {host_1}; + recent_rtt_stats = + mixed_buffer.GetCanonicalStatsKeyedByHosts(history, target_hosts_set); + EXPECT_EQ(1u, recent_rtt_stats.size()); + EXPECT_EQ(total_observaions_count, + recent_rtt_stats[host_1].observation_count); + EXPECT_EQ(1, recent_rtt_stats[host_1].canonical_pcts[kStatVal0p]); + EXPECT_EQ(5, recent_rtt_stats[host_1].canonical_pcts[kStatVal5p]); + EXPECT_EQ(50, recent_rtt_stats[host_1].canonical_pcts[kStatVal50p]); + EXPECT_EQ(95, recent_rtt_stats[host_1].canonical_pcts[kStatVal95p]); + EXPECT_EQ(99, recent_rtt_stats[host_1].canonical_pcts[kStatVal99p]); + // Checks that host 2 does not present in the results. + EXPECT_TRUE(recent_rtt_stats.find(host_2) == recent_rtt_stats.end()); + + bool deleted_observation_sources[NETWORK_QUALITY_OBSERVATION_SOURCE_MAX] = { + false}; + deleted_observation_sources[NETWORK_QUALITY_OBSERVATION_SOURCE_TCP] = true; + mixed_buffer.RemoveObservationsWithSource(deleted_observation_sources); + EXPECT_EQ(0u, mixed_buffer.Size()); +} + // Verifies that the percentiles are correctly computed. All observations have // the same timestamp. TEST(NetworkQualityObservationBufferTest, PercentileSameTimestamps) { diff --git a/chromium/net/nqe/peer_to_peer_connections_count_observer.h b/chromium/net/nqe/peer_to_peer_connections_count_observer.h new file mode 100644 index 00000000000..64b1818ae88 --- /dev/null +++ b/chromium/net/nqe/peer_to_peer_connections_count_observer.h @@ -0,0 +1,29 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_NQE_PEER_TO_PEER_CONNECTIONS_COUNT_OBSERVER_H_ +#define NET_NQE_PEER_TO_PEER_CONNECTIONS_COUNT_OBSERVER_H_ + +#include "base/macros.h" +#include "net/base/net_export.h" + +namespace net { + +// Observes changes in the count of peer to peer connections. +class NET_EXPORT_PRIVATE PeerToPeerConnectionsCountObserver { + public: + // Called when there is a change in the count of peer to peer connections. + virtual void OnPeerToPeerConnectionsCountChange(uint32_t count) = 0; + + protected: + PeerToPeerConnectionsCountObserver() {} + virtual ~PeerToPeerConnectionsCountObserver() {} + + private: + DISALLOW_COPY_AND_ASSIGN(PeerToPeerConnectionsCountObserver); +}; + +} // namespace net + +#endif // NET_NQE_PEER_TO_PEER_CONNECTIONS_COUNT_OBSERVER_H_ diff --git a/chromium/net/nqe/throughput_analyzer.cc b/chromium/net/nqe/throughput_analyzer.cc index f34bc1b1edd..250ba9f5c7e 100644 --- a/chromium/net/nqe/throughput_analyzer.cc +++ b/chromium/net/nqe/throughput_analyzer.cc @@ -41,6 +41,9 @@ bool ShouldDiscardRequest(const URLRequest& request) { namespace nqe { namespace internal { +// The default content size of a HTML response body. It is set to the median +// HTML response content size, i.e. 1.8kB. +constexpr int64_t kDefaultContentSizeBytes = 1800; ThroughputAnalyzer::ThroughputAnalyzer( const NetworkQualityEstimator* network_quality_estimator, @@ -57,6 +60,7 @@ ThroughputAnalyzer::ThroughputAnalyzer( last_connection_change_(tick_clock_->NowTicks()), window_start_time_(base::TimeTicks()), bits_received_at_window_start_(0), + total_response_content_size_(0), disable_throughput_measurements_(false), use_localhost_requests_for_tests_(false), net_log_(net_log) { @@ -126,9 +130,25 @@ void ThroughputAnalyzer::SetTickClockForTesting( DCHECK(tick_clock_); } +void ThroughputAnalyzer::UpdateResponseContentSize(const URLRequest* request, + int64_t response_size) { + DCHECK_LE(0, response_size); + // Updates the map and the counter. Subtracts the previous stored response + // content size if an old record exists in the map. + if (response_content_sizes_.find(request) != response_content_sizes_.end()) { + total_response_content_size_ += + response_size - response_content_sizes_[request]; + } else { + total_response_content_size_ += response_size; + } + response_content_sizes_[request] = response_size; +} + void ThroughputAnalyzer::NotifyStartTransaction(const URLRequest& request) { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + UpdateResponseContentSize(&request, kDefaultContentSizeBytes); + if (disable_throughput_measurements_) return; @@ -173,6 +193,12 @@ void ThroughputAnalyzer::NotifyBytesRead(const URLRequest& request) { void ThroughputAnalyzer::NotifyRequestCompleted(const URLRequest& request) { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + // Remove the request from the inflight requests if it presents in the map. + if (response_content_sizes_.find(&request) != response_content_sizes_.end()) { + total_response_content_size_ -= response_content_sizes_[&request]; + response_content_sizes_.erase(&request); + } + if (disable_throughput_measurements_) return; @@ -224,6 +250,16 @@ void ThroughputAnalyzer::NotifyRequestCompleted(const URLRequest& request) { MaybeStartThroughputObservationWindow(); } +void ThroughputAnalyzer::NotifyExpectedResponseContentSize( + const URLRequest& request, + int64_t expected_content_size) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + // Updates when the value is valid. + if (expected_content_size >= 0) { + UpdateResponseContentSize(&request, expected_content_size); + } +} + bool ThroughputAnalyzer::IsHangingWindow(int64_t bits_received, base::TimeDelta duration, double downstream_kbps_double) const { @@ -349,11 +385,22 @@ int64_t ThroughputAnalyzer::GetBitsReceived() const { return NetworkActivityMonitor::GetInstance()->GetBytesReceived() * 8; } -size_t ThroughputAnalyzer::CountInFlightRequests() const { +size_t ThroughputAnalyzer::CountActiveInFlightRequests() const { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); return requests_.size(); } +size_t ThroughputAnalyzer::CountTotalInFlightRequests() const { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + return response_content_sizes_.size(); +} + +int64_t ThroughputAnalyzer::CountTotalContentSizeBytes() const { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + + return total_response_content_size_; +} + bool ThroughputAnalyzer::DegradesAccuracy(const URLRequest& request) const { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); diff --git a/chromium/net/nqe/throughput_analyzer.h b/chromium/net/nqe/throughput_analyzer.h index 22ee68fdab1..5e3e14cc8d4 100644 --- a/chromium/net/nqe/throughput_analyzer.h +++ b/chromium/net/nqe/throughput_analyzer.h @@ -13,6 +13,7 @@ #include "base/callback.h" #include "base/macros.h" #include "base/memory/ref_counted.h" +#include "base/optional.h" #include "base/sequence_checker.h" #include "base/time/time.h" #include "net/base/net_export.h" @@ -78,6 +79,13 @@ class NET_EXPORT_PRIVATE ThroughputAnalyzer { // Notifies |this| that |request| has completed. void NotifyRequestCompleted(const URLRequest& request); + // Notifies |this| that |request| has an expected response body size in octets + // (8-bit bytes). |expected_content_size| is an estimate of total body length + // based on the Content-Length header field when available or a general size + // estimate when the Content-Length is not provided. + void NotifyExpectedResponseContentSize(const URLRequest& request, + int64_t expected_content_size); + // Notifies |this| of a change in connection type. void OnConnectionTypeChanged(); @@ -93,12 +101,6 @@ class NET_EXPORT_PRIVATE ThroughputAnalyzer { // Overrides the tick clock used by |this| for testing. void SetTickClockForTesting(const base::TickClock* tick_clock); - protected: - // Exposed for testing. - bool disable_throughput_measurements() const { - return disable_throughput_measurements_; - } - // Returns the number of bits received by Chromium so far. The count may not // start from zero, so the caller should only look at difference from a prior // call. The count is obtained by polling TrafficStats on Android, and @@ -108,7 +110,22 @@ class NET_EXPORT_PRIVATE ThroughputAnalyzer { // Returns the number of in-flight requests that can be used for computing // throughput. - size_t CountInFlightRequests() const; + size_t CountActiveInFlightRequests() const; + + // Returns the total number of in-flight requests. This also includes hanging + // requests. + size_t CountTotalInFlightRequests() const; + + // Returns the sum of expected response content size in bytes for all inflight + // requests. Request with an unknown response content size have the default + // response content size. + int64_t CountTotalContentSizeBytes() const; + + protected: + // Exposed for testing. + bool disable_throughput_measurements_for_testing() const { + return disable_throughput_measurements_; + } // Removes hanging requests from |requests_|. If any hanging requests are // detected to be in-flight, the observation window is ended. Protected for @@ -124,6 +141,11 @@ class NET_EXPORT_PRIVATE ThroughputAnalyzer { private: friend class TestThroughputAnalyzer; + // Mapping from URL request to the expected content size of the response body + // for that request. The map tracks all inflight requests. If the expected + // content size is not available, the value is set to the default value. + typedef std::unordered_map ResponseContentSizes; + // Mapping from URL request to the last time data was received for that // request. typedef std::unordered_map Requests; @@ -133,6 +155,12 @@ class NET_EXPORT_PRIVATE ThroughputAnalyzer { // computation. typedef std::unordered_set AccuracyDegradingRequests; + // Updates the response content size map for |request|. Also keeps the total + // response content size counter updated. Adds an new entry if there is no + // matching record in the map. + void UpdateResponseContentSize(const URLRequest* request, + int64_t response_size); + // Returns true if downstream throughput can be recorded. In that case, // |downstream_kbps| is set to the computed downstream throughput (in // kilobits per second). If a downstream throughput observation is taken, @@ -197,6 +225,13 @@ class NET_EXPORT_PRIVATE ThroughputAnalyzer { // throughput computation. These requests are used in throughput computation. Requests requests_; + // Container that holds inflight request sizes. These requests are used in + // computing the total of response content size for all inflight requests. + ResponseContentSizes response_content_sizes_; + + // The running total of response content size for all inflight requests. + int64_t total_response_content_size_; + // Last time when the check for hanging requests was run. base::TimeTicks last_hanging_request_check_; diff --git a/chromium/net/nqe/throughput_analyzer_unittest.cc b/chromium/net/nqe/throughput_analyzer_unittest.cc index 6d5c32b76e6..ebcb2248c80 100644 --- a/chromium/net/nqe/throughput_analyzer_unittest.cc +++ b/chromium/net/nqe/throughput_analyzer_unittest.cc @@ -87,8 +87,9 @@ class TestThroughputAnalyzer : public internal::ThroughputAnalyzer { context->set_host_resolver(&mock_host_resolver_); } - using internal::ThroughputAnalyzer::disable_throughput_measurements; - using internal::ThroughputAnalyzer::CountInFlightRequests; + using internal::ThroughputAnalyzer::CountActiveInFlightRequests; + using internal::ThroughputAnalyzer:: + disable_throughput_measurements_for_testing; using internal::ThroughputAnalyzer::EraseHangingRequests; using internal::ThroughputAnalyzer::IsHangingWindow; @@ -126,7 +127,8 @@ TEST_F(ThroughputAnalyzerTest, MaximumRequests) { TestURLRequestContext context; throughput_analyzer.AddIPAddressResolution(&context); - ASSERT_FALSE(throughput_analyzer.disable_throughput_measurements()); + ASSERT_FALSE( + throughput_analyzer.disable_throughput_measurements_for_testing()); base::circular_deque> requests; // Start more requests than the maximum number of requests that can be held @@ -313,18 +315,18 @@ TEST_F(ThroughputAnalyzerTest, TestHangingRequests) { if (test.requests_hang_duration >= base::TimeDelta()) base::PlatformThread::Sleep(test.requests_hang_duration); - EXPECT_EQ(num_requests, throughput_analyzer.CountInFlightRequests()); + EXPECT_EQ(num_requests, throughput_analyzer.CountActiveInFlightRequests()); for (size_t i = 0; i < num_requests; ++i) { throughput_analyzer.NotifyRequestCompleted(*requests_not_local.at(i)); if (!test.expect_throughput_observation) { // All in-flight requests should be marked as hanging, and thus should // be deleted from the set of in-flight requests. - EXPECT_EQ(0u, throughput_analyzer.CountInFlightRequests()); + EXPECT_EQ(0u, throughput_analyzer.CountActiveInFlightRequests()); } else { // One request should be deleted at one time. EXPECT_EQ(requests_not_local.size() - i - 1, - throughput_analyzer.CountInFlightRequests()); + throughput_analyzer.CountActiveInFlightRequests()); } } @@ -377,35 +379,35 @@ TEST_F(ThroughputAnalyzerTest, TestHangingRequestsCheckedOnlyPeriodically) { throughput_analyzer.NotifyStartTransaction(*requests_not_local.at(i)); } - EXPECT_EQ(2u, throughput_analyzer.CountInFlightRequests()); + EXPECT_EQ(2u, throughput_analyzer.CountActiveInFlightRequests()); tick_clock.Advance(base::TimeDelta::FromMilliseconds(3500)); // Current time is t = 5.5 seconds. throughput_analyzer.EraseHangingRequests(*some_other_request); - EXPECT_EQ(2u, throughput_analyzer.CountInFlightRequests()); + EXPECT_EQ(2u, throughput_analyzer.CountActiveInFlightRequests()); tick_clock.Advance(base::TimeDelta::FromMilliseconds(1000)); // Current time is t = 6.5 seconds. One request should be marked as hanging. throughput_analyzer.EraseHangingRequests(*some_other_request); - EXPECT_EQ(1u, throughput_analyzer.CountInFlightRequests()); + EXPECT_EQ(1u, throughput_analyzer.CountActiveInFlightRequests()); // Current time is t = 6.5 seconds. Calling NotifyBytesRead again should not // run the hanging request checker since the last check was at t=6.5 seconds. throughput_analyzer.EraseHangingRequests(*some_other_request); - EXPECT_EQ(1u, throughput_analyzer.CountInFlightRequests()); + EXPECT_EQ(1u, throughput_analyzer.CountActiveInFlightRequests()); tick_clock.Advance(base::TimeDelta::FromMilliseconds(600)); // Current time is t = 7.1 seconds. Calling NotifyBytesRead again should not // run the hanging request checker since the last check was at t=6.5 seconds // (less than 1 second ago). throughput_analyzer.EraseHangingRequests(*some_other_request); - EXPECT_EQ(1u, throughput_analyzer.CountInFlightRequests()); + EXPECT_EQ(1u, throughput_analyzer.CountActiveInFlightRequests()); tick_clock.Advance(base::TimeDelta::FromMilliseconds(400)); // Current time is t = 7.5 seconds. Calling NotifyBytesRead again should run // the hanging request checker since the last check was at t=6.5 seconds (at // least 1 second ago). throughput_analyzer.EraseHangingRequests(*some_other_request); - EXPECT_EQ(0u, throughput_analyzer.CountInFlightRequests()); + EXPECT_EQ(0u, throughput_analyzer.CountActiveInFlightRequests()); } // Tests that the last received time for a request is updated when data is @@ -447,19 +449,19 @@ TEST_F(ThroughputAnalyzerTest, TestLastReceivedTimeIsUpdated) { // Current time is t=4.0 seconds. throughput_analyzer.EraseHangingRequests(*some_other_request); - EXPECT_EQ(1u, throughput_analyzer.CountInFlightRequests()); + EXPECT_EQ(1u, throughput_analyzer.CountActiveInFlightRequests()); // The request will be marked as hanging at t=9 seconds. throughput_analyzer.NotifyBytesRead(*request_not_local); tick_clock.Advance(base::TimeDelta::FromMilliseconds(4000)); // Current time is t=8 seconds. throughput_analyzer.EraseHangingRequests(*some_other_request); - EXPECT_EQ(1u, throughput_analyzer.CountInFlightRequests()); + EXPECT_EQ(1u, throughput_analyzer.CountActiveInFlightRequests()); tick_clock.Advance(base::TimeDelta::FromMilliseconds(2000)); // Current time is t=10 seconds. throughput_analyzer.EraseHangingRequests(*some_other_request); - EXPECT_EQ(0u, throughput_analyzer.CountInFlightRequests()); + EXPECT_EQ(0u, throughput_analyzer.CountActiveInFlightRequests()); } // Test that a request that has been hanging for a long time is deleted @@ -492,19 +494,19 @@ TEST_F(ThroughputAnalyzerTest, TestRequestDeletedImmediately) { // Start time for the request is t=0 second. The request will be marked as // hanging at t=2 seconds. throughput_analyzer.NotifyStartTransaction(*request_not_local); - EXPECT_EQ(1u, throughput_analyzer.CountInFlightRequests()); + EXPECT_EQ(1u, throughput_analyzer.CountActiveInFlightRequests()); tick_clock.Advance(base::TimeDelta::FromMilliseconds(2900)); // Current time is t=2.9 seconds. throughput_analyzer.EraseHangingRequests(*request_not_local); - EXPECT_EQ(1u, throughput_analyzer.CountInFlightRequests()); + EXPECT_EQ(1u, throughput_analyzer.CountActiveInFlightRequests()); // |request_not_local| should be deleted since it has been idle for 2.4 // seconds. tick_clock.Advance(base::TimeDelta::FromMilliseconds(500)); throughput_analyzer.NotifyBytesRead(*request_not_local); - EXPECT_EQ(0u, throughput_analyzer.CountInFlightRequests()); + EXPECT_EQ(0u, throughput_analyzer.CountActiveInFlightRequests()); } // Tests if the throughput observation is taken correctly when local and network diff --git a/chromium/net/ntlm/ntlm_client.h b/chromium/net/ntlm/ntlm_client.h index 317f40d85ae..16f4833a4bf 100644 --- a/chromium/net/ntlm/ntlm_client.h +++ b/chromium/net/ntlm/ntlm_client.h @@ -148,7 +148,7 @@ class NET_EXPORT_PRIVATE NtlmClient { // |negotiate_message_|. void GenerateNegotiateMessage(); - NtlmFeatures features_; + const NtlmFeatures features_; NegotiateFlags negotiate_flags_; std::vector negotiate_message_; diff --git a/chromium/net/ntlm/ntlm_client_fuzzer.cc b/chromium/net/ntlm/ntlm_client_fuzzer.cc index 89977fdacd2..0990e3ce4a2 100644 --- a/chromium/net/ntlm/ntlm_client_fuzzer.cc +++ b/chromium/net/ntlm/ntlm_client_fuzzer.cc @@ -9,20 +9,19 @@ #include #include "base/containers/span.h" -#include "base/test/fuzzed_data_provider.h" #include "net/ntlm/ntlm_client.h" #include "net/ntlm/ntlm_test_data.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" -base::string16 ConsumeRandomLengthString16( - base::FuzzedDataProvider& data_provider, - size_t max_chars) { +base::string16 ConsumeRandomLengthString16(FuzzedDataProvider& data_provider, + size_t max_chars) { std::string bytes = data_provider.ConsumeRandomLengthString(max_chars * 2); return base::string16(reinterpret_cast(bytes.data()), bytes.size() / 2); } extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - base::FuzzedDataProvider fdp(data, size); + FuzzedDataProvider fdp(data, size); bool is_v2 = fdp.ConsumeBool(); uint64_t client_time = fdp.ConsumeIntegral(); net::ntlm::NtlmClient client((net::ntlm::NtlmFeatures(is_v2))); @@ -41,7 +40,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { std::string channel_bindings = fdp.ConsumeRandomLengthString(150); std::string spn = fdp.ConsumeRandomLengthString(net::ntlm::kMaxFqdnLen + 5 + 1); - std::vector challenge_msg_bytes = fdp.ConsumeRemainingBytes(); + std::vector challenge_msg_bytes = + fdp.ConsumeRemainingBytes(); client.GenerateAuthenticateMessage( domain, username, password, hostname, channel_bindings, spn, client_time, diff --git a/chromium/net/proxy_resolution/dhcp_pac_file_fetcher.h b/chromium/net/proxy_resolution/dhcp_pac_file_fetcher.h index 433538458a1..b12c048ac2b 100644 --- a/chromium/net/proxy_resolution/dhcp_pac_file_fetcher.h +++ b/chromium/net/proxy_resolution/dhcp_pac_file_fetcher.h @@ -67,9 +67,9 @@ class NET_EXPORT_PRIVATE DhcpPacFileFetcher { // Aborts the in-progress fetch (if any). virtual void Cancel() = 0; - // Fails the in-progress fetch (if any) and future requests will fail - // immediately. Must be called before the URLRequestContext the fetcher was - // created with is torn down. + // Cancels the in-progress fetch (if any), without invoking its callback. + // Future requests will fail immediately. Must be called before the + // URLRequestContext the fetcher was created with is torn down. virtual void OnShutdown() = 0; // After successful completion of |Fetch()|, this will return the URL diff --git a/chromium/net/proxy_resolution/dhcp_pac_file_fetcher_win.cc b/chromium/net/proxy_resolution/dhcp_pac_file_fetcher_win.cc index 704b6727abe..13c950406fb 100644 --- a/chromium/net/proxy_resolution/dhcp_pac_file_fetcher_win.cc +++ b/chromium/net/proxy_resolution/dhcp_pac_file_fetcher_win.cc @@ -202,9 +202,7 @@ class TaskRunnerWithCap : public base::TaskRunner { DISALLOW_COPY_AND_ASSIGN(TaskRunnerWithCap); }; -base::Value NetLogGetAdaptersDoneCallback( - DhcpAdapterNamesLoggingInfo* info, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogGetAdaptersDoneParams(DhcpAdapterNamesLoggingInfo* info) { base::Value result(base::Value::Type::DICTIONARY); // Add information on each of the adapters enumerated (including those that @@ -246,9 +244,7 @@ base::Value NetLogGetAdaptersDoneCallback( return result; } -base::Value NetLogFetcherDoneCallback(int fetcher_index, - int net_error, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogFetcherDoneParams(int fetcher_index, int net_error) { base::Value result(base::Value::Type::DICTIONARY); result.SetIntKey("fetcher_index", fetcher_index); @@ -323,18 +319,11 @@ void DhcpPacFileFetcherWin::Cancel() { void DhcpPacFileFetcherWin::OnShutdown() { DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); - // Back up callback, if there is one, as CancelImpl() will destroy it. - net::CompletionOnceCallback callback = std::move(callback_); - // Cancel current request, if there is one. CancelImpl(); // Prevent future network requests. url_request_context_ = nullptr; - - // Invoke callback with error, if present. - if (callback) - std::move(callback).Run(ERR_CONTEXT_SHUT_DOWN); } void DhcpPacFileFetcherWin::CancelImpl() { @@ -370,8 +359,7 @@ void DhcpPacFileFetcherWin::OnGetCandidateAdapterNamesDone( logging_info->origin_thread_end_time = base::TimeTicks::Now(); net_log_.EndEvent(NetLogEventType::WPAD_DHCP_WIN_GET_ADAPTERS, - base::Bind(&NetLogGetAdaptersDoneCallback, - base::Unretained(logging_info))); + [&] { return NetLogGetAdaptersDoneParams(logging_info); }); // Enable unit tests to wait for this to happen; in production this function // call is a no-op. @@ -419,9 +407,9 @@ void DhcpPacFileFetcherWin::OnFetcherDone(size_t fetcher_index, int result) { DCHECK(state_ == STATE_NO_RESULTS || state_ == STATE_SOME_RESULTS); - net_log_.AddEvent( - NetLogEventType::WPAD_DHCP_WIN_ON_FETCHER_DONE, - base::Bind(&NetLogFetcherDoneCallback, fetcher_index, result)); + net_log_.AddEvent(NetLogEventType::WPAD_DHCP_WIN_ON_FETCHER_DONE, [&] { + return NetLogFetcherDoneParams(fetcher_index, result); + }); if (--num_pending_fetchers_ == 0) { TransitionToDone(); @@ -502,9 +490,9 @@ void DhcpPacFileFetcherWin::TransitionToDone() { DCHECK_EQ(state_, STATE_DONE); DCHECK(fetchers_.empty()); - net_log_.EndEvent( - NetLogEventType::WPAD_DHCP_WIN_FETCH, - base::Bind(&NetLogFetcherDoneCallback, used_fetcher_index, result)); + net_log_.EndEvent(NetLogEventType::WPAD_DHCP_WIN_FETCH, [&] { + return NetLogFetcherDoneParams(used_fetcher_index, result); + }); // We may be deleted re-entrantly within this outcall. std::move(callback).Run(result); diff --git a/chromium/net/proxy_resolution/dhcp_pac_file_fetcher_win_unittest.cc b/chromium/net/proxy_resolution/dhcp_pac_file_fetcher_win_unittest.cc index b47d84bb17a..718738ac148 100644 --- a/chromium/net/proxy_resolution/dhcp_pac_file_fetcher_win_unittest.cc +++ b/chromium/net/proxy_resolution/dhcp_pac_file_fetcher_win_unittest.cc @@ -689,8 +689,8 @@ TEST(DhcpPacFileFetcherWin, OnShutdown) { client.RunTest(); client.fetcher_.OnShutdown(); - EXPECT_TRUE(client.finished_); - EXPECT_THAT(client.result_, IsError(ERR_CONTEXT_SHUT_DOWN)); + base::RunLoop().RunUntilIdle(); + EXPECT_FALSE(client.finished_); client.ResetTestState(); EXPECT_THAT(client.RunTestThatMayFailSync(), IsError(ERR_CONTEXT_SHUT_DOWN)); diff --git a/chromium/net/proxy_resolution/multi_threaded_proxy_resolver.cc b/chromium/net/proxy_resolution/multi_threaded_proxy_resolver.cc index 479c9c53f5f..e8623497dd2 100644 --- a/chromium/net/proxy_resolution/multi_threaded_proxy_resolver.cc +++ b/chromium/net/proxy_resolution/multi_threaded_proxy_resolver.cc @@ -294,9 +294,9 @@ class MultiThreadedProxyResolver::GetProxyForURLJob : public Job { net_log_.EndEvent(NetLogEventType::WAITING_FOR_PROXY_RESOLVER_THREAD); } - net_log_.AddEvent( - NetLogEventType::SUBMITTED_TO_RESOLVER_THREAD, - NetLog::IntCallback("thread_number", executor()->thread_number())); + net_log_.AddEventWithIntParams( + NetLogEventType::SUBMITTED_TO_RESOLVER_THREAD, "thread_number", + executor()->thread_number()); } // Runs on the worker thread. diff --git a/chromium/net/proxy_resolution/multi_threaded_proxy_resolver_unittest.cc b/chromium/net/proxy_resolution/multi_threaded_proxy_resolver_unittest.cc index 6c93f5d6c9a..a1a3c3b0347 100644 --- a/chromium/net/proxy_resolution/multi_threaded_proxy_resolver_unittest.cc +++ b/chromium/net/proxy_resolution/multi_threaded_proxy_resolver_unittest.cc @@ -22,7 +22,6 @@ #include "net/log/net_log_event_type.h" #include "net/log/net_log_with_source.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/proxy_resolution/mock_proxy_resolver.h" #include "net/proxy_resolution/proxy_info.h" @@ -273,8 +272,7 @@ TEST_F(MultiThreadedProxyResolverTest, SingleThread_Basic) { // on completion, this should have been copied into |log0|. // We also have 1 log entry that was emitted by the // MultiThreadedProxyResolver. - TestNetLogEntry::List entries0; - log0.GetEntries(&entries0); + auto entries0 = log0.GetEntries(); ASSERT_EQ(2u, entries0.size()); EXPECT_EQ(NetLogEventType::SUBMITTED_TO_RESOLVER_THREAD, entries0[0].type); @@ -366,8 +364,7 @@ TEST_F(MultiThreadedProxyResolverTest, EXPECT_EQ(0, callback0.WaitForResult()); EXPECT_EQ("PROXY request0:80", results0.ToPacString()); - TestNetLogEntry::List entries0; - log0.GetEntries(&entries0); + auto entries0 = log0.GetEntries(); ASSERT_EQ(2u, entries0.size()); EXPECT_EQ(NetLogEventType::SUBMITTED_TO_RESOLVER_THREAD, entries0[0].type); @@ -376,8 +373,7 @@ TEST_F(MultiThreadedProxyResolverTest, EXPECT_EQ(1, callback1.WaitForResult()); EXPECT_EQ("PROXY request1:80", results1.ToPacString()); - TestNetLogEntry::List entries1; - log1.GetEntries(&entries1); + auto entries1 = log1.GetEntries(); ASSERT_EQ(4u, entries1.size()); EXPECT_TRUE(LogContainsBeginEvent( @@ -389,8 +385,7 @@ TEST_F(MultiThreadedProxyResolverTest, EXPECT_EQ(2, callback2.WaitForResult()); EXPECT_EQ("PROXY request2:80", results2.ToPacString()); - TestNetLogEntry::List entries2; - log2.GetEntries(&entries2); + auto entries2 = log2.GetEntries(); ASSERT_EQ(4u, entries2.size()); EXPECT_TRUE(LogContainsBeginEvent( diff --git a/chromium/net/proxy_resolution/pac_file_decider.cc b/chromium/net/proxy_resolution/pac_file_decider.cc index d90e3bf15cf..8c5fc8d644a 100644 --- a/chromium/net/proxy_resolution/pac_file_decider.cc +++ b/chromium/net/proxy_resolution/pac_file_decider.cc @@ -66,9 +66,8 @@ PacFileDataWithSource::PacFileDataWithSource(const PacFileDataWithSource&) = PacFileDataWithSource& PacFileDataWithSource::operator=( const PacFileDataWithSource&) = default; -base::Value PacFileDecider::PacSource::NetLogCallback( - const GURL* effective_pac_url, - NetLogCaptureMode /* capture_mode */) const { +base::Value PacFileDecider::PacSource::NetLogParams( + const GURL& effective_pac_url) const { base::Value dict(base::Value::Type::DICTIONARY); std::string source; switch (type) { @@ -77,11 +76,11 @@ base::Value PacFileDecider::PacSource::NetLogCallback( break; case PacSource::WPAD_DNS: source = "WPAD DNS: "; - source += effective_pac_url->possibly_invalid_spec(); + source += effective_pac_url.possibly_invalid_spec(); break; case PacSource::CUSTOM: source = "Custom PAC URL: "; - source += effective_pac_url->possibly_invalid_spec(); + source += effective_pac_url.possibly_invalid_spec(); break; } dict.SetStringKey("source", source); @@ -147,13 +146,8 @@ void PacFileDecider::OnShutdown() { if (next_state_ == STATE_NONE) return; - CompletionOnceCallback callback = std::move(callback_); - // Just cancel any pending work. Cancel(); - - if (callback) - std::move(callback).Run(ERR_CONTEXT_SHUT_DOWN); } const ProxyConfigWithAnnotation& PacFileDecider::effective_config() const { @@ -317,10 +311,9 @@ int PacFileDecider::DoFetchPacScript() { GURL effective_pac_url; DetermineURL(pac_source, &effective_pac_url); - net_log_.BeginEvent( - NetLogEventType::PAC_FILE_DECIDER_FETCH_PAC_SCRIPT, - base::Bind(&PacSource::NetLogCallback, base::Unretained(&pac_source), - &effective_pac_url)); + net_log_.BeginEvent(NetLogEventType::PAC_FILE_DECIDER_FETCH_PAC_SCRIPT, [&] { + return pac_source.NetLogParams(effective_pac_url); + }); if (pac_source.type == PacSource::WPAD_DHCP) { if (!dhcp_pac_file_fetcher_) { diff --git a/chromium/net/proxy_resolution/pac_file_decider.h b/chromium/net/proxy_resolution/pac_file_decider.h index 24002bbc303..a6d4fdb2cc4 100644 --- a/chromium/net/proxy_resolution/pac_file_decider.h +++ b/chromium/net/proxy_resolution/pac_file_decider.h @@ -32,7 +32,6 @@ namespace net { class DhcpPacFileFetcher; class NetLog; -class NetLogCaptureMode; class ProxyResolver; class PacFileFetcher; @@ -100,7 +99,8 @@ class NET_EXPORT_PRIVATE PacFileDecider { CompletionOnceCallback callback); // Shuts down any in-progress DNS requests, and cancels any ScriptFetcher - // requests. Does not call OnShutdown on the [Dhcp]PacFileFetcher. + // requests. Does not call OnShutdown() on the [Dhcp]PacFileFetcher. Any + // pending callback will not be invoked. void OnShutdown(); const ProxyConfigWithAnnotation& effective_config() const; @@ -119,11 +119,10 @@ class NET_EXPORT_PRIVATE PacFileDecider { PacSource(Type type, const GURL& url) : type(type), url(url) {} - // Returns a Value representing the PacSource. |effective_pac_url| must - // be non-NULL and point to the URL derived from information contained in + // Returns a Value representing the PacSource. |effective_pac_url| is the + // URL derived from information contained in // |this|, if Type is not WPAD_DHCP. - base::Value NetLogCallback(const GURL* effective_pac_url, - NetLogCaptureMode capture_mode) const; + base::Value NetLogParams(const GURL& effective_pac_url) const; Type type; GURL url; // Empty unless |type == PAC_SOURCE_CUSTOM|. diff --git a/chromium/net/proxy_resolution/pac_file_decider_unittest.cc b/chromium/net/proxy_resolution/pac_file_decider_unittest.cc index cd3d212cde9..8a89c513526 100644 --- a/chromium/net/proxy_resolution/pac_file_decider_unittest.cc +++ b/chromium/net/proxy_resolution/pac_file_decider_unittest.cc @@ -20,7 +20,6 @@ #include "net/dns/mock_host_resolver.h" #include "net/log/net_log_event_type.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/proxy_resolution/dhcp_pac_file_fetcher.h" #include "net/proxy_resolution/mock_pac_file_fetcher.h" @@ -219,8 +218,7 @@ TEST(PacFileDeciderTest, CustomPacSucceeds) { EXPECT_FALSE(decider.script_data().from_auto_detect); // Check the NetLog was filled correctly. - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_EQ(4u, entries.size()); EXPECT_TRUE( @@ -257,8 +255,7 @@ TEST(PacFileDeciderTest, CustomPacFails1) { EXPECT_FALSE(decider.script_data().data); // Check the NetLog was filled correctly. - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_EQ(4u, entries.size()); EXPECT_TRUE( @@ -473,7 +470,8 @@ TEST_F(PacFileDeciderQuickCheckTest, ShutdownDuringResolve) { decider_->OnShutdown(); EXPECT_FALSE(resolver_.has_pending_requests()); - EXPECT_THAT(callback_.WaitForResult(), IsError(ERR_CONTEXT_SHUT_DOWN)); + base::RunLoop().RunUntilIdle(); + EXPECT_FALSE(callback_.have_result()); } // Regression test for http://crbug.com/409698. @@ -545,8 +543,7 @@ TEST(PacFileDeciderTest, AutodetectFailCustomSuccess2) { // Check the NetLog was filled correctly. // (Note that various states are repeated since both WPAD and custom // PAC scripts are tried). - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_EQ(10u, entries.size()); EXPECT_TRUE( @@ -651,8 +648,7 @@ TEST(PacFileDeciderTest, CustomPacFails1_WithPositiveDelay) { EXPECT_FALSE(decider.script_data().data); // Check the NetLog was filled correctly. - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_EQ(6u, entries.size()); EXPECT_TRUE( @@ -693,8 +689,7 @@ TEST(PacFileDeciderTest, CustomPacFails1_WithNegativeDelay) { EXPECT_FALSE(decider.script_data().data); // Check the NetLog was filled correctly. - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_EQ(4u, entries.size()); EXPECT_TRUE( diff --git a/chromium/net/proxy_resolution/pac_file_fetcher_impl.cc b/chromium/net/proxy_resolution/pac_file_fetcher_impl.cc index da10413fe1b..506eeac9732 100644 --- a/chromium/net/proxy_resolution/pac_file_fetcher_impl.cc +++ b/chromium/net/proxy_resolution/pac_file_fetcher_impl.cc @@ -335,8 +335,7 @@ PacFileFetcherImpl::PacFileFetcherImpl(URLRequestContext* url_request_context, result_text_(nullptr), max_response_bytes_(kDefaultMaxResponseBytes), max_duration_(kDefaultMaxDuration), - allow_file_url_(allow_file_url), - weak_factory_(this) { + allow_file_url_(allow_file_url) { DCHECK(url_request_context); } diff --git a/chromium/net/proxy_resolution/pac_file_fetcher_impl.h b/chromium/net/proxy_resolution/pac_file_fetcher_impl.h index 7bc1daaacf1..397bf228020 100644 --- a/chromium/net/proxy_resolution/pac_file_fetcher_impl.h +++ b/chromium/net/proxy_resolution/pac_file_fetcher_impl.h @@ -161,7 +161,7 @@ class NET_EXPORT PacFileFetcherImpl : public PacFileFetcher, // Factory for creating the time-out task. This takes care of revoking // outstanding tasks when |this| is deleted. - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(PacFileFetcherImpl); }; diff --git a/chromium/net/proxy_resolution/pac_library_unittest.cc b/chromium/net/proxy_resolution/pac_library_unittest.cc index 1b166805ce3..9337c5b9568 100644 --- a/chromium/net/proxy_resolution/pac_library_unittest.cc +++ b/chromium/net/proxy_resolution/pac_library_unittest.cc @@ -254,10 +254,10 @@ class MockSocketFactory : public ClientSocketFactory { return nullptr; } std::unique_ptr CreateSSLClientSocket( + SSLClientContext* context, std::unique_ptr stream_socket, const HostPortPair& host_and_port, - const SSLConfig& ssl_config, - const SSLClientSocketContext& context) override { + const SSLConfig& ssl_config) override { ADD_FAILURE() << "Called CreateSSLClientSocket()"; return nullptr; } diff --git a/chromium/net/proxy_resolution/proxy_config_service_android.cc b/chromium/net/proxy_resolution/proxy_config_service_android.cc index 8c04674c208..81d70aba5f2 100644 --- a/chromium/net/proxy_resolution/proxy_config_service_android.cc +++ b/chromium/net/proxy_resolution/proxy_config_service_android.cc @@ -20,8 +20,8 @@ #include "base/strings/string_tokenizer.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" -#include "jni/ProxyChangeListener_jni.h" #include "net/base/host_port_pair.h" +#include "net/net_jni_headers/ProxyChangeListener_jni.h" #include "net/proxy_resolution/proxy_config_with_annotation.h" #include "url/third_party/mozilla/url_parse.h" diff --git a/chromium/net/proxy_resolution/proxy_config_service_android_unittest.cc b/chromium/net/proxy_resolution/proxy_config_service_android_unittest.cc index 7052903e2a0..6283c448f98 100644 --- a/chromium/net/proxy_resolution/proxy_config_service_android_unittest.cc +++ b/chromium/net/proxy_resolution/proxy_config_service_android_unittest.cc @@ -13,7 +13,7 @@ #include "base/compiler_specific.h" #include "base/run_loop.h" #include "base/threading/thread_task_runner_handle.h" -#include "jni/AndroidProxyConfigServiceTestUtil_jni.h" +#include "net/net_test_jni_headers/AndroidProxyConfigServiceTestUtil_jni.h" #include "net/proxy_resolution/proxy_config_with_annotation.h" #include "net/proxy_resolution/proxy_info.h" #include "net/test/test_with_scoped_task_environment.h" diff --git a/chromium/net/proxy_resolution/proxy_info.cc b/chromium/net/proxy_resolution/proxy_info.cc index 762756d9a4e..cb0bf4eb0f6 100644 --- a/chromium/net/proxy_resolution/proxy_info.cc +++ b/chromium/net/proxy_resolution/proxy_info.cc @@ -8,10 +8,7 @@ namespace net { -ProxyInfo::ProxyInfo() - : did_bypass_proxy_(false), - did_use_pac_script_(false), - did_use_auto_detected_pac_script_(false) {} +ProxyInfo::ProxyInfo() : did_bypass_proxy_(false), did_use_pac_script_(false) {} ProxyInfo::ProxyInfo(const ProxyInfo& other) = default; @@ -25,7 +22,6 @@ void ProxyInfo::Use(const ProxyInfo& other) { traffic_annotation_ = other.traffic_annotation_; did_bypass_proxy_ = other.did_bypass_proxy_; did_use_pac_script_ = other.did_use_pac_script_; - did_use_auto_detected_pac_script_ = other.did_use_auto_detected_pac_script_; } void ProxyInfo::UseDirect() { @@ -92,7 +88,6 @@ void ProxyInfo::Reset() { traffic_annotation_.reset(); did_bypass_proxy_ = false; did_use_pac_script_ = false; - did_use_auto_detected_pac_script_ = false; } } // namespace net diff --git a/chromium/net/proxy_resolution/proxy_info.h b/chromium/net/proxy_resolution/proxy_info.h index daa5862ebda..e3ea8da6a07 100644 --- a/chromium/net/proxy_resolution/proxy_info.h +++ b/chromium/net/proxy_resolution/proxy_info.h @@ -127,12 +127,6 @@ class NET_EXPORT ProxyInfo { return did_use_pac_script_; } - // Returns true if the proxy list was obtained from a PAC script that - // was auto-detected. - bool did_use_auto_detected_pac_script() const { - return did_use_auto_detected_pac_script_; - } - // Returns the first valid proxy server. is_empty() must be false to be able // to call this function. const ProxyServer& proxy_server() const { return proxy_list_.Get(); } @@ -209,7 +203,6 @@ class NET_EXPORT ProxyInfo { // Whether we used a PAC script for resolving the proxy. bool did_use_pac_script_; - bool did_use_auto_detected_pac_script_; // How long it took to resolve the proxy. Times are both null if proxy was // determined synchronously without running a PAC. diff --git a/chromium/net/proxy_resolution/proxy_list.cc b/chromium/net/proxy_resolution/proxy_list.cc index b2e9071a0be..eb7b7d8800a 100644 --- a/chromium/net/proxy_resolution/proxy_list.cc +++ b/chromium/net/proxy_resolution/proxy_list.cc @@ -183,8 +183,8 @@ void ProxyList::AddProxyToRetryList(ProxyRetryInfoMap* proxy_retry_info, retry_info.net_error = net_error; (*proxy_retry_info)[proxy_key] = retry_info; } - net_log.AddEvent(NetLogEventType::PROXY_LIST_FALLBACK, - NetLog::StringCallback("bad_proxy", &proxy_key)); + net_log.AddEventWithStringParams(NetLogEventType::PROXY_LIST_FALLBACK, + "bad_proxy", proxy_key); } void ProxyList::UpdateRetryInfoOnFallback( diff --git a/chromium/net/proxy_resolution/proxy_resolution_service.cc b/chromium/net/proxy_resolution/proxy_resolution_service.cc index 9f906ae1939..fc422b4390c 100644 --- a/chromium/net/proxy_resolution/proxy_resolution_service.cc +++ b/chromium/net/proxy_resolution/proxy_resolution_service.cc @@ -314,10 +314,9 @@ class ProxyResolverFactoryForPacResult : public ProxyResolverFactory { }; // Returns NetLog parameters describing a proxy configuration change. -base::Value NetLogProxyConfigChangedCallback( +base::Value NetLogProxyConfigChangedParams( const base::Optional* old_config, - const ProxyConfigWithAnnotation* new_config, - NetLogCaptureMode /* capture_mode */) { + const ProxyConfigWithAnnotation* new_config) { base::Value dict(base::Value::Type::DICTIONARY); // The "old_config" is optional -- the first notification will not have // any "previous" configuration. @@ -327,8 +326,7 @@ base::Value NetLogProxyConfigChangedCallback( return dict; } -base::Value NetLogBadProxyListCallback(const ProxyRetryInfoMap* retry_info, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogBadProxyListParams(const ProxyRetryInfoMap* retry_info) { base::Value dict(base::Value::Type::DICTIONARY); base::Value list(base::Value::Type::LIST); @@ -339,9 +337,7 @@ base::Value NetLogBadProxyListCallback(const ProxyRetryInfoMap* retry_info, } // Returns NetLog parameters on a successfuly proxy resolution. -base::Value NetLogFinishedResolvingProxyCallback( - const ProxyInfo* result, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogFinishedResolvingProxyParams(const ProxyInfo* result) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetStringKey("pac_string", result->ToPacString()); return dict; @@ -441,7 +437,6 @@ class ProxyResolutionService::InitProxyResolver { InitProxyResolver() : proxy_resolver_factory_(nullptr), proxy_resolver_(nullptr), - resolver_using_auto_detected_script_(nullptr), next_state_(STATE_NONE), quick_check_enabled_(true) {} @@ -453,11 +448,7 @@ class ProxyResolutionService::InitProxyResolver { // Begins initializing the proxy resolver; calls |callback| when done. A // ProxyResolver instance will be created using |proxy_resolver_factory| and // assigned to |*proxy_resolver| if the final result is OK. - // |*resolver_using_auto_detected_script| will be set to true if - // |proxy_resolver| was initialized using script data that originates from - // proxy auto-detection. int Start(std::unique_ptr* proxy_resolver, - bool* resolver_using_auto_detected_script, ProxyResolverFactory* proxy_resolver_factory, PacFileFetcher* pac_file_fetcher, DhcpPacFileFetcher* dhcp_pac_file_fetcher, @@ -467,7 +458,6 @@ class ProxyResolutionService::InitProxyResolver { CompletionOnceCallback callback) { DCHECK_EQ(STATE_NONE, next_state_); proxy_resolver_ = proxy_resolver; - resolver_using_auto_detected_script_ = resolver_using_auto_detected_script; proxy_resolver_factory_ = proxy_resolver_factory; decider_.reset( @@ -486,11 +476,7 @@ class ProxyResolutionService::InitProxyResolver { // inputs for initializing the ProxyResolver. A ProxyResolver instance will // be created using |proxy_resolver_factory| and assigned to // |*proxy_resolver| if the final result is OK. - // |*resolver_using_auto_detected_script| will be set to true if - // |proxy_resolver| was initialized using script data that originates from - // proxy auto-detection. int StartSkipDecider(std::unique_ptr* proxy_resolver, - bool* resolver_using_auto_detected_script, ProxyResolverFactory* proxy_resolver_factory, const ProxyConfigWithAnnotation& effective_config, int decider_result, @@ -498,7 +484,6 @@ class ProxyResolutionService::InitProxyResolver { CompletionOnceCallback callback) { DCHECK_EQ(STATE_NONE, next_state_); proxy_resolver_ = proxy_resolver; - resolver_using_auto_detected_script_ = resolver_using_auto_detected_script; proxy_resolver_factory_ = proxy_resolver_factory; effective_config_ = effective_config; @@ -613,11 +598,8 @@ class ProxyResolutionService::InitProxyResolver { } int DoCreateResolverComplete(int result) { - if (result == OK) { - *resolver_using_auto_detected_script_ = script_data_.from_auto_detect; - } else { + if (result != OK) proxy_resolver_->reset(); - } return result; } @@ -636,7 +618,6 @@ class ProxyResolutionService::InitProxyResolver { ProxyResolverFactory* proxy_resolver_factory_; std::unique_ptr create_resolver_request_; std::unique_ptr* proxy_resolver_; - bool* resolver_using_auto_detected_script_; CompletionOnceCallback callback_; State next_state_; bool quick_check_enabled_; @@ -691,8 +672,7 @@ class ProxyResolutionService::PacFileDeciderPoller { dhcp_pac_file_fetcher_(dhcp_pac_file_fetcher), last_error_(init_net_error), last_script_data_(init_script_data), - last_poll_time_(TimeTicks::Now()), - weak_factory_(this) { + last_poll_time_(TimeTicks::Now()) { // Set the initial poll delay. next_poll_mode_ = poll_policy()->GetNextDelay( last_error_, TimeDelta::FromSeconds(-1), &next_poll_delay_); @@ -846,7 +826,7 @@ class ProxyResolutionService::PacFileDeciderPoller { bool quick_check_enabled_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(PacFileDeciderPoller); }; @@ -905,7 +885,6 @@ class ProxyResolutionService::RequestImpl // Outstanding requests are cancelled during ~ProxyResolutionService, so this // is guaranteed to be valid throughout our lifetime. ProxyResolutionService* service_; - bool resolver_using_auto_detected_script_; CompletionOnceCallback user_callback_; ProxyInfo* results_; GURL url_; @@ -964,8 +943,6 @@ int ProxyResolutionService::RequestImpl::Start() { if (service_->ApplyPacBypassRules(url_, results_)) return OK; - resolver_using_auto_detected_script_ = - service_->resolver_using_auto_detected_script_; return resolver()->GetProxyForURL( url_, results_, base::Bind(&ProxyResolutionService::RequestImpl::QueryComplete, @@ -1003,8 +980,6 @@ int ProxyResolutionService::RequestImpl::QueryDidComplete(int result_code) { // Make a note in the results which configuration was in use at the // time of the resolve. results_->did_use_pac_script_ = true; - results_->did_use_auto_detected_pac_script_ = - resolver_using_auto_detected_script_; results_->proxy_resolve_start_time_ = creation_time_; results_->proxy_resolve_end_time_ = TimeTicks::Now(); @@ -1066,8 +1041,7 @@ ProxyResolutionService::ProxyResolutionService( net_log_(net_log), stall_proxy_auto_config_delay_( TimeDelta::FromMilliseconds(kDelayAfterNetworkChangesMs)), - quick_check_enabled_(true), - weak_ptr_factory_(this) { + quick_check_enabled_(true) { NetworkChangeNotifier::AddIPAddressObserver(this); NetworkChangeNotifier::AddDNSObserver(this); config_service_->AddObserver(this); @@ -1411,9 +1385,9 @@ void ProxyResolutionService::ReportSuccess(const ProxyInfo& result) { existing->second.bad_until = iter->second.bad_until; } if (net_log_) { - net_log_->AddGlobalEntry( - NetLogEventType::BAD_PROXY_LIST_REPORTED, - base::Bind(&NetLogBadProxyListCallback, &new_retry_info)); + net_log_->AddGlobalEntry(NetLogEventType::BAD_PROXY_LIST_REPORTED, [&] { + return NetLogBadProxyListParams(&new_retry_info); + }); } } @@ -1443,7 +1417,7 @@ int ProxyResolutionService::DidFinishResolvingProxy( net_log.AddEvent( NetLogEventType::PROXY_RESOLUTION_SERVICE_RESOLVED_PROXY_LIST, - base::Bind(&NetLogFinishedResolvingProxyCallback, result)); + [&] { return NetLogFinishedResolvingProxyParams(result); }); // This check is done to only log the NetLog event when necessary, it's // not a performance optimization. @@ -1451,7 +1425,7 @@ int ProxyResolutionService::DidFinishResolvingProxy( result->DeprioritizeBadProxies(proxy_retry_info_); net_log.AddEvent( NetLogEventType::PROXY_RESOLUTION_SERVICE_DEPRIORITIZED_BAD_PROXIES, - base::Bind(&NetLogFinishedResolvingProxyCallback, result)); + [&] { return NetLogFinishedResolvingProxyParams(result); }); } } else { net_log.AddEventWithNetErrorCode( @@ -1638,9 +1612,10 @@ void ProxyResolutionService::OnProxyConfigChanged( // Emit the proxy settings change to the NetLog stream. if (net_log_) { - net_log_->AddGlobalEntry(NetLogEventType::PROXY_CONFIG_CHANGED, - base::Bind(&NetLogProxyConfigChangedCallback, - &fetched_config_, &effective_config)); + net_log_->AddGlobalEntry(NetLogEventType::PROXY_CONFIG_CHANGED, [&] { + return NetLogProxyConfigChangedParams(&fetched_config_, + &effective_config); + }); } if (config.value().has_pac_url()) { @@ -1686,8 +1661,7 @@ void ProxyResolutionService::InitializeUsingLastFetchedConfig() { init_proxy_resolver_.reset(new InitProxyResolver()); init_proxy_resolver_->set_quick_check_enabled(quick_check_enabled_); int rv = init_proxy_resolver_->Start( - &resolver_, &resolver_using_auto_detected_script_, - resolver_factory_.get(), pac_file_fetcher_.get(), + &resolver_, resolver_factory_.get(), pac_file_fetcher_.get(), dhcp_pac_file_fetcher_.get(), net_log_, fetched_config_.value(), wait_delay, base::Bind(&ProxyResolutionService::OnInitProxyResolverComplete, @@ -1710,8 +1684,8 @@ void ProxyResolutionService::InitializeUsingDecidedConfig( init_proxy_resolver_.reset(new InitProxyResolver()); int rv = init_proxy_resolver_->StartSkipDecider( - &resolver_, &resolver_using_auto_detected_script_, - resolver_factory_.get(), effective_config, decider_result, script_data, + &resolver_, resolver_factory_.get(), effective_config, decider_result, + script_data, base::Bind(&ProxyResolutionService::OnInitProxyResolverComplete, base::Unretained(this))); diff --git a/chromium/net/proxy_resolution/proxy_resolution_service.h b/chromium/net/proxy_resolution/proxy_resolution_service.h index d2f1edcd658..4af3df269d4 100644 --- a/chromium/net/proxy_resolution/proxy_resolution_service.h +++ b/chromium/net/proxy_resolution/proxy_resolution_service.h @@ -373,11 +373,8 @@ class NET_EXPORT ProxyResolutionService std::unique_ptr config_service_; std::unique_ptr resolver_factory_; - // If non-null, the initialized ProxyResolver to use for requests, and a - // boolean indicating whether it was initialized using an auto-detected - // script. + // If non-null, the initialized ProxyResolver to use for requests. std::unique_ptr resolver_; - bool resolver_using_auto_detected_script_; // We store the proxy configuration that was last fetched from the // ProxyConfigService, as well as the resulting "effective" configuration. @@ -443,7 +440,7 @@ class NET_EXPORT ProxyResolutionService // Flag used by |SetReady()| to check if |this| has been deleted by a // synchronous callback. - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(ProxyResolutionService); }; diff --git a/chromium/net/proxy_resolution/proxy_resolution_service_unittest.cc b/chromium/net/proxy_resolution/proxy_resolution_service_unittest.cc index b00fe1239f2..ff284401b86 100644 --- a/chromium/net/proxy_resolution/proxy_resolution_service_unittest.cc +++ b/chromium/net/proxy_resolution/proxy_resolution_service_unittest.cc @@ -24,7 +24,6 @@ #include "net/log/net_log_event_type.h" #include "net/log/net_log_with_source.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/proxy_resolution/dhcp_pac_file_fetcher.h" #include "net/proxy_resolution/mock_pac_file_fetcher.h" @@ -409,8 +408,7 @@ TEST_F(ProxyResolutionServiceTest, Direct) { EXPECT_TRUE(info.proxy_resolve_end_time().is_null()); // Check the NetLog was filled correctly. - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_EQ(3u, entries.size()); EXPECT_TRUE(LogContainsBeginEvent(entries, 0, @@ -915,8 +913,7 @@ TEST_F(ProxyResolutionServiceTest, PAC) { EXPECT_LE(info.proxy_resolve_start_time(), info.proxy_resolve_end_time()); // Check the NetLog was filled correctly. - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_EQ(5u, entries.size()); EXPECT_TRUE(LogContainsBeginEvent(entries, 0, @@ -2494,8 +2491,7 @@ TEST_F(ProxyResolutionServiceTest, CancelWhilePACFetching) { EXPECT_FALSE(callback1.have_result()); // Cancelled. EXPECT_FALSE(callback2.have_result()); // Cancelled. - TestNetLogEntry::List entries1; - log1.GetEntries(&entries1); + auto entries1 = log1.GetEntries(); // Check the NetLog for request 1 (which was cancelled) got filled properly. EXPECT_EQ(4u, entries1.size()); @@ -3037,8 +3033,7 @@ TEST_F(ProxyResolutionServiceTest, NetworkChangeTriggersPacRefetch) { // Check that the expected events were output to the log stream. In particular // PROXY_CONFIG_CHANGED should have only been emitted once (for the initial // setup), and NOT a second time when the IP address changed. - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_TRUE(LogContainsEntryWithType(entries, 0, NetLogEventType::PROXY_CONFIG_CHANGED)); @@ -3854,9 +3849,9 @@ TEST_F(ProxyResolutionServiceTest, OnShutdownWithLiveRequest) { EXPECT_EQ(GURL("http://foopy/proxy.pac"), fetcher->pending_request_url()); service.OnShutdown(); - EXPECT_THAT(callback.WaitForResult(), IsOk()); + base::RunLoop().RunUntilIdle(); + EXPECT_FALSE(callback.have_result()); EXPECT_FALSE(fetcher->has_pending_request()); - EXPECT_TRUE(info.is_direct()); } TEST_F(ProxyResolutionServiceTest, OnShutdownFollowedByRequest) { diff --git a/chromium/net/proxy_resolution/proxy_resolver_v8_tracing.cc b/chromium/net/proxy_resolution/proxy_resolver_v8_tracing.cc index 3f7b5e810a5..b2f36ba8088 100644 --- a/chromium/net/proxy_resolution/proxy_resolver_v8_tracing.cc +++ b/chromium/net/proxy_resolution/proxy_resolver_v8_tracing.cc @@ -14,7 +14,7 @@ #include "base/macros.h" #include "base/single_thread_task_runner.h" #include "base/strings/stringprintf.h" -#include "base/synchronization/cancellation_flag.h" +#include "base/synchronization/atomic_flag.h" #include "base/synchronization/waitable_event.h" #include "base/threading/thread.h" #include "base/threading/thread_checker.h" @@ -220,7 +220,7 @@ class Job : public base::RefCountedThreadSafe, CompletionOnceCallback callback_; // Flag to indicate whether the request has been cancelled. - base::CancellationFlag cancelled_; + base::AtomicFlag cancelled_; // The operation that this Job is running. // Initialized on origin thread and then accessed from both threads. diff --git a/chromium/net/proxy_resolution/proxy_resolver_v8_tracing_wrapper.cc b/chromium/net/proxy_resolution/proxy_resolver_v8_tracing_wrapper.cc deleted file mode 100644 index 879756e3118..00000000000 --- a/chromium/net/proxy_resolution/proxy_resolver_v8_tracing_wrapper.cc +++ /dev/null @@ -1,190 +0,0 @@ -// Copyright 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/proxy_resolution/proxy_resolver_v8_tracing_wrapper.h" - -#include -#include - -#include "base/bind.h" -#include "base/macros.h" -#include "base/values.h" -#include "net/base/net_errors.h" -#include "net/log/net_log.h" -#include "net/log/net_log_capture_mode.h" -#include "net/log/net_log_event_type.h" -#include "net/log/net_log_parameters_callback.h" -#include "net/log/net_log_with_source.h" -#include "net/proxy_resolution/proxy_host_resolver.h" -#include "net/proxy_resolution/proxy_resolver_error_observer.h" - -namespace net { - -namespace { - -// Returns event parameters for a PAC error message (line number + message). -base::Value NetLogErrorCallback(int line_number, - const base::string16* message, - NetLogCaptureMode /* capture_mode */) { - base::Value dict(base::Value::Type::DICTIONARY); - dict.SetIntKey("line_number", line_number); - dict.SetStringKey("message", *message); - return dict; -} - -class BindingsImpl : public ProxyResolverV8Tracing::Bindings { - public: - BindingsImpl(ProxyResolverErrorObserver* error_observer, - ProxyHostResolver* host_resolver, - NetLog* net_log, - const NetLogWithSource& net_log_with_source) - : error_observer_(error_observer), - host_resolver_(host_resolver), - net_log_(net_log), - net_log_with_source_(net_log_with_source) {} - - // ProxyResolverV8Tracing::Bindings overrides. - void Alert(const base::string16& message) override { - // Send to the NetLog. - LogEventToCurrentRequestAndGlobally( - NetLogEventType::PAC_JAVASCRIPT_ALERT, - NetLog::StringCallback("message", &message)); - } - - void OnError(int line_number, const base::string16& message) override { - // Send the error to the NetLog. - LogEventToCurrentRequestAndGlobally( - NetLogEventType::PAC_JAVASCRIPT_ERROR, - base::Bind(&NetLogErrorCallback, line_number, &message)); - if (error_observer_) - error_observer_->OnPACScriptError(line_number, message); - } - - ProxyHostResolver* GetHostResolver() override { return host_resolver_; } - - NetLogWithSource GetNetLogWithSource() override { - return net_log_with_source_; - } - - private: - void LogEventToCurrentRequestAndGlobally( - NetLogEventType type, - const NetLogParametersCallback& parameters_callback) { - net_log_with_source_.AddEvent(type, parameters_callback); - - // Emit to the global NetLog event stream. - if (net_log_) - net_log_->AddGlobalEntry(type, parameters_callback); - } - - ProxyResolverErrorObserver* error_observer_; - ProxyHostResolver* host_resolver_; - NetLog* net_log_; - NetLogWithSource net_log_with_source_; -}; - -class ProxyResolverV8TracingWrapper : public ProxyResolver { - public: - ProxyResolverV8TracingWrapper( - std::unique_ptr resolver_impl, - NetLog* net_log, - ProxyHostResolver* host_resolver, - std::unique_ptr error_observer); - - int GetProxyForURL(const GURL& url, - ProxyInfo* results, - CompletionOnceCallback callback, - std::unique_ptr* request, - const NetLogWithSource& net_log) override; - - private: - std::unique_ptr resolver_impl_; - NetLog* net_log_; - ProxyHostResolver* host_resolver_; - std::unique_ptr error_observer_; - - DISALLOW_COPY_AND_ASSIGN(ProxyResolverV8TracingWrapper); -}; - -ProxyResolverV8TracingWrapper::ProxyResolverV8TracingWrapper( - std::unique_ptr resolver_impl, - NetLog* net_log, - ProxyHostResolver* host_resolver, - std::unique_ptr error_observer) - : resolver_impl_(std::move(resolver_impl)), - net_log_(net_log), - host_resolver_(host_resolver), - error_observer_(std::move(error_observer)) {} - -int ProxyResolverV8TracingWrapper::GetProxyForURL( - const GURL& url, - ProxyInfo* results, - CompletionOnceCallback callback, - std::unique_ptr* request, - const NetLogWithSource& net_log) { - resolver_impl_->GetProxyForURL( - url, results, std::move(callback), request, - std::make_unique(error_observer_.get(), host_resolver_, - net_log_, net_log)); - return ERR_IO_PENDING; -} - -} // namespace - -ProxyResolverFactoryV8TracingWrapper::ProxyResolverFactoryV8TracingWrapper( - ProxyHostResolver* host_resolver, - NetLog* net_log, - const base::Callback()>& - error_observer_factory) - : ProxyResolverFactory(true), - factory_impl_(ProxyResolverV8TracingFactory::Create()), - host_resolver_(host_resolver), - net_log_(net_log), - error_observer_factory_(error_observer_factory) {} - -ProxyResolverFactoryV8TracingWrapper::~ProxyResolverFactoryV8TracingWrapper() = - default; - -int ProxyResolverFactoryV8TracingWrapper::CreateProxyResolver( - const scoped_refptr& pac_script, - std::unique_ptr* resolver, - CompletionOnceCallback callback, - std::unique_ptr* request) { - std::unique_ptr> v8_resolver( - new std::unique_ptr); - std::unique_ptr error_observer = - error_observer_factory_.Run(); - // Note: Argument evaluation order is unspecified, so make copies before - // passing |v8_resolver| and |error_observer|. - std::unique_ptr* v8_resolver_local = - v8_resolver.get(); - ProxyResolverErrorObserver* error_observer_local = error_observer.get(); - factory_impl_->CreateProxyResolverV8Tracing( - pac_script, - std::make_unique(error_observer_local, host_resolver_, - net_log_, NetLogWithSource()), - v8_resolver_local, - base::BindOnce( - &ProxyResolverFactoryV8TracingWrapper::OnProxyResolverCreated, - base::Unretained(this), base::Passed(&v8_resolver), resolver, - std::move(callback), base::Passed(&error_observer)), - request); - return ERR_IO_PENDING; -} - -void ProxyResolverFactoryV8TracingWrapper::OnProxyResolverCreated( - std::unique_ptr> v8_resolver, - std::unique_ptr* resolver, - CompletionOnceCallback callback, - std::unique_ptr error_observer, - int error) { - if (error == OK) { - resolver->reset(new ProxyResolverV8TracingWrapper( - std::move(*v8_resolver), net_log_, host_resolver_, - std::move(error_observer))); - } - std::move(callback).Run(error); -} - -} // namespace net diff --git a/chromium/net/proxy_resolution/proxy_resolver_v8_tracing_wrapper.h b/chromium/net/proxy_resolution/proxy_resolver_v8_tracing_wrapper.h deleted file mode 100644 index 3b876153992..00000000000 --- a/chromium/net/proxy_resolution/proxy_resolver_v8_tracing_wrapper.h +++ /dev/null @@ -1,66 +0,0 @@ -// Copyright 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_PROXY_RESOLUTION_PROXY_RESOLVER_V8_TRACING_WRAPPER_H_ -#define NET_PROXY_RESOLUTION_PROXY_RESOLVER_V8_TRACING_WRAPPER_H_ - -#include - -#include "base/macros.h" -#include "base/memory/ref_counted.h" -#include "net/base/completion_once_callback.h" -#include "net/base/net_export.h" -#include "net/proxy_resolution/proxy_resolver.h" -#include "net/proxy_resolution/proxy_resolver_factory.h" -#include "net/proxy_resolution/proxy_resolver_v8_tracing.h" - -namespace net { - -class NetLog; -class ProxyHostResolver; -class ProxyResolverErrorObserver; - -// A wrapper for ProxyResolverV8TracingFactory that implements the -// ProxyResolverFactory interface. -class NET_EXPORT ProxyResolverFactoryV8TracingWrapper - : public ProxyResolverFactory { - public: - // Note that |host_resolver| and |net_log| are expected to outlive |this| and - // any ProxyResolver instances created using |this|. |error_observer_factory| - // will be invoked once per CreateProxyResolver() call to create a - // ProxyResolverErrorObserver to be used by the ProxyResolver instance - // returned by that call. - ProxyResolverFactoryV8TracingWrapper( - ProxyHostResolver* host_resolver, - NetLog* net_log, - const base::Callback()>& - error_observer_factory); - ~ProxyResolverFactoryV8TracingWrapper() override; - - // ProxyResolverFactory override. - int CreateProxyResolver(const scoped_refptr& pac_script, - std::unique_ptr* resolver, - CompletionOnceCallback callback, - std::unique_ptr* request) override; - - private: - void OnProxyResolverCreated( - std::unique_ptr> v8_resolver, - std::unique_ptr* resolver, - CompletionOnceCallback callback, - std::unique_ptr error_observer, - int error); - - std::unique_ptr factory_impl_; - ProxyHostResolver* const host_resolver_; - NetLog* const net_log_; - const base::Callback()> - error_observer_factory_; - - DISALLOW_COPY_AND_ASSIGN(ProxyResolverFactoryV8TracingWrapper); -}; - -} // namespace net - -#endif // NET_PROXY_RESOLUTION_PROXY_RESOLVER_V8_TRACING_WRAPPER_H_ diff --git a/chromium/net/proxy_resolution/proxy_resolver_v8_tracing_wrapper_unittest.cc b/chromium/net/proxy_resolution/proxy_resolver_v8_tracing_wrapper_unittest.cc deleted file mode 100644 index 13b4cd12077..00000000000 --- a/chromium/net/proxy_resolution/proxy_resolver_v8_tracing_wrapper_unittest.cc +++ /dev/null @@ -1,1088 +0,0 @@ -// Copyright (c) 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/proxy_resolution/proxy_resolver_v8_tracing_wrapper.h" - -#include - -#include "base/bind.h" -#include "base/files/file_util.h" -#include "base/memory/ptr_util.h" -#include "base/path_service.h" -#include "base/run_loop.h" -#include "base/stl_util.h" -#include "base/strings/string_util.h" -#include "base/strings/stringprintf.h" -#include "base/strings/utf_string_conversions.h" -#include "base/synchronization/waitable_event.h" -#include "base/threading/platform_thread.h" -#include "base/values.h" -#include "net/base/net_errors.h" -#include "net/base/network_interfaces.h" -#include "net/base/test_completion_callback.h" -#include "net/log/net_log_event_type.h" -#include "net/log/net_log_with_source.h" -#include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" -#include "net/log/test_net_log_util.h" -#include "net/proxy_resolution/mock_proxy_host_resolver.h" -#include "net/proxy_resolution/proxy_info.h" -#include "net/proxy_resolution/proxy_resolve_dns_operation.h" -#include "net/proxy_resolution/proxy_resolver_error_observer.h" -#include "net/test/event_waiter.h" -#include "net/test/gtest_util.h" -#include "net/test/test_with_scoped_task_environment.h" -#include "testing/gmock/include/gmock/gmock.h" -#include "testing/gtest/include/gtest/gtest.h" -#include "url/gurl.h" - -using net::test::IsError; -using net::test::IsOk; - -namespace net { - -namespace { - -class ProxyResolverV8TracingWrapperTest : public TestWithScopedTaskEnvironment { - public: - void TearDown() override { - // Drain any pending messages, which may be left over from cancellation. - // This way they get reliably run as part of the current test, rather than - // spilling into the next test's execution. - base::RunLoop().RunUntilIdle(); - } -}; - -scoped_refptr LoadScriptData(const char* filename) { - base::FilePath path; - base::PathService::Get(base::DIR_SOURCE_ROOT, &path); - path = path.AppendASCII("net"); - path = path.AppendASCII("data"); - path = path.AppendASCII("proxy_resolver_v8_tracing_unittest"); - path = path.AppendASCII(filename); - - // Try to read the file from disk. - std::string file_contents; - bool ok = base::ReadFileToString(path, &file_contents); - - // If we can't load the file from disk, something is misconfigured. - EXPECT_TRUE(ok) << "Failed to read file: " << path.value(); - - // Load the PAC script into the ProxyResolver. - return PacFileData::FromUTF8(file_contents); -} - -std::unique_ptr ReturnErrorObserver( - std::unique_ptr error_observer) { - return error_observer; -} - -std::unique_ptr CreateResolver( - NetLog* net_log, - ProxyHostResolver* host_resolver, - std::unique_ptr error_observer, - const char* filename) { - std::unique_ptr resolver; - ProxyResolverFactoryV8TracingWrapper factory( - host_resolver, net_log, - base::Bind(&ReturnErrorObserver, base::Passed(&error_observer))); - TestCompletionCallback callback; - std::unique_ptr request; - int rv = factory.CreateProxyResolver(LoadScriptData(filename), &resolver, - callback.callback(), &request); - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - EXPECT_THAT(callback.WaitForResult(), IsOk()); - EXPECT_TRUE(resolver); - return resolver; -} - -class MockErrorObserver : public ProxyResolverErrorObserver { - public: - void OnPACScriptError(int line_number, const base::string16& error) override { - output += base::StringPrintf("Error: line %d: %s\n", line_number, - base::UTF16ToASCII(error).c_str()); - waiter_.NotifyEvent(EVENT_ERROR); - if (!error_callback_.is_null()) - error_callback_.Run(); - } - - std::string GetOutput() { - return output; - } - - void RunOnError(const base::Closure& callback) { - error_callback_ = callback; - waiter_.WaitForEvent(EVENT_ERROR); - } - - private: - enum Event { - EVENT_ERROR, - }; - std::string output; - - base::Closure error_callback_; - EventWaiter waiter_; -}; - -TEST_F(ProxyResolverV8TracingWrapperTest, Simple) { - TestNetLog log; - BoundTestNetLog request_log; - MockProxyHostResolver host_resolver; - MockErrorObserver* error_observer = new MockErrorObserver; - - std::unique_ptr resolver = CreateResolver( - &log, &host_resolver, base::WrapUnique(error_observer), "simple.js"); - - TestCompletionCallback callback; - ProxyInfo proxy_info; - - std::unique_ptr req; - int rv = - resolver->GetProxyForURL(GURL("http://foo/"), &proxy_info, - callback.callback(), &req, request_log.bound()); - - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - EXPECT_THAT(callback.WaitForResult(), IsOk()); - - EXPECT_EQ("foo:99", proxy_info.proxy_server().ToURI()); - - EXPECT_EQ(0u, host_resolver.num_resolve()); - - // There were no errors. - EXPECT_EQ("", error_observer->GetOutput()); - - // Check the NetLogs -- nothing was logged. - EXPECT_EQ(0u, log.GetSize()); - EXPECT_EQ(0u, request_log.GetSize()); -} - -TEST_F(ProxyResolverV8TracingWrapperTest, JavascriptError) { - TestNetLog log; - BoundTestNetLog request_log; - MockProxyHostResolver host_resolver; - MockErrorObserver* error_observer = new MockErrorObserver; - - std::unique_ptr resolver = CreateResolver( - &log, &host_resolver, base::WrapUnique(error_observer), "error.js"); - - TestCompletionCallback callback; - ProxyInfo proxy_info; - - std::unique_ptr req; - int rv = - resolver->GetProxyForURL(GURL("http://throw-an-error/"), &proxy_info, - callback.callback(), &req, request_log.bound()); - - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - EXPECT_THAT(callback.WaitForResult(), IsError(ERR_PAC_SCRIPT_FAILED)); - - EXPECT_EQ(0u, host_resolver.num_resolve()); - - EXPECT_EQ( - "Error: line 5: Uncaught TypeError: Cannot read property 'split' " - "of null\n", - error_observer->GetOutput()); - - // Check the NetLogs -- there was 1 alert and 1 javascript error, and they - // were output to both the global log, and per-request log. - TestNetLogEntry::List entries_list[2]; - log.GetEntries(&entries_list[0]); - request_log.GetEntries(&entries_list[1]); - - for (size_t list_i = 0; list_i < base::size(entries_list); list_i++) { - const TestNetLogEntry::List& entries = entries_list[list_i]; - EXPECT_EQ(2u, entries.size()); - EXPECT_TRUE(LogContainsEvent(entries, 0, - NetLogEventType::PAC_JAVASCRIPT_ALERT, - NetLogEventPhase::NONE)); - EXPECT_TRUE(LogContainsEvent(entries, 1, - NetLogEventType::PAC_JAVASCRIPT_ERROR, - NetLogEventPhase::NONE)); - - EXPECT_EQ("{\"message\":\"Prepare to DIE!\"}", entries[0].GetParamsJson()); - EXPECT_EQ( - "{\"line_number\":5,\"message\":\"Uncaught TypeError: Cannot " - "read property 'split' of null\"}", - entries[1].GetParamsJson()); - } -} - -TEST_F(ProxyResolverV8TracingWrapperTest, TooManyAlerts) { - TestNetLog log; - BoundTestNetLog request_log; - MockProxyHostResolver host_resolver; - MockErrorObserver* error_observer = new MockErrorObserver; - - std::unique_ptr resolver = - CreateResolver(&log, &host_resolver, base::WrapUnique(error_observer), - "too_many_alerts.js"); - - TestCompletionCallback callback; - ProxyInfo proxy_info; - - std::unique_ptr req; - int rv = - resolver->GetProxyForURL(GURL("http://foo/"), &proxy_info, - callback.callback(), &req, request_log.bound()); - - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - EXPECT_THAT(callback.WaitForResult(), IsOk()); - - // Iteration1 does a DNS resolve - // Iteration2 exceeds the alert buffer - // Iteration3 runs in blocking mode and completes - EXPECT_EQ("foo:3", proxy_info.proxy_server().ToURI()); - - EXPECT_EQ(1u, host_resolver.num_resolve()); - - // No errors. - EXPECT_EQ("", error_observer->GetOutput()); - - // Check the NetLogs -- the script generated 50 alerts, which were mirrored - // to both the global and per-request logs. - TestNetLogEntry::List entries_list[2]; - log.GetEntries(&entries_list[0]); - request_log.GetEntries(&entries_list[1]); - - for (size_t list_i = 0; list_i < base::size(entries_list); list_i++) { - const TestNetLogEntry::List& entries = entries_list[list_i]; - EXPECT_EQ(50u, entries.size()); - for (size_t i = 0; i < entries.size(); ++i) { - ASSERT_TRUE(LogContainsEvent(entries, i, - NetLogEventType::PAC_JAVASCRIPT_ALERT, - NetLogEventPhase::NONE)); - } - } -} - -// Verify that buffered alerts cannot grow unboundedly, even when the message is -// empty string. -TEST_F(ProxyResolverV8TracingWrapperTest, TooManyEmptyAlerts) { - TestNetLog log; - BoundTestNetLog request_log; - MockProxyHostResolver host_resolver; - MockErrorObserver* error_observer = new MockErrorObserver; - - std::unique_ptr resolver = - CreateResolver(&log, &host_resolver, base::WrapUnique(error_observer), - "too_many_empty_alerts.js"); - - TestCompletionCallback callback; - ProxyInfo proxy_info; - - std::unique_ptr req; - int rv = - resolver->GetProxyForURL(GURL("http://foo/"), &proxy_info, - callback.callback(), &req, request_log.bound()); - - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - EXPECT_THAT(callback.WaitForResult(), IsOk()); - - EXPECT_EQ("foo:3", proxy_info.proxy_server().ToURI()); - - EXPECT_EQ(1u, host_resolver.num_resolve()); - - // No errors. - EXPECT_EQ("", error_observer->GetOutput()); - - // Check the NetLogs -- the script generated 50 alerts, which were mirrored - // to both the global and per-request logs. - TestNetLogEntry::List entries_list[2]; - log.GetEntries(&entries_list[0]); - request_log.GetEntries(&entries_list[1]); - - for (size_t list_i = 0; list_i < base::size(entries_list); list_i++) { - const TestNetLogEntry::List& entries = entries_list[list_i]; - EXPECT_EQ(1000u, entries.size()); - for (size_t i = 0; i < entries.size(); ++i) { - ASSERT_TRUE(LogContainsEvent(entries, i, - NetLogEventType::PAC_JAVASCRIPT_ALERT, - NetLogEventPhase::NONE)); - } - } -} - -// This test runs a PAC script that issues a sequence of DNS resolves. The test -// verifies the final result, and that the underlying DNS resolver received -// the correct set of queries. -TEST_F(ProxyResolverV8TracingWrapperTest, Dns) { - TestNetLog log; - BoundTestNetLog request_log; - MockProxyHostResolver host_resolver; - MockErrorObserver* error_observer = new MockErrorObserver; - - host_resolver.SetResult(GetHostName(), - ProxyResolveDnsOperation::MY_IP_ADDRESS, - {IPAddress(122, 133, 144, 155)}); - host_resolver.SetResult(GetHostName(), - ProxyResolveDnsOperation::MY_IP_ADDRESS_EX, - {IPAddress(133, 122, 100, 200)}); - host_resolver.SetError("", ProxyResolveDnsOperation::DNS_RESOLVE); - host_resolver.SetResult("host1", ProxyResolveDnsOperation::DNS_RESOLVE, - {IPAddress(166, 155, 144, 44)}); - IPAddress v6_local; - ASSERT_TRUE(v6_local.AssignFromIPLiteral("::1")); - host_resolver.SetResult("host1", ProxyResolveDnsOperation::DNS_RESOLVE_EX, - {v6_local, IPAddress(192, 168, 1, 1)}); - host_resolver.SetError("host2", ProxyResolveDnsOperation::DNS_RESOLVE); - host_resolver.SetResult("host3", ProxyResolveDnsOperation::DNS_RESOLVE, - {IPAddress(166, 155, 144, 33)}); - host_resolver.SetError("host6", ProxyResolveDnsOperation::DNS_RESOLVE_EX); - - std::unique_ptr resolver = CreateResolver( - &log, &host_resolver, base::WrapUnique(error_observer), "dns.js"); - - TestCompletionCallback callback; - ProxyInfo proxy_info; - - std::unique_ptr req; - int rv = - resolver->GetProxyForURL(GURL("http://foo/"), &proxy_info, - callback.callback(), &req, request_log.bound()); - - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - EXPECT_THAT(callback.WaitForResult(), IsOk()); - - // The test does 13 DNS resolution, however only 7 of them are unique. - EXPECT_EQ(7u, host_resolver.num_resolve()); - - const char* kExpectedResult = - "122.133.144.155-" // myIpAddress() - "null-" // dnsResolve('') - "__1_192.168.1.1-" // dnsResolveEx('host1') - "null-" // dnsResolve('host2') - "166.155.144.33-" // dnsResolve('host3') - "122.133.144.155-" // myIpAddress() - "166.155.144.33-" // dnsResolve('host3') - "__1_192.168.1.1-" // dnsResolveEx('host1') - "122.133.144.155-" // myIpAddress() - "null-" // dnsResolve('host2') - "-" // dnsResolveEx('host6') - "133.122.100.200-" // myIpAddressEx() - "166.155.144.44" // dnsResolve('host1') - ":99"; - - EXPECT_EQ(kExpectedResult, proxy_info.proxy_server().ToURI()); - - // No errors. - EXPECT_EQ("", error_observer->GetOutput()); - - // Check the NetLogs -- the script generated 1 alert, mirrored to both - // the per-request and global logs. - TestNetLogEntry::List entries_list[2]; - log.GetEntries(&entries_list[0]); - request_log.GetEntries(&entries_list[1]); - - for (size_t list_i = 0; list_i < base::size(entries_list); list_i++) { - const TestNetLogEntry::List& entries = entries_list[list_i]; - EXPECT_EQ(1u, entries.size()); - EXPECT_TRUE(LogContainsEvent(entries, 0, - NetLogEventType::PAC_JAVASCRIPT_ALERT, - NetLogEventPhase::NONE)); - EXPECT_EQ("{\"message\":\"iteration: 7\"}", entries[0].GetParamsJson()); - } -} - -// This test runs a weird PAC script that was designed to defeat the DNS tracing -// optimization. The proxy resolver should detect the inconsistency and -// fall-back to synchronous mode execution. -TEST_F(ProxyResolverV8TracingWrapperTest, FallBackToSynchronous1) { - TestNetLog log; - BoundTestNetLog request_log; - MockProxyHostResolver host_resolver; - MockErrorObserver* error_observer = new MockErrorObserver; - - host_resolver.SetResult("host1", ProxyResolveDnsOperation::DNS_RESOLVE, - {IPAddress(166, 155, 144, 11)}); - host_resolver.SetResult("crazy4", ProxyResolveDnsOperation::DNS_RESOLVE, - {IPAddress(133, 199, 111, 4)}); - - std::unique_ptr resolver = - CreateResolver(&log, &host_resolver, base::WrapUnique(error_observer), - "global_sideffects1.js"); - - TestCompletionCallback callback; - ProxyInfo proxy_info; - - std::unique_ptr req; - int rv = - resolver->GetProxyForURL(GURL("http://foo/"), &proxy_info, - callback.callback(), &req, request_log.bound()); - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - EXPECT_THAT(callback.WaitForResult(), IsOk()); - - // The script itself only does 2 DNS resolves per execution, however it - // constructs the hostname using a global counter which changes on each - // invocation. - EXPECT_EQ(3u, host_resolver.num_resolve()); - - EXPECT_EQ("166.155.144.11-133.199.111.4:100", - proxy_info.proxy_server().ToURI()); - - // No errors. - EXPECT_EQ("", error_observer->GetOutput()); - - // Check the NetLogs -- the script generated 1 alert, mirrored to both - // the per-request and global logs. - TestNetLogEntry::List entries_list[2]; - log.GetEntries(&entries_list[0]); - request_log.GetEntries(&entries_list[1]); - - for (size_t list_i = 0; list_i < base::size(entries_list); list_i++) { - const TestNetLogEntry::List& entries = entries_list[list_i]; - EXPECT_EQ(1u, entries.size()); - EXPECT_TRUE(LogContainsEvent(entries, 0, - NetLogEventType::PAC_JAVASCRIPT_ALERT, - NetLogEventPhase::NONE)); - EXPECT_EQ("{\"message\":\"iteration: 4\"}", entries[0].GetParamsJson()); - } -} - -// This test runs a weird PAC script that was designed to defeat the DNS tracing -// optimization. The proxy resolver should detect the inconsistency and -// fall-back to synchronous mode execution. -TEST_F(ProxyResolverV8TracingWrapperTest, FallBackToSynchronous2) { - TestNetLog log; - BoundTestNetLog request_log; - MockProxyHostResolver host_resolver; - MockErrorObserver* error_observer = new MockErrorObserver; - - host_resolver.SetResult("host1", ProxyResolveDnsOperation::DNS_RESOLVE, - {IPAddress(166, 155, 144, 11)}); - host_resolver.SetResult("host2", ProxyResolveDnsOperation::DNS_RESOLVE, - {IPAddress(166, 155, 144, 22)}); - host_resolver.SetResult("host3", ProxyResolveDnsOperation::DNS_RESOLVE, - {IPAddress(166, 155, 144, 33)}); - host_resolver.SetResult("host4", ProxyResolveDnsOperation::DNS_RESOLVE, - {IPAddress(166, 155, 144, 44)}); - - std::unique_ptr resolver = - CreateResolver(&log, &host_resolver, base::WrapUnique(error_observer), - "global_sideffects2.js"); - - TestCompletionCallback callback; - ProxyInfo proxy_info; - - std::unique_ptr req; - int rv = - resolver->GetProxyForURL(GURL("http://foo/"), &proxy_info, - callback.callback(), &req, request_log.bound()); - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - EXPECT_THAT(callback.WaitForResult(), IsOk()); - - EXPECT_EQ(3u, host_resolver.num_resolve()); - - EXPECT_EQ("166.155.144.44:100", proxy_info.proxy_server().ToURI()); - - // No errors. - EXPECT_EQ("", error_observer->GetOutput()); - - // Check the NetLogs -- nothing was logged. - EXPECT_EQ(0u, log.GetSize()); - EXPECT_EQ(0u, request_log.GetSize()); -} - -// This test runs a weird PAC script that yields a never ending sequence -// of DNS resolves when restarting. Running it will hit the maximum -// DNS resolves per request limit (20) after which every DNS resolve will -// fail. -TEST_F(ProxyResolverV8TracingWrapperTest, InfiniteDNSSequence) { - TestNetLog log; - BoundTestNetLog request_log; - MockProxyHostResolver host_resolver; - MockErrorObserver* error_observer = new MockErrorObserver; - - for (int i = 0; i < 21; ++i) { - host_resolver.SetResult("host" + std::to_string(i), - ProxyResolveDnsOperation::DNS_RESOLVE, - {IPAddress(166, 155, 144, 11)}); - } - - std::unique_ptr resolver = - CreateResolver(&log, &host_resolver, base::WrapUnique(error_observer), - "global_sideffects3.js"); - - TestCompletionCallback callback; - ProxyInfo proxy_info; - - std::unique_ptr req; - int rv = - resolver->GetProxyForURL(GURL("http://foo/"), &proxy_info, - - callback.callback(), &req, request_log.bound()); - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - EXPECT_THAT(callback.WaitForResult(), IsOk()); - - EXPECT_EQ(20u, host_resolver.num_resolve()); - - EXPECT_EQ( - "166.155.144.11-166.155.144.11-166.155.144.11-166.155.144.11-" - "166.155.144.11-166.155.144.11-166.155.144.11-166.155.144.11-" - "166.155.144.11-166.155.144.11-166.155.144.11-166.155.144.11-" - "166.155.144.11-166.155.144.11-166.155.144.11-166.155.144.11-" - "166.155.144.11-166.155.144.11-166.155.144.11-166.155.144.11-" - "null:21", - proxy_info.proxy_server().ToURI()); - - // No errors. - EXPECT_EQ("", error_observer->GetOutput()); - - // Check the NetLogs -- 1 alert was logged. - EXPECT_EQ(1u, log.GetSize()); - EXPECT_EQ(1u, request_log.GetSize()); -} - -// This test runs a weird PAC script that yields a never ending sequence -// of DNS resolves when restarting. Running it will hit the maximum -// DNS resolves per request limit (20) after which every DNS resolve will -// fail. -TEST_F(ProxyResolverV8TracingWrapperTest, InfiniteDNSSequence2) { - TestNetLog log; - BoundTestNetLog request_log; - MockProxyHostResolver host_resolver; - MockErrorObserver* error_observer = new MockErrorObserver; - - host_resolver.SetResult(GetHostName(), - ProxyResolveDnsOperation::MY_IP_ADDRESS, - {IPAddress(122, 133, 144, 155)}); - for (int i = 0; i < 21; ++i) { - host_resolver.SetResult("host" + std::to_string(i), - ProxyResolveDnsOperation::DNS_RESOLVE, - {IPAddress(166, 155, 144, 11)}); - } - - std::unique_ptr resolver = - CreateResolver(&log, &host_resolver, base::WrapUnique(error_observer), - "global_sideffects4.js"); - - TestCompletionCallback callback; - ProxyInfo proxy_info; - - std::unique_ptr req; - int rv = - resolver->GetProxyForURL(GURL("http://foo/"), &proxy_info, - callback.callback(), &req, request_log.bound()); - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - EXPECT_THAT(callback.WaitForResult(), IsOk()); - - EXPECT_EQ(20u, host_resolver.num_resolve()); - - EXPECT_EQ("null21:34", proxy_info.proxy_server().ToURI()); - - // No errors. - EXPECT_EQ("", error_observer->GetOutput()); - - // Check the NetLogs -- 1 alert was logged. - EXPECT_EQ(1u, log.GetSize()); - EXPECT_EQ(1u, request_log.GetSize()); -} - -void DnsDuringInitHelper(bool synchronous_host_resolver) { - TestNetLog log; - BoundTestNetLog request_log; - MockProxyHostResolver host_resolver(synchronous_host_resolver); - MockErrorObserver* error_observer = new MockErrorObserver; - - host_resolver.SetResult("host1", ProxyResolveDnsOperation::DNS_RESOLVE, - {IPAddress(91, 13, 12, 1)}); - host_resolver.SetResult("host2", ProxyResolveDnsOperation::DNS_RESOLVE, - {IPAddress(91, 13, 12, 2)}); - - std::unique_ptr resolver = - CreateResolver(&log, &host_resolver, base::WrapUnique(error_observer), - "dns_during_init.js"); - - // Initialization did 2 dnsResolves. - EXPECT_EQ(2u, host_resolver.num_resolve()); - - host_resolver.SetResult("host1", ProxyResolveDnsOperation::DNS_RESOLVE, - {IPAddress(145, 88, 13, 3)}); - host_resolver.SetResult("host2", ProxyResolveDnsOperation::DNS_RESOLVE, - {IPAddress(137, 89, 8, 45)}); - - TestCompletionCallback callback; - ProxyInfo proxy_info; - - std::unique_ptr req; - int rv = - resolver->GetProxyForURL(GURL("http://foo/"), &proxy_info, - callback.callback(), &req, request_log.bound()); - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - EXPECT_THAT(callback.WaitForResult(), IsOk()); - - // Fetched host1 and host2 again, since the ones done during initialization - // should not have been cached. - EXPECT_EQ(4u, host_resolver.num_resolve()); - - EXPECT_EQ("91.13.12.1-91.13.12.2-145.88.13.3-137.89.8.45:99", - proxy_info.proxy_server().ToURI()); - - // Check the NetLogs -- the script generated 2 alerts during initialization. - EXPECT_EQ(0u, request_log.GetSize()); - TestNetLogEntry::List entries; - log.GetEntries(&entries); - - ASSERT_EQ(2u, entries.size()); - EXPECT_TRUE(LogContainsEvent(entries, 0, - NetLogEventType::PAC_JAVASCRIPT_ALERT, - NetLogEventPhase::NONE)); - EXPECT_TRUE(LogContainsEvent(entries, 1, - NetLogEventType::PAC_JAVASCRIPT_ALERT, - NetLogEventPhase::NONE)); - - EXPECT_EQ("{\"message\":\"Watsup\"}", entries[0].GetParamsJson()); - EXPECT_EQ("{\"message\":\"Watsup2\"}", entries[1].GetParamsJson()); -} - -// Tests a PAC script which does DNS resolves during initialization. -TEST_F(ProxyResolverV8TracingWrapperTest, DnsDuringInit) { - // Test with both both a host resolver that always completes asynchronously, - // and then again with one that completes synchronously. - DnsDuringInitHelper(false); - DnsDuringInitHelper(true); -} - -void CrashCallback(int) { - // Be extra sure that if the callback ever gets invoked, the test will fail. - CHECK(false); -} - -// Start some requests, cancel them all, and then destroy the resolver. -// Note the execution order for this test can vary. Since multiple -// threads are involved, the cancellation may be received a different -// times. -TEST_F(ProxyResolverV8TracingWrapperTest, CancelAll) { - MockProxyHostResolver host_resolver; - MockErrorObserver* error_observer = new MockErrorObserver; - - host_resolver.FailAll(); - - std::unique_ptr resolver = CreateResolver( - nullptr, &host_resolver, base::WrapUnique(error_observer), "dns.js"); - - const size_t kNumRequests = 5; - ProxyInfo proxy_info[kNumRequests]; - std::unique_ptr request[kNumRequests]; - - for (size_t i = 0; i < kNumRequests; ++i) { - int rv = resolver->GetProxyForURL(GURL("http://foo/"), &proxy_info[i], - base::Bind(&CrashCallback), &request[i], - NetLogWithSource()); - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - } - - for (size_t i = 0; i < kNumRequests; ++i) { - request[i].reset(); - } -} - -// Note the execution order for this test can vary. Since multiple -// threads are involved, the cancellation may be received a different -// times. -TEST_F(ProxyResolverV8TracingWrapperTest, CancelSome) { - MockProxyHostResolver host_resolver; - MockErrorObserver* error_observer = new MockErrorObserver; - - host_resolver.FailAll(); - - std::unique_ptr resolver = CreateResolver( - nullptr, &host_resolver, base::WrapUnique(error_observer), "dns.js"); - - ProxyInfo proxy_info1; - ProxyInfo proxy_info2; - std::unique_ptr request1; - std::unique_ptr request2; - TestCompletionCallback callback; - - int rv = resolver->GetProxyForURL(GURL("http://foo/"), &proxy_info1, - base::Bind(&CrashCallback), &request1, - NetLogWithSource()); - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - - rv = resolver->GetProxyForURL(GURL("http://foo/"), &proxy_info2, - callback.callback(), &request2, - NetLogWithSource()); - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - - request1.reset(); - - EXPECT_THAT(callback.WaitForResult(), IsOk()); -} - -// Cancel a request after it has finished running on the worker thread, and has -// posted a task the completion task back to origin thread. -TEST_F(ProxyResolverV8TracingWrapperTest, CancelWhilePendingCompletionTask) { - MockProxyHostResolver host_resolver; - MockErrorObserver* error_observer = new MockErrorObserver; - - host_resolver.FailAll(); - - std::unique_ptr resolver = CreateResolver( - nullptr, &host_resolver, base::WrapUnique(error_observer), "error.js"); - - ProxyInfo proxy_info1; - ProxyInfo proxy_info2; - std::unique_ptr request1; - std::unique_ptr request2; - TestCompletionCallback callback; - - int rv = resolver->GetProxyForURL(GURL("http://throw-an-error/"), - &proxy_info1, base::Bind(&CrashCallback), - &request1, NetLogWithSource()); - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - - // Wait until the first request has finished running on the worker thread. - // Cancel the first request, while it has a pending completion task on - // the origin thread. Reset deletes Request object which cancels the request. - error_observer->RunOnError( - base::Bind(&std::unique_ptr::reset, - base::Unretained(&request1), nullptr)); - - // Start another request, to make sure it is able to complete. - rv = resolver->GetProxyForURL(GURL("http://i-have-no-idea-what-im-doing/"), - &proxy_info2, callback.callback(), &request2, - NetLogWithSource()); - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - - EXPECT_THAT(callback.WaitForResult(), IsOk()); - - EXPECT_EQ("i-approve-this-message:42", proxy_info2.proxy_server().ToURI()); -} - -// This cancellation test exercises a more predictable cancellation codepath -- -// when the request has an outstanding DNS request in flight. -TEST_F(ProxyResolverV8TracingWrapperTest, - CancelWhileOutstandingNonBlockingDns) { - base::RunLoop run_loop1; - HangingProxyHostResolver host_resolver(run_loop1.QuitClosure()); - MockErrorObserver* error_observer = new MockErrorObserver; - - std::unique_ptr resolver = CreateResolver( - nullptr, &host_resolver, base::WrapUnique(error_observer), "dns.js"); - - ProxyInfo proxy_info1; - ProxyInfo proxy_info2; - std::unique_ptr request1; - std::unique_ptr request2; - - int rv = resolver->GetProxyForURL(GURL("http://foo/req1"), &proxy_info1, - base::Bind(&CrashCallback), &request1, - NetLogWithSource()); - - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - - run_loop1.Run(); - - base::RunLoop run_loop2; - host_resolver.set_hang_callback(run_loop2.QuitClosure()); - rv = resolver->GetProxyForURL(GURL("http://foo/req2"), &proxy_info2, - base::Bind(&CrashCallback), &request2, - NetLogWithSource()); - - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - - run_loop2.Run(); - - request1.reset(); - request2.reset(); - - EXPECT_EQ(2, host_resolver.num_cancelled_requests()); - - // After leaving this scope, the ProxyResolver is destroyed. - // This should not cause any problems, as the outstanding work - // should have been cancelled. -} - -void CancelRequestAndPause(std::unique_ptr* request, - base::RunLoop* run_loop) { - request->reset(); - - // Sleep for a little bit. This makes it more likely for the worker - // thread to have returned from its call, and serves as a regression - // test for http://crbug.com/173373. - base::PlatformThread::Sleep(base::TimeDelta::FromMilliseconds(30)); - - run_loop->Quit(); -} - -// In non-blocking mode, the worker thread actually does block for -// a short time to see if the result is in the DNS cache. Test -// cancellation while the worker thread is waiting on this event. -TEST_F(ProxyResolverV8TracingWrapperTest, CancelWhileBlockedInNonBlockingDns) { - HangingProxyHostResolver host_resolver; - MockErrorObserver* error_observer = new MockErrorObserver; - - std::unique_ptr resolver = CreateResolver( - nullptr, &host_resolver, base::WrapUnique(error_observer), "dns.js"); - - ProxyInfo proxy_info; - std::unique_ptr request; - - base::RunLoop run_loop; - host_resolver.set_hang_callback( - base::BindRepeating(&CancelRequestAndPause, &request, &run_loop)); - - int rv = resolver->GetProxyForURL(GURL("http://foo/"), &proxy_info, - base::Bind(&CrashCallback), &request, - NetLogWithSource()); - - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - - run_loop.Run(); -} - -// Cancel the request while there is a pending DNS request, however before -// the request is sent to the host resolver. -TEST_F(ProxyResolverV8TracingWrapperTest, CancelWhileBlockedInNonBlockingDns2) { - MockProxyHostResolver host_resolver; - MockErrorObserver* error_observer = new MockErrorObserver; - - std::unique_ptr resolver = CreateResolver( - nullptr, &host_resolver, base::WrapUnique(error_observer), "dns.js"); - - ProxyInfo proxy_info; - std::unique_ptr request; - - int rv = resolver->GetProxyForURL(GURL("http://foo/"), &proxy_info, - base::Bind(&CrashCallback), &request, - NetLogWithSource()); - - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - - // Wait a bit, so the DNS task has hopefully been posted. The test will - // work whatever the delay is here, but it is most useful if the delay - // is large enough to allow a task to be posted back. - base::PlatformThread::Sleep(base::TimeDelta::FromMilliseconds(10)); - request.reset(); - - EXPECT_EQ(0u, host_resolver.num_resolve()); -} - -TEST_F(ProxyResolverV8TracingWrapperTest, - CancelCreateResolverWhileOutstandingBlockingDns) { - base::RunLoop run_loop; - HangingProxyHostResolver host_resolver(run_loop.QuitClosure()); - MockErrorObserver* error_observer = new MockErrorObserver; - - ProxyResolverFactoryV8TracingWrapper factory( - &host_resolver, nullptr, - base::Bind(&ReturnErrorObserver, - base::Passed(base::WrapUnique(error_observer)))); - - std::unique_ptr resolver; - std::unique_ptr request; - int rv = factory.CreateProxyResolver(LoadScriptData("dns_during_init.js"), - &resolver, base::Bind(&CrashCallback), - &request); - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - - run_loop.Run(); - - request.reset(); - EXPECT_EQ(1, host_resolver.num_cancelled_requests()); -} - -TEST_F(ProxyResolverV8TracingWrapperTest, - DeleteFactoryWhileOutstandingBlockingDns) { - base::RunLoop run_loop; - HangingProxyHostResolver host_resolver(run_loop.QuitClosure()); - MockErrorObserver* error_observer = new MockErrorObserver; - - std::unique_ptr resolver; - std::unique_ptr request; - { - ProxyResolverFactoryV8TracingWrapper factory( - &host_resolver, nullptr, - base::Bind(&ReturnErrorObserver, - base::Passed(base::WrapUnique(error_observer)))); - - int rv = factory.CreateProxyResolver(LoadScriptData("dns_during_init.js"), - &resolver, base::Bind(&CrashCallback), - &request); - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - run_loop.Run(); - } - EXPECT_EQ(1, host_resolver.num_cancelled_requests()); -} - -TEST_F(ProxyResolverV8TracingWrapperTest, ErrorLoadingScript) { - HangingProxyHostResolver host_resolver; - MockErrorObserver* error_observer = new MockErrorObserver; - - ProxyResolverFactoryV8TracingWrapper factory( - &host_resolver, nullptr, - base::Bind(&ReturnErrorObserver, - base::Passed(base::WrapUnique(error_observer)))); - - std::unique_ptr resolver; - std::unique_ptr request; - TestCompletionCallback callback; - int rv = - factory.CreateProxyResolver(LoadScriptData("error_on_load.js"), &resolver, - callback.callback(), &request); - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - EXPECT_THAT(callback.WaitForResult(), IsError(ERR_PAC_SCRIPT_FAILED)); - EXPECT_FALSE(resolver); -} - -// This tests that the execution of a PAC script is terminated when the DNS -// dependencies are missing. If the test fails, then it will hang. -TEST_F(ProxyResolverV8TracingWrapperTest, Terminate) { - TestNetLog log; - BoundTestNetLog request_log; - MockProxyHostResolver host_resolver; - MockErrorObserver* error_observer = new MockErrorObserver; - - host_resolver.SetResult("host1", ProxyResolveDnsOperation::DNS_RESOLVE, - {IPAddress(182, 111, 0, 222)}); - host_resolver.SetResult("host2", ProxyResolveDnsOperation::DNS_RESOLVE_EX, - {IPAddress(111, 33, 44, 55)}); - - std::unique_ptr resolver = CreateResolver( - &log, &host_resolver, base::WrapUnique(error_observer), "terminate.js"); - - TestCompletionCallback callback; - ProxyInfo proxy_info; - - std::unique_ptr req; - int rv = - resolver->GetProxyForURL(GURL("http://foopy/req1"), &proxy_info, - callback.callback(), &req, request_log.bound()); - - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - EXPECT_THAT(callback.WaitForResult(), IsOk()); - - // The test does 2 DNS resolutions. - EXPECT_EQ(2u, host_resolver.num_resolve()); - - EXPECT_EQ("foopy:3", proxy_info.proxy_server().ToURI()); - - // No errors. - EXPECT_EQ("", error_observer->GetOutput()); - - EXPECT_EQ(0u, log.GetSize()); - EXPECT_EQ(0u, request_log.GetSize()); -} - -// Tests that multiple instances of ProxyResolverV8TracingWrapper can coexist -// and run correctly at the same time. This is relevant because at the moment -// (time this test was written) each ProxyResolverV8TracingWrapper creates its -// own thread to run V8 on, however each thread is operating on the same -// v8::Isolate. -TEST_F(ProxyResolverV8TracingWrapperTest, MultipleResolvers) { - // ------------------------ - // Setup resolver0 - // ------------------------ - MockProxyHostResolver host_resolver0; - host_resolver0.SetResult(GetHostName(), - ProxyResolveDnsOperation::MY_IP_ADDRESS, - {IPAddress(122, 133, 144, 155)}); - host_resolver0.SetResult(GetHostName(), - ProxyResolveDnsOperation::MY_IP_ADDRESS_EX, - {IPAddress(133, 122, 100, 200)}); - host_resolver0.SetError("", ProxyResolveDnsOperation::DNS_RESOLVE); - host_resolver0.SetResult("host1", ProxyResolveDnsOperation::DNS_RESOLVE, - {IPAddress(166, 155, 144, 44)}); - IPAddress v6_local; - ASSERT_TRUE(v6_local.AssignFromIPLiteral("::1")); - host_resolver0.SetResult("host1", ProxyResolveDnsOperation::DNS_RESOLVE_EX, - {v6_local, IPAddress(192, 168, 1, 1)}); - host_resolver0.SetError("host2", ProxyResolveDnsOperation::DNS_RESOLVE); - host_resolver0.SetResult("host3", ProxyResolveDnsOperation::DNS_RESOLVE, - {IPAddress(166, 155, 144, 33)}); - host_resolver0.SetError("host6", ProxyResolveDnsOperation::DNS_RESOLVE_EX); - std::unique_ptr resolver0 = - CreateResolver(nullptr, &host_resolver0, - std::make_unique(), "dns.js"); - - // ------------------------ - // Setup resolver1 - // ------------------------ - std::unique_ptr resolver1 = - CreateResolver(nullptr, &host_resolver0, - std::make_unique(), "dns.js"); - - // ------------------------ - // Setup resolver2 - // ------------------------ - std::unique_ptr resolver2 = - CreateResolver(nullptr, &host_resolver0, - std::make_unique(), "simple.js"); - - // ------------------------ - // Setup resolver3 - // ------------------------ - MockProxyHostResolver host_resolver3; - host_resolver3.SetResult("foo", ProxyResolveDnsOperation::DNS_RESOLVE, - {IPAddress(166, 155, 144, 33)}); - std::unique_ptr resolver3 = - CreateResolver(nullptr, &host_resolver3, - std::make_unique(), "simple_dns.js"); - - // ------------------------ - // Queue up work for each resolver (which will be running in parallel). - // ------------------------ - - ProxyResolver* resolver[] = { - resolver0.get(), resolver1.get(), resolver2.get(), resolver3.get(), - }; - - const size_t kNumResolvers = base::size(resolver); - const size_t kNumIterations = 20; - const size_t kNumResults = kNumResolvers * kNumIterations; - TestCompletionCallback callback[kNumResults]; - ProxyInfo proxy_info[kNumResults]; - std::unique_ptr request[kNumResults]; - - for (size_t i = 0; i < kNumResults; ++i) { - size_t resolver_i = i % kNumResolvers; - int rv = resolver[resolver_i]->GetProxyForURL( - GURL("http://foo/"), &proxy_info[i], callback[i].callback(), - &request[i], NetLogWithSource()); - EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - } - - // ------------------------ - // Verify all of the results. - // ------------------------ - - const char* kExpectedForDnsJs = - "122.133.144.155-" // myIpAddress() - "null-" // dnsResolve('') - "__1_192.168.1.1-" // dnsResolveEx('host1') - "null-" // dnsResolve('host2') - "166.155.144.33-" // dnsResolve('host3') - "122.133.144.155-" // myIpAddress() - "166.155.144.33-" // dnsResolve('host3') - "__1_192.168.1.1-" // dnsResolveEx('host1') - "122.133.144.155-" // myIpAddress() - "null-" // dnsResolve('host2') - "-" // dnsResolveEx('host6') - "133.122.100.200-" // myIpAddressEx() - "166.155.144.44" // dnsResolve('host1') - ":99"; - - for (size_t i = 0; i < kNumResults; ++i) { - size_t resolver_i = i % kNumResolvers; - EXPECT_THAT(callback[i].WaitForResult(), IsOk()); - - std::string proxy_uri = proxy_info[i].proxy_server().ToURI(); - - if (resolver_i == 0 || resolver_i == 1) { - EXPECT_EQ(kExpectedForDnsJs, proxy_uri); - } else if (resolver_i == 2) { - EXPECT_EQ("foo:99", proxy_uri); - } else if (resolver_i == 3) { - EXPECT_EQ("166.155.144.33:", - proxy_uri.substr(0, proxy_uri.find(':') + 1)); - } else { - NOTREACHED(); - } - } -} - -} // namespace - -} // namespace net diff --git a/chromium/net/quic/OWNERS b/chromium/net/quic/OWNERS index 1835f5bdf9a..6fd222f2f72 100644 --- a/chromium/net/quic/OWNERS +++ b/chromium/net/quic/OWNERS @@ -1,3 +1,4 @@ +nharper@chromium.org rch@chromium.org zhongyi@chromium.org diff --git a/chromium/net/quic/address_utils.h b/chromium/net/quic/address_utils.h index f067db7f9b0..286146ccd73 100644 --- a/chromium/net/quic/address_utils.h +++ b/chromium/net/quic/address_utils.h @@ -1,7 +1,12 @@ +// Copyright (c) 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + #ifndef NET_QUIC_ADDRESS_UTILS_H_ #define NET_QUIC_ADDRESS_UTILS_H_ #include "net/base/ip_address.h" +#include "net/base/ip_endpoint.h" #include "net/third_party/quiche/src/quic/platform/api/quic_ip_address.h" #include "net/third_party/quiche/src/quic/platform/api/quic_ip_address_family.h" #include "net/third_party/quiche/src/quic/platform/api/quic_socket_address.h" @@ -43,6 +48,39 @@ inline IPAddress ToIPAddress(quic::QuicIpAddress address) { } } +inline quic::QuicSocketAddress ToQuicSocketAddress(IPEndPoint address) { + if (address.address().empty()) { + return quic::QuicSocketAddress(); + } + + sockaddr_storage result; + socklen_t size = sizeof(result); + bool success = + address.ToSockAddr(reinterpret_cast(&result), &size); + DCHECK(success); + return quic::QuicSocketAddress(result); +} + +inline quic::QuicIpAddress ToQuicIpAddress(net::IPAddress address) { + if (address.IsIPv4()) { + in_addr result; + static_assert(sizeof(result) == IPAddress::kIPv4AddressSize, + "Address size mismatch"); + memcpy(&result, address.bytes().data(), IPAddress::kIPv4AddressSize); + return quic::QuicIpAddress(result); + } + if (address.IsIPv6()) { + in6_addr result; + static_assert(sizeof(result) == IPAddress::kIPv6AddressSize, + "Address size mismatch"); + memcpy(&result, address.bytes().data(), IPAddress::kIPv6AddressSize); + return quic::QuicIpAddress(result); + } + + DCHECK(address.empty()); + return quic::QuicIpAddress(); +} + } // namespace net #endif // NET_QUIC_ADDRESS_UTILS_H_ diff --git a/chromium/net/quic/bidirectional_stream_quic_impl.cc b/chromium/net/quic/bidirectional_stream_quic_impl.cc index 7fde6013a53..444544501f3 100644 --- a/chromium/net/quic/bidirectional_stream_quic_impl.cc +++ b/chromium/net/quic/bidirectional_stream_quic_impl.cc @@ -54,8 +54,7 @@ BidirectionalStreamQuicImpl::BidirectionalStreamQuicImpl( closed_is_first_stream_(false), has_sent_headers_(false), send_request_headers_automatically_(true), - may_invoke_callbacks_(true), - weak_factory_(this) {} + may_invoke_callbacks_(true) {} BidirectionalStreamQuicImpl::~BidirectionalStreamQuicImpl() { if (stream_) { @@ -180,7 +179,7 @@ void BidirectionalStreamQuicImpl::SendvData( } std::unique_ptr bundler( - session_->CreatePacketBundler(quic::QuicConnection::SEND_ACK_IF_PENDING)); + session_->CreatePacketBundler()); if (!has_sent_headers_) { DCHECK(!send_request_headers_automatically_); int rv = WriteHeaders(); @@ -210,15 +209,34 @@ NextProto BidirectionalStreamQuicImpl::GetProtocol() const { } int64_t BidirectionalStreamQuicImpl::GetTotalReceivedBytes() const { - if (stream_) - return headers_bytes_received_ + stream_->stream_bytes_read(); - return headers_bytes_received_ + closed_stream_received_bytes_; + // When QPACK is enabled, headers are sent and received on the stream, so + // the headers bytes do not need to be accounted for independently. + int64_t total_received_bytes = + quic::VersionUsesQpack(session_->GetQuicVersion()) + ? 0 + : headers_bytes_received_; + if (stream_) { + DCHECK_LE(stream_->NumBytesConsumed(), stream_->stream_bytes_read()); + // Only count the uniquely received bytes. + total_received_bytes += stream_->NumBytesConsumed(); + } else { + total_received_bytes += closed_stream_received_bytes_; + } + return total_received_bytes; } int64_t BidirectionalStreamQuicImpl::GetTotalSentBytes() const { - if (stream_) - return headers_bytes_sent_ + stream_->stream_bytes_written(); - return headers_bytes_sent_ + closed_stream_sent_bytes_; + // When QPACK is enabled, headers are sent and received on the stream, so + // the headers bytes do not need to be accounted for independently. + int64_t total_sent_bytes = quic::VersionUsesQpack(session_->GetQuicVersion()) + ? 0 + : headers_bytes_sent_; + if (stream_) { + total_sent_bytes += stream_->stream_bytes_written(); + } else { + total_sent_bytes += closed_stream_sent_bytes_; + } + return total_sent_bytes; } bool BidirectionalStreamQuicImpl::GetLoadTimingInfo( diff --git a/chromium/net/quic/bidirectional_stream_quic_impl.h b/chromium/net/quic/bidirectional_stream_quic_impl.h index aa5f938d5be..cb3927bcacc 100644 --- a/chromium/net/quic/bidirectional_stream_quic_impl.h +++ b/chromium/net/quic/bidirectional_stream_quic_impl.h @@ -128,7 +128,7 @@ class NET_EXPORT_PRIVATE BidirectionalStreamQuicImpl // True when callbacks to the delegate may be invoked synchronously. bool may_invoke_callbacks_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(BidirectionalStreamQuicImpl); }; diff --git a/chromium/net/quic/bidirectional_stream_quic_impl_unittest.cc b/chromium/net/quic/bidirectional_stream_quic_impl_unittest.cc index 3256fa84450..f969027582a 100644 --- a/chromium/net/quic/bidirectional_stream_quic_impl_unittest.cc +++ b/chromium/net/quic/bidirectional_stream_quic_impl_unittest.cc @@ -23,7 +23,9 @@ #include "net/log/net_log_event_type.h" #include "net/log/test_net_log.h" #include "net/log/test_net_log_util.h" +#include "net/quic/address_utils.h" #include "net/quic/mock_crypto_client_stream_factory.h" +#include "net/quic/platform/impl/quic_test_impl.h" #include "net/quic/quic_chromium_alarm_factory.h" #include "net/quic/quic_chromium_connection_helper.h" #include "net/quic/quic_chromium_packet_reader.h" @@ -32,6 +34,7 @@ #include "net/quic/quic_server_info.h" #include "net/quic/quic_stream_factory.h" #include "net/quic/quic_test_packet_maker.h" +#include "net/quic/quic_test_packet_printer.h" #include "net/quic/test_task_runner.h" #include "net/socket/socket_test_util.h" #include "net/test/gtest_util.h" @@ -42,7 +45,6 @@ #include "net/third_party/quiche/src/quic/core/crypto/quic_encrypter.h" #include "net/third_party/quiche/src/quic/core/http/spdy_utils.h" #include "net/third_party/quiche/src/quic/core/quic_connection.h" -#include "net/third_party/quiche/src/quic/core/tls_client_handshaker.h" #include "net/third_party/quiche/src/quic/platform/api/quic_arraysize.h" #include "net/third_party/quiche/src/quic/platform/api/quic_string_piece.h" #include "net/third_party/quiche/src/quic/platform/api/quic_text_utils.h" @@ -413,8 +415,8 @@ class BidirectionalStreamQuicImplTest BidirectionalStreamQuicImplTest() : version_(std::get<0>(GetParam())), client_headers_include_h2_stream_dependency_(std::get<1>(GetParam())), - crypto_config_(quic::test::crypto_test_utils::ProofVerifierForTesting(), - quic::TlsClientHandshaker::CreateSslCtx()), + crypto_config_( + quic::test::crypto_test_utils::ProofVerifierForTesting()), read_buffer_(base::MakeRefCounted(4096)), connection_id_(quic::test::TestConnectionId(2)), stream_id_(GetNthClientInitiatedBidirectionalStreamId(0)), @@ -424,6 +426,7 @@ class BidirectionalStreamQuicImplTest kDefaultServerHostName, quic::Perspective::IS_CLIENT, client_headers_include_h2_stream_dependency_), + packet_number_(0), server_maker_(version_, connection_id_, &clock_, @@ -431,7 +434,9 @@ class BidirectionalStreamQuicImplTest quic::Perspective::IS_SERVER, false), random_generator_(0), + printer_(version_), destination_(kDefaultServerHostName, kDefaultServerPort) { + SetQuicFlag(FLAGS_quic_supports_tls_handshake, true); IPAddress ip(192, 0, 2, 33); peer_addr_ = IPEndPoint(ip, 443); self_addr_ = IPEndPoint(ip, 8435); @@ -462,10 +467,8 @@ class BidirectionalStreamQuicImplTest } void ProcessPacket(std::unique_ptr packet) { - connection_->ProcessUdpPacket( - quic::QuicSocketAddress(quic::QuicSocketAddressImpl(self_addr_)), - quic::QuicSocketAddress(quic::QuicSocketAddressImpl(peer_addr_)), - *packet); + connection_->ProcessUdpPacket(ToQuicSocketAddress(self_addr_), + ToQuicSocketAddress(peer_addr_), *packet); } // Configures the test fixture to use the list of expected writes. @@ -485,6 +488,7 @@ class BidirectionalStreamQuicImplTest socket_data_.reset(new StaticSocketDataProvider( base::span(), base::make_span(mock_writes_.get(), writes_.size()))); + socket_data_->set_printer(&printer_); std::unique_ptr socket(new MockUDPClientSocket( socket_data_.get(), net_log().bound().net_log())); @@ -494,9 +498,8 @@ class BidirectionalStreamQuicImplTest new QuicChromiumConnectionHelper(&clock_, &random_generator_)); alarm_factory_.reset(new QuicChromiumAlarmFactory(runner_.get(), &clock_)); connection_ = new quic::QuicConnection( - connection_id_, - quic::QuicSocketAddress(quic::QuicSocketAddressImpl(peer_addr_)), - helper_.get(), alarm_factory_.get(), + connection_id_, ToQuicSocketAddress(peer_addr_), helper_.get(), + alarm_factory_.get(), new QuicChromiumPacketWriter(socket.get(), runner_.get()), true /* owns_writer */, quic::Perspective::IS_CLIENT, quic::test::SupportedVersions(version_)); @@ -515,14 +518,15 @@ class BidirectionalStreamQuicImplTest base::WrapUnique(static_cast(nullptr)), QuicSessionKey(kDefaultServerHostName, kDefaultServerPort, PRIVACY_MODE_DISABLED, SocketTag()), - /*require_confirmation=*/false, /*migrate_session_early_v2=*/false, + /*require_confirmation=*/false, + /*max_allowed_push_id=*/0, + /*migrate_session_early_v2=*/false, /*migrate_session_on_network_change_v2=*/false, /*default_network=*/NetworkChangeNotifier::kInvalidNetworkHandle, quic::QuicTime::Delta::FromMilliseconds( - kDefaultRetransmittableOnWireTimeoutMillisecs), - /*migrate_idle_session=*/false, - base::TimeDelta::FromSeconds(kDefaultIdleSessionMigrationPeriodSeconds), - base::TimeDelta::FromSeconds(kMaxTimeOnNonDefaultNetworkSecs), + kDefaultRetransmittableOnWireTimeout.InMilliseconds()), + /*migrate_idle_session=*/false, kDefaultIdleSessionMigrationPeriod, + kMaxTimeOnNonDefaultNetwork, kMaxMigrationsToNonDefaultNetworkOnWriteError, kMaxMigrationsToNonDefaultNetworkOnPathDegrading, kQuicYieldAfterPacketsRead, @@ -557,105 +561,83 @@ class BidirectionalStreamQuicImplTest return server_maker_.GetResponseHeaders(response_code); } - std::unique_ptr ConstructDataPacket( - uint64_t packet_number, - bool should_include_version, - bool fin, - quic::QuicStreamOffset offset, - quic::QuicStringPiece data, - QuicTestPacketMaker* maker) { - std::unique_ptr packet(maker->MakeDataPacket( - packet_number, stream_id_, should_include_version, fin, offset, data)); - DVLOG(2) << "packet(" << packet_number << "): " << std::endl - << quic::QuicTextUtils::HexDump(packet->AsStringPiece()); - return packet; - } std::unique_ptr ConstructServerDataPacket( uint64_t packet_number, bool should_include_version, bool fin, - quic::QuicStreamOffset offset, quic::QuicStringPiece data) { - return ConstructDataPacket(packet_number, should_include_version, fin, - offset, data, &server_maker_); + std::unique_ptr packet( + server_maker_.MakeDataPacket(packet_number, stream_id_, + should_include_version, fin, data)); + DVLOG(2) << "packet(" << packet_number << "): " << std::endl + << quic::QuicTextUtils::HexDump(packet->AsStringPiece()); + return packet; } // Construct a data packet with multiple data frames std::unique_ptr ConstructClientMultipleDataFramesPacket( - uint64_t packet_number, bool should_include_version, bool fin, - quic::QuicStreamOffset offset, const std::vector& data_writes) { std::unique_ptr packet( - client_maker_.MakeMultipleDataFramesPacket(packet_number, stream_id_, + client_maker_.MakeMultipleDataFramesPacket(++packet_number_, stream_id_, should_include_version, fin, - offset, data_writes)); - DVLOG(2) << "packet(" << packet_number << "): " << std::endl + data_writes)); + DVLOG(2) << "packet(" << packet_number_ << "): " << std::endl << quic::QuicTextUtils::HexDump(packet->AsStringPiece()); return packet; } std::unique_ptr ConstructRequestHeadersPacket( - uint64_t packet_number, bool fin, RequestPriority request_priority, size_t* spdy_headers_frame_length) { - return ConstructRequestHeadersPacketInner( - packet_number, stream_id_, fin, request_priority, - spdy_headers_frame_length, /*offset=*/nullptr); + return ConstructRequestHeadersPacketInner(stream_id_, fin, request_priority, + spdy_headers_frame_length); } std::unique_ptr ConstructRequestHeadersPacketInner( - uint64_t packet_number, quic::QuicStreamId stream_id, bool fin, RequestPriority request_priority, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset) { - return ConstructRequestHeadersPacketInner( - packet_number, stream_id, fin, request_priority, 0, - spdy_headers_frame_length, offset); + size_t* spdy_headers_frame_length) { + return ConstructRequestHeadersPacketInner(stream_id, fin, request_priority, + 0, spdy_headers_frame_length); } std::unique_ptr ConstructRequestHeadersPacketInner( - uint64_t packet_number, quic::QuicStreamId stream_id, bool fin, RequestPriority request_priority, quic::QuicStreamId parent_stream_id, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset) { + size_t* spdy_headers_frame_length) { spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(request_priority); std::unique_ptr packet( client_maker_.MakeRequestHeadersPacket( - packet_number, stream_id, kIncludeVersion, fin, priority, + ++packet_number_, stream_id, kIncludeVersion, fin, priority, std::move(request_headers_), parent_stream_id, - spdy_headers_frame_length, offset)); - DVLOG(2) << "packet(" << packet_number << "): " << std::endl + spdy_headers_frame_length)); + DVLOG(2) << "packet(" << packet_number_ << "): " << std::endl << quic::QuicTextUtils::HexDump(packet->AsStringPiece()); return packet; } std::unique_ptr ConstructRequestHeadersAndMultipleDataFramesPacket( - uint64_t packet_number, bool fin, RequestPriority request_priority, - quic::QuicStreamOffset* header_stream_offset, size_t* spdy_headers_frame_length, const std::vector& data) { spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(request_priority); std::unique_ptr packet( client_maker_.MakeRequestHeadersAndMultipleDataFramesPacket( - packet_number, stream_id_, kIncludeVersion, fin, priority, - std::move(request_headers_), 0, header_stream_offset, - spdy_headers_frame_length, data)); - DVLOG(2) << "packet(" << packet_number << "): " << std::endl + ++packet_number_, stream_id_, kIncludeVersion, fin, priority, + std::move(request_headers_), 0, spdy_headers_frame_length, data)); + DVLOG(2) << "packet(" << packet_number_ << "): " << std::endl << quic::QuicTextUtils::HexDump(packet->AsStringPiece()); return packet; } @@ -664,11 +646,10 @@ class BidirectionalStreamQuicImplTest uint64_t packet_number, bool fin, spdy::SpdyHeaderBlock response_headers, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset) { - return ConstructResponseHeadersPacketInner( - packet_number, stream_id_, fin, std::move(response_headers), - spdy_headers_frame_length, offset); + size_t* spdy_headers_frame_length) { + return ConstructResponseHeadersPacketInner(packet_number, stream_id_, fin, + std::move(response_headers), + spdy_headers_frame_length); } std::unique_ptr ConstructResponseHeadersPacketInner( @@ -676,63 +657,57 @@ class BidirectionalStreamQuicImplTest quic::QuicStreamId stream_id, bool fin, spdy::SpdyHeaderBlock response_headers, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset) { + size_t* spdy_headers_frame_length) { return server_maker_.MakeResponseHeadersPacket( packet_number, stream_id, !kIncludeVersion, fin, - std::move(response_headers), spdy_headers_frame_length, offset); + std::move(response_headers), spdy_headers_frame_length); } std::unique_ptr ConstructResponseTrailersPacket( uint64_t packet_number, bool fin, spdy::SpdyHeaderBlock trailers, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset) { + size_t* spdy_headers_frame_length) { return server_maker_.MakeResponseHeadersPacket( packet_number, stream_id_, !kIncludeVersion, fin, std::move(trailers), - spdy_headers_frame_length, offset); + spdy_headers_frame_length); } - std::unique_ptr ConstructClientRstStreamPacket( - uint64_t packet_number) { - return ConstructRstStreamCancelledPacket(packet_number, !kIncludeVersion, 0, + std::unique_ptr ConstructClientRstStreamPacket() { + return ConstructRstStreamCancelledPacket(++packet_number_, !kIncludeVersion, &client_maker_); } std::unique_ptr ConstructServerRstStreamPacket( uint64_t packet_number) { - return ConstructRstStreamCancelledPacket(packet_number, !kIncludeVersion, 0, + return ConstructRstStreamCancelledPacket(packet_number, !kIncludeVersion, &server_maker_); } - std::unique_ptr ConstructClientEarlyRstStreamPacket( - uint64_t packet_number) { - return ConstructRstStreamCancelledPacket(packet_number, kIncludeVersion, 0, + std::unique_ptr + ConstructClientEarlyRstStreamPacket() { + return ConstructRstStreamCancelledPacket(++packet_number_, kIncludeVersion, &client_maker_); } std::unique_ptr ConstructRstStreamCancelledPacket( uint64_t packet_number, bool include_version, - size_t bytes_written, QuicTestPacketMaker* maker) { - std::unique_ptr packet( - maker->MakeRstPacket(packet_number, include_version, stream_id_, - quic::QUIC_STREAM_CANCELLED, bytes_written, - /*include_stop_sending_if_v99=*/true)); + std::unique_ptr packet(maker->MakeRstPacket( + packet_number, include_version, stream_id_, quic::QUIC_STREAM_CANCELLED, + /*include_stop_sending_if_v99=*/true)); DVLOG(2) << "packet(" << packet_number << "): " << std::endl << quic::QuicTextUtils::HexDump(packet->AsStringPiece()); return packet; } std::unique_ptr - ConstructClientAckAndRstStreamPacket(uint64_t packet_number, - uint64_t largest_received, + ConstructClientAckAndRstStreamPacket(uint64_t largest_received, uint64_t smallest_received, uint64_t least_unacked) { return client_maker_.MakeAckAndRstPacket( - packet_number, !kIncludeVersion, stream_id_, + ++packet_number_, !kIncludeVersion, stream_id_, quic::QUIC_STREAM_CANCELLED, largest_received, smallest_received, least_unacked, !kIncludeCongestionFeedback); } @@ -744,13 +719,12 @@ class BidirectionalStreamQuicImplTest uint64_t smallest_received, uint64_t least_unacked, bool fin, - quic::QuicStreamOffset offset, quic::QuicStringPiece data, QuicTestPacketMaker* maker) { std::unique_ptr packet( maker->MakeAckAndDataPacket( packet_number, should_include_version, stream_id_, largest_received, - smallest_received, least_unacked, fin, offset, data)); + smallest_received, least_unacked, fin, data)); DVLOG(2) << "packet(" << packet_number << "): " << std::endl << quic::QuicTextUtils::HexDump(packet->AsStringPiece()); return packet; @@ -758,29 +732,27 @@ class BidirectionalStreamQuicImplTest std::unique_ptr ConstructAckAndMultipleDataFramesPacket( - uint64_t packet_number, bool should_include_version, uint64_t largest_received, uint64_t smallest_received, uint64_t least_unacked, bool fin, - quic::QuicStreamOffset offset, const std::vector data_writes) { std::unique_ptr packet( client_maker_.MakeAckAndMultipleDataFramesPacket( - packet_number, should_include_version, stream_id_, largest_received, - smallest_received, least_unacked, fin, offset, data_writes)); - DVLOG(2) << "packet(" << packet_number << "): " << std::endl + ++packet_number_, should_include_version, stream_id_, + largest_received, smallest_received, least_unacked, fin, + data_writes)); + DVLOG(2) << "packet(" << packet_number_ << "): " << std::endl << quic::QuicTextUtils::HexDump(packet->AsStringPiece()); return packet; } std::unique_ptr ConstructClientAckPacket( - uint64_t packet_number, uint64_t largest_received, uint64_t smallest_received, uint64_t least_unacked) { - return client_maker_.MakeAckPacket(packet_number, largest_received, + return client_maker_.MakeAckPacket(++packet_number_, largest_received, smallest_received, least_unacked, !kIncludeCongestionFeedback); } @@ -795,10 +767,8 @@ class BidirectionalStreamQuicImplTest !kIncludeCongestionFeedback); } - std::unique_ptr ConstructInitialSettingsPacket( - uint64_t packet_number, - quic::QuicStreamOffset* offset) { - return client_maker_.MakeInitialSettingsPacket(packet_number, offset); + std::unique_ptr ConstructInitialSettingsPacket() { + return client_maker_.MakeInitialSettingsPacket(++packet_number_); } void ExpectLoadTimingValid(const LoadTimingInfo& load_timing_info, @@ -835,6 +805,7 @@ class BidirectionalStreamQuicImplTest } protected: + QuicFlagSaver saver_; const quic::ParsedQuicVersion version_; const bool client_headers_include_h2_stream_dependency_; BoundTestNetLog net_log_; @@ -854,10 +825,12 @@ class BidirectionalStreamQuicImplTest const quic::QuicConnectionId connection_id_; const quic::QuicStreamId stream_id_; QuicTestPacketMaker client_maker_; + uint64_t packet_number_; QuicTestPacketMaker server_maker_; IPEndPoint self_addr_; IPEndPoint peer_addr_; quic::test::MockRandom random_generator_; + QuicPacketPrinter printer_; MockCryptoClientStreamFactory crypto_client_stream_factory_; std::unique_ptr socket_data_; std::vector writes_; @@ -865,23 +838,36 @@ class BidirectionalStreamQuicImplTest HostPortPair destination_; }; +// TODO(nharper): Make these tests work with TLS. +quic::ParsedQuicVersionVector AllSupportedVersionsWithQuicCrypto() { + quic::ParsedQuicVersionVector versions; + for (const auto& version : quic::AllSupportedVersions()) { + if (version.handshake_protocol == quic::PROTOCOL_QUIC_CRYPTO) { + versions.push_back(version); + } + } + return versions; +} + INSTANTIATE_TEST_SUITE_P( Version, BidirectionalStreamQuicImplTest, - ::testing::Combine(::testing::ValuesIn(quic::AllVersionsExcept99()), - ::testing::Bool())); + ::testing::Combine( + ::testing::ValuesIn(AllSupportedVersionsWithQuicCrypto()), + ::testing::Bool())); TEST_P(BidirectionalStreamQuicImplTest, GetRequest) { SetRequest("GET", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); AddWrite(ConstructRequestHeadersPacketInner( - 1, GetNthClientInitiatedBidirectionalStreamId(0), kFin, DEFAULT_PRIORITY, - &spdy_request_headers_frame_length, &header_stream_offset)); + GetNthClientInitiatedBidirectionalStreamId(0), kFin, DEFAULT_PRIORITY, + &spdy_request_headers_frame_length)); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - AddWrite(ConstructInitialSettingsPacket(2, &header_stream_offset)); - AddWrite(ConstructClientAckPacket(3, 3, 1, 2)); + if (!quic::VersionUsesQpack(version_.transport_version)) { + AddWrite(ConstructInitialSettingsPacket()); + } + AddWrite(ConstructClientAckPacket(3, 1, 2)); Initialize(); @@ -908,10 +894,9 @@ TEST_P(BidirectionalStreamQuicImplTest, GetRequest) { spdy::SpdyHeaderBlock response_headers = ConstructResponseHeaders("200"); size_t spdy_response_headers_frame_length; - quic::QuicStreamOffset offset = 0; - ProcessPacket(ConstructResponseHeadersPacket( - 2, !kFin, std::move(response_headers), - &spdy_response_headers_frame_length, &offset)); + ProcessPacket( + ConstructResponseHeadersPacket(2, !kFin, std::move(response_headers), + &spdy_response_headers_frame_length)); delegate->WaitUntilNextCallback(kOnHeadersReceived); LoadTimingInfo load_timing_info; @@ -924,7 +909,7 @@ TEST_P(BidirectionalStreamQuicImplTest, GetRequest) { const char kResponseBody[] = "Hello world!"; // Server sends data. std::string header = ConstructDataHeader(strlen(kResponseBody)); - ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, !kFin, 0, + ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, !kFin, header + kResponseBody)); EXPECT_EQ(12, cb.WaitForResult()); @@ -935,11 +920,13 @@ TEST_P(BidirectionalStreamQuicImplTest, GetRequest) { spdy::SpdyHeaderBlock trailers; size_t spdy_trailers_frame_length; trailers["foo"] = "bar"; - trailers[quic::kFinalOffsetHeaderKey] = - base::NumberToString(strlen(kResponseBody)); + if (!quic::VersionUsesQpack(version_.transport_version)) { + trailers[quic::kFinalOffsetHeaderKey] = + base::NumberToString(strlen(kResponseBody)); + } // Server sends trailers. - ProcessPacket(ConstructResponseTrailersPacket( - 4, kFin, trailers.Clone(), &spdy_trailers_frame_length, &offset)); + ProcessPacket(ConstructResponseTrailersPacket(4, kFin, trailers.Clone(), + &spdy_trailers_frame_length)); delegate->WaitUntilNextCallback(kOnTrailersReceived); EXPECT_THAT(cb2.WaitForResult(), IsOk()); @@ -959,8 +946,7 @@ TEST_P(BidirectionalStreamQuicImplTest, GetRequest) { spdy_trailers_frame_length), delegate->GetTotalReceivedBytes()); // Check that NetLog was filled as expected. - TestNetLogEntry::List entries; - net_log().GetEntries(&entries); + auto entries = net_log().GetEntries(); size_t pos = ExpectLogContainsSomewhere( entries, /*min_offset=*/0, NetLogEventType::QUIC_CHROMIUM_CLIENT_STREAM_SEND_REQUEST_HEADERS, @@ -977,19 +963,20 @@ TEST_P(BidirectionalStreamQuicImplTest, GetRequest) { TEST_P(BidirectionalStreamQuicImplTest, LoadTimingTwoRequests) { SetRequest("GET", "/", DEFAULT_PRIORITY); - quic::QuicStreamOffset offset = 0; client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); AddWrite(ConstructRequestHeadersPacketInner( - 1, GetNthClientInitiatedBidirectionalStreamId(0), kFin, DEFAULT_PRIORITY, - nullptr, &offset)); + GetNthClientInitiatedBidirectionalStreamId(0), kFin, DEFAULT_PRIORITY, + nullptr)); // SetRequest() again for second request as |request_headers_| was moved. SetRequest("GET", "/", DEFAULT_PRIORITY); AddWrite(ConstructRequestHeadersPacketInner( - 2, GetNthClientInitiatedBidirectionalStreamId(1), kFin, DEFAULT_PRIORITY, - GetNthClientInitiatedBidirectionalStreamId(0), nullptr, &offset)); + GetNthClientInitiatedBidirectionalStreamId(1), kFin, DEFAULT_PRIORITY, + GetNthClientInitiatedBidirectionalStreamId(0), nullptr)); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - AddWrite(ConstructInitialSettingsPacket(3, &offset)); - AddWrite(ConstructClientAckPacket(4, 3, 1, 2)); + if (!quic::VersionUsesQpack(version_.transport_version)) { + AddWrite(ConstructInitialSettingsPacket()); + } + AddWrite(ConstructClientAckPacket(3, 1, 2)); Initialize(); BidirectionalStreamRequestInfo request; @@ -1022,14 +1009,13 @@ TEST_P(BidirectionalStreamQuicImplTest, LoadTimingTwoRequests) { ProcessPacket(ConstructServerAckPacket(1, 1, 1, 1)); // Server sends the response headers. - offset = 0; ProcessPacket(ConstructResponseHeadersPacketInner( 2, GetNthClientInitiatedBidirectionalStreamId(0), kFin, - ConstructResponseHeaders("200"), nullptr, &offset)); + ConstructResponseHeaders("200"), nullptr)); ProcessPacket(ConstructResponseHeadersPacketInner( 3, GetNthClientInitiatedBidirectionalStreamId(1), kFin, - ConstructResponseHeaders("200"), nullptr, &offset)); + ConstructResponseHeaders("200"), nullptr)); delegate->WaitUntilNextCallback(kOnHeadersReceived); delegate2->WaitUntilNextCallback(kOnHeadersReceived); @@ -1053,40 +1039,37 @@ TEST_P(BidirectionalStreamQuicImplTest, LoadTimingTwoRequests) { TEST_P(BidirectionalStreamQuicImplTest, CoalesceDataBuffersNotHeadersFrame) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(1, &header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); const char kBody1[] = "here are some data"; const char kBody2[] = "data keep coming"; std::string header = ConstructDataHeader(strlen(kBody1)); std::string header2 = ConstructDataHeader(strlen(kBody2)); std::vector two_writes = {kBody1, kBody2}; AddWrite(ConstructRequestHeadersPacketInner( - 2, GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, - &spdy_request_headers_frame_length, &header_stream_offset)); + GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, + &spdy_request_headers_frame_length)); if (version_.transport_version != quic::QUIC_VERSION_99) { - AddWrite(ConstructClientMultipleDataFramesPacket(3, kIncludeVersion, !kFin, - 0, {kBody1, kBody2})); + AddWrite(ConstructClientMultipleDataFramesPacket(kIncludeVersion, !kFin, + {kBody1, kBody2})); } else { AddWrite(ConstructClientMultipleDataFramesPacket( - 3, kIncludeVersion, !kFin, 0, {header, kBody1, header2, kBody2})); + kIncludeVersion, !kFin, {header, kBody1, header2, kBody2})); } // Ack server's data packet. - AddWrite(ConstructClientAckPacket(4, 3, 1, 2)); + AddWrite(ConstructClientAckPacket(3, 1, 2)); const char kBody3[] = "hello there"; const char kBody4[] = "another piece of small data"; const char kBody5[] = "really small"; std::string header3 = ConstructDataHeader(strlen(kBody3)); std::string header4 = ConstructDataHeader(strlen(kBody4)); std::string header5 = ConstructDataHeader(strlen(kBody5)); - quic::QuicStreamOffset data_offset = - strlen(kBody1) + strlen(kBody2) + header.length() + header2.length(); if (version_.transport_version != quic::QUIC_VERSION_99) { - AddWrite(ConstructClientMultipleDataFramesPacket( - 5, !kIncludeVersion, kFin, data_offset, {kBody3, kBody4, kBody5})); + AddWrite(ConstructClientMultipleDataFramesPacket(!kIncludeVersion, kFin, + {kBody3, kBody4, kBody5})); } else { AddWrite(ConstructClientMultipleDataFramesPacket( - 5, !kIncludeVersion, kFin, data_offset, + !kIncludeVersion, kFin, {header3, kBody3, header4, kBody4, header5, kBody5})); } @@ -1129,10 +1112,9 @@ TEST_P(BidirectionalStreamQuicImplTest, CoalesceDataBuffersNotHeadersFrame) { // Server sends the response headers. spdy::SpdyHeaderBlock response_headers = ConstructResponseHeaders("200"); size_t spdy_response_headers_frame_length; - quic::QuicStreamOffset offset = 0; - ProcessPacket(ConstructResponseHeadersPacket( - 2, !kFin, std::move(response_headers), - &spdy_response_headers_frame_length, &offset)); + ProcessPacket( + ConstructResponseHeadersPacket(2, !kFin, std::move(response_headers), + &spdy_response_headers_frame_length)); delegate->WaitUntilNextCallback(kOnHeadersReceived); TestCompletionCallback cb; @@ -1142,7 +1124,7 @@ TEST_P(BidirectionalStreamQuicImplTest, CoalesceDataBuffersNotHeadersFrame) { const char kResponseBody[] = "Hello world!"; std::string header6 = ConstructDataHeader(strlen(kResponseBody)); // Server sends data. - ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, !kFin, 0, + ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, !kFin, header6 + kResponseBody)); EXPECT_EQ(static_cast(strlen(kResponseBody)), cb.WaitForResult()); @@ -1162,11 +1144,13 @@ TEST_P(BidirectionalStreamQuicImplTest, CoalesceDataBuffersNotHeadersFrame) { size_t spdy_trailers_frame_length; spdy::SpdyHeaderBlock trailers; trailers["foo"] = "bar"; - trailers[quic::kFinalOffsetHeaderKey] = - base::NumberToString(strlen(kResponseBody)); + if (!quic::VersionUsesQpack(version_.transport_version)) { + trailers[quic::kFinalOffsetHeaderKey] = + base::NumberToString(strlen(kResponseBody)); + } // Server sends trailers. - ProcessPacket(ConstructResponseTrailersPacket( - 4, kFin, trailers.Clone(), &spdy_trailers_frame_length, &offset)); + ProcessPacket(ConstructResponseTrailersPacket(4, kFin, trailers.Clone(), + &spdy_trailers_frame_length)); delegate->WaitUntilNextCallback(kOnTrailersReceived); trailers.erase(quic::kFinalOffsetHeaderKey); @@ -1194,31 +1178,28 @@ TEST_P(BidirectionalStreamQuicImplTest, SendDataCoalesceDataBufferAndHeaderFrame) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(1, &header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); const char kBody1[] = "here are some data"; std::string header = ConstructDataHeader(strlen(kBody1)); if (version_.transport_version == quic::QUIC_VERSION_99) { AddWrite(ConstructRequestHeadersAndMultipleDataFramesPacket( - 2, !kFin, DEFAULT_PRIORITY, &header_stream_offset, - &spdy_request_headers_frame_length, {header, kBody1})); + !kFin, DEFAULT_PRIORITY, &spdy_request_headers_frame_length, + {header, kBody1})); } else { AddWrite(ConstructRequestHeadersAndMultipleDataFramesPacket( - 2, !kFin, DEFAULT_PRIORITY, &header_stream_offset, - &spdy_request_headers_frame_length, {kBody1})); + !kFin, DEFAULT_PRIORITY, &spdy_request_headers_frame_length, {kBody1})); } // Ack server's data packet. - AddWrite(ConstructClientAckPacket(3, 3, 1, 2)); + AddWrite(ConstructClientAckPacket(3, 1, 2)); const char kBody2[] = "really small"; std::string header2 = ConstructDataHeader(strlen(kBody2)); - quic::QuicStreamOffset data_offset = strlen(kBody1) + header.length(); if (version_.transport_version == quic::QUIC_VERSION_99) { - AddWrite(ConstructClientMultipleDataFramesPacket( - 4, !kIncludeVersion, kFin, data_offset, {header2, kBody2})); + AddWrite(ConstructClientMultipleDataFramesPacket(!kIncludeVersion, kFin, + {header2, kBody2})); } else { - AddWrite(ConstructClientMultipleDataFramesPacket(4, !kIncludeVersion, kFin, - data_offset, {kBody2})); + AddWrite(ConstructClientMultipleDataFramesPacket(!kIncludeVersion, kFin, + {kBody2})); } Initialize(); @@ -1252,10 +1233,9 @@ TEST_P(BidirectionalStreamQuicImplTest, // Server sends the response headers. spdy::SpdyHeaderBlock response_headers = ConstructResponseHeaders("200"); size_t spdy_response_headers_frame_length; - quic::QuicStreamOffset offset = 0; - ProcessPacket(ConstructResponseHeadersPacket( - 2, !kFin, std::move(response_headers), - &spdy_response_headers_frame_length, &offset)); + ProcessPacket( + ConstructResponseHeadersPacket(2, !kFin, std::move(response_headers), + &spdy_response_headers_frame_length)); delegate->WaitUntilNextCallback(kOnHeadersReceived); TestCompletionCallback cb; @@ -1265,7 +1245,7 @@ TEST_P(BidirectionalStreamQuicImplTest, const char kResponseBody[] = "Hello world!"; // Server sends data. std::string header3 = ConstructDataHeader(strlen(kResponseBody)); - ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, !kFin, 0, + ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, !kFin, header3 + kResponseBody)); EXPECT_EQ(static_cast(strlen(kResponseBody)), cb.WaitForResult()); @@ -1280,11 +1260,13 @@ TEST_P(BidirectionalStreamQuicImplTest, size_t spdy_trailers_frame_length; spdy::SpdyHeaderBlock trailers; trailers["foo"] = "bar"; - trailers[quic::kFinalOffsetHeaderKey] = - base::NumberToString(strlen(kResponseBody)); + if (!quic::VersionUsesQpack(version_.transport_version)) { + trailers[quic::kFinalOffsetHeaderKey] = + base::NumberToString(strlen(kResponseBody)); + } // Server sends trailers. - ProcessPacket(ConstructResponseTrailersPacket( - 4, kFin, trailers.Clone(), &spdy_trailers_frame_length, &offset)); + ProcessPacket(ConstructResponseTrailersPacket(4, kFin, trailers.Clone(), + &spdy_trailers_frame_length)); delegate->WaitUntilNextCallback(kOnTrailersReceived); trailers.erase(quic::kFinalOffsetHeaderKey); @@ -1310,8 +1292,7 @@ TEST_P(BidirectionalStreamQuicImplTest, SendvDataCoalesceDataBuffersAndHeaderFrame) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(1, &header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); const char kBody1[] = "here are some data"; const char kBody2[] = "data keep coming"; std::string header = ConstructDataHeader(strlen(kBody1)); @@ -1319,31 +1300,29 @@ TEST_P(BidirectionalStreamQuicImplTest, if (version_.transport_version == quic::QUIC_VERSION_99) { AddWrite(ConstructRequestHeadersAndMultipleDataFramesPacket( - 2, !kFin, DEFAULT_PRIORITY, &header_stream_offset, - &spdy_request_headers_frame_length, {header, kBody1, header2, kBody2})); + !kFin, DEFAULT_PRIORITY, &spdy_request_headers_frame_length, + {header, kBody1, header2, kBody2})); } else { AddWrite(ConstructRequestHeadersAndMultipleDataFramesPacket( - 2, !kFin, DEFAULT_PRIORITY, &header_stream_offset, - &spdy_request_headers_frame_length, {kBody1, kBody2})); + !kFin, DEFAULT_PRIORITY, &spdy_request_headers_frame_length, + {kBody1, kBody2})); } // Ack server's data packet. - AddWrite(ConstructClientAckPacket(3, 3, 1, 2)); + AddWrite(ConstructClientAckPacket(3, 1, 2)); const char kBody3[] = "hello there"; const char kBody4[] = "another piece of small data"; const char kBody5[] = "really small"; std::string header3 = ConstructDataHeader(strlen(kBody3)); std::string header4 = ConstructDataHeader(strlen(kBody4)); std::string header5 = ConstructDataHeader(strlen(kBody5)); - quic::QuicStreamOffset data_offset = - strlen(kBody1) + strlen(kBody2) + header.length() + header2.length(); if (version_.transport_version == quic::QUIC_VERSION_99) { AddWrite(ConstructClientMultipleDataFramesPacket( - 4, !kIncludeVersion, kFin, data_offset, + !kIncludeVersion, kFin, {header3, kBody3, header4, kBody4, header5, kBody5})); } else { - AddWrite(ConstructClientMultipleDataFramesPacket( - 4, !kIncludeVersion, kFin, data_offset, {kBody3, kBody4, kBody5})); + AddWrite(ConstructClientMultipleDataFramesPacket(!kIncludeVersion, kFin, + {kBody3, kBody4, kBody5})); } Initialize(); @@ -1380,10 +1359,9 @@ TEST_P(BidirectionalStreamQuicImplTest, // Server sends the response headers. spdy::SpdyHeaderBlock response_headers = ConstructResponseHeaders("200"); size_t spdy_response_headers_frame_length; - quic::QuicStreamOffset offset = 0; - ProcessPacket(ConstructResponseHeadersPacket( - 2, !kFin, std::move(response_headers), - &spdy_response_headers_frame_length, &offset)); + ProcessPacket( + ConstructResponseHeadersPacket(2, !kFin, std::move(response_headers), + &spdy_response_headers_frame_length)); delegate->WaitUntilNextCallback(kOnHeadersReceived); TestCompletionCallback cb; @@ -1393,7 +1371,7 @@ TEST_P(BidirectionalStreamQuicImplTest, const char kResponseBody[] = "Hello world!"; std::string header6 = ConstructDataHeader(strlen(kResponseBody)); // Server sends data. - ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, !kFin, 0, + ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, !kFin, header6 + kResponseBody)); EXPECT_EQ(static_cast(strlen(kResponseBody)), cb.WaitForResult()); @@ -1413,11 +1391,13 @@ TEST_P(BidirectionalStreamQuicImplTest, size_t spdy_trailers_frame_length; spdy::SpdyHeaderBlock trailers; trailers["foo"] = "bar"; - trailers[quic::kFinalOffsetHeaderKey] = - base::NumberToString(strlen(kResponseBody)); + if (!quic::VersionUsesQpack(version_.transport_version)) { + trailers[quic::kFinalOffsetHeaderKey] = + base::NumberToString(strlen(kResponseBody)); + } // Server sends trailers. - ProcessPacket(ConstructResponseTrailersPacket( - 4, kFin, trailers.Clone(), &spdy_trailers_frame_length, &offset)); + ProcessPacket(ConstructResponseTrailersPacket(4, kFin, trailers.Clone(), + &spdy_trailers_frame_length)); delegate->WaitUntilNextCallback(kOnTrailersReceived); trailers.erase(quic::kFinalOffsetHeaderKey); @@ -1443,8 +1423,7 @@ TEST_P(BidirectionalStreamQuicImplTest, // headers to be sent, if that write fails the stream does not crash. TEST_P(BidirectionalStreamQuicImplTest, SendDataWriteErrorCoalesceDataBufferAndHeaderFrame) { - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(1, &header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWriteError(SYNCHRONOUS, ERR_CONNECTION_REFUSED); Initialize(); @@ -1479,8 +1458,7 @@ TEST_P(BidirectionalStreamQuicImplTest, // headers to be sent, if that write fails the stream does not crash. TEST_P(BidirectionalStreamQuicImplTest, SendvDataWriteErrorCoalesceDataBufferAndHeaderFrame) { - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(1, &header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWriteError(SYNCHRONOUS, ERR_CONNECTION_REFUSED); Initialize(); @@ -1518,21 +1496,20 @@ TEST_P(BidirectionalStreamQuicImplTest, TEST_P(BidirectionalStreamQuicImplTest, PostRequest) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(1, &header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(ConstructRequestHeadersPacketInner( - 2, GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, - &spdy_request_headers_frame_length, &header_stream_offset)); + GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, + &spdy_request_headers_frame_length)); std::string header = ConstructDataHeader(strlen(kUploadData)); if (version_.transport_version == quic::QUIC_VERSION_99) { - AddWrite(ConstructClientMultipleDataFramesPacket(3, kIncludeVersion, kFin, - 0, {header, kUploadData})); + AddWrite(ConstructClientMultipleDataFramesPacket(kIncludeVersion, kFin, + {header, kUploadData})); } else { - AddWrite(ConstructClientMultipleDataFramesPacket(3, kIncludeVersion, kFin, - 0, {kUploadData})); + AddWrite(ConstructClientMultipleDataFramesPacket(kIncludeVersion, kFin, + {kUploadData})); } - AddWrite(ConstructClientAckPacket(4, 3, 1, 2)); + AddWrite(ConstructClientAckPacket(3, 1, 2)); Initialize(); @@ -1564,10 +1541,9 @@ TEST_P(BidirectionalStreamQuicImplTest, PostRequest) { // Server sends the response headers. spdy::SpdyHeaderBlock response_headers = ConstructResponseHeaders("200"); size_t spdy_response_headers_frame_length; - quic::QuicStreamOffset offset = 0; - ProcessPacket(ConstructResponseHeadersPacket( - 2, !kFin, std::move(response_headers), - &spdy_response_headers_frame_length, &offset)); + ProcessPacket( + ConstructResponseHeadersPacket(2, !kFin, std::move(response_headers), + &spdy_response_headers_frame_length)); delegate->WaitUntilNextCallback(kOnHeadersReceived); TestCompletionCallback cb; @@ -1577,7 +1553,7 @@ TEST_P(BidirectionalStreamQuicImplTest, PostRequest) { const char kResponseBody[] = "Hello world!"; std::string header2 = ConstructDataHeader(strlen(kResponseBody)); // Server sends data. - ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, !kFin, 0, + ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, !kFin, header2 + kResponseBody)); EXPECT_EQ(static_cast(strlen(kResponseBody)), cb.WaitForResult()); @@ -1585,11 +1561,13 @@ TEST_P(BidirectionalStreamQuicImplTest, PostRequest) { size_t spdy_trailers_frame_length; spdy::SpdyHeaderBlock trailers; trailers["foo"] = "bar"; - trailers[quic::kFinalOffsetHeaderKey] = - base::NumberToString(strlen(kResponseBody)); + if (!quic::VersionUsesQpack(version_.transport_version)) { + trailers[quic::kFinalOffsetHeaderKey] = + base::NumberToString(strlen(kResponseBody)); + } // Server sends trailers. - ProcessPacket(ConstructResponseTrailersPacket( - 4, kFin, trailers.Clone(), &spdy_trailers_frame_length, &offset)); + ProcessPacket(ConstructResponseTrailersPacket(4, kFin, trailers.Clone(), + &spdy_trailers_frame_length)); delegate->WaitUntilNextCallback(kOnTrailersReceived); trailers.erase(quic::kFinalOffsetHeaderKey); @@ -1611,21 +1589,20 @@ TEST_P(BidirectionalStreamQuicImplTest, PostRequest) { TEST_P(BidirectionalStreamQuicImplTest, EarlyDataOverrideRequest) { SetRequest("PUT", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(1, &header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(ConstructRequestHeadersPacketInner( - 2, GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, - &spdy_request_headers_frame_length, &header_stream_offset)); + GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, + &spdy_request_headers_frame_length)); std::string header = ConstructDataHeader(strlen(kUploadData)); if (version_.transport_version == quic::QUIC_VERSION_99) { - AddWrite(ConstructClientMultipleDataFramesPacket(3, kIncludeVersion, kFin, - 0, {header, kUploadData})); + AddWrite(ConstructClientMultipleDataFramesPacket(kIncludeVersion, kFin, + {header, kUploadData})); } else { - AddWrite(ConstructClientMultipleDataFramesPacket(3, kIncludeVersion, kFin, - 0, {kUploadData})); + AddWrite(ConstructClientMultipleDataFramesPacket(kIncludeVersion, kFin, + {kUploadData})); } - AddWrite(ConstructClientAckPacket(4, 3, 1, 2)); + AddWrite(ConstructClientAckPacket(3, 1, 2)); Initialize(); @@ -1658,10 +1635,9 @@ TEST_P(BidirectionalStreamQuicImplTest, EarlyDataOverrideRequest) { // Server sends the response headers. spdy::SpdyHeaderBlock response_headers = ConstructResponseHeaders("200"); size_t spdy_response_headers_frame_length; - quic::QuicStreamOffset offset = 0; - ProcessPacket(ConstructResponseHeadersPacket( - 2, !kFin, std::move(response_headers), - &spdy_response_headers_frame_length, &offset)); + ProcessPacket( + ConstructResponseHeadersPacket(2, !kFin, std::move(response_headers), + &spdy_response_headers_frame_length)); delegate->WaitUntilNextCallback(kOnHeadersReceived); TestCompletionCallback cb; @@ -1671,7 +1647,7 @@ TEST_P(BidirectionalStreamQuicImplTest, EarlyDataOverrideRequest) { const char kResponseBody[] = "Hello world!"; // Server sends data. std::string header2 = ConstructDataHeader(strlen(kResponseBody)); - ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, !kFin, 0, + ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, !kFin, header2 + kResponseBody)); EXPECT_EQ(static_cast(strlen(kResponseBody)), cb.WaitForResult()); @@ -1679,11 +1655,13 @@ TEST_P(BidirectionalStreamQuicImplTest, EarlyDataOverrideRequest) { size_t spdy_trailers_frame_length; spdy::SpdyHeaderBlock trailers; trailers["foo"] = "bar"; - trailers[quic::kFinalOffsetHeaderKey] = - base::NumberToString(strlen(kResponseBody)); + if (!quic::VersionUsesQpack(version_.transport_version)) { + trailers[quic::kFinalOffsetHeaderKey] = + base::NumberToString(strlen(kResponseBody)); + } // Server sends trailers. - ProcessPacket(ConstructResponseTrailersPacket( - 4, kFin, trailers.Clone(), &spdy_trailers_frame_length, &offset)); + ProcessPacket(ConstructResponseTrailersPacket(4, kFin, trailers.Clone(), + &spdy_trailers_frame_length)); delegate->WaitUntilNextCallback(kOnTrailersReceived); trailers.erase(quic::kFinalOffsetHeaderKey); @@ -1705,25 +1683,22 @@ TEST_P(BidirectionalStreamQuicImplTest, EarlyDataOverrideRequest) { TEST_P(BidirectionalStreamQuicImplTest, InterleaveReadDataAndSendData) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(1, &header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(ConstructRequestHeadersPacketInner( - 2, GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, - &spdy_request_headers_frame_length, &header_stream_offset)); + GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, + &spdy_request_headers_frame_length)); std::string header = ConstructDataHeader(strlen(kUploadData)); if (version_.transport_version != quic::QUIC_VERSION_99) { - AddWrite(ConstructAckAndDataPacket(3, !kIncludeVersion, 2, 1, 2, !kFin, 0, - kUploadData, &client_maker_)); - AddWrite(ConstructAckAndDataPacket(4, !kIncludeVersion, 3, 3, 3, kFin, - strlen(kUploadData), kUploadData, - &client_maker_)); + AddWrite(ConstructAckAndDataPacket(++packet_number_, !kIncludeVersion, 2, 1, + 2, !kFin, kUploadData, &client_maker_)); + AddWrite(ConstructAckAndDataPacket(++packet_number_, !kIncludeVersion, 3, 3, + 3, kFin, kUploadData, &client_maker_)); } else { AddWrite(ConstructAckAndMultipleDataFramesPacket( - 3, !kIncludeVersion, 2, 1, 1, !kFin, 0, {header, kUploadData})); + !kIncludeVersion, 2, 1, 1, !kFin, {header, kUploadData})); AddWrite(ConstructAckAndMultipleDataFramesPacket( - 4, !kIncludeVersion, 3, 3, 3, kFin, - strlen(kUploadData) + header.length(), {header, kUploadData})); + !kIncludeVersion, 3, 3, 3, kFin, {header, kUploadData})); } Initialize(); @@ -1748,9 +1723,9 @@ TEST_P(BidirectionalStreamQuicImplTest, InterleaveReadDataAndSendData) { // Server sends the response headers. spdy::SpdyHeaderBlock response_headers = ConstructResponseHeaders("200"); size_t spdy_response_headers_frame_length; - ProcessPacket(ConstructResponseHeadersPacket( - 2, !kFin, std::move(response_headers), - &spdy_response_headers_frame_length, nullptr)); + ProcessPacket( + ConstructResponseHeadersPacket(2, !kFin, std::move(response_headers), + &spdy_response_headers_frame_length)); delegate->WaitUntilNextCallback(kOnHeadersReceived); EXPECT_EQ("200", delegate->response_headers().find(":status")->second); @@ -1770,7 +1745,7 @@ TEST_P(BidirectionalStreamQuicImplTest, InterleaveReadDataAndSendData) { std::string header2 = ConstructDataHeader(strlen(kResponseBody)); // Server sends a data packet. ProcessPacket(ConstructAckAndDataPacket(3, !kIncludeVersion, 2, 1, 1, !kFin, - 0, header2 + kResponseBody, + header2 + kResponseBody, &server_maker_)); EXPECT_EQ(static_cast(strlen(kResponseBody)), cb.WaitForResult()); @@ -1783,10 +1758,10 @@ TEST_P(BidirectionalStreamQuicImplTest, InterleaveReadDataAndSendData) { TestCompletionCallback cb2; rv = delegate->ReadData(cb2.callback()); EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - ProcessPacket( - ConstructAckAndDataPacket(4, !kIncludeVersion, 3, 1, 1, kFin, - strlen(kResponseBody) + header2.length(), - header2 + kResponseBody, &server_maker_)); + ProcessPacket(ConstructAckAndDataPacket(4, !kIncludeVersion, 3, 1, 1, kFin, + + header2 + kResponseBody, + &server_maker_)); EXPECT_EQ(static_cast(strlen(kResponseBody)), cb2.WaitForResult()); @@ -1810,13 +1785,14 @@ TEST_P(BidirectionalStreamQuicImplTest, InterleaveReadDataAndSendData) { TEST_P(BidirectionalStreamQuicImplTest, ServerSendsRstAfterHeaders) { SetRequest("GET", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); AddWrite(ConstructRequestHeadersPacketInner( - 1, GetNthClientInitiatedBidirectionalStreamId(0), kFin, DEFAULT_PRIORITY, - &spdy_request_headers_frame_length, &header_stream_offset)); + GetNthClientInitiatedBidirectionalStreamId(0), kFin, DEFAULT_PRIORITY, + &spdy_request_headers_frame_length)); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - AddWrite(ConstructInitialSettingsPacket(2, &header_stream_offset)); + if (!quic::VersionUsesQpack(version_.transport_version)) { + AddWrite(ConstructInitialSettingsPacket()); + } Initialize(); BidirectionalStreamRequestInfo request; @@ -1856,15 +1832,16 @@ TEST_P(BidirectionalStreamQuicImplTest, ServerSendsRstAfterHeaders) { TEST_P(BidirectionalStreamQuicImplTest, ServerSendsRstAfterReadData) { SetRequest("GET", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); AddWrite(ConstructRequestHeadersPacketInner( - 1, GetNthClientInitiatedBidirectionalStreamId(0), kFin, DEFAULT_PRIORITY, - &spdy_request_headers_frame_length, &header_stream_offset)); + GetNthClientInitiatedBidirectionalStreamId(0), kFin, DEFAULT_PRIORITY, + &spdy_request_headers_frame_length)); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - AddWrite(ConstructInitialSettingsPacket(2, &header_stream_offset)); + if (!quic::VersionUsesQpack(version_.transport_version)) { + AddWrite(ConstructInitialSettingsPacket()); + } // Why does QUIC ack Rst? Is this expected? - AddWrite(ConstructClientAckPacket(3, 3, 1, 2)); + AddWrite(ConstructClientAckPacket(3, 1, 2)); Initialize(); @@ -1890,10 +1867,9 @@ TEST_P(BidirectionalStreamQuicImplTest, ServerSendsRstAfterReadData) { spdy::SpdyHeaderBlock response_headers = ConstructResponseHeaders("200"); size_t spdy_response_headers_frame_length; - quic::QuicStreamOffset offset = 0; - ProcessPacket(ConstructResponseHeadersPacket( - 2, !kFin, std::move(response_headers), - &spdy_response_headers_frame_length, &offset)); + ProcessPacket( + ConstructResponseHeadersPacket(2, !kFin, std::move(response_headers), + &spdy_response_headers_frame_length)); delegate->WaitUntilNextCallback(kOnHeadersReceived); EXPECT_EQ("200", delegate->response_headers().find(":status")->second); @@ -1921,11 +1897,10 @@ TEST_P(BidirectionalStreamQuicImplTest, ServerSendsRstAfterReadData) { TEST_P(BidirectionalStreamQuicImplTest, SessionClosedBeforeReadData) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(1, &header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(ConstructRequestHeadersPacketInner( - 2, GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, - &spdy_request_headers_frame_length, &header_stream_offset)); + GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, + &spdy_request_headers_frame_length)); Initialize(); BidirectionalStreamRequestInfo request; @@ -1950,10 +1925,9 @@ TEST_P(BidirectionalStreamQuicImplTest, SessionClosedBeforeReadData) { spdy::SpdyHeaderBlock response_headers = ConstructResponseHeaders("200"); size_t spdy_response_headers_frame_length; - quic::QuicStreamOffset offset = 0; - ProcessPacket(ConstructResponseHeadersPacket( - 2, !kFin, std::move(response_headers), - &spdy_response_headers_frame_length, &offset)); + ProcessPacket( + ConstructResponseHeadersPacket(2, !kFin, std::move(response_headers), + &spdy_response_headers_frame_length)); delegate->WaitUntilNextCallback(kOnHeadersReceived); TestCompletionCallback cb; @@ -2031,8 +2005,7 @@ TEST_P(BidirectionalStreamQuicImplTest, SessionClosedBeforeStartNotConfirmed) { TEST_P(BidirectionalStreamQuicImplTest, SessionCloseDuringOnStreamReady) { SetRequest("POST", "/", DEFAULT_PRIORITY); - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(1, &header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWriteError(SYNCHRONOUS, ERR_CONNECTION_REFUSED); Initialize(); @@ -2059,12 +2032,11 @@ TEST_P(BidirectionalStreamQuicImplTest, SessionCloseDuringOnStreamReady) { TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnStreamReady) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(1, &header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(ConstructRequestHeadersPacketInner( - 2, GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, - &spdy_request_headers_frame_length, &header_stream_offset)); - AddWrite(ConstructClientEarlyRstStreamPacket(3)); + GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, + &spdy_request_headers_frame_length)); + AddWrite(ConstructClientEarlyRstStreamPacket()); Initialize(); @@ -2091,12 +2063,11 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnStreamReady) { TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamAfterReadData) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(1, &header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(ConstructRequestHeadersPacketInner( - 2, GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, - &spdy_request_headers_frame_length, &header_stream_offset)); - AddWrite(ConstructClientAckAndRstStreamPacket(3, 2, 1, 2)); + GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, + &spdy_request_headers_frame_length)); + AddWrite(ConstructClientAckAndRstStreamPacket(2, 1, 2)); Initialize(); @@ -2121,9 +2092,9 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamAfterReadData) { // Server sends the response headers. spdy::SpdyHeaderBlock response_headers = ConstructResponseHeaders("200"); size_t spdy_response_headers_frame_length; - ProcessPacket(ConstructResponseHeadersPacket( - 2, !kFin, std::move(response_headers), - &spdy_response_headers_frame_length, nullptr)); + ProcessPacket( + ConstructResponseHeadersPacket(2, !kFin, std::move(response_headers), + &spdy_response_headers_frame_length)); delegate->WaitUntilNextCallback(kOnHeadersReceived); EXPECT_EQ("200", delegate->response_headers().find(":status")->second); @@ -2147,12 +2118,11 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamAfterReadData) { TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnHeadersReceived) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(1, &header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(ConstructRequestHeadersPacketInner( - 2, GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, - &spdy_request_headers_frame_length, &header_stream_offset)); - AddWrite(ConstructClientAckAndRstStreamPacket(3, 2, 1, 2)); + GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, + &spdy_request_headers_frame_length)); + AddWrite(ConstructClientAckAndRstStreamPacket(2, 1, 2)); Initialize(); @@ -2179,9 +2149,9 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnHeadersReceived) { spdy::SpdyHeaderBlock response_headers = ConstructResponseHeaders("200"); size_t spdy_response_headers_frame_length; - ProcessPacket(ConstructResponseHeadersPacket( - 2, !kFin, std::move(response_headers), - &spdy_response_headers_frame_length, nullptr)); + ProcessPacket( + ConstructResponseHeadersPacket(2, !kFin, std::move(response_headers), + &spdy_response_headers_frame_length)); delegate->WaitUntilNextCallback(kOnHeadersReceived); EXPECT_EQ("200", delegate->response_headers().find(":status")->second); @@ -2195,13 +2165,12 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnHeadersReceived) { TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnDataRead) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(1, &header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(ConstructRequestHeadersPacketInner( - 2, GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, - &spdy_request_headers_frame_length, &header_stream_offset)); - AddWrite(ConstructClientAckPacket(3, 3, 1, 2)); - AddWrite(ConstructClientRstStreamPacket(4)); + GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, + &spdy_request_headers_frame_length)); + AddWrite(ConstructClientAckPacket(3, 1, 2)); + AddWrite(ConstructClientRstStreamPacket()); Initialize(); @@ -2227,9 +2196,9 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnDataRead) { spdy::SpdyHeaderBlock response_headers = ConstructResponseHeaders("200"); size_t spdy_response_headers_frame_length; - ProcessPacket(ConstructResponseHeadersPacket( - 2, !kFin, std::move(response_headers), - &spdy_response_headers_frame_length, nullptr)); + ProcessPacket( + ConstructResponseHeadersPacket(2, !kFin, std::move(response_headers), + &spdy_response_headers_frame_length)); delegate->WaitUntilNextCallback(kOnHeadersReceived); @@ -2241,7 +2210,7 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnDataRead) { const char kResponseBody[] = "Hello world!"; std::string header = ConstructDataHeader(strlen(kResponseBody)); // Server sends data. - ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, !kFin, 0, + ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, !kFin, header + kResponseBody)); EXPECT_EQ(static_cast(strlen(kResponseBody)), cb.WaitForResult()); @@ -2255,20 +2224,19 @@ TEST_P(BidirectionalStreamQuicImplTest, AsyncFinRead) { const char kBody[] = "here is some data"; SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(1, &header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(ConstructRequestHeadersPacketInner( - 2, GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, - &spdy_request_headers_frame_length, &header_stream_offset)); + GetNthClientInitiatedBidirectionalStreamId(0), !kFin, DEFAULT_PRIORITY, + &spdy_request_headers_frame_length)); std::string header = ConstructDataHeader(strlen(kBody)); if (version_.transport_version == quic::QUIC_VERSION_99) { - AddWrite(ConstructClientMultipleDataFramesPacket(3, kIncludeVersion, kFin, - 0, {header, kBody})); + AddWrite(ConstructClientMultipleDataFramesPacket(kIncludeVersion, kFin, + {header, kBody})); } else { - AddWrite(ConstructClientMultipleDataFramesPacket(3, kIncludeVersion, kFin, - 0, {kBody})); + AddWrite(ConstructClientMultipleDataFramesPacket(kIncludeVersion, kFin, + {kBody})); } - AddWrite(ConstructClientAckPacket(4, 3, 1, 2)); + AddWrite(ConstructClientAckPacket(3, 1, 2)); Initialize(); @@ -2301,9 +2269,9 @@ TEST_P(BidirectionalStreamQuicImplTest, AsyncFinRead) { spdy::SpdyHeaderBlock response_headers = ConstructResponseHeaders("200"); size_t spdy_response_headers_frame_length; - ProcessPacket(ConstructResponseHeadersPacket( - 2, !kFin, std::move(response_headers), - &spdy_response_headers_frame_length, nullptr)); + ProcessPacket( + ConstructResponseHeadersPacket(2, !kFin, std::move(response_headers), + &spdy_response_headers_frame_length)); delegate->WaitUntilNextCallback(kOnHeadersReceived); @@ -2318,7 +2286,7 @@ TEST_P(BidirectionalStreamQuicImplTest, AsyncFinRead) { // Server sends data with the fin set, which should result in the stream // being closed and hence no RST_STREAM will be sent. - ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, kFin, 0, + ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, kFin, header2 + kResponseBody)); EXPECT_EQ(static_cast(strlen(kResponseBody)), cb.WaitForResult()); @@ -2332,10 +2300,10 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnTrailersReceived) { SetRequest("GET", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); - AddWrite(ConstructRequestHeadersPacket(1, kFin, DEFAULT_PRIORITY, + AddWrite(ConstructRequestHeadersPacket(kFin, DEFAULT_PRIORITY, &spdy_request_headers_frame_length)); - AddWrite(ConstructClientAckPacket(2, 3, 1, 2)); // Ack the data packet - AddWrite(ConstructClientAckAndRstStreamPacket(3, 4, 4, 2)); + AddWrite(ConstructClientAckPacket(3, 1, 2)); // Ack the data packet + AddWrite(ConstructClientAckAndRstStreamPacket(4, 4, 2)); Initialize(); @@ -2360,11 +2328,10 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnTrailersReceived) { // Server sends the response headers. spdy::SpdyHeaderBlock response_headers = ConstructResponseHeaders("200"); - quic::QuicStreamOffset offset = 0; size_t spdy_response_headers_frame_length; - ProcessPacket(ConstructResponseHeadersPacket( - 2, !kFin, std::move(response_headers), - &spdy_response_headers_frame_length, &offset)); + ProcessPacket( + ConstructResponseHeadersPacket(2, !kFin, std::move(response_headers), + &spdy_response_headers_frame_length)); delegate->WaitUntilNextCallback(kOnHeadersReceived); @@ -2377,7 +2344,7 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnTrailersReceived) { // Server sends data. std::string header = ConstructDataHeader(strlen(kResponseBody)); - ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, !kFin, 0, + ProcessPacket(ConstructServerDataPacket(3, !kIncludeVersion, !kFin, header + kResponseBody)); EXPECT_EQ(static_cast(strlen(kResponseBody)), cb.WaitForResult()); @@ -2386,11 +2353,13 @@ TEST_P(BidirectionalStreamQuicImplTest, DeleteStreamDuringOnTrailersReceived) { size_t spdy_trailers_frame_length; spdy::SpdyHeaderBlock trailers; trailers["foo"] = "bar"; - trailers[quic::kFinalOffsetHeaderKey] = - base::NumberToString(strlen(kResponseBody)); + if (!quic::VersionUsesQpack(version_.transport_version)) { + trailers[quic::kFinalOffsetHeaderKey] = + base::NumberToString(strlen(kResponseBody)); + } // Server sends trailers. - ProcessPacket(ConstructResponseTrailersPacket( - 4, kFin, trailers.Clone(), &spdy_trailers_frame_length, &offset)); + ProcessPacket(ConstructResponseTrailersPacket(4, kFin, trailers.Clone(), + &spdy_trailers_frame_length)); delegate->WaitUntilNextCallback(kOnTrailersReceived); trailers.erase(quic::kFinalOffsetHeaderKey); diff --git a/chromium/net/quic/crypto_test_utils_chromium.cc b/chromium/net/quic/crypto_test_utils_chromium.cc index f1c2d89f00c..e63cdc8da5b 100644 --- a/chromium/net/quic/crypto_test_utils_chromium.cc +++ b/chromium/net/quic/crypto_test_utils_chromium.cc @@ -59,7 +59,7 @@ class TestProofVerifierChromium : public ProofVerifierChromium { // Load and install the root for the validated chain. scoped_refptr root_cert = ImportCertFromFile(GetTestCertsDirectory(), cert_file); - scoped_root_.Reset(root_cert.get()); + scoped_root_.Reset({root_cert}); } ~TestProofVerifierChromium() override {} diff --git a/chromium/net/quic/mock_quic_data.cc b/chromium/net/quic/mock_quic_data.cc index 28e0a5f6305..9c71eff9c95 100644 --- a/chromium/net/quic/mock_quic_data.cc +++ b/chromium/net/quic/mock_quic_data.cc @@ -7,7 +7,8 @@ namespace net { namespace test { -MockQuicData::MockQuicData() : sequence_number_(0) {} +MockQuicData::MockQuicData(quic::ParsedQuicVersion version) + : sequence_number_(0), printer_(version) {} MockQuicData::~MockQuicData() {} @@ -36,6 +37,13 @@ void MockQuicData::AddWrite(IoMode mode, int rv) { writes_.push_back(MockWrite(mode, rv, sequence_number_++)); } +void MockQuicData::AddWrite(IoMode mode, + int rv, + std::unique_ptr packet) { + writes_.push_back(MockWrite(mode, rv, sequence_number_++)); + packets_.push_back(std::move(packet)); +} + void MockQuicData::AddSocketDataToFactory(MockClientSocketFactory* factory) { factory->AddSocketDataProvider(InitializeAndGetSequencedSocketData()); } @@ -54,6 +62,7 @@ void MockQuicData::Resume() { SequencedSocketData* MockQuicData::InitializeAndGetSequencedSocketData() { socket_data_.reset(new SequencedSocketData(reads_, writes_)); + socket_data_->set_printer(&printer_); if (connect_ != nullptr) socket_data_->set_connect_data(*connect_); diff --git a/chromium/net/quic/mock_quic_data.h b/chromium/net/quic/mock_quic_data.h index 62109c002b7..6c7deff7177 100644 --- a/chromium/net/quic/mock_quic_data.h +++ b/chromium/net/quic/mock_quic_data.h @@ -5,6 +5,7 @@ #ifndef NET_QUIC_MOCK_QUIC_DATA_H_ #define NET_QUIC_MOCK_QUIC_DATA_H_ +#include "net/quic/quic_test_packet_printer.h" #include "net/socket/socket_test_util.h" #include "net/third_party/quiche/src/quic/core/quic_packets.h" @@ -15,7 +16,7 @@ namespace test { // Simplify ownership issues and the interaction with the MockSocketFactory. class MockQuicData { public: - MockQuicData(); + explicit MockQuicData(quic::ParsedQuicVersion version); ~MockQuicData(); // Makes the Connect() call return |rv| either @@ -38,6 +39,12 @@ class MockQuicData { // synchronously or asynchronously based on |mode|. void AddWrite(IoMode mode, int rv); + // Adds a write at the next sequence number which will write |packet| + // synchronously or asynchronously based on |mode| and return |rv|. + void AddWrite(IoMode mode, + int rv, + std::unique_ptr packet); + // Adds the reads and writes to |factory|. void AddSocketDataToFactory(MockClientSocketFactory* factory); @@ -63,6 +70,7 @@ class MockQuicData { std::vector reads_; size_t sequence_number_; std::unique_ptr socket_data_; + QuicPacketPrinter printer_; }; } // namespace test diff --git a/chromium/net/quic/platform/impl/quic_bbr2_sender_impl.h b/chromium/net/quic/platform/impl/quic_bbr2_sender_impl.h new file mode 100644 index 00000000000..df919dc6be0 --- /dev/null +++ b/chromium/net/quic/platform/impl/quic_bbr2_sender_impl.h @@ -0,0 +1,16 @@ +// Copyright (c) 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_QUIC_PLATFORM_IMPL_QUIC_BBR2_SENDER_IMPL_H_ +#define NET_QUIC_PLATFORM_IMPL_QUIC_BBR2_SENDER_IMPL_H_ + +#include "net/third_party/quiche/src/quic/core/congestion_control/bbr_sender.h" + +namespace quic { + +using QuicBbr2SenderImpl = BbrSender; + +} // namespace quic + +#endif // NET_QUIC_PLATFORM_IMPL_QUIC_BBR2_SENDER_IMPL_H_ diff --git a/chromium/net/quic/platform/impl/quic_chromium_clock.cc b/chromium/net/quic/platform/impl/quic_chromium_clock.cc index 7e3ff3b572a..f6be6b29448 100644 --- a/chromium/net/quic/platform/impl/quic_chromium_clock.cc +++ b/chromium/net/quic/platform/impl/quic_chromium_clock.cc @@ -4,13 +4,14 @@ #include "net/quic/platform/impl/quic_chromium_clock.h" -#include "base/memory/singleton.h" +#include "base/no_destructor.h" #include "base/time/time.h" namespace quic { QuicChromiumClock* QuicChromiumClock::GetInstance() { - return base::Singleton::get(); + static base::NoDestructor instance; + return instance.get(); } QuicChromiumClock::QuicChromiumClock() {} diff --git a/chromium/net/quic/platform/impl/quic_flags_impl.cc b/chromium/net/quic/platform/impl/quic_flags_impl.cc index 3cd9d447e09..d2c719d08bd 100644 --- a/chromium/net/quic/platform/impl/quic_flags_impl.cc +++ b/chromium/net/quic/platform/impl/quic_flags_impl.cc @@ -203,7 +203,7 @@ std::vector QuicParseCommandLineFlagsImpl( } logging::LoggingSettings settings; - settings.logging_dest = logging::LOG_TO_SYSTEM_DEBUG_LOG; + settings.logging_dest = logging::LOG_TO_STDERR; CHECK(logging::InitLogging(settings)); return result.non_flag_args; diff --git a/chromium/net/quic/platform/impl/quic_fuzzed_data_provider_impl.h b/chromium/net/quic/platform/impl/quic_fuzzed_data_provider_impl.h index 4689fef3290..bfd3ab8bd2a 100644 --- a/chromium/net/quic/platform/impl/quic_fuzzed_data_provider_impl.h +++ b/chromium/net/quic/platform/impl/quic_fuzzed_data_provider_impl.h @@ -5,11 +5,11 @@ #ifndef NET_QUIC_PLATFORM_IMPL_QUIC_FUZZED_DATA_PROVIDER_IMPL_H_ #define NET_QUIC_PLATFORM_IMPL_QUIC_FUZZED_DATA_PROVIDER_IMPL_H_ -#include "base/test/fuzzed_data_provider.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" namespace quic { -using QuicFuzzedDataProviderImpl = base::FuzzedDataProvider; +using QuicFuzzedDataProviderImpl = FuzzedDataProvider; } // namespace quic diff --git a/chromium/net/quic/platform/impl/quic_ip_address_impl.cc b/chromium/net/quic/platform/impl/quic_ip_address_impl.cc deleted file mode 100644 index 37fa7427277..00000000000 --- a/chromium/net/quic/platform/impl/quic_ip_address_impl.cc +++ /dev/null @@ -1,153 +0,0 @@ -// Copyright (c) 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/quic/platform/impl/quic_ip_address_impl.h" - -#include "build/build_config.h" -#include "net/base/address_family.h" -#include "net/third_party/quiche/src/quic/platform/api/quic_bug_tracker.h" - -#if defined(OS_WIN) -#include -#include -#elif defined(OS_POSIX) || defined(OS_FUCHSIA) -#include -#endif - -using std::string; - -namespace quic { - -QuicIpAddressImpl QuicIpAddressImpl::Loopback4() { - return QuicIpAddressImpl(net::IPAddress::IPv4Localhost()); -} - -QuicIpAddressImpl QuicIpAddressImpl::Loopback6() { - return QuicIpAddressImpl(net::IPAddress::IPv6Localhost()); -} - -QuicIpAddressImpl QuicIpAddressImpl::Any4() { - return QuicIpAddressImpl(net::IPAddress::IPv4AllZeros()); -} - -QuicIpAddressImpl QuicIpAddressImpl::Any6() { - return QuicIpAddressImpl(net::IPAddress::IPv6AllZeros()); -} - -QuicIpAddressImpl::QuicIpAddressImpl(const net::IPAddress& addr) - : ip_address_(addr) {} - -static_assert(sizeof(in_addr) == 32 / 8, "in_addr must be 32-bit long"); -QuicIpAddressImpl::QuicIpAddressImpl(const in_addr& ipv4_address) - : ip_address_(reinterpret_cast(&ipv4_address), - sizeof(in_addr)) {} - -static_assert(sizeof(in6_addr) == 128 / 8, "in6_addr must be 128-bit long"); -QuicIpAddressImpl::QuicIpAddressImpl(const in6_addr& ipv6_address) - : ip_address_(reinterpret_cast(&ipv6_address), - sizeof(in6_addr)) {} - -bool operator==(QuicIpAddressImpl lhs, QuicIpAddressImpl rhs) { - return lhs.ip_address_ == rhs.ip_address_; -} - -bool operator!=(QuicIpAddressImpl lhs, QuicIpAddressImpl rhs) { - return !(lhs == rhs); -} - -bool QuicIpAddressImpl::IsInitialized() const { - return net::GetAddressFamily(ip_address_) != net::ADDRESS_FAMILY_UNSPECIFIED; -} - -IpAddressFamily QuicIpAddressImpl::address_family() const { - switch (net::GetAddressFamily(ip_address_)) { - case net::ADDRESS_FAMILY_IPV4: - return IpAddressFamily::IP_V4; - case net::ADDRESS_FAMILY_IPV6: - return IpAddressFamily::IP_V6; - case net::ADDRESS_FAMILY_UNSPECIFIED: - break; - default: - QUIC_BUG << "Invalid address family " - << net::GetAddressFamily(ip_address_); - } - return IpAddressFamily::IP_UNSPEC; -} - -int QuicIpAddressImpl::AddressFamilyToInt() const { - switch (ip_address_.size()) { - case net::IPAddress::kIPv4AddressSize: - return AF_INET; - case net::IPAddress::kIPv6AddressSize: - return AF_INET6; - default: - NOTREACHED() << "Bad IP address"; - return AF_UNSPEC; - } -} - -string QuicIpAddressImpl::ToPackedString() const { - return net::IPAddressToPackedString(ip_address_); -} - -string QuicIpAddressImpl::ToString() const { - if (!IsInitialized()) { - return "Uninitialized address"; - } - return ip_address_.ToString(); -} - -QuicIpAddressImpl QuicIpAddressImpl::Normalized() const { - if (ip_address_.IsIPv4MappedIPv6()) { - return QuicIpAddressImpl(ConvertIPv4MappedIPv6ToIPv4(ip_address_)); - } - return QuicIpAddressImpl(ip_address_); -} - -QuicIpAddressImpl QuicIpAddressImpl::DualStacked() const { - if (ip_address_.IsIPv4()) { - return QuicIpAddressImpl(ConvertIPv4ToIPv4MappedIPv6(ip_address_)); - } - return QuicIpAddressImpl(ip_address_); -} - -bool QuicIpAddressImpl::FromPackedString(const char* data, size_t length) { - if (length != net::IPAddress::kIPv4AddressSize && - length != net::IPAddress::kIPv6AddressSize) { - QUIC_BUG << "Invalid packed IP address of length " << length; - return false; - } - ip_address_ = net::IPAddress(reinterpret_cast(data), length); - return true; -} - -bool QuicIpAddressImpl::FromString(string str) { - return ip_address_.AssignFromIPLiteral(str); -} - -bool QuicIpAddressImpl::IsIPv4() const { - return ip_address_.IsIPv4(); -} - -bool QuicIpAddressImpl::IsIPv6() const { - return ip_address_.IsIPv6(); -} - -bool QuicIpAddressImpl::InSameSubnet(const QuicIpAddressImpl& other, - int subnet_length) { - return net::IPAddressMatchesPrefix(ip_address_, other.ip_address(), - subnet_length); -} - -in_addr QuicIpAddressImpl::GetIPv4() const { - DCHECK_EQ(sizeof(in_addr), ip_address_.bytes().size()); - return *(reinterpret_cast(ip_address_.bytes().data())); -} - -in6_addr QuicIpAddressImpl::GetIPv6() const { - DCHECK_EQ(sizeof(in6_addr), ip_address_.bytes().size()); - return *(reinterpret_cast(ip_address_.bytes().data())); -} - -} // namespace quic diff --git a/chromium/net/quic/platform/impl/quic_ip_address_impl.h b/chromium/net/quic/platform/impl/quic_ip_address_impl.h deleted file mode 100644 index 84579fe06b7..00000000000 --- a/chromium/net/quic/platform/impl/quic_ip_address_impl.h +++ /dev/null @@ -1,71 +0,0 @@ -// Copyright (c) 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_QUIC_PLATFORM_IMPL_QUIC_IP_ADDRESS_IMPL_H_ -#define NET_QUIC_PLATFORM_IMPL_QUIC_IP_ADDRESS_IMPL_H_ - -#include "build/build_config.h" - -#include - -#if defined(_WIN32) -#include -#include -#else -#include -#include -#include -#endif - -#include "net/base/ip_address.h" -#include "net/third_party/quiche/src/quic/platform/api/quic_export.h" -#include "net/third_party/quiche/src/quic/platform/api/quic_ip_address_family.h" - -namespace quic { - -class QUIC_EXPORT_PRIVATE QuicIpAddressImpl { - public: - enum : size_t { - kIPv4AddressSize = net::IPAddress::kIPv4AddressSize, - kIPv6AddressSize = net::IPAddress::kIPv6AddressSize - }; - static QuicIpAddressImpl Loopback4(); - static QuicIpAddressImpl Loopback6(); - static QuicIpAddressImpl Any4(); - static QuicIpAddressImpl Any6(); - - QuicIpAddressImpl() = default; - QuicIpAddressImpl(const QuicIpAddressImpl& other) = default; - explicit QuicIpAddressImpl(const net::IPAddress& addr); - explicit QuicIpAddressImpl(const in_addr& ipv4_address); - explicit QuicIpAddressImpl(const in6_addr& ipv6_address); - QuicIpAddressImpl& operator=(const QuicIpAddressImpl& other) = default; - QuicIpAddressImpl& operator=(QuicIpAddressImpl&& other) = default; - friend bool operator==(QuicIpAddressImpl lhs, QuicIpAddressImpl rhs); - friend bool operator!=(QuicIpAddressImpl lhs, QuicIpAddressImpl rhs); - - bool IsInitialized() const; - IpAddressFamily address_family() const; - int AddressFamilyToInt() const; - std::string ToPackedString() const; - std::string ToString() const; - QuicIpAddressImpl Normalized() const; - QuicIpAddressImpl DualStacked() const; - bool FromPackedString(const char* data, size_t length); - bool FromString(std::string str); - bool IsIPv4() const; - bool IsIPv6() const; - bool InSameSubnet(const QuicIpAddressImpl& other, int subnet_length); - - in_addr GetIPv4() const; - in6_addr GetIPv6() const; - const net::IPAddress& ip_address() const { return ip_address_; } - - private: - net::IPAddress ip_address_; -}; - -} // namespace quic - -#endif // NET_QUIC_PLATFORM_IMPL_QUIC_IP_ADDRESS_IMPL_H_ diff --git a/chromium/net/quic/platform/impl/quic_map_util_impl.h b/chromium/net/quic/platform/impl/quic_map_util_impl.h index 2efde2473bf..c25e1c41128 100644 --- a/chromium/net/quic/platform/impl/quic_map_util_impl.h +++ b/chromium/net/quic/platform/impl/quic_map_util_impl.h @@ -11,12 +11,12 @@ namespace quic { template bool QuicContainsKeyImpl(const Collection& collection, const Key& key) { - return base::ContainsKey(collection, key); + return base::Contains(collection, key); } template bool QuicContainsValueImpl(const Collection& collection, const Value& value) { - return base::ContainsValue(collection, value); + return base::Contains(collection, value); } } // namespace quic diff --git a/chromium/net/quic/platform/impl/quic_mem_slice_storage_impl.cc b/chromium/net/quic/platform/impl/quic_mem_slice_storage_impl.cc index f0c4fe941c1..420b675f195 100644 --- a/chromium/net/quic/platform/impl/quic_mem_slice_storage_impl.cc +++ b/chromium/net/quic/platform/impl/quic_mem_slice_storage_impl.cc @@ -35,6 +35,11 @@ QuicMemSliceStorageImpl::QuicMemSliceStorageImpl( } } +void QuicMemSliceStorageImpl::Append(QuicMemSliceImpl mem_slice) { + buffers_.push_back(*mem_slice.impl()); + lengths_.push_back(mem_slice.length()); +} + QuicMemSliceStorageImpl::QuicMemSliceStorageImpl( const QuicMemSliceStorageImpl& other) = default; QuicMemSliceStorageImpl::QuicMemSliceStorageImpl( diff --git a/chromium/net/quic/platform/impl/quic_mem_slice_storage_impl.h b/chromium/net/quic/platform/impl/quic_mem_slice_storage_impl.h index 9e91fff9a37..3b56cd07688 100644 --- a/chromium/net/quic/platform/impl/quic_mem_slice_storage_impl.h +++ b/chromium/net/quic/platform/impl/quic_mem_slice_storage_impl.h @@ -33,6 +33,8 @@ class QUIC_EXPORT_PRIVATE QuicMemSliceStorageImpl { buffers_.data(), lengths_.data(), buffers_.size())); } + void Append(QuicMemSliceImpl mem_slice); + private: std::vector> buffers_; std::vector lengths_; diff --git a/chromium/net/quic/platform/impl/quic_socket_address_impl.cc b/chromium/net/quic/platform/impl/quic_socket_address_impl.cc index 952a1823f1d..9b7a67080aa 100644 --- a/chromium/net/quic/platform/impl/quic_socket_address_impl.cc +++ b/chromium/net/quic/platform/impl/quic_socket_address_impl.cc @@ -31,11 +31,12 @@ QuicSocketAddressImpl::QuicSocketAddressImpl( } } -QuicSocketAddressImpl::QuicSocketAddressImpl(const struct sockaddr& saddr) { - if (saddr.sa_family == AF_INET) { - CHECK(socket_address_.FromSockAddr(&saddr, sizeof(struct sockaddr_in))); - } else if (saddr.sa_family == AF_INET6) { - CHECK(socket_address_.FromSockAddr(&saddr, sizeof(struct sockaddr_in6))); +QuicSocketAddressImpl::QuicSocketAddressImpl(const sockaddr* saddr, + socklen_t len) { + if (saddr->sa_family == AF_INET) { + CHECK(socket_address_.FromSockAddr(saddr, len)); + } else if (saddr->sa_family == AF_INET6) { + CHECK(socket_address_.FromSockAddr(saddr, len)); } } @@ -78,8 +79,8 @@ QuicSocketAddressImpl QuicSocketAddressImpl::Normalized() const { return QuicSocketAddressImpl(); } -QuicIpAddressImpl QuicSocketAddressImpl::host() const { - return QuicIpAddressImpl(socket_address_.address()); +QuicIpAddress QuicSocketAddressImpl::host() const { + return ToQuicIpAddress(socket_address_.address()); } uint16_t QuicSocketAddressImpl::port() const { diff --git a/chromium/net/quic/platform/impl/quic_socket_address_impl.h b/chromium/net/quic/platform/impl/quic_socket_address_impl.h index a6fa5439fe5..e6006baea8b 100644 --- a/chromium/net/quic/platform/impl/quic_socket_address_impl.h +++ b/chromium/net/quic/platform/impl/quic_socket_address_impl.h @@ -17,7 +17,7 @@ class QUIC_EXPORT_PRIVATE QuicSocketAddressImpl { explicit QuicSocketAddressImpl(const net::IPEndPoint& addr); QuicSocketAddressImpl(QuicIpAddress address, uint16_t port); explicit QuicSocketAddressImpl(const struct sockaddr_storage& saddr); - explicit QuicSocketAddressImpl(const struct sockaddr& saddr); + explicit QuicSocketAddressImpl(const sockaddr* saddr, socklen_t len); QuicSocketAddressImpl(const QuicSocketAddressImpl& other) = default; QuicSocketAddressImpl& operator=(const QuicSocketAddressImpl& other) = default; @@ -32,7 +32,7 @@ class QUIC_EXPORT_PRIVATE QuicSocketAddressImpl { int FromSocket(int fd); QuicSocketAddressImpl Normalized() const; - QuicIpAddressImpl host() const; + QuicIpAddress host() const; uint16_t port() const; sockaddr_storage generic_address() const; diff --git a/chromium/net/quic/platform/impl/quic_system_event_loop_impl.h b/chromium/net/quic/platform/impl/quic_system_event_loop_impl.h index e4654c59c36..05439c225f0 100644 --- a/chromium/net/quic/platform/impl/quic_system_event_loop_impl.h +++ b/chromium/net/quic/platform/impl/quic_system_event_loop_impl.h @@ -5,8 +5,8 @@ #ifndef NET_QUIC_PLATFORM_IMPL_QUIC_SYSTEM_EVENT_LOOP_IMPL_H_ #define NET_QUIC_PLATFORM_IMPL_QUIC_SYSTEM_EVENT_LOOP_IMPL_H_ -#include "base/message_loop/message_loop.h" #include "base/run_loop.h" +#include "base/task/single_thread_task_executor.h" #include "base/task/thread_pool/thread_pool.h" inline void QuicRunSystemEventLoopIterationImpl() { @@ -20,7 +20,7 @@ class QuicSystemEventLoopImpl { } private: - base::MessageLoopForIO message_loop_; + base::SingleThreadTaskExecutor io_task_executor_{base::MessagePump::Type::IO}; }; #endif // NET_QUIC_PLATFORM_IMPL_QUIC_SYSTEM_EVENT_LOOP_IMPL_H_ diff --git a/chromium/net/quic/platform/impl/quic_test_loopback_impl.cc b/chromium/net/quic/platform/impl/quic_test_loopback_impl.cc index 878a31f2d28..f339bf1a12c 100644 --- a/chromium/net/quic/platform/impl/quic_test_loopback_impl.cc +++ b/chromium/net/quic/platform/impl/quic_test_loopback_impl.cc @@ -11,20 +11,22 @@ IpAddressFamily AddressFamilyUnderTestImpl() { } QuicIpAddress TestLoopback4Impl() { - return QuicIpAddress(QuicIpAddressImpl(net::IPAddress::IPv4Localhost())); + return QuicIpAddress::Loopback4(); } QuicIpAddress TestLoopback6Impl() { - return QuicIpAddress(QuicIpAddressImpl(net::IPAddress::IPv6Localhost())); + return QuicIpAddress::Loopback6(); } QuicIpAddress TestLoopbackImpl() { - return QuicIpAddress(QuicIpAddressImpl(net::IPAddress::IPv4Localhost())); + return QuicIpAddress::Loopback4(); } QuicIpAddress TestLoopbackImpl(int index) { - const uint8_t kLocalhostIPv4[] = {127, 0, 0, index}; - return QuicIpAddress(QuicIpAddressImpl(net::IPAddress(kLocalhostIPv4))); + const char kLocalhostIPv4[] = {127, 0, 0, index}; + QuicIpAddress address; + address.FromPackedString(kLocalhostIPv4, 4); + return address; } } // namespace quic diff --git a/chromium/net/quic/quic_chromium_alarm_factory.cc b/chromium/net/quic/quic_chromium_alarm_factory.cc index 9124fb0ee97..2eaf0bf7d71 100644 --- a/chromium/net/quic/quic_chromium_alarm_factory.cc +++ b/chromium/net/quic/quic_chromium_alarm_factory.cc @@ -23,8 +23,7 @@ class QuicChromeAlarm : public quic::QuicAlarm { : quic::QuicAlarm(std::move(delegate)), clock_(clock), task_runner_(task_runner), - task_deadline_(quic::QuicTime::Zero()), - weak_factory_(this) {} + task_deadline_(quic::QuicTime::Zero()) {} protected: void SetImpl() override { @@ -84,7 +83,7 @@ class QuicChromeAlarm : public quic::QuicAlarm { // post a new task when the new deadline now earlier than when // previously posted. quic::QuicTime task_deadline_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; }; } // namespace @@ -92,7 +91,7 @@ class QuicChromeAlarm : public quic::QuicAlarm { QuicChromiumAlarmFactory::QuicChromiumAlarmFactory( base::TaskRunner* task_runner, const quic::QuicClock* clock) - : task_runner_(task_runner), clock_(clock), weak_factory_(this) {} + : task_runner_(task_runner), clock_(clock) {} QuicChromiumAlarmFactory::~QuicChromiumAlarmFactory() {} diff --git a/chromium/net/quic/quic_chromium_alarm_factory.h b/chromium/net/quic/quic_chromium_alarm_factory.h index 1e478335654..d190a05b23c 100644 --- a/chromium/net/quic/quic_chromium_alarm_factory.h +++ b/chromium/net/quic/quic_chromium_alarm_factory.h @@ -40,7 +40,7 @@ class NET_EXPORT_PRIVATE QuicChromiumAlarmFactory private: base::TaskRunner* task_runner_; const quic::QuicClock* clock_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(QuicChromiumAlarmFactory); }; diff --git a/chromium/net/quic/quic_chromium_client_session.cc b/chromium/net/quic/quic_chromium_client_session.cc index dfd04101031..b85a00a75b9 100644 --- a/chromium/net/quic/quic_chromium_client_session.cc +++ b/chromium/net/quic/quic_chromium_client_session.cc @@ -7,6 +7,7 @@ #include #include "base/bind.h" +#include "base/feature_list.h" #include "base/location.h" #include "base/memory/ptr_util.h" #include "base/metrics/histogram_functions.h" @@ -20,9 +21,11 @@ #include "base/time/tick_clock.h" #include "base/trace_event/memory_usage_estimator.h" #include "base/values.h" +#include "net/base/features.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" #include "net/base/network_activity_monitor.h" +#include "net/base/network_isolation_key.h" #include "net/base/url_util.h" #include "net/http/transport_security_state.h" #include "net/log/net_log_event_type.h" @@ -42,7 +45,7 @@ #include "net/ssl/ssl_connection_status_flags.h" #include "net/ssl/ssl_info.h" #include "net/third_party/quiche/src/quic/core/http/quic_client_promised_info.h" -#include "net/third_party/quiche/src/quic/core/http/spdy_utils.h" +#include "net/third_party/quiche/src/quic/core/http/spdy_server_push_utils.h" #include "net/third_party/quiche/src/quic/core/quic_utils.h" #include "net/third_party/quiche/src/quic/platform/api/quic_flags.h" #include "net/third_party/quiche/src/quic/platform/api/quic_ptr_util.h" @@ -71,9 +74,6 @@ const size_t kMinRetryTimeForDefaultNetworkSecs = 1; // network. const int kDefaultRTTMilliSecs = 300; -// The maximum size of uncompressed QUIC headers that will be allowed. -const size_t kMaxUncompressedHeaderSize = 256 * 1024; - // Histograms for tracking down the crashes from http://crbug.com/354669 // Note: these values must be kept in sync with the corresponding values in: // tools/metrics/histograms/histograms.xml @@ -134,34 +134,26 @@ void RecordConnectionCloseErrorCode(quic::QuicErrorCode error, } } -NetLogParametersCallback NetLogQuicConnectionMigrationTriggerCallback( - const char* trigger) { - return NetLog::StringCallback("trigger", trigger); -} - -base::Value NetLogQuicConnectionMigrationFailureCallback( +base::Value NetLogQuicConnectionMigrationFailureParams( quic::QuicConnectionId connection_id, - std::string reason, - NetLogCaptureMode capture_mode) { + const std::string& reason) { base::DictionaryValue dict; dict.SetString("connection_id", connection_id.ToString()); dict.SetString("reason", reason); return std::move(dict); } -base::Value NetLogQuicConnectionMigrationSuccessCallback( - quic::QuicConnectionId connection_id, - NetLogCaptureMode capture_mode) { +base::Value NetLogQuicConnectionMigrationSuccessParams( + quic::QuicConnectionId connection_id) { base::DictionaryValue dict; dict.SetString("connection_id", connection_id.ToString()); return std::move(dict); } -base::Value NetLogProbingResultCallback( +base::Value NetLogProbingResultParams( NetworkChangeNotifier::NetworkHandle network, const quic::QuicSocketAddress* peer_address, - bool is_success, - NetLogCaptureMode capture_mode) { + bool is_success) { base::DictionaryValue dict; dict.SetString("network", base::NumberToString(network)); dict.SetString("peer address", peer_address->ToString()); @@ -222,11 +214,9 @@ std::string ConnectionMigrationCauseToString(ConnectionMigrationCause cause) { return "InvalidCause"; } -base::Value NetLogQuicClientSessionCallback( - const quic::QuicServerId* server_id, - int cert_verify_flags, - bool require_confirmation, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogQuicClientSessionParams(const quic::QuicServerId* server_id, + int cert_verify_flags, + bool require_confirmation) { base::DictionaryValue dict; dict.SetString("host", server_id->host()); dict.SetInteger("port", server_id->port()); @@ -236,7 +226,7 @@ base::Value NetLogQuicClientSessionCallback( return std::move(dict); } -base::Value NetLogQuicPushPromiseReceivedCallback( +base::Value NetLogQuicPushPromiseReceivedParams( const spdy::SpdyHeaderBlock* headers, spdy::SpdyStreamId stream_id, spdy::SpdyStreamId promised_stream_id, @@ -392,13 +382,12 @@ void QuicChromiumClientSession::Handle::ResetPromised( } std::unique_ptr -QuicChromiumClientSession::Handle::CreatePacketBundler( - quic::QuicConnection::AckBundling bundling_mode) { +QuicChromiumClientSession::Handle::CreatePacketBundler() { if (!session_) return nullptr; return std::make_unique( - session_->connection(), bundling_mode); + session_->connection()); } bool QuicChromiumClientSession::Handle::SharesSameSession( @@ -564,8 +553,7 @@ QuicChromiumClientSession::StreamRequest::StreamRequest( : session_(session), requires_confirmation_(requires_confirmation), stream_(nullptr), - traffic_annotation_(traffic_annotation), - weak_factory_(this) {} + traffic_annotation_(traffic_annotation) {} QuicChromiumClientSession::StreamRequest::~StreamRequest() { if (stream_) @@ -706,6 +694,7 @@ QuicChromiumClientSession::QuicChromiumClientSession( std::unique_ptr server_info, const QuicSessionKey& session_key, bool require_confirmation, + quic::QuicStreamId max_allowed_push_id, bool migrate_session_early_v2, bool migrate_sessions_on_network_change_v2, NetworkChangeNotifier::NetworkHandle default_network, @@ -787,11 +776,12 @@ QuicChromiumClientSession::QuicChromiumClientSession( ignore_read_error_(false), headers_include_h2_stream_dependency_( headers_include_h2_stream_dependency && - this->connection()->transport_version() >= quic::QUIC_VERSION_43), - weak_factory_(this) { + this->connection()->transport_version() >= quic::QUIC_VERSION_43) { // Make sure connection migration and goaway on path degrading are not turned // on at the same time. DCHECK(!(migrate_session_early_v2_ && go_away_on_path_degrading_)); + + quic::QuicSpdyClientSessionBase::set_max_allowed_push_id(max_allowed_push_id); default_network_ = default_network; auto* socket_raw = socket.get(); sockets_.push_back(std::move(socket)); @@ -807,10 +797,10 @@ QuicChromiumClientSession::QuicChromiumClientSession( connection->set_debug_visitor(logger_.get()); connection->set_creator_debug_delegate(logger_.get()); migrate_back_to_default_timer_.SetTaskRunner(task_runner_); - net_log_.BeginEvent( - NetLogEventType::QUIC_SESSION, - base::Bind(NetLogQuicClientSessionCallback, &session_key.server_id(), - cert_verify_flags, require_confirmation_)); + net_log_.BeginEvent(NetLogEventType::QUIC_SESSION, [&] { + return NetLogQuicClientSessionParams( + &session_key.server_id(), cert_verify_flags, require_confirmation_); + }); IPEndPoint address; if (socket_raw && socket_raw->GetLocalAddress(&address) == OK && address.GetFamily() == ADDRESS_FAMILY_IPV6) { @@ -852,7 +842,7 @@ QuicChromiumClientSession::~QuicChromiumClientSession() { if (connection()->connected()) { // Ensure that the connection is closed by the time the session is // destroyed. - connection()->CloseConnection(quic::QUIC_INTERNAL_ERROR, + connection()->CloseConnection(quic::QUIC_PEER_GOING_AWAY, "session torn down", quic::ConnectionCloseBehavior::SILENT_CLOSE); } @@ -939,10 +929,10 @@ QuicChromiumClientSession::~QuicChromiumClientSession() { } void QuicChromiumClientSession::Initialize() { + set_max_inbound_header_list_size(kQuicMaxHeaderListSize); quic::QuicSpdyClientSessionBase::Initialize(); SetHpackEncoderDebugVisitor(std::make_unique()); SetHpackDecoderDebugVisitor(std::make_unique()); - set_max_uncompressed_header_bytes(kMaxUncompressedHeaderSize); } size_t QuicChromiumClientSession::WriteHeadersOnHeadersStream( @@ -979,11 +969,23 @@ void QuicChromiumClientSession::UnregisterStreamPriority(quic::QuicStreamId id, void QuicChromiumClientSession::UpdateStreamPriority( quic::QuicStreamId id, spdy::SpdyPriority new_priority) { - if (headers_include_h2_stream_dependency_) { + if (headers_include_h2_stream_dependency_ || + VersionHasStreamType(connection()->transport_version())) { auto updates = priority_dependency_state_.OnStreamUpdate(id, new_priority); for (auto update : updates) { - WritePriority(update.id, update.parent_stream_id, update.weight, - update.exclusive); + if (!VersionHasStreamType(connection()->transport_version())) { + WritePriority(update.id, update.parent_stream_id, update.weight, + update.exclusive); + } else { + quic::PriorityFrame frame; + frame.weight = update.weight; + frame.exclusive = update.exclusive; + frame.prioritized_element_id = update.id; + frame.prioritized_type = quic::REQUEST_STREAM; + frame.dependency_type = quic::REQUEST_STREAM; + frame.element_dependency_id = update.parent_stream_id; + WriteH3Priority(frame); + } } } quic::QuicSpdySession::UpdateStreamPriority(id, new_priority); @@ -1009,12 +1011,12 @@ void QuicChromiumClientSession::AddHandle(Handle* handle) { return; } - DCHECK(!base::ContainsKey(handles_, handle)); + DCHECK(!base::Contains(handles_, handle)); handles_.insert(handle); } void QuicChromiumClientSession::RemoveHandle(Handle* handle) { - DCHECK(base::ContainsKey(handles_, handle)); + DCHECK(base::Contains(handles_, handle)); handles_.erase(handle); } @@ -1285,12 +1287,17 @@ int QuicChromiumClientSession::GetNumSentClientHellos() const { return crypto_stream_->num_sent_client_hellos(); } -bool QuicChromiumClientSession::CanPool(const std::string& hostname, - PrivacyMode privacy_mode, - const SocketTag& socket_tag) const { +bool QuicChromiumClientSession::CanPool( + const std::string& hostname, + PrivacyMode privacy_mode, + const SocketTag& socket_tag, + const NetworkIsolationKey& network_isolation_key) const { DCHECK(connection()->connected()); if (privacy_mode != session_key_.privacy_mode() || - socket_tag != session_key_.socket_tag()) { + socket_tag != session_key_.socket_tag() || + (network_isolation_key != session_key_.network_isolation_key() && + base::FeatureList::IsEnabled( + features::kPartitionConnectionsByNetworkIsolationKey))) { // Privacy mode and socket tag must always match. return false; } @@ -1364,7 +1371,7 @@ QuicChromiumClientStream* QuicChromiumClientSession::CreateIncomingStream( } QuicChromiumClientStream* QuicChromiumClientSession::CreateIncomingStream( - quic::PendingStream pending) { + quic::PendingStream* pending) { net::NetworkTrafficAnnotationTag traffic_annotation = net::DefineNetworkTrafficAnnotation( "quic_chromium_incoming_pending_session", R"( @@ -1388,8 +1395,7 @@ QuicChromiumClientStream* QuicChromiumClientSession::CreateIncomingStream( "Essential for network access." } )"); - return CreateIncomingReliableStreamImpl(std::move(pending), - traffic_annotation); + return CreateIncomingReliableStreamImpl(pending, traffic_annotation); } QuicChromiumClientStream* @@ -1407,13 +1413,12 @@ QuicChromiumClientSession::CreateIncomingReliableStreamImpl( QuicChromiumClientStream* QuicChromiumClientSession::CreateIncomingReliableStreamImpl( - quic::PendingStream pending, + quic::PendingStream* pending, const NetworkTrafficAnnotationTag& traffic_annotation) { DCHECK(connection()->connected()); QuicChromiumClientStream* stream = new QuicChromiumClientStream( - std::move(pending), this, quic::READ_UNIDIRECTIONAL, net_log_, - traffic_annotation); + pending, this, quic::READ_UNIDIRECTIONAL, net_log_, traffic_annotation); ActivateStream(base::WrapUnique(stream)); ++num_total_streams_; return stream; @@ -1421,13 +1426,14 @@ QuicChromiumClientSession::CreateIncomingReliableStreamImpl( void QuicChromiumClientSession::CloseStream(quic::QuicStreamId stream_id) { most_recent_stream_close_time_ = tick_clock_->NowTicks(); - quic::QuicStream* stream = GetOrCreateStream(stream_id); - if (stream) { - logger_->UpdateReceivedFrameCounts(stream_id, stream->num_frames_received(), - stream->num_duplicate_frames_received()); + auto it = stream_map().find(stream_id); + if (it != stream_map().end()) { + logger_->UpdateReceivedFrameCounts( + stream_id, it->second->num_frames_received(), + it->second->num_duplicate_frames_received()); if (quic::QuicUtils::IsServerInitiatedStreamId( connection()->transport_version(), stream_id)) { - bytes_pushed_count_ += stream->stream_bytes_read(); + bytes_pushed_count_ += it->second->stream_bytes_read(); } } quic::QuicSpdySession::CloseStream(stream_id); @@ -1439,16 +1445,17 @@ void QuicChromiumClientSession::SendRstStream( quic::QuicStreamOffset bytes_written) { if (quic::QuicUtils::IsServerInitiatedStreamId( connection()->transport_version(), id)) { - quic::QuicStream* stream = GetOrCreateStream(id); - if (stream) { - bytes_pushed_count_ += stream->stream_bytes_read(); + auto it = stream_map().find(id); + if (it != stream_map().end()) { + bytes_pushed_count_ += it->second->stream_bytes_read(); } } quic::QuicSpdySession::SendRstStream(id, error, bytes_written); } -void QuicChromiumClientSession::OnCanCreateNewOutgoingStream() { +void QuicChromiumClientSession::OnCanCreateNewOutgoingStream( + bool unidirectional) { if (CanOpenNextOutgoingBidirectionalStream() && !stream_requests_.empty() && crypto_stream_->encryption_established() && !goaway_received() && !going_away_ && connection()->connected()) { @@ -1582,11 +1589,14 @@ void QuicChromiumClientSession::OnRstStream( } void QuicChromiumClientSession::OnConnectionClosed( - quic::QuicErrorCode error, - const std::string& error_details, + const quic::QuicConnectionCloseFrame& frame, quic::ConnectionCloseSource source) { DCHECK(!connection()->connected()); - logger_->OnConnectionClosed(error, error_details, source); + + logger_->OnConnectionClosed(frame, source); + + const quic::QuicErrorCode error = frame.quic_error_code; + const std::string& error_details = frame.error_details; RecordConnectionCloseErrorCode(error, source, session_key_.host(), IsCryptoHandshakeConfirmed()); @@ -1705,7 +1715,7 @@ void QuicChromiumClientSession::OnConnectionClosed( base::UmaHistogramSparse("Net.QuicSession.QuicVersion", connection()->transport_version()); NotifyFactoryOfSessionGoingAway(); - quic::QuicSession::OnConnectionClosed(error, error_details, source); + quic::QuicSession::OnConnectionClosed(frame, source); if (!callback_.is_null()) { std::move(callback_).Run(ERR_QUIC_PROTOCOL_ERROR); @@ -1758,8 +1768,9 @@ int QuicChromiumClientSession::HandleWriteError( NetworkChangeNotifier::NetworkHandle current_network = GetDefaultSocket()->GetBoundNetwork(); - net_log_.AddEvent(NetLogEventType::QUIC_CONNECTION_MIGRATION_ON_WRITE_ERROR, - NetLog::Int64Callback("network", current_network)); + net_log_.AddEventWithInt64Params( + NetLogEventType::QUIC_CONNECTION_MIGRATION_ON_WRITE_ERROR, "network", + current_network); DCHECK(packet != nullptr); DCHECK_NE(ERR_IO_PENDING, error_code); @@ -1859,9 +1870,9 @@ void QuicChromiumClientSession::MigrateSessionOnWriteError( const NetLogWithSource migration_net_log = NetLogWithSource::Make( net_log_.net_log(), NetLogSourceType::QUIC_CONNECTION_MIGRATION); - migration_net_log.BeginEvent( - NetLogEventType::QUIC_CONNECTION_MIGRATION_TRIGGERED, - NetLogQuicConnectionMigrationTriggerCallback("WriteError")); + migration_net_log.BeginEventWithStringParams( + NetLogEventType::QUIC_CONNECTION_MIGRATION_TRIGGERED, "trigger", + "WriteError"); MigrationResult result = Migrate(new_network, ToIPEndPoint(connection()->peer_address()), /*close_session_on_error=*/false, migration_net_log); @@ -1938,8 +1949,10 @@ void QuicChromiumClientSession::OnProbeSucceeded( DCHECK(reader); net_log_.AddEvent(NetLogEventType::QUIC_SESSION_CONNECTIVITY_PROBING_FINISHED, - base::Bind(&NetLogProbingResultCallback, network, - &peer_address, /*is_success=*/true)); + [&] { + return NetLogProbingResultParams(network, &peer_address, + /*is_success=*/true); + }); if (network != NetworkChangeNotifier::kInvalidNetworkHandle) { OnProbeNetworkSucceeded(network, peer_address, self_address, @@ -1991,9 +2004,9 @@ void QuicChromiumClientSession::OnProbeNetworkSucceeded( return; } - net_log_.AddEvent( + net_log_.AddEventWithInt64Params( NetLogEventType::QUIC_CONNECTION_MIGRATION_SUCCESS_AFTER_PROBING, - NetLog::Int64Callback("migrate_to_network", network)); + "migrate_to_network", network); if (network == default_network_) { DVLOG(1) << "Client successfully migrated to default network."; CancelMigrateBackToDefaultNetworkTimer(); @@ -2016,8 +2029,10 @@ void QuicChromiumClientSession::OnProbeFailed( NetworkChangeNotifier::NetworkHandle network, const quic::QuicSocketAddress& peer_address) { net_log_.AddEvent(NetLogEventType::QUIC_SESSION_CONNECTIVITY_PROBING_FINISHED, - base::Bind(&NetLogProbingResultCallback, network, - &peer_address, /*is_success=*/false)); + [&] { + return NetLogProbingResultParams(network, &peer_address, + /*is_success=*/false); + }); if (network != NetworkChangeNotifier::kInvalidNetworkHandle) OnProbeNetworkFailed(network, peer_address); @@ -2046,9 +2061,9 @@ void QuicChromiumClientSession::OnNetworkConnected( NetworkChangeNotifier::NetworkHandle network, const NetLogWithSource& net_log) { DCHECK(migrate_session_on_network_change_v2_); - net_log_.AddEvent( + net_log_.AddEventWithInt64Params( NetLogEventType::QUIC_CONNECTION_MIGRATION_ON_NETWORK_CONNECTED, - NetLog::Int64Callback("connected_network", network)); + "connected_network", network); // If there was no migration waiting for new network and the path is not // degrading, ignore this signal. if (!wait_for_new_network_ && !connection()->IsPathDegrading()) @@ -2076,9 +2091,9 @@ void QuicChromiumClientSession::OnNetworkDisconnectedV2( NetworkChangeNotifier::NetworkHandle disconnected_network, const NetLogWithSource& migration_net_log) { DCHECK(migrate_session_on_network_change_v2_); - net_log_.AddEvent( + net_log_.AddEventWithInt64Params( NetLogEventType::QUIC_CONNECTION_MIGRATION_ON_NETWORK_DISCONNECTED, - NetLog::Int64Callback("disconnected_network", disconnected_network)); + "disconnected_network", disconnected_network); LogMetricsOnNetworkDisconnected(); // Stop probing the disconnected network if there is one. @@ -2126,9 +2141,9 @@ void QuicChromiumClientSession::OnNetworkMadeDefault( NetworkChangeNotifier::NetworkHandle new_network, const NetLogWithSource& migration_net_log) { DCHECK(migrate_session_on_network_change_v2_); - net_log_.AddEvent( + net_log_.AddEventWithInt64Params( NetLogEventType::QUIC_CONNECTION_MIGRATION_ON_NETWORK_MADE_DEFAULT, - NetLog::Int64Callback("new_default_network", new_network)); + "new_default_network", new_network); LogMetricsOnNetworkMadeDefault(); DCHECK_NE(NetworkChangeNotifier::kInvalidNetworkHandle, new_network); @@ -2312,9 +2327,9 @@ void QuicChromiumClientSession::OnPathDegrading() { const NetLogWithSource migration_net_log = NetLogWithSource::Make( net_log_.net_log(), NetLogSourceType::QUIC_CONNECTION_MIGRATION); - migration_net_log.BeginEvent( - NetLogEventType::QUIC_CONNECTION_MIGRATION_TRIGGERED, - NetLogQuicConnectionMigrationTriggerCallback("PathDegrading")); + migration_net_log.BeginEventWithStringParams( + NetLogEventType::QUIC_CONNECTION_MIGRATION_TRIGGERED, "trigger", + "PathDegrading"); // Probe the alternative network, session will migrate to the probed // network and decide whether it wants to migrate back to the default // network on success. @@ -2381,8 +2396,8 @@ void QuicChromiumClientSession::CloseSessionOnError( CloseAllStreams(net_error); - net_log_.AddEvent(NetLogEventType::QUIC_SESSION_CLOSE_ON_ERROR, - NetLog::IntCallback("net_error", net_error)); + net_log_.AddEventWithIntParams(NetLogEventType::QUIC_SESSION_CLOSE_ON_ERROR, + "net_error", net_error); if (connection()->connected()) connection()->CloseConnection(quic_error, "net error", behavior); @@ -2403,8 +2418,8 @@ void QuicChromiumClientSession::CloseSessionOnErrorLater( } CloseAllStreams(net_error); CloseAllHandles(net_error); - net_log_.AddEvent(NetLogEventType::QUIC_SESSION_CLOSE_ON_ERROR, - NetLog::IntCallback("net_error", net_error)); + net_log_.AddEventWithIntParams(NetLogEventType::QUIC_SESSION_CLOSE_ON_ERROR, + "net_error", net_error); if (connection()->connected()) connection()->CloseConnection(quic_error, "net error", behavior); @@ -2414,17 +2429,9 @@ void QuicChromiumClientSession::CloseSessionOnErrorLater( } void QuicChromiumClientSession::CloseAllStreams(int net_error) { - if (!eliminate_static_stream_map()) { - while (!dynamic_streams().empty()) { - quic::QuicStream* stream = dynamic_streams().begin()->second.get(); - quic::QuicStreamId id = stream->id(); - static_cast(stream)->OnError(net_error); - CloseStream(id); - } - } else { quic::QuicSmallMap non_static_streams; - for (const auto& stream : dynamic_streams()) { + for (const auto& stream : stream_map()) { if (!stream.second->is_static()) { non_static_streams[stream.first] = stream.second.get(); } @@ -2434,7 +2441,6 @@ void QuicChromiumClientSession::CloseAllStreams(int net_error) { static_cast(stream.second)->OnError(net_error); CloseStream(id); } - } } void QuicChromiumClientSession::CloseAllHandles(int net_error) { @@ -2567,9 +2573,9 @@ void QuicChromiumClientSession::TryMigrateBackToDefaultNetwork( return; } - net_log_.AddEvent(NetLogEventType::QUIC_CONNECTION_MIGRATION_ON_MIGRATE_BACK, - base::Bind(NetLog::Int64Callback( - "retry_count", retry_migrate_back_count_))); + net_log_.AddEventWithInt64Params( + NetLogEventType::QUIC_CONNECTION_MIGRATION_ON_MIGRATE_BACK, "retry_count", + retry_migrate_back_count_); // Start probe default network immediately, if manager is probing // the same network, this will be a no-op. Otherwise, previous probe // will be cancelled and manager starts to probe |default_network_| @@ -2639,10 +2645,10 @@ bool QuicChromiumClientSession::CheckIdleTimeExceedsIdleMigrationPeriod() { void QuicChromiumClientSession::ResetNonMigratableStreams() { // TODO(zhongyi): may close non-migratable draining streams as well to avoid // sending additional data on alternate networks. - auto it = dynamic_streams().begin(); + auto it = stream_map().begin(); // Stream may be deleted when iterating through the map. - while (it != dynamic_streams().end()) { - if (eliminate_static_stream_map() && it->second->is_static()) { + while (it != stream_map().end()) { + if (it->second->is_static()) { it++; continue; } @@ -2744,18 +2750,18 @@ void QuicChromiumClientSession::HistogramAndLogMigrationFailure( quic::QuicConnectionId connection_id, const std::string& reason) { LogConnectionMigrationResultToHistogram(status); - net_log.AddEvent(NetLogEventType::QUIC_CONNECTION_MIGRATION_FAILURE, - base::Bind(&NetLogQuicConnectionMigrationFailureCallback, - connection_id, reason)); + net_log.AddEvent(NetLogEventType::QUIC_CONNECTION_MIGRATION_FAILURE, [&] { + return NetLogQuicConnectionMigrationFailureParams(connection_id, reason); + }); } void QuicChromiumClientSession::HistogramAndLogMigrationSuccess( const NetLogWithSource& net_log, quic::QuicConnectionId connection_id) { LogConnectionMigrationResultToHistogram(MIGRATION_STATUS_SUCCESS); - net_log.AddEvent( - NetLogEventType::QUIC_CONNECTION_MIGRATION_SUCCESS, - base::Bind(&NetLogQuicConnectionMigrationSuccessCallback, connection_id)); + net_log.AddEvent(NetLogEventType::QUIC_CONNECTION_MIGRATION_SUCCESS, [&] { + return NetLogQuicConnectionMigrationSuccessParams(connection_id); + }); } base::Value QuicChromiumClientSession::GetInfoAsValue( @@ -2765,10 +2771,11 @@ base::Value QuicChromiumClientSession::GetInfoAsValue( QuicVersionToString(connection()->transport_version())); dict.SetInteger("open_streams", GetNumOpenOutgoingStreams()); std::unique_ptr stream_list(new base::ListValue()); - for (DynamicStreamMap::const_iterator it = dynamic_streams().begin(); - it != dynamic_streams().end(); ++it) { - if (eliminate_static_stream_map() && it->second->is_static()) + for (StreamMap::const_iterator it = stream_map().begin(); + it != stream_map().end(); ++it) { + if (it->second->is_static()) { continue; + } stream_list->AppendString(base::NumberToString(it->second->id())); } dict.Set("active_streams", std::move(stream_list)); @@ -3012,7 +3019,8 @@ const DatagramClientSocket* QuicChromiumClientSession::GetDefaultSocket() bool QuicChromiumClientSession::IsAuthorized(const std::string& hostname) { bool result = - CanPool(hostname, session_key_.privacy_mode(), session_key_.socket_tag()); + CanPool(hostname, session_key_.privacy_mode(), session_key_.socket_tag(), + session_key_.network_isolation_key()); if (result) streams_pushed_count_++; return result; @@ -3029,12 +3037,13 @@ bool QuicChromiumClientSession::HandlePromised( // promise has been received. if (push_delegate_) { std::string pushed_url = - quic::SpdyUtils::GetPromisedUrlFromHeaders(headers); + quic::SpdyServerPushUtils::GetPromisedUrlFromHeaders(headers); push_delegate_->OnPush(std::make_unique( weak_factory_.GetWeakPtr(), GURL(pushed_url)), net_log_); } - if (headers_include_h2_stream_dependency_) { + if (headers_include_h2_stream_dependency_ || + VersionHasStreamType(connection()->transport_version())) { // Even though the promised stream will not be created until after the // push promise headers are received, send a PRIORITY frame for the // promised stream ID. Send |kDefaultPriority| since that will be the @@ -3045,12 +3054,25 @@ bool QuicChromiumClientSession::HandlePromised( bool exclusive = false; priority_dependency_state_.OnStreamCreation( promised_id, priority, &parent_stream_id, &weight, &exclusive); - WritePriority(promised_id, parent_stream_id, weight, exclusive); + if (!VersionHasStreamType(connection()->transport_version())) { + WritePriority(promised_id, parent_stream_id, weight, exclusive); + } else { + quic::PriorityFrame frame; + frame.weight = weight; + frame.exclusive = exclusive; + frame.prioritized_type = quic::PUSH_STREAM; + frame.prioritized_element_id = promised_id; + frame.dependency_type = quic::REQUEST_STREAM; + frame.element_dependency_id = parent_stream_id; + WriteH3Priority(frame); + } } } net_log_.AddEvent(NetLogEventType::QUIC_SESSION_PUSH_PROMISE_RECEIVED, - base::Bind(&NetLogQuicPushPromiseReceivedCallback, &headers, - id, promised_id)); + [&](NetLogCaptureMode capture_mode) { + return NetLogQuicPushPromiseReceivedParams( + &headers, id, promised_id, capture_mode); + }); return result; } diff --git a/chromium/net/quic/quic_chromium_client_session.h b/chromium/net/quic/quic_chromium_client_session.h index 51111ee9542..c8ca8a15546 100644 --- a/chromium/net/quic/quic_chromium_client_session.h +++ b/chromium/net/quic/quic_chromium_client_session.h @@ -52,6 +52,7 @@ namespace net { class CertVerifyResult; class DatagramClientSocket; class NetLog; +class NetworkIsolationKey; class QuicCryptoClientStreamFactory; class QuicServerInfo; class QuicStreamFactory; @@ -63,6 +64,10 @@ namespace test { class QuicChromiumClientSessionPeer; } // namespace test +// SETTINGS_MAX_HEADERS_LIST_SIZE, the maximum size of uncompressed QUIC headers +// that the server is allowed to send. +const size_t kQuicMaxHeaderListSize = 256 * 1024; + // Result of a session migration attempt. enum class MigrationResult { SUCCESS, // Migration succeeded. @@ -182,7 +187,7 @@ class NET_EXPORT_PRIVATE QuicChromiumClientSession // Returns a new packet bundler while will cause writes to be batched up // until a packet is full, or the last bundler is destroyed. std::unique_ptr - CreatePacketBundler(quic::QuicConnection::AckBundling bundling_mode); + CreatePacketBundler(); // Populates network error details for this session. void PopulateNetErrorDetails(NetErrorDetails* details) const; @@ -354,7 +359,7 @@ class NET_EXPORT_PRIVATE QuicChromiumClientSession const NetworkTrafficAnnotationTag traffic_annotation_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(StreamRequest); }; @@ -373,6 +378,7 @@ class NET_EXPORT_PRIVATE QuicChromiumClientSession std::unique_ptr server_info, const QuicSessionKey& session_key, bool require_confirmation, + quic::QuicStreamId max_allowed_push_id, bool migrate_sesion_early_v2, bool migrate_session_on_network_change_v2, NetworkChangeNotifier::NetworkHandle default_network, @@ -483,7 +489,7 @@ class NET_EXPORT_PRIVATE QuicChromiumClientSession const quic::CryptoHandshakeMessage& message) override; void OnGoAway(const quic::QuicGoAwayFrame& frame) override; void OnRstStream(const quic::QuicRstStreamFrame& frame) override; - void OnCanCreateNewOutgoingStream() override; + void OnCanCreateNewOutgoingStream(bool unidirectional) override; // QuicClientSessionBase methods: void OnConfigNegotiated() override; @@ -493,8 +499,7 @@ class NET_EXPORT_PRIVATE QuicChromiumClientSession const quic::ProofVerifyDetails& verify_details) override; // quic::QuicConnectionVisitorInterface methods: - void OnConnectionClosed(quic::QuicErrorCode error, - const std::string& error_details, + void OnConnectionClosed(const quic::QuicConnectionCloseFrame& frame, quic::ConnectionCloseSource source) override; void OnSuccessfulVersionNegotiation( const quic::ParsedQuicVersion& version) override; @@ -555,12 +560,15 @@ class NET_EXPORT_PRIVATE QuicChromiumClientSession // presented during the handshake. bool CanPool(const std::string& hostname, PrivacyMode privacy_mode, - const SocketTag& socket_tag) const; + const SocketTag& socket_tag, + const NetworkIsolationKey& network_isolation_key) const; const quic::QuicServerId& server_id() const { return session_key_.server_id(); } + const QuicSessionKey& quic_session_key() const { return session_key_; } + // Attempts to migrate session when |writer| encounters a write error. // If |writer| is no longer actively used, abort migration. void MigrateSessionOnWriteError(int error_code, @@ -658,7 +666,7 @@ class NET_EXPORT_PRIVATE QuicChromiumClientSession QuicChromiumClientStream* CreateIncomingStream( quic::QuicStreamId id) override; QuicChromiumClientStream* CreateIncomingStream( - quic::PendingStream pending) override; + quic::PendingStream* pending) override; private: friend class test::QuicChromiumClientSessionPeer; @@ -674,7 +682,7 @@ class NET_EXPORT_PRIVATE QuicChromiumClientSession quic::QuicStreamId id, const NetworkTrafficAnnotationTag& traffic_annotation); QuicChromiumClientStream* CreateIncomingReliableStreamImpl( - quic::PendingStream pending, + quic::PendingStream* pending, const NetworkTrafficAnnotationTag& traffic_annotation); // A completion callback invoked when a read completes. void OnReadComplete(int result); @@ -837,7 +845,7 @@ class NET_EXPORT_PRIVATE QuicChromiumClientSession bool headers_include_h2_stream_dependency_; Http2PriorityDependencies priority_dependency_state_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(QuicChromiumClientSession); }; diff --git a/chromium/net/quic/quic_chromium_client_session_test.cc b/chromium/net/quic/quic_chromium_client_session_test.cc index 830144abf82..89a321d4022 100644 --- a/chromium/net/quic/quic_chromium_client_session_test.cc +++ b/chromium/net/quic/quic_chromium_client_session_test.cc @@ -11,15 +11,19 @@ #include "base/run_loop.h" #include "base/stl_util.h" #include "base/test/metrics/histogram_tester.h" +#include "base/test/scoped_feature_list.h" #include "base/threading/thread_task_runner_handle.h" #include "base/time/default_tick_clock.h" #include "build/build_config.h" +#include "net/base/features.h" +#include "net/base/network_isolation_key.h" #include "net/base/test_completion_callback.h" #include "net/cert/cert_verify_result.h" #include "net/http/transport_security_state.h" #include "net/http/transport_security_state_test_util.h" #include "net/log/net_log_source.h" #include "net/log/test_net_log.h" +#include "net/quic/address_utils.h" #include "net/quic/crypto/proof_verifier_chromium.h" #include "net/quic/mock_crypto_client_stream_factory.h" #include "net/quic/mock_quic_data.h" @@ -47,7 +51,6 @@ #include "net/third_party/quiche/src/quic/core/quic_connection_id.h" #include "net/third_party/quiche/src/quic/core/quic_packet_writer.h" #include "net/third_party/quiche/src/quic/core/quic_utils.h" -#include "net/third_party/quiche/src/quic/core/tls_client_handshaker.h" #include "net/third_party/quiche/src/quic/platform/api/quic_flags.h" #include "net/third_party/quiche/src/quic/platform/api/quic_test.h" #include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h" @@ -89,8 +92,8 @@ class QuicChromiumClientSessionTest QuicChromiumClientSessionTest() : version_(std::get<0>(GetParam())), client_headers_include_h2_stream_dependency_(std::get<1>(GetParam())), - crypto_config_(quic::test::crypto_test_utils::ProofVerifierForTesting(), - quic::TlsClientHandshaker::CreateSslCtx()), + crypto_config_( + quic::test::crypto_test_utils::ProofVerifierForTesting()), default_read_(new MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)), socket_data_( new SequencedSocketData(base::make_span(default_read_.get(), 1), @@ -115,6 +118,7 @@ class QuicChromiumClientSessionTest quic::Perspective::IS_SERVER, false), migrate_session_early_v2_(false) { + SetQuicFlag(FLAGS_quic_supports_tls_handshake, true); // Advance the time, because timers do not like uninitialized times. clock_.AdvanceTime(quic::QuicTime::Delta::FromSeconds(1)); } @@ -138,22 +142,22 @@ class QuicChromiumClientSessionTest socket.get(), base::ThreadTaskRunnerHandle::Get().get()); quic::QuicConnection* connection = new quic::QuicConnection( quic::QuicUtils::CreateRandomConnectionId(&random_), - quic::QuicSocketAddress(quic::QuicSocketAddressImpl(kIpEndPoint)), - &helper_, &alarm_factory_, writer, true, quic::Perspective::IS_CLIENT, + ToQuicSocketAddress(kIpEndPoint), &helper_, &alarm_factory_, writer, + true, quic::Perspective::IS_CLIENT, quic::test::SupportedVersions(version_)); session_.reset(new TestingQuicChromiumClientSession( connection, std::move(socket), /*stream_factory=*/nullptr, &crypto_client_stream_factory_, &clock_, &transport_security_state_, /*ssl_config_service=*/nullptr, base::WrapUnique(static_cast(nullptr)), session_key_, - /*require_confirmation=*/false, migrate_session_early_v2_, + /*require_confirmation=*/false, + /*max_allowed_push_id=*/0, migrate_session_early_v2_, /*migrate_session_on_network_change_v2=*/false, /*defaulet_network=*/NetworkChangeNotifier::kInvalidNetworkHandle, quic::QuicTime::Delta::FromMilliseconds( - kDefaultRetransmittableOnWireTimeoutMillisecs), - /*migrate_idle_session=*/false, - base::TimeDelta::FromSeconds(kDefaultIdleSessionMigrationPeriodSeconds), - base::TimeDelta::FromSeconds(kMaxTimeOnNonDefaultNetworkSecs), + kDefaultRetransmittableOnWireTimeout.InMilliseconds()), + /*migrate_idle_session=*/false, kDefaultIdleSessionMigrationPeriod, + kMaxTimeOnNonDefaultNetwork, kMaxMigrationsToNonDefaultNetworkOnWriteError, kMaxMigrationsToNonDefaultNetworkOnPathDegrading, kQuicYieldAfterPacketsRead, @@ -256,10 +260,13 @@ INSTANTIATE_TEST_SUITE_P( ::testing::Combine(::testing::ValuesIn(quic::AllSupportedVersions()), ::testing::Bool())); +// TODO(950069): Add testing for frame_origin in NetworkIsolationKey using +// kAppendInitiatingFrameOriginToNetworkIsolationKey. + TEST_P(QuicChromiumClientSessionTest, IsFatalErrorNotSetForNonFatalError) { MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); MockWrite writes[] = { MockWrite(ASYNC, settings_packet->data(), settings_packet->length(), 1)}; socket_data_.reset(new SequencedSocketData(reads, writes)); @@ -282,7 +289,7 @@ TEST_P(QuicChromiumClientSessionTest, IsFatalErrorNotSetForNonFatalError) { TEST_P(QuicChromiumClientSessionTest, IsFatalErrorSetForFatalError) { MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); MockWrite writes[] = { MockWrite(ASYNC, settings_packet->data(), settings_packet->length(), 1)}; socket_data_.reset(new SequencedSocketData(reads, writes)); @@ -304,7 +311,7 @@ TEST_P(QuicChromiumClientSessionTest, IsFatalErrorSetForFatalError) { TEST_P(QuicChromiumClientSessionTest, CryptoConnect) { MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); MockWrite writes[] = { MockWrite(ASYNC, settings_packet->data(), settings_packet->length(), 1)}; socket_data_.reset(new SequencedSocketData(reads, writes)); @@ -313,9 +320,8 @@ TEST_P(QuicChromiumClientSessionTest, CryptoConnect) { } TEST_P(QuicChromiumClientSessionTest, Handle) { - MockQuicData quic_data; - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + MockQuicData quic_data(version_); + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(1)); quic_data.AddRead(ASYNC, ERR_IO_PENDING); quic_data.AddRead(ASYNC, OK); // EOF quic_data.AddSocketDataToFactory(&socket_factory_); @@ -338,8 +344,7 @@ TEST_P(QuicChromiumClientSessionTest, Handle) { IPEndPoint address; EXPECT_EQ(OK, handle->GetPeerAddress(&address)); EXPECT_EQ(kIpEndPoint, address); - EXPECT_TRUE(handle->CreatePacketBundler(quic::QuicConnection::NO_ACK).get() != - nullptr); + EXPECT_TRUE(handle->CreatePacketBundler().get() != nullptr); CompleteCryptoHandshake(); @@ -365,8 +370,7 @@ TEST_P(QuicChromiumClientSessionTest, Handle) { EXPECT_EQ(session_net_log.source().id, handle->net_log().source().id); EXPECT_EQ(session_net_log.net_log(), handle->net_log().net_log()); EXPECT_EQ(ERR_CONNECTION_CLOSED, handle->GetPeerAddress(&address)); - EXPECT_TRUE(handle->CreatePacketBundler(quic::QuicConnection::NO_ACK).get() == - nullptr); + EXPECT_TRUE(handle->CreatePacketBundler().get() == nullptr); { // Verify that CreateHandle() works even after the session is closed. std::unique_ptr handle2 = @@ -390,8 +394,7 @@ TEST_P(QuicChromiumClientSessionTest, Handle) { EXPECT_EQ(session_net_log.source().id, handle->net_log().source().id); EXPECT_EQ(session_net_log.net_log(), handle->net_log().net_log()); EXPECT_EQ(ERR_CONNECTION_CLOSED, handle->GetPeerAddress(&address)); - EXPECT_TRUE(handle->CreatePacketBundler(quic::QuicConnection::NO_ACK).get() == - nullptr); + EXPECT_TRUE(handle->CreatePacketBundler().get() == nullptr); ASSERT_EQ( ERR_CONNECTION_CLOSED, handle->RequestStream(/*requires_confirmation=*/false, @@ -399,9 +402,8 @@ TEST_P(QuicChromiumClientSessionTest, Handle) { } TEST_P(QuicChromiumClientSessionTest, StreamRequest) { - MockQuicData quic_data; - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + MockQuicData quic_data(version_); + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(1)); quic_data.AddRead(ASYNC, ERR_IO_PENDING); quic_data.AddRead(ASYNC, OK); // EOF quic_data.AddSocketDataToFactory(&socket_factory_); @@ -424,9 +426,8 @@ TEST_P(QuicChromiumClientSessionTest, StreamRequest) { } TEST_P(QuicChromiumClientSessionTest, ConfirmationRequiredStreamRequest) { - MockQuicData quic_data; - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + MockQuicData quic_data(version_); + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(1)); quic_data.AddRead(ASYNC, ERR_IO_PENDING); quic_data.AddRead(ASYNC, OK); // EOF quic_data.AddSocketDataToFactory(&socket_factory_); @@ -449,9 +450,8 @@ TEST_P(QuicChromiumClientSessionTest, ConfirmationRequiredStreamRequest) { } TEST_P(QuicChromiumClientSessionTest, StreamRequestBeforeConfirmation) { - MockQuicData quic_data; - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + MockQuicData quic_data(version_); + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(1)); quic_data.AddRead(ASYNC, ERR_IO_PENDING); quic_data.AddRead(ASYNC, OK); // EOF quic_data.AddSocketDataToFactory(&socket_factory_); @@ -479,9 +479,8 @@ TEST_P(QuicChromiumClientSessionTest, StreamRequestBeforeConfirmation) { } TEST_P(QuicChromiumClientSessionTest, CancelStreamRequestBeforeRelease) { - MockQuicData quic_data; - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + MockQuicData quic_data(version_); + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(1)); quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeRstPacket( 2, true, GetNthClientInitiatedBidirectionalStreamId(0), @@ -508,9 +507,8 @@ TEST_P(QuicChromiumClientSessionTest, CancelStreamRequestBeforeRelease) { } TEST_P(QuicChromiumClientSessionTest, AsyncStreamRequest) { - MockQuicData quic_data; - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + MockQuicData quic_data(version_); + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(1)); if (version_.transport_version == quic::QUIC_VERSION_99) { // The open stream limit is set to 50 by // MockCryptoClientStream::SetConfigNegotiated() so when the 51st stream is @@ -522,7 +520,7 @@ TEST_P(QuicChromiumClientSessionTest, AsyncStreamRequest) { quic_data.AddWrite( SYNCHRONOUS, client_maker_.MakeRstPacket( 3, true, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 0, + quic::QUIC_STREAM_CANCELLED, /*include_stop_sending_if_v99=*/false)); // After the STREAMS_BLOCKED is sent, receive a MAX_STREAMS to increase // the limit to 53. @@ -585,9 +583,8 @@ TEST_P(QuicChromiumClientSessionTest, AsyncStreamRequest) { } TEST_P(QuicChromiumClientSessionTest, ClosedWithAsyncStreamRequest) { - MockQuicData quic_data; - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + MockQuicData quic_data(version_); + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(1)); if (version_.transport_version == quic::QUIC_VERSION_99) { // The open stream limit is set to 50 by // MockCryptoClientStream::SetConfigNegotiated() so when the 51st stream is @@ -648,9 +645,8 @@ TEST_P(QuicChromiumClientSessionTest, ClosedWithAsyncStreamRequest) { } TEST_P(QuicChromiumClientSessionTest, CancelPendingStreamRequest) { - MockQuicData quic_data; - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + MockQuicData quic_data(version_); + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(1)); if (version_.transport_version == quic::QUIC_VERSION_99) { // The open stream limit is set to 50 by // MockCryptoClientStream::SetConfigNegotiated() so when the 51st stream is @@ -663,7 +659,7 @@ TEST_P(QuicChromiumClientSessionTest, CancelPendingStreamRequest) { quic_data.AddWrite( SYNCHRONOUS, client_maker_.MakeRstPacket( 3, true, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 0, + quic::QUIC_STREAM_CANCELLED, /*include_stop_sending_if_v99=*/false)); } else { quic_data.AddWrite( @@ -720,9 +716,8 @@ TEST_P(QuicChromiumClientSessionTest, CancelPendingStreamRequest) { } TEST_P(QuicChromiumClientSessionTest, ConnectionCloseBeforeStreamRequest) { - MockQuicData quic_data; - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + MockQuicData quic_data(version_); + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(1)); quic_data.AddRead( ASYNC, server_maker_.MakeConnectionClosePacket( @@ -749,10 +744,16 @@ TEST_P(QuicChromiumClientSessionTest, ConnectionCloseBeforeStreamRequest) { } TEST_P(QuicChromiumClientSessionTest, ConnectionCloseBeforeHandshakeConfirmed) { + if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3) { + // TODO(nharper, b/112643533): Figure out why this test fails when TLS is + // enabled and fix it. + return; + } + // Force the connection close packet to use long headers with connection ID. server_maker_.SetEncryptionLevel(quic::ENCRYPTION_INITIAL); - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddRead(ASYNC, ERR_IO_PENDING); quic_data.AddRead( ASYNC, @@ -783,9 +784,8 @@ TEST_P(QuicChromiumClientSessionTest, ConnectionCloseBeforeHandshakeConfirmed) { } TEST_P(QuicChromiumClientSessionTest, ConnectionCloseWithPendingStreamRequest) { - MockQuicData quic_data; - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + MockQuicData quic_data(version_); + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(1)); if (version_.transport_version == quic::QUIC_VERSION_99) { quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeStreamsBlockedPacket( 2, true, 51, @@ -830,9 +830,8 @@ TEST_P(QuicChromiumClientSessionTest, ConnectionCloseWithPendingStreamRequest) { } TEST_P(QuicChromiumClientSessionTest, MaxNumStreams) { - MockQuicData quic_data; - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + MockQuicData quic_data(version_); + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(1)); if (version_.transport_version == quic::QUIC_VERSION_99) { // Initial configuration is 50 dynamic streams. Taking into account // the static stream (headers), expect to block on when hitting the limit @@ -901,7 +900,7 @@ TEST_P(QuicChromiumClientSessionTest, PushStreamTimedOutNoResponse) { base::HistogramTester histogram_tester; MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); std::unique_ptr client_rst( client_maker_.MakeRstPacket( 2, true, GetNthServerInitiatedUnidirectionalStreamId(0), @@ -953,7 +952,7 @@ TEST_P(QuicChromiumClientSessionTest, PushStreamTimedOutWithResponse) { base::HistogramTester histogram_tester; MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); std::unique_ptr client_rst( client_maker_.MakeRstPacket( 2, true, GetNthServerInitiatedUnidirectionalStreamId(0), @@ -1006,10 +1005,69 @@ TEST_P(QuicChromiumClientSessionTest, PushStreamTimedOutWithResponse) { session_.get())); } +// Regression test for crbug.com/968621. +TEST_P(QuicChromiumClientSessionTest, PendingStreamOnRst) { + if (!quic::VersionHasStreamType(version_.transport_version)) + return; + + MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; + std::unique_ptr settings_packet( + client_maker_.MakeInitialSettingsPacket(1)); + std::unique_ptr client_rst( + client_maker_.MakeRstPacket( + 2, true, GetNthServerInitiatedUnidirectionalStreamId(0), + quic::QUIC_RST_ACKNOWLEDGEMENT)); + + MockWrite writes[] = { + MockWrite(ASYNC, settings_packet->data(), settings_packet->length(), 1), + MockWrite(ASYNC, client_rst->data(), client_rst->length(), 2)}; + socket_data_.reset(new SequencedSocketData(reads, writes)); + + Initialize(); + CompleteCryptoHandshake(); + + quic::QuicStreamFrame data(GetNthServerInitiatedUnidirectionalStreamId(0), + false, 1, quic::QuicStringPiece("SP")); + session_->OnStreamFrame(data); + EXPECT_EQ(0u, session_->GetNumOpenIncomingStreams()); + quic::QuicRstStreamFrame rst(quic::kInvalidControlFrameId, + GetNthServerInitiatedUnidirectionalStreamId(0), + quic::QUIC_STREAM_CANCELLED, 0); + session_->OnRstStream(rst); +} + +// Regression test for crbug.com/971361. +TEST_P(QuicChromiumClientSessionTest, ClosePendingStream) { + if (!quic::VersionHasStreamType(version_.transport_version)) + return; + + MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; + std::unique_ptr settings_packet( + client_maker_.MakeInitialSettingsPacket(1)); + std::unique_ptr client_rst( + client_maker_.MakeRstPacket( + 2, true, GetNthServerInitiatedUnidirectionalStreamId(0), + quic::QUIC_RST_ACKNOWLEDGEMENT)); + + MockWrite writes[] = { + MockWrite(ASYNC, settings_packet->data(), settings_packet->length(), 1), + MockWrite(ASYNC, client_rst->data(), client_rst->length(), 2)}; + socket_data_.reset(new SequencedSocketData(reads, writes)); + + Initialize(); + CompleteCryptoHandshake(); + + quic::QuicStreamId id = GetNthServerInitiatedUnidirectionalStreamId(0); + quic::QuicStreamFrame data(id, false, 1, quic::QuicStringPiece("SP")); + session_->OnStreamFrame(data); + EXPECT_EQ(0u, session_->GetNumOpenIncomingStreams()); + session_->CloseStream(id); +} + TEST_P(QuicChromiumClientSessionTest, CancelPushWhenPendingValidation) { MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); std::unique_ptr client_rst( client_maker_.MakeRstPacket(2, true, GetNthClientInitiatedBidirectionalStreamId(0), @@ -1066,7 +1124,7 @@ TEST_P(QuicChromiumClientSessionTest, CancelPushBeforeReceivingResponse) { base::HistogramTester histogram_tester; MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); std::unique_ptr client_rst( client_maker_.MakeRstPacket( 2, true, GetNthServerInitiatedUnidirectionalStreamId(0), @@ -1118,7 +1176,7 @@ TEST_P(QuicChromiumClientSessionTest, CancelPushAfterReceivingResponse) { base::HistogramTester histogram_tester; MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); std::unique_ptr client_rst( client_maker_.MakeRstPacket( 2, true, GetNthServerInitiatedUnidirectionalStreamId(0), @@ -1174,9 +1232,8 @@ TEST_P(QuicChromiumClientSessionTest, CancelPushAfterReceivingResponse) { } TEST_P(QuicChromiumClientSessionTest, MaxNumStreamsViaRequest) { - MockQuicData quic_data; - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + MockQuicData quic_data(version_); + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(1)); if (version_.transport_version == quic::QUIC_VERSION_99) { quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeStreamsBlockedPacket( 2, true, 51, @@ -1233,7 +1290,7 @@ TEST_P(QuicChromiumClientSessionTest, MaxNumStreamsViaRequest) { TEST_P(QuicChromiumClientSessionTest, GoAwayReceived) { MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); MockWrite writes[] = { MockWrite(ASYNC, settings_packet->data(), settings_packet->length(), 1)}; socket_data_.reset(new SequencedSocketData(reads, writes)); @@ -1252,7 +1309,7 @@ TEST_P(QuicChromiumClientSessionTest, GoAwayReceived) { TEST_P(QuicChromiumClientSessionTest, CanPool) { MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); MockWrite writes[] = { MockWrite(ASYNC, settings_packet->data(), settings_packet->length(), 1)}; socket_data_.reset(new SequencedSocketData(reads, writes)); @@ -1270,24 +1327,104 @@ TEST_P(QuicChromiumClientSessionTest, CanPool) { CompleteCryptoHandshake(); session_->OnProofVerifyDetailsAvailable(details); - EXPECT_TRUE( - session_->CanPool("www.example.org", PRIVACY_MODE_DISABLED, SocketTag())); - EXPECT_FALSE( - session_->CanPool("www.example.org", PRIVACY_MODE_ENABLED, SocketTag())); + EXPECT_TRUE(session_->CanPool("www.example.org", PRIVACY_MODE_DISABLED, + SocketTag(), NetworkIsolationKey())); + EXPECT_FALSE(session_->CanPool("www.example.org", PRIVACY_MODE_ENABLED, + SocketTag(), NetworkIsolationKey())); #if defined(OS_ANDROID) SocketTag tag1(SocketTag::UNSET_UID, 0x12345678); SocketTag tag2(getuid(), 0x87654321); - EXPECT_FALSE( - session_->CanPool("www.example.org", PRIVACY_MODE_DISABLED, tag1)); - EXPECT_FALSE( - session_->CanPool("www.example.org", PRIVACY_MODE_DISABLED, tag2)); + EXPECT_FALSE(session_->CanPool("www.example.org", PRIVACY_MODE_DISABLED, tag1, + NetworkIsolationKey())); + EXPECT_FALSE(session_->CanPool("www.example.org", PRIVACY_MODE_DISABLED, tag2, + NetworkIsolationKey())); #endif EXPECT_TRUE(session_->CanPool("mail.example.org", PRIVACY_MODE_DISABLED, - SocketTag())); + SocketTag(), NetworkIsolationKey())); EXPECT_TRUE(session_->CanPool("mail.example.com", PRIVACY_MODE_DISABLED, - SocketTag())); - EXPECT_FALSE( - session_->CanPool("mail.google.com", PRIVACY_MODE_DISABLED, SocketTag())); + SocketTag(), NetworkIsolationKey())); + EXPECT_FALSE(session_->CanPool("mail.google.com", PRIVACY_MODE_DISABLED, + SocketTag(), NetworkIsolationKey())); + + const auto kOriginFoo = url::Origin::Create(GURL("http://foo.test/")); + + // Check that NetworkIsolationKey is respected when feature is enabled. + { + base::test::ScopedFeatureList feature_list; + feature_list.InitAndDisableFeature( + features::kPartitionConnectionsByNetworkIsolationKey); + EXPECT_TRUE(session_->CanPool("mail.example.com", PRIVACY_MODE_DISABLED, + SocketTag(), + NetworkIsolationKey(kOriginFoo, kOriginFoo))); + } + { + base::test::ScopedFeatureList feature_list; + feature_list.InitAndEnableFeature( + features::kPartitionConnectionsByNetworkIsolationKey); + EXPECT_FALSE(session_->CanPool( + "mail.example.com", PRIVACY_MODE_DISABLED, SocketTag(), + NetworkIsolationKey(kOriginFoo, kOriginFoo))); + } +} + +// Much as above, but uses a non-empty NetworkIsolationKey. +TEST_P(QuicChromiumClientSessionTest, CanPoolWithNetworkIsolationKey) { + base::test::ScopedFeatureList feature_list; + feature_list.InitAndEnableFeature( + features::kPartitionConnectionsByNetworkIsolationKey); + + const auto kOriginFoo = url::Origin::Create(GURL("http://foo.test/")); + const auto kOriginBar = url::Origin::Create(GURL("http://bar.test/")); + const NetworkIsolationKey kNetworkIsolationKey1(kOriginFoo, kOriginFoo); + const NetworkIsolationKey kNetworkIsolationKey2(kOriginBar, kOriginBar); + + session_key_ = + QuicSessionKey(kServerHostname, kServerPort, PRIVACY_MODE_DISABLED, + SocketTag(), kNetworkIsolationKey1); + + MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; + std::unique_ptr settings_packet( + client_maker_.MakeInitialSettingsPacket(1)); + MockWrite writes[] = { + MockWrite(ASYNC, settings_packet->data(), settings_packet->length(), 1)}; + socket_data_.reset(new SequencedSocketData(reads, writes)); + Initialize(); + // Load a cert that is valid for: + // www.example.org + // mail.example.org + // www.example.com + + ProofVerifyDetailsChromium details; + details.cert_verify_result.verified_cert = + ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem"); + ASSERT_TRUE(details.cert_verify_result.verified_cert.get()); + + CompleteCryptoHandshake(); + session_->OnProofVerifyDetailsAvailable(details); + + EXPECT_TRUE(session_->CanPool("www.example.org", PRIVACY_MODE_DISABLED, + SocketTag(), kNetworkIsolationKey1)); + EXPECT_FALSE(session_->CanPool("www.example.org", PRIVACY_MODE_ENABLED, + SocketTag(), kNetworkIsolationKey1)); +#if defined(OS_ANDROID) + SocketTag tag1(SocketTag::UNSET_UID, 0x12345678); + SocketTag tag2(getuid(), 0x87654321); + EXPECT_FALSE(session_->CanPool("www.example.org", PRIVACY_MODE_DISABLED, tag1, + kNetworkIsolationKey1)); + EXPECT_FALSE(session_->CanPool("www.example.org", PRIVACY_MODE_DISABLED, tag2, + kNetworkIsolationKey1)); +#endif + EXPECT_TRUE(session_->CanPool("mail.example.org", PRIVACY_MODE_DISABLED, + SocketTag(), kNetworkIsolationKey1)); + EXPECT_TRUE(session_->CanPool("mail.example.com", PRIVACY_MODE_DISABLED, + SocketTag(), kNetworkIsolationKey1)); + EXPECT_FALSE(session_->CanPool("mail.google.com", PRIVACY_MODE_DISABLED, + SocketTag(), kNetworkIsolationKey1)); + + EXPECT_FALSE(session_->CanPool("mail.example.com", PRIVACY_MODE_DISABLED, + SocketTag(), kNetworkIsolationKey2)); + EXPECT_FALSE(session_->CanPool("mail.example.com", PRIVACY_MODE_DISABLED, + SocketTag(), NetworkIsolationKey())); } TEST_P(QuicChromiumClientSessionTest, ConnectionNotPooledWithDifferentPin) { @@ -1305,7 +1442,7 @@ TEST_P(QuicChromiumClientSessionTest, ConnectionNotPooledWithDifferentPin) { MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); MockWrite writes[] = { MockWrite(ASYNC, settings_packet->data(), settings_packet->length(), 1)}; socket_data_.reset(new SequencedSocketData(reads, writes)); @@ -1327,8 +1464,8 @@ TEST_P(QuicChromiumClientSessionTest, ConnectionNotPooledWithDifferentPin) { session_->OnProofVerifyDetailsAvailable(details); QuicChromiumClientSessionPeer::SetHostname(session_.get(), kNoPinsHost); - EXPECT_FALSE( - session_->CanPool(kPreloadedPKPHost, PRIVACY_MODE_DISABLED, SocketTag())); + EXPECT_FALSE(session_->CanPool(kPreloadedPKPHost, PRIVACY_MODE_DISABLED, + SocketTag(), NetworkIsolationKey())); } TEST_P(QuicChromiumClientSessionTest, ConnectionPooledWithMatchingPin) { @@ -1336,7 +1473,7 @@ TEST_P(QuicChromiumClientSessionTest, ConnectionPooledWithMatchingPin) { MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); MockWrite writes[] = { MockWrite(ASYNC, settings_packet->data(), settings_packet->length(), 1)}; socket_data_.reset(new SequencedSocketData(reads, writes)); @@ -1360,13 +1497,13 @@ TEST_P(QuicChromiumClientSessionTest, ConnectionPooledWithMatchingPin) { QuicChromiumClientSessionPeer::SetHostname(session_.get(), "www.example.org"); EXPECT_TRUE(session_->CanPool("mail.example.org", PRIVACY_MODE_DISABLED, - SocketTag())); + SocketTag(), NetworkIsolationKey())); } TEST_P(QuicChromiumClientSessionTest, MigrateToSocket) { MockRead old_reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); MockWrite old_writes[] = { MockWrite(ASYNC, settings_packet->data(), settings_packet->length(), 1)}; socket_data_.reset(new SequencedSocketData(old_reads, old_writes)); @@ -1378,7 +1515,7 @@ TEST_P(QuicChromiumClientSessionTest, MigrateToSocket) { std::unique_ptr ack_and_data_out; client_ping = client_maker_.MakeAckAndPingPacket(2, false, 1, 1, 1); ack_and_data_out = client_maker_.MakeDataPacket( - 3, GetNthClientInitiatedBidirectionalStreamId(0), false, false, 0, + 3, GetNthClientInitiatedBidirectionalStreamId(0), false, false, quic::QuicStringPiece(data)); std::unique_ptr server_ping( server_maker_.MakePingPacket(1, /*include_version=*/false)); @@ -1431,7 +1568,7 @@ TEST_P(QuicChromiumClientSessionTest, MigrateToSocket) { TEST_P(QuicChromiumClientSessionTest, MigrateToSocketMaxReaders) { MockRead old_reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); MockWrite old_writes[] = { MockWrite(ASYNC, settings_packet->data(), settings_packet->length(), 1)}; socket_data_.reset(new SequencedSocketData(old_reads, old_writes)); @@ -1484,7 +1621,7 @@ TEST_P(QuicChromiumClientSessionTest, MigrateToSocketMaxReaders) { TEST_P(QuicChromiumClientSessionTest, MigrateToSocketReadError) { std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); std::unique_ptr client_ping; client_ping = client_maker_.MakeAckAndPingPacket(2, false, 1, 1, 1); std::unique_ptr server_ping( @@ -1551,9 +1688,14 @@ TEST_P(QuicChromiumClientSessionTest, MigrateToSocketReadError) { } TEST_P(QuicChromiumClientSessionTest, DetectPathDegradingDuringHandshake) { + if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3) { + // TODO(nharper, b/112643533): Figure out why this test fails when TLS is + // enabled and fix it. + return; + } migrate_session_early_v2_ = true; - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeDummyCHLOPacket(1)); quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeDummyCHLOPacket(2)); @@ -1612,9 +1754,8 @@ TEST_P(QuicChromiumClientSessionTest, DetectPathDegradingDuringHandshake) { TEST_P(QuicChromiumClientSessionTest, RetransmittableOnWireTimeout) { migrate_session_early_v2_ = true; - MockQuicData quic_data; - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + MockQuicData quic_data(version_); + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(1)); quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakePingPacket(2, true)); quic_data.AddRead(ASYNC, server_maker_.MakeAckPacket(1, 2, 1, 1, false)); diff --git a/chromium/net/quic/quic_chromium_client_stream.cc b/chromium/net/quic/quic_chromium_client_stream.cc index 45e4b802118..1a29107b532 100644 --- a/chromium/net/quic/quic_chromium_client_stream.cc +++ b/chromium/net/quic/quic_chromium_client_stream.cc @@ -46,8 +46,7 @@ QuicChromiumClientStream::Handle::Handle(QuicChromiumClientStream* stream) read_headers_buffer_(nullptr), read_body_buffer_len_(0), net_error_(ERR_UNEXPECTED), - net_log_(stream->net_log()), - weak_factory_(this) { + net_log_(stream->net_log()) { SaveState(); } @@ -414,16 +413,15 @@ QuicChromiumClientStream::QuicChromiumClientStream( quic_version_(session->connection()->transport_version()), can_migrate_to_cellular_network_(true), initial_headers_frame_len_(0), - trailing_headers_frame_len_(0), - weak_factory_(this) {} + trailing_headers_frame_len_(0) {} QuicChromiumClientStream::QuicChromiumClientStream( - quic::PendingStream pending, + quic::PendingStream* pending, quic::QuicSpdyClientSessionBase* session, quic::StreamType type, const NetLogWithSource& net_log, const NetworkTrafficAnnotationTag& traffic_annotation) - : quic::QuicSpdyStream(std::move(pending), session, type), + : quic::QuicSpdyStream(pending, session, type), net_log_(net_log), handle_(nullptr), headers_delivered_(false), @@ -432,8 +430,7 @@ QuicChromiumClientStream::QuicChromiumClientStream( quic_version_(session->connection()->transport_version()), can_migrate_to_cellular_network_(true), initial_headers_frame_len_(0), - trailing_headers_frame_len_(0), - weak_factory_(this) {} + trailing_headers_frame_len_(0) {} QuicChromiumClientStream::~QuicChromiumClientStream() { if (handle_) @@ -544,7 +541,10 @@ size_t QuicChromiumClientStream::WriteHeaders( } net_log_.AddEvent( NetLogEventType::QUIC_CHROMIUM_CLIENT_STREAM_SEND_REQUEST_HEADERS, - base::Bind(&QuicRequestNetLogCallback, id(), &header_block, priority())); + [&](NetLogCaptureMode capture_mode) { + return QuicRequestNetLogParams(id(), &header_block, priority(), + capture_mode); + }); size_t len = quic::QuicSpdyStream::WriteHeaders(std::move(header_block), fin, std::move(ack_listener)); initial_headers_sent_ = true; @@ -661,8 +661,10 @@ bool QuicChromiumClientStream::DeliverInitialHeaders( headers_delivered_ = true; net_log_.AddEvent( NetLogEventType::QUIC_CHROMIUM_CLIENT_STREAM_READ_RESPONSE_HEADERS, - base::BindRepeating(&QuicResponseNetLogCallback, id(), fin_received(), - &initial_headers_)); + [&](NetLogCaptureMode capture_mode) { + return QuicResponseNetLogParams(id(), fin_received(), &initial_headers_, + capture_mode); + }); *headers = std::move(initial_headers_); *frame_len = initial_headers_frame_len_; @@ -677,8 +679,10 @@ bool QuicChromiumClientStream::DeliverTrailingHeaders( net_log_.AddEvent( NetLogEventType::QUIC_CHROMIUM_CLIENT_STREAM_READ_RESPONSE_TRAILERS, - base::BindRepeating(&QuicResponseNetLogCallback, id(), fin_received(), - &received_trailers())); + [&](NetLogCaptureMode capture_mode) { + return QuicResponseNetLogParams(id(), fin_received(), + &received_trailers(), capture_mode); + }); *headers = received_trailers().Clone(); *frame_len = trailing_headers_frame_len_; diff --git a/chromium/net/quic/quic_chromium_client_stream.h b/chromium/net/quic/quic_chromium_client_stream.h index 25c8afde859..30baf2a5bbf 100644 --- a/chromium/net/quic/quic_chromium_client_stream.h +++ b/chromium/net/quic/quic_chromium_client_stream.h @@ -192,7 +192,7 @@ class NET_EXPORT_PRIVATE QuicChromiumClientStream NetLogWithSource net_log_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(Handle); }; @@ -204,7 +204,7 @@ class NET_EXPORT_PRIVATE QuicChromiumClientStream const NetLogWithSource& net_log, const NetworkTrafficAnnotationTag& traffic_annotation); QuicChromiumClientStream( - quic::PendingStream pending, + quic::PendingStream* pending, quic::QuicSpdyClientSessionBase* session, quic::StreamType type, const NetLogWithSource& net_log, @@ -311,7 +311,7 @@ class NET_EXPORT_PRIVATE QuicChromiumClientStream // Length of the HEADERS frame containing trailing headers. size_t trailing_headers_frame_len_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(QuicChromiumClientStream); }; diff --git a/chromium/net/quic/quic_chromium_client_stream_test.cc b/chromium/net/quic/quic_chromium_client_stream_test.cc index 7fc2ffe1507..f696e423b42 100644 --- a/chromium/net/quic/quic_chromium_client_stream_test.cc +++ b/chromium/net/quic/quic_chromium_client_stream_test.cc @@ -21,7 +21,6 @@ #include "net/third_party/quiche/src/quic/core/http/quic_spdy_client_stream.h" #include "net/third_party/quiche/src/quic/core/http/spdy_utils.h" #include "net/third_party/quiche/src/quic/core/quic_utils.h" -#include "net/third_party/quiche/src/quic/core/tls_client_handshaker.h" #include "net/third_party/quiche/src/quic/platform/api/quic_ptr_util.h" #include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h" #include "net/third_party/quiche/src/quic/test_tools/quic_spdy_session_peer.h" @@ -56,14 +55,13 @@ class MockQuicClientSessionBase : public quic::QuicSpdyClientSessionBase { } // From quic::QuicSession. - MOCK_METHOD3(OnConnectionClosed, - void(quic::QuicErrorCode error, - const std::string& error_details, + MOCK_METHOD2(OnConnectionClosed, + void(const quic::QuicConnectionCloseFrame& frame, quic::ConnectionCloseSource source)); MOCK_METHOD1(CreateIncomingStream, quic::QuicSpdyStream*(quic::QuicStreamId id)); MOCK_METHOD1(CreateIncomingStream, - quic::QuicSpdyStream*(quic::PendingStream pending)); + quic::QuicSpdyStream*(quic::PendingStream* pending)); MOCK_METHOD0(CreateOutgoingBidirectionalStream, QuicChromiumClientStream*()); MOCK_METHOD0(CreateOutgoingUnidirectionalStream, QuicChromiumClientStream*()); MOCK_METHOD5(WritevData, @@ -161,8 +159,8 @@ class QuicChromiumClientStreamTest public WithScopedTaskEnvironment { public: QuicChromiumClientStreamTest() - : crypto_config_(quic::test::crypto_test_utils::ProofVerifierForTesting(), - quic::TlsClientHandshaker::CreateSslCtx()), + : crypto_config_( + quic::test::crypto_test_utils::ProofVerifierForTesting()), session_(new quic::test::MockQuicConnection( &helper_, &alarm_factory_, diff --git a/chromium/net/quic/quic_chromium_packet_reader.cc b/chromium/net/quic/quic_chromium_packet_reader.cc index 36083a43212..c0c2bc70774 100644 --- a/chromium/net/quic/quic_chromium_packet_reader.cc +++ b/chromium/net/quic/quic_chromium_packet_reader.cc @@ -10,6 +10,7 @@ #include "base/single_thread_task_runner.h" #include "base/threading/thread_task_runner_handle.h" #include "net/base/net_errors.h" +#include "net/quic/address_utils.h" #include "net/third_party/quiche/src/quic/platform/api/quic_clock.h" namespace net { @@ -31,8 +32,7 @@ QuicChromiumPacketReader::QuicChromiumPacketReader( yield_after_(quic::QuicTime::Infinite()), read_buffer_(base::MakeRefCounted( static_cast(quic::kMaxOutgoingPacketSize))), - net_log_(net_log), - weak_factory_(this) {} + net_log_(net_log) {} QuicChromiumPacketReader::~QuicChromiumPacketReader() {} @@ -93,10 +93,8 @@ bool QuicChromiumPacketReader::ProcessReadResult(int result) { IPEndPoint peer_address; socket_->GetLocalAddress(&local_address); socket_->GetPeerAddress(&peer_address); - return visitor_->OnPacket( - packet, - quic::QuicSocketAddress(quic::QuicSocketAddressImpl(local_address)), - quic::QuicSocketAddress(quic::QuicSocketAddressImpl(peer_address))); + return visitor_->OnPacket(packet, ToQuicSocketAddress(local_address), + ToQuicSocketAddress(peer_address)); } void QuicChromiumPacketReader::OnReadComplete(int result) { diff --git a/chromium/net/quic/quic_chromium_packet_reader.h b/chromium/net/quic/quic_chromium_packet_reader.h index 5734aa72711..b4d25070816 100644 --- a/chromium/net/quic/quic_chromium_packet_reader.h +++ b/chromium/net/quic/quic_chromium_packet_reader.h @@ -70,7 +70,7 @@ class NET_EXPORT_PRIVATE QuicChromiumPacketReader { scoped_refptr read_buffer_; NetLogWithSource net_log_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(QuicChromiumPacketReader); }; diff --git a/chromium/net/quic/quic_chromium_packet_writer.cc b/chromium/net/quic/quic_chromium_packet_writer.cc index 4cb3be9f13a..7c38674e702 100644 --- a/chromium/net/quic/quic_chromium_packet_writer.cc +++ b/chromium/net/quic/quic_chromium_packet_writer.cc @@ -81,7 +81,7 @@ void QuicChromiumPacketWriter::ReusableIOBuffer::Set(const char* buffer, std::memcpy(data(), buffer, buf_len); } -QuicChromiumPacketWriter::QuicChromiumPacketWriter() : weak_factory_(this) {} +QuicChromiumPacketWriter::QuicChromiumPacketWriter() {} QuicChromiumPacketWriter::QuicChromiumPacketWriter( DatagramClientSocket* socket, @@ -92,8 +92,7 @@ QuicChromiumPacketWriter::QuicChromiumPacketWriter( base::MakeRefCounted(quic::kMaxOutgoingPacketSize)), write_in_progress_(false), force_write_blocked_(false), - retry_count_(0), - weak_factory_(this) { + retry_count_(0) { retry_timer_.SetTaskRunner(task_runner); write_callback_ = base::BindRepeating( &QuicChromiumPacketWriter::OnWriteComplete, weak_factory_.GetWeakPtr()); diff --git a/chromium/net/quic/quic_chromium_packet_writer.h b/chromium/net/quic/quic_chromium_packet_writer.h index 1a667f2911e..82acb30f367 100644 --- a/chromium/net/quic/quic_chromium_packet_writer.h +++ b/chromium/net/quic/quic_chromium_packet_writer.h @@ -126,7 +126,7 @@ class NET_EXPORT_PRIVATE QuicChromiumPacketWriter base::OneShotTimer retry_timer_; CompletionRepeatingCallback write_callback_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(QuicChromiumPacketWriter); }; diff --git a/chromium/net/quic/quic_connection_logger.cc b/chromium/net/quic/quic_connection_logger.cc index 0e6cf4223cb..cdae0879fa7 100644 --- a/chromium/net/quic/quic_connection_logger.cc +++ b/chromium/net/quic/quic_connection_logger.cc @@ -10,18 +10,15 @@ #include #include -#include "base/bind.h" -#include "base/callback.h" #include "base/metrics/histogram_base.h" #include "base/metrics/histogram_functions.h" #include "base/metrics/histogram_macros.h" -#include "base/strings/string_number_conversions.h" #include "base/values.h" #include "net/base/ip_address.h" #include "net/cert/x509_certificate.h" -#include "net/log/net_log.h" #include "net/log/net_log_capture_mode.h" #include "net/log/net_log_event_type.h" +#include "net/log/net_log_values.h" #include "net/quic/address_utils.h" #include "net/quic/quic_address_mismatch.h" #include "net/third_party/quiche/src/quic/core/crypto/crypto_handshake_message.h" @@ -39,23 +36,20 @@ namespace net { namespace { -base::Value NetLogQuicPacketCallback( - const quic::QuicSocketAddress* self_address, - const quic::QuicSocketAddress* peer_address, - size_t packet_size, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogQuicPacketParams(const quic::QuicSocketAddress& self_address, + const quic::QuicSocketAddress& peer_address, + size_t packet_size) { base::DictionaryValue dict; - dict.SetString("self_address", self_address->ToString()); - dict.SetString("peer_address", peer_address->ToString()); + dict.SetString("self_address", self_address.ToString()); + dict.SetString("peer_address", peer_address.ToString()); dict.SetInteger("size", packet_size); return std::move(dict); } -base::Value NetLogQuicPacketSentCallback( +base::Value NetLogQuicPacketSentParams( const quic::SerializedPacket& serialized_packet, quic::TransmissionType transmission_type, - quic::QuicTime sent_time, - NetLogCaptureMode /* capture_mode */) { + quic::QuicTime sent_time) { base::DictionaryValue dict; dict.SetInteger("transmission_type", transmission_type); dict.SetKey("packet_number", @@ -65,10 +59,9 @@ base::Value NetLogQuicPacketSentCallback( return std::move(dict); } -base::Value NetLogQuicPacketRetransmittedCallback( +base::Value NetLogQuicPacketRetransmittedParams( quic::QuicPacketNumber old_packet_number, - quic::QuicPacketNumber new_packet_number, - NetLogCaptureMode /* capture_mode */) { + quic::QuicPacketNumber new_packet_number) { base::DictionaryValue dict; dict.SetKey("old_packet_number", NetLogNumberValue(old_packet_number.ToUint64())); @@ -77,11 +70,9 @@ base::Value NetLogQuicPacketRetransmittedCallback( return std::move(dict); } -base::Value NetLogQuicPacketLostCallback( - quic::QuicPacketNumber packet_number, - quic::TransmissionType transmission_type, - quic::QuicTime detection_time, - NetLogCaptureMode /*capture_mode*/) { +base::Value NetLogQuicPacketLostParams(quic::QuicPacketNumber packet_number, + quic::TransmissionType transmission_type, + quic::QuicTime detection_time) { base::DictionaryValue dict; dict.SetInteger("transmission_type", transmission_type); dict.SetKey("packet_number", NetLogNumberValue(packet_number.ToUint64())); @@ -90,17 +81,14 @@ base::Value NetLogQuicPacketLostCallback( return std::move(dict); } -base::Value NetLogQuicDuplicatePacketCallback( - quic::QuicPacketNumber packet_number, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogQuicDuplicatePacketParams( + quic::QuicPacketNumber packet_number) { base::DictionaryValue dict; dict.SetKey("packet_number", NetLogNumberValue(packet_number.ToUint64())); return std::move(dict); } -base::Value NetLogQuicPacketHeaderCallback( - const quic::QuicPacketHeader* header, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogQuicPacketHeaderParams(const quic::QuicPacketHeader* header) { base::DictionaryValue dict; dict.SetString("connection_id", header->destination_connection_id.ToString()); dict.SetInteger("reset_flag", header->reset_flag); @@ -110,9 +98,7 @@ base::Value NetLogQuicPacketHeaderCallback( return std::move(dict); } -base::Value NetLogQuicStreamFrameCallback( - const quic::QuicStreamFrame& frame, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogQuicStreamFrameParams(const quic::QuicStreamFrame& frame) { base::DictionaryValue dict; dict.SetInteger("stream_id", frame.stream_id); dict.SetBoolean("fin", frame.fin); @@ -121,8 +107,7 @@ base::Value NetLogQuicStreamFrameCallback( return std::move(dict); } -base::Value NetLogQuicAckFrameCallback(const quic::QuicAckFrame* frame, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogQuicAckFrameParams(const quic::QuicAckFrame* frame) { base::DictionaryValue dict; dict.SetKey("largest_observed", NetLogNumberValue(frame->largest_acked.ToUint64())); @@ -155,44 +140,37 @@ base::Value NetLogQuicAckFrameCallback(const quic::QuicAckFrame* frame, return std::move(dict); } -base::Value NetLogQuicRstStreamFrameCallback( - const quic::QuicRstStreamFrame* frame, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogQuicRstStreamFrameParams( + const quic::QuicRstStreamFrame* frame) { base::DictionaryValue dict; dict.SetInteger("stream_id", frame->stream_id); dict.SetInteger("quic_rst_stream_error", frame->error_code); return std::move(dict); } -base::Value NetLogQuicConnectionCloseFrameCallback( - const quic::QuicConnectionCloseFrame* frame, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogQuicConnectionCloseFrameParams( + const quic::QuicConnectionCloseFrame* frame) { base::DictionaryValue dict; dict.SetInteger("quic_error", frame->quic_error_code); dict.SetString("details", frame->error_details); return std::move(dict); } -base::Value NetLogQuicWindowUpdateFrameCallback( - const quic::QuicWindowUpdateFrame* frame, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogQuicWindowUpdateFrameParams( + const quic::QuicWindowUpdateFrame* frame) { base::DictionaryValue dict; dict.SetInteger("stream_id", frame->stream_id); dict.SetKey("byte_offset", NetLogNumberValue(frame->byte_offset)); return std::move(dict); } -base::Value NetLogQuicBlockedFrameCallback( - const quic::QuicBlockedFrame* frame, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogQuicBlockedFrameParams(const quic::QuicBlockedFrame* frame) { base::DictionaryValue dict; dict.SetInteger("stream_id", frame->stream_id); return std::move(dict); } -base::Value NetLogQuicGoAwayFrameCallback( - const quic::QuicGoAwayFrame* frame, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogQuicGoAwayFrameParams(const quic::QuicGoAwayFrame* frame) { base::DictionaryValue dict; dict.SetInteger("quic_error", frame->error_code); dict.SetInteger("last_good_stream_id", frame->last_good_stream_id); @@ -200,9 +178,8 @@ base::Value NetLogQuicGoAwayFrameCallback( return std::move(dict); } -base::Value NetLogQuicStopWaitingFrameCallback( - const quic::QuicStopWaitingFrame* frame, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogQuicStopWaitingFrameParams( + const quic::QuicStopWaitingFrame* frame) { base::DictionaryValue dict; auto sent_info = std::make_unique(); sent_info->SetKey("least_unacked", @@ -211,9 +188,8 @@ base::Value NetLogQuicStopWaitingFrameCallback( return std::move(dict); } -base::Value NetLogQuicVersionNegotiationPacketCallback( - const quic::QuicVersionNegotiationPacket* packet, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogQuicVersionNegotiationPacketParams( + const quic::QuicVersionNegotiationPacket* packet) { base::DictionaryValue dict; auto versions = std::make_unique(); for (auto it = packet->versions.begin(); it != packet->versions.end(); ++it) { @@ -223,29 +199,26 @@ base::Value NetLogQuicVersionNegotiationPacketCallback( return std::move(dict); } -base::Value NetLogQuicPublicResetPacketCallback( - const IPEndPoint* server_hello_address, - const quic::QuicSocketAddress* public_reset_address, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogQuicPublicResetPacketParams( + const IPEndPoint& server_hello_address, + const quic::QuicSocketAddress& public_reset_address) { base::DictionaryValue dict; - dict.SetString("server_hello_address", server_hello_address->ToString()); - dict.SetString("public_reset_address", public_reset_address->ToString()); + dict.SetString("server_hello_address", server_hello_address.ToString()); + dict.SetString("public_reset_address", public_reset_address.ToString()); return std::move(dict); } -base::Value NetLogQuicCryptoHandshakeMessageCallback( - const quic::CryptoHandshakeMessage* message, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogQuicCryptoHandshakeMessageParams( + const quic::CryptoHandshakeMessage* message) { base::DictionaryValue dict; dict.SetString("quic_crypto_handshake_message", message->DebugString()); return std::move(dict); } -base::Value NetLogQuicOnConnectionClosedCallback( +base::Value NetLogQuicOnConnectionClosedParams( quic::QuicErrorCode error, string error_details, - quic::ConnectionCloseSource source, - NetLogCaptureMode /* capture_mode */) { + quic::ConnectionCloseSource source) { base::DictionaryValue dict; dict.SetInteger("quic_error", error); dict.SetString("details", error_details); @@ -255,9 +228,8 @@ base::Value NetLogQuicOnConnectionClosedCallback( return std::move(dict); } -base::Value NetLogQuicCertificateVerifiedCallback( - scoped_refptr cert, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogQuicCertificateVerifiedParams( + scoped_refptr cert) { // Only the subjects are logged so that we can investigate connection pooling. // More fields could be logged in the future. std::vector dns_names; @@ -421,48 +393,52 @@ void QuicConnectionLogger::OnFrameAddedToPacket(const quic::QuicFrame& frame) { case quic::PADDING_FRAME: break; case quic::STREAM_FRAME: - net_log_.AddEvent( - NetLogEventType::QUIC_SESSION_STREAM_FRAME_SENT, - base::Bind(&NetLogQuicStreamFrameCallback, frame.stream_frame)); + net_log_.AddEvent(NetLogEventType::QUIC_SESSION_STREAM_FRAME_SENT, [&] { + return NetLogQuicStreamFrameParams(frame.stream_frame); + }); break; case quic::ACK_FRAME: { - net_log_.AddEvent( - NetLogEventType::QUIC_SESSION_ACK_FRAME_SENT, - base::Bind(&NetLogQuicAckFrameCallback, frame.ack_frame)); + net_log_.AddEvent(NetLogEventType::QUIC_SESSION_ACK_FRAME_SENT, [&] { + return NetLogQuicAckFrameParams(frame.ack_frame); + }); break; } case quic::RST_STREAM_FRAME: base::UmaHistogramSparse("Net.QuicSession.RstStreamErrorCodeClient", frame.rst_stream_frame->error_code); - net_log_.AddEvent(NetLogEventType::QUIC_SESSION_RST_STREAM_FRAME_SENT, - base::Bind(&NetLogQuicRstStreamFrameCallback, - frame.rst_stream_frame)); + net_log_.AddEvent( + NetLogEventType::QUIC_SESSION_RST_STREAM_FRAME_SENT, [&] { + return NetLogQuicRstStreamFrameParams(frame.rst_stream_frame); + }); break; case quic::CONNECTION_CLOSE_FRAME: net_log_.AddEvent( - NetLogEventType::QUIC_SESSION_CONNECTION_CLOSE_FRAME_SENT, - base::Bind(&NetLogQuicConnectionCloseFrameCallback, - frame.connection_close_frame)); + NetLogEventType::QUIC_SESSION_CONNECTION_CLOSE_FRAME_SENT, [&] { + return NetLogQuicConnectionCloseFrameParams( + frame.connection_close_frame); + }); break; case quic::GOAWAY_FRAME: - net_log_.AddEvent( - NetLogEventType::QUIC_SESSION_GOAWAY_FRAME_SENT, - base::Bind(&NetLogQuicGoAwayFrameCallback, frame.goaway_frame)); + net_log_.AddEvent(NetLogEventType::QUIC_SESSION_GOAWAY_FRAME_SENT, [&] { + return NetLogQuicGoAwayFrameParams(frame.goaway_frame); + }); break; case quic::WINDOW_UPDATE_FRAME: - net_log_.AddEvent(NetLogEventType::QUIC_SESSION_WINDOW_UPDATE_FRAME_SENT, - base::Bind(&NetLogQuicWindowUpdateFrameCallback, - frame.window_update_frame)); + net_log_.AddEvent( + NetLogEventType::QUIC_SESSION_WINDOW_UPDATE_FRAME_SENT, [&] { + return NetLogQuicWindowUpdateFrameParams(frame.window_update_frame); + }); break; case quic::BLOCKED_FRAME: - net_log_.AddEvent( - NetLogEventType::QUIC_SESSION_BLOCKED_FRAME_SENT, - base::Bind(&NetLogQuicBlockedFrameCallback, frame.blocked_frame)); + net_log_.AddEvent(NetLogEventType::QUIC_SESSION_BLOCKED_FRAME_SENT, [&] { + return NetLogQuicBlockedFrameParams(frame.blocked_frame); + }); break; case quic::STOP_WAITING_FRAME: - net_log_.AddEvent(NetLogEventType::QUIC_SESSION_STOP_WAITING_FRAME_SENT, - base::Bind(&NetLogQuicStopWaitingFrameCallback, - &frame.stop_waiting_frame)); + net_log_.AddEvent( + NetLogEventType::QUIC_SESSION_STOP_WAITING_FRAME_SENT, [&] { + return NetLogQuicStopWaitingFrameParams(&frame.stop_waiting_frame); + }); break; case quic::PING_FRAME: UMA_HISTOGRAM_BOOLEAN("Net.QuicSession.ConnectionFlowControlBlocked", @@ -509,15 +485,15 @@ void QuicConnectionLogger::OnPacketSent( if (!net_log_is_capturing_) return; if (!original_packet_number.IsInitialized()) { - net_log_.AddEvent( - NetLogEventType::QUIC_SESSION_PACKET_SENT, - base::Bind(&NetLogQuicPacketSentCallback, serialized_packet, - transmission_type, sent_time)); + net_log_.AddEvent(NetLogEventType::QUIC_SESSION_PACKET_SENT, [&] { + return NetLogQuicPacketSentParams(serialized_packet, transmission_type, + sent_time); + }); } else { - net_log_.AddEvent( - NetLogEventType::QUIC_SESSION_PACKET_RETRANSMITTED, - base::Bind(&NetLogQuicPacketRetransmittedCallback, - original_packet_number, serialized_packet.packet_number)); + net_log_.AddEvent(NetLogEventType::QUIC_SESSION_PACKET_RETRANSMITTED, [&] { + return NetLogQuicPacketRetransmittedParams( + original_packet_number, serialized_packet.packet_number); + }); } } @@ -527,10 +503,10 @@ void QuicConnectionLogger::OnPacketLoss( quic::QuicTime detection_time) { if (!net_log_is_capturing_) return; - net_log_.AddEvent( - NetLogEventType::QUIC_SESSION_PACKET_LOST, - base::Bind(&NetLogQuicPacketLostCallback, lost_packet_number, - transmission_type, detection_time)); + net_log_.AddEvent(NetLogEventType::QUIC_SESSION_PACKET_LOST, [&] { + return NetLogQuicPacketLostParams(lost_packet_number, transmission_type, + detection_time); + }); } void QuicConnectionLogger::OnPingSent() { @@ -553,9 +529,9 @@ void QuicConnectionLogger::OnPacketReceived( last_received_packet_size_ = packet.length(); if (!net_log_is_capturing_) return; - net_log_.AddEvent(NetLogEventType::QUIC_SESSION_PACKET_RECEIVED, - base::Bind(&NetLogQuicPacketCallback, &self_address, - &peer_address, packet.length())); + net_log_.AddEvent(NetLogEventType::QUIC_SESSION_PACKET_RECEIVED, [&] { + return NetLogQuicPacketParams(self_address, peer_address, packet.length()); + }); } void QuicConnectionLogger::OnUnauthenticatedHeader( @@ -564,7 +540,7 @@ void QuicConnectionLogger::OnUnauthenticatedHeader( return; net_log_.AddEvent( NetLogEventType::QUIC_SESSION_UNAUTHENTICATED_PACKET_HEADER_RECEIVED, - base::Bind(&NetLogQuicPacketHeaderCallback, &header)); + [&] { return NetLogQuicPacketHeaderParams(&header); }); } void QuicConnectionLogger::OnIncorrectConnectionId( @@ -583,7 +559,7 @@ void QuicConnectionLogger::OnDuplicatePacket( return; net_log_.AddEvent( NetLogEventType::QUIC_SESSION_DUPLICATE_PACKET_RECEIVED, - base::Bind(&NetLogQuicDuplicatePacketCallback, packet_number)); + [&] { return NetLogQuicDuplicatePacketParams(packet_number); }); } void QuicConnectionLogger::OnProtocolVersionMismatch( @@ -648,10 +624,11 @@ void QuicConnectionLogger::OnStreamFrame(const quic::QuicStreamFrame& frame) { if (!net_log_is_capturing_) return; net_log_.AddEvent(NetLogEventType::QUIC_SESSION_STREAM_FRAME_RECEIVED, - base::Bind(&NetLogQuicStreamFrameCallback, frame)); + [&] { return NetLogQuicStreamFrameParams(frame); }); } void QuicConnectionLogger::OnIncomingAck( + quic::QuicPacketNumber ack_packet_number, const quic::QuicAckFrame& frame, quic::QuicTime ack_receive_time, quic::QuicPacketNumber largest_observed, @@ -668,7 +645,7 @@ void QuicConnectionLogger::OnIncomingAck( if (!net_log_is_capturing_) return; net_log_.AddEvent(NetLogEventType::QUIC_SESSION_ACK_FRAME_RECEIVED, - base::Bind(&NetLogQuicAckFrameCallback, &frame)); + [&] { return NetLogQuicAckFrameParams(&frame); }); // TODO(rch, rtenneti) sort out histograms for QUIC_VERSION_34 and above. } @@ -678,7 +655,7 @@ void QuicConnectionLogger::OnStopWaitingFrame( if (!net_log_is_capturing_) return; net_log_.AddEvent(NetLogEventType::QUIC_SESSION_STOP_WAITING_FRAME_RECEIVED, - base::Bind(&NetLogQuicStopWaitingFrameCallback, &frame)); + [&] { return NetLogQuicStopWaitingFrameParams(&frame); }); } void QuicConnectionLogger::OnRstStreamFrame( @@ -688,7 +665,7 @@ void QuicConnectionLogger::OnRstStreamFrame( if (!net_log_is_capturing_) return; net_log_.AddEvent(NetLogEventType::QUIC_SESSION_RST_STREAM_FRAME_RECEIVED, - base::Bind(&NetLogQuicRstStreamFrameCallback, &frame)); + [&] { return NetLogQuicRstStreamFrameParams(&frame); }); } void QuicConnectionLogger::OnConnectionCloseFrame( @@ -697,7 +674,7 @@ void QuicConnectionLogger::OnConnectionCloseFrame( return; net_log_.AddEvent( NetLogEventType::QUIC_SESSION_CONNECTION_CLOSE_FRAME_RECEIVED, - base::Bind(&NetLogQuicConnectionCloseFrameCallback, &frame)); + [&] { return NetLogQuicConnectionCloseFrameParams(&frame); }); } void QuicConnectionLogger::OnWindowUpdateFrame( @@ -706,7 +683,7 @@ void QuicConnectionLogger::OnWindowUpdateFrame( if (!net_log_is_capturing_) return; net_log_.AddEvent(NetLogEventType::QUIC_SESSION_WINDOW_UPDATE_FRAME_RECEIVED, - base::Bind(&NetLogQuicWindowUpdateFrameCallback, &frame)); + [&] { return NetLogQuicWindowUpdateFrameParams(&frame); }); } void QuicConnectionLogger::OnBlockedFrame(const quic::QuicBlockedFrame& frame) { @@ -714,7 +691,7 @@ void QuicConnectionLogger::OnBlockedFrame(const quic::QuicBlockedFrame& frame) { if (!net_log_is_capturing_) return; net_log_.AddEvent(NetLogEventType::QUIC_SESSION_BLOCKED_FRAME_RECEIVED, - base::Bind(&NetLogQuicBlockedFrameCallback, &frame)); + [&] { return NetLogQuicBlockedFrameParams(&frame); }); } void QuicConnectionLogger::OnGoAwayFrame(const quic::QuicGoAwayFrame& frame) { @@ -724,7 +701,7 @@ void QuicConnectionLogger::OnGoAwayFrame(const quic::QuicGoAwayFrame& frame) { if (!net_log_is_capturing_) return; net_log_.AddEvent(NetLogEventType::QUIC_SESSION_GOAWAY_FRAME_RECEIVED, - base::Bind(&NetLogQuicGoAwayFrameCallback, &frame)); + [&] { return NetLogQuicGoAwayFrameParams(&frame); }); } void QuicConnectionLogger::OnPingFrame(const quic::QuicPingFrame& frame) { @@ -740,10 +717,11 @@ void QuicConnectionLogger::OnPublicResetPacket( local_address_from_shlo_, ToIPEndPoint(packet.client_address)); if (!net_log_is_capturing_) return; - net_log_.AddEvent( - NetLogEventType::QUIC_SESSION_PUBLIC_RESET_PACKET_RECEIVED, - base::Bind(&NetLogQuicPublicResetPacketCallback, - &local_address_from_shlo_, &packet.client_address)); + net_log_.AddEvent(NetLogEventType::QUIC_SESSION_PUBLIC_RESET_PACKET_RECEIVED, + [&] { + return NetLogQuicPublicResetPacketParams( + local_address_from_shlo_, packet.client_address); + }); } void QuicConnectionLogger::OnVersionNegotiationPacket( @@ -752,7 +730,7 @@ void QuicConnectionLogger::OnVersionNegotiationPacket( return; net_log_.AddEvent( NetLogEventType::QUIC_SESSION_VERSION_NEGOTIATION_PACKET_RECEIVED, - base::Bind(&NetLogQuicVersionNegotiationPacketCallback, &packet)); + [&] { return NetLogQuicVersionNegotiationPacketParams(&packet); }); } void QuicConnectionLogger::OnCryptoHandshakeMessageReceived( @@ -768,13 +746,23 @@ void QuicConnectionLogger::OnCryptoHandshakeMessageReceived( "Net.QuicSession.ConnectionTypeFromPeer", GetRealAddressFamily(local_address_from_shlo_.address()), ADDRESS_FAMILY_LAST); + + int sample = GetAddressMismatch(local_address_from_shlo_, + local_address_from_self_); + // We are seemingly talking to an older server that does not support the + // feature, so we can't report the results in the histogram. + if (sample >= 0) { + UMA_HISTOGRAM_ENUMERATION("Net.QuicSession.SelfShloAddressMismatch", + static_cast(sample), + QUIC_ADDRESS_MISMATCH_MAX); + } } } if (!net_log_is_capturing_) return; net_log_.AddEvent( NetLogEventType::QUIC_SESSION_CRYPTO_HANDSHAKE_MESSAGE_RECEIVED, - base::Bind(&NetLogQuicCryptoHandshakeMessageCallback, &message)); + [&] { return NetLogQuicCryptoHandshakeMessageParams(&message); }); } void QuicConnectionLogger::OnCryptoHandshakeMessageSent( @@ -783,18 +771,18 @@ void QuicConnectionLogger::OnCryptoHandshakeMessageSent( return; net_log_.AddEvent( NetLogEventType::QUIC_SESSION_CRYPTO_HANDSHAKE_MESSAGE_SENT, - base::Bind(&NetLogQuicCryptoHandshakeMessageCallback, &message)); + [&] { return NetLogQuicCryptoHandshakeMessageParams(&message); }); } void QuicConnectionLogger::OnConnectionClosed( - quic::QuicErrorCode error, - const string& error_details, + const quic::QuicConnectionCloseFrame& frame, quic::ConnectionCloseSource source) { if (!net_log_is_capturing_) return; - net_log_.AddEvent(NetLogEventType::QUIC_SESSION_CLOSED, - base::Bind(&NetLogQuicOnConnectionClosedCallback, error, - error_details, source)); + net_log_.AddEvent(NetLogEventType::QUIC_SESSION_CLOSED, [&] { + return NetLogQuicOnConnectionClosedParams(frame.quic_error_code, + frame.error_details, source); + }); } void QuicConnectionLogger::OnSuccessfulVersionNegotiation( @@ -802,8 +790,9 @@ void QuicConnectionLogger::OnSuccessfulVersionNegotiation( if (!net_log_is_capturing_) return; string quic_version = QuicVersionToString(version.transport_version); - net_log_.AddEvent(NetLogEventType::QUIC_SESSION_VERSION_NEGOTIATED, - NetLog::StringCallback("version", &quic_version)); + net_log_.AddEventWithStringParams( + NetLogEventType::QUIC_SESSION_VERSION_NEGOTIATED, "version", + quic_version); } void QuicConnectionLogger::UpdateReceivedFrameCounts( @@ -825,9 +814,9 @@ void QuicConnectionLogger::OnCertificateVerified( net_log_.AddEvent(NetLogEventType::QUIC_SESSION_CERTIFICATE_VERIFY_FAILED); return; } - net_log_.AddEvent( - NetLogEventType::QUIC_SESSION_CERTIFICATE_VERIFIED, - base::Bind(&NetLogQuicCertificateVerifiedCallback, result.verified_cert)); + net_log_.AddEvent(NetLogEventType::QUIC_SESSION_CERTIFICATE_VERIFIED, [&] { + return NetLogQuicCertificateVerifiedParams(result.verified_cert); + }); } base::HistogramBase* QuicConnectionLogger::Get6PacketHistogram( diff --git a/chromium/net/quic/quic_connection_logger.h b/chromium/net/quic/quic_connection_logger.h index 4ae3ebf5db5..d987bf5e65c 100644 --- a/chromium/net/quic/quic_connection_logger.h +++ b/chromium/net/quic/quic_connection_logger.h @@ -12,6 +12,7 @@ #include "base/macros.h" #include "base/timer/timer.h" +#include "net/base/ip_endpoint.h" #include "net/base/net_export.h" #include "net/base/network_change_notifier.h" #include "net/cert/cert_verify_result.h" @@ -50,7 +51,8 @@ class NET_EXPORT_PRIVATE QuicConnectionLogger quic::QuicPacketNumber original_packet_number, quic::TransmissionType transmission_type, quic::QuicTime sent_time) override; - void OnIncomingAck(const quic::QuicAckFrame& frame, + void OnIncomingAck(quic::QuicPacketNumber ack_packet_number, + const quic::QuicAckFrame& frame, quic::QuicTime ack_receive_time, quic::QuicPacketNumber largest_observed, bool rtt_updated, @@ -81,8 +83,7 @@ class NET_EXPORT_PRIVATE QuicConnectionLogger void OnPublicResetPacket(const quic::QuicPublicResetPacket& packet) override; void OnVersionNegotiationPacket( const quic::QuicVersionNegotiationPacket& packet) override; - void OnConnectionClosed(quic::QuicErrorCode error, - const std::string& error_details, + void OnConnectionClosed(const quic::QuicConnectionCloseFrame& frame, quic::ConnectionCloseSource source) override; void OnSuccessfulVersionNegotiation( const quic::ParsedQuicVersion& version) override; diff --git a/chromium/net/quic/quic_connectivity_probing_manager.cc b/chromium/net/quic/quic_connectivity_probing_manager.cc index 7f335131789..c4f838014c2 100644 --- a/chromium/net/quic/quic_connectivity_probing_manager.cc +++ b/chromium/net/quic/quic_connectivity_probing_manager.cc @@ -8,7 +8,7 @@ #include "base/metrics/histogram_macros.h" #include "base/strings/string_number_conversions.h" #include "base/values.h" -#include "net/log/net_log.h" +#include "net/log/net_log_values.h" #include "net/quic/address_utils.h" namespace net { @@ -18,11 +18,10 @@ namespace { // Default to 2 seconds timeout as the maximum timeout. const int64_t kMaxProbingTimeoutMs = 2000; -base::Value NetLogStartProbingCallback( +base::Value NetLogStartProbingParams( NetworkChangeNotifier::NetworkHandle network, const quic::QuicSocketAddress* peer_address, - base::TimeDelta initial_timeout, - NetLogCaptureMode capture_mode) { + base::TimeDelta initial_timeout) { base::DictionaryValue dict; dict.SetKey("network", NetLogNumberValue(network)); dict.SetString("peer address", peer_address->ToString()); @@ -31,11 +30,10 @@ base::Value NetLogStartProbingCallback( return std::move(dict); } -base::Value NetLogProbeReceivedCallback( +base::Value NetLogProbeReceivedParams( NetworkChangeNotifier::NetworkHandle network, const IPEndPoint* self_address, - const quic::QuicSocketAddress* peer_address, - NetLogCaptureMode capture_mode) { + const quic::QuicSocketAddress* peer_address) { base::DictionaryValue dict; dict.SetKey("network", NetLogNumberValue(network)); dict.SetString("self address", self_address->ToString()); @@ -43,10 +41,9 @@ base::Value NetLogProbeReceivedCallback( return std::move(dict); } -base::Value NetLogProbingDestinationCallback( +base::Value NetLogProbingDestinationParams( NetworkChangeNotifier::NetworkHandle network, - const quic::QuicSocketAddress* peer_address, - NetLogCaptureMode capture_mode) { + const quic::QuicSocketAddress* peer_address) { base::DictionaryValue dict; dict.SetString("network", base::NumberToString(network)); dict.SetString("peer address", peer_address->ToString()); @@ -63,8 +60,7 @@ QuicConnectivityProbingManager::QuicConnectivityProbingManager( network_(NetworkChangeNotifier::kInvalidNetworkHandle), retry_count_(0), probe_start_time_(base::TimeTicks()), - task_runner_(task_runner), - weak_factory_(this) { + task_runner_(task_runner) { retransmit_timer_.SetTaskRunner(task_runner_); } @@ -103,9 +99,9 @@ void QuicConnectivityProbingManager::CancelProbing( void QuicConnectivityProbingManager::CancelProbingIfAny() { if (is_running_) { net_log_.AddEvent( - NetLogEventType::QUIC_CONNECTIVITY_PROBING_MANAGER_CANCEL_PROBING, - base::Bind(&NetLogProbingDestinationCallback, network_, - &peer_address_)); + NetLogEventType::QUIC_CONNECTIVITY_PROBING_MANAGER_CANCEL_PROBING, [&] { + return NetLogProbingDestinationParams(network_, &peer_address_); + }); } is_running_ = false; network_ = NetworkChangeNotifier::kInvalidNetworkHandle; @@ -150,9 +146,10 @@ void QuicConnectivityProbingManager::StartProbing( initial_timeout_ = initial_timeout; net_log_.AddEvent( - NetLogEventType::QUIC_CONNECTIVITY_PROBING_MANAGER_START_PROBING, - base::Bind(&NetLogStartProbingCallback, network_, &peer_address_, - initial_timeout_)); + NetLogEventType::QUIC_CONNECTIVITY_PROBING_MANAGER_START_PROBING, [&] { + return NetLogStartProbingParams(network_, &peer_address_, + initial_timeout_); + }); reader_->StartReading(); SendConnectivityProbingPacket(initial_timeout_); @@ -183,9 +180,10 @@ void QuicConnectivityProbingManager::OnConnectivityProbingReceived( } net_log_.AddEvent( - NetLogEventType::QUIC_CONNECTIVITY_PROBING_MANAGER_PROBE_RECEIVED, - base::Bind(&NetLogProbeReceivedCallback, network_, &local_address, - &peer_address_)); + NetLogEventType::QUIC_CONNECTIVITY_PROBING_MANAGER_PROBE_RECEIVED, [&] { + return NetLogProbeReceivedParams(network_, &local_address, + &peer_address_); + }); UMA_HISTOGRAM_COUNTS_100("Net.QuicSession.ProbingRetryCountUntilSuccess", retry_count_); @@ -202,9 +200,9 @@ void QuicConnectivityProbingManager::OnConnectivityProbingReceived( void QuicConnectivityProbingManager::SendConnectivityProbingPacket( base::TimeDelta timeout) { - net_log_.AddEvent( + net_log_.AddEventWithInt64Params( NetLogEventType::QUIC_CONNECTIVITY_PROBING_MANAGER_PROBE_SENT, - NetLog::Int64Callback("sent_count", retry_count_)); + "sent_count", retry_count_); if (!delegate_->OnSendConnectivityProbingPacket(writer_.get(), peer_address_)) { NotifyDelegateProbeFailed(); diff --git a/chromium/net/quic/quic_connectivity_probing_manager.h b/chromium/net/quic/quic_connectivity_probing_manager.h index e18ae034978..aa5bc7a1a52 100644 --- a/chromium/net/quic/quic_connectivity_probing_manager.h +++ b/chromium/net/quic/quic_connectivity_probing_manager.h @@ -128,7 +128,7 @@ class NET_EXPORT_PRIVATE QuicConnectivityProbingManager base::SequencedTaskRunner* task_runner_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(QuicConnectivityProbingManager); }; diff --git a/chromium/net/quic/quic_connectivity_probing_manager_test.cc b/chromium/net/quic/quic_connectivity_probing_manager_test.cc index 2d4f7fe0bab..b4a17de50b5 100644 --- a/chromium/net/quic/quic_connectivity_probing_manager_test.cc +++ b/chromium/net/quic/quic_connectivity_probing_manager_test.cc @@ -7,6 +7,7 @@ #include "base/stl_util.h" #include "base/test/test_mock_time_task_runner.h" #include "net/log/test_net_log.h" +#include "net/quic/address_utils.h" #include "net/socket/socket_test_util.h" #include "net/test/gtest_util.h" #include "net/third_party/quiche/src/quic/test_tools/mock_clock.h" @@ -26,12 +27,12 @@ const NetworkChangeNotifier::NetworkHandle testNetworkHandle = 1; const IPEndPoint kIpEndPoint = IPEndPoint(IPAddress::IPv4AllZeros(), quic::test::kTestPort); const quic::QuicSocketAddress testPeerAddress = - quic::QuicSocketAddress(quic::QuicSocketAddressImpl(kIpEndPoint)); + ToQuicSocketAddress(kIpEndPoint); const IPEndPoint newIpEndPoint = IPEndPoint(IPAddress::IPv4AllZeros(), quic::test::kTestPort + 1); const quic::QuicSocketAddress newPeerAddress = - quic::QuicSocketAddress(quic::QuicSocketAddressImpl(newIpEndPoint)); + ToQuicSocketAddress(newIpEndPoint); } // anonymous namespace class MockQuicChromiumClientSession @@ -39,7 +40,8 @@ class MockQuicChromiumClientSession public QuicChromiumPacketReader::Visitor { public: MockQuicChromiumClientSession() - : probed_network_(NetworkChangeNotifier::kInvalidNetworkHandle) {} + : probed_network_(NetworkChangeNotifier::kInvalidNetworkHandle), + is_successfully_probed_(false) {} ~MockQuicChromiumClientSession() override {} // QuicChromiumPacketReader::Visitor interface. @@ -66,21 +68,29 @@ class MockQuicChromiumClientSession std::unique_ptr socket, std::unique_ptr writer, std::unique_ptr reader) override { + is_successfully_probed_ = true; probed_network_ = network; probed_peer_address_ = peer_address; + probed_self_address_ = self_address; } - NetworkChangeNotifier::NetworkHandle probed_network() const { - return probed_network_; - } + bool IsProbedPathMatching(NetworkChangeNotifier::NetworkHandle network, + const quic::QuicSocketAddress& peer_address, + const quic::QuicSocketAddress& self_address) const { + if (!is_successfully_probed_) + return false; - quic::QuicSocketAddress probed_peer_address() const { - return probed_peer_address_; + return probed_network_ == network && probed_peer_address_ == peer_address && + probed_self_address_ == self_address; } + bool is_successfully_probed() const { return is_successfully_probed_; } + private: NetworkChangeNotifier::NetworkHandle probed_network_; quic::QuicSocketAddress probed_peer_address_; + quic::QuicSocketAddress probed_self_address_; + bool is_successfully_probed_; DISALLOW_COPY_AND_ASSIGN(MockQuicChromiumClientSession); }; @@ -102,8 +112,7 @@ class QuicConnectivityProbingManagerTest : public ::testing::Test { EXPECT_THAT(socket_->Connect(kIpEndPoint), IsOk()); IPEndPoint self_address; socket_->GetLocalAddress(&self_address); - self_address_ = - quic::QuicSocketAddress(quic::QuicSocketAddressImpl(self_address)); + self_address_ = ToQuicSocketAddress(self_address); // Create packet writer and reader for probing. writer_.reset( new QuicChromiumPacketWriter(socket_.get(), test_task_runner_.get())); @@ -138,10 +147,13 @@ class QuicConnectivityProbingManagerTest : public ::testing::Test { }; TEST_F(QuicConnectivityProbingManagerTest, ReceiveProbingResponseOnSamePath) { + EXPECT_FALSE(session_.is_successfully_probed()); int initial_timeout_ms = 100; EXPECT_CALL(session_, OnSendConnectivityProbingPacket(_, testPeerAddress)) .WillOnce(Return(true)); + + // Target probing path: . probing_manager_.StartProbing( testNetworkHandle, testPeerAddress, std::move(socket_), std::move(writer_), std::move(reader_), @@ -150,7 +162,7 @@ TEST_F(QuicConnectivityProbingManagerTest, ReceiveProbingResponseOnSamePath) { EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); // Fast forward initial_timeout_ms, timeout the first connectivity probing - // packet, introduce another probing packet to sent out with timeout set to + // packet, cause another probing packet to be sent with timeout set to // 2 * initial_timeout_ms. EXPECT_CALL(session_, OnSendConnectivityProbingPacket(_, testPeerAddress)) .WillOnce(Return(true)); @@ -165,6 +177,7 @@ TEST_F(QuicConnectivityProbingManagerTest, ReceiveProbingResponseOnSamePath) { test_task_runner_->FastForwardBy( base::TimeDelta::FromMilliseconds(initial_timeout_ms)); EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); + EXPECT_FALSE(session_.is_successfully_probed()); // Notify the manager a connectivity probing packet is received from // testPeerAddress to |self_address_|, manager should decalre probing as @@ -174,7 +187,9 @@ TEST_F(QuicConnectivityProbingManagerTest, ReceiveProbingResponseOnSamePath) { .Times(0); probing_manager_.OnConnectivityProbingReceived(self_address_, testPeerAddress); - EXPECT_EQ(session_.probed_network(), testNetworkHandle); + EXPECT_TRUE(session_.is_successfully_probed()); + EXPECT_TRUE(session_.IsProbedPathMatching(testNetworkHandle, testPeerAddress, + self_address_)); EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); // Verify there's nothing to send. @@ -187,10 +202,13 @@ TEST_F(QuicConnectivityProbingManagerTest, ReceiveProbingResponseOnSamePath) { TEST_F(QuicConnectivityProbingManagerTest, ReceiveProbingResponseOnDifferentPath) { + EXPECT_FALSE(session_.is_successfully_probed()); int initial_timeout_ms = 100; EXPECT_CALL(session_, OnSendConnectivityProbingPacket(_, testPeerAddress)) .WillOnce(Return(true)); + + // Target probing path: . probing_manager_.StartProbing( testNetworkHandle, testPeerAddress, std::move(socket_), std::move(writer_), std::move(reader_), @@ -199,7 +217,7 @@ TEST_F(QuicConnectivityProbingManagerTest, EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); // Fast forward initial_timeout_ms, timeout the first connectivity probing - // packet, introduce another probing packet to sent out with timeout set to + // packet, cause another probing packet to be sent with timeout set to // 2 * initial_timeout_ms. EXPECT_CALL(session_, OnSendConnectivityProbingPacket(_, testPeerAddress)) .WillOnce(Return(true)); @@ -221,7 +239,7 @@ TEST_F(QuicConnectivityProbingManagerTest, .Times(0); probing_manager_.OnConnectivityProbingReceived(quic::QuicSocketAddress(), testPeerAddress); - EXPECT_NE(session_.probed_network(), testNetworkHandle); + EXPECT_FALSE(session_.is_successfully_probed()); EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); // Fast forward another initial_timeout_ms, another probing packet will be @@ -237,7 +255,83 @@ TEST_F(QuicConnectivityProbingManagerTest, .Times(0); probing_manager_.OnConnectivityProbingReceived(self_address_, testPeerAddress); - EXPECT_EQ(session_.probed_network(), testNetworkHandle); + EXPECT_TRUE(session_.is_successfully_probed()); + EXPECT_TRUE(session_.IsProbedPathMatching(testNetworkHandle, testPeerAddress, + self_address_)); + EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); + + // Verify there's nothing to send. + EXPECT_CALL(session_, OnSendConnectivityProbingPacket(_, testPeerAddress)) + .Times(0); + test_task_runner_->RunUntilIdle(); +} + +TEST_F(QuicConnectivityProbingManagerTest, + ReceiveProbingResponseOnDifferentPort) { + EXPECT_FALSE(session_.is_successfully_probed()); + int initial_timeout_ms = 100; + + EXPECT_CALL(session_, OnSendConnectivityProbingPacket(_, testPeerAddress)) + .WillOnce(Return(true)); + + // Target probing path: . + probing_manager_.StartProbing( + NetworkChangeNotifier::kInvalidNetworkHandle, testPeerAddress, + std::move(socket_), std::move(writer_), std::move(reader_), + base::TimeDelta::FromMilliseconds(initial_timeout_ms), + bound_test_net_log_.bound()); + EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); + + // Fast forward initial_timeout_ms, timeout the first connectivity probing + // packet, cause another probing packet to be sent with timeout set to + // 2 * initial_timeout_ms. + EXPECT_CALL(session_, OnSendConnectivityProbingPacket(_, testPeerAddress)) + .WillOnce(Return(true)); + test_task_runner_->FastForwardBy( + base::TimeDelta::FromMilliseconds(initial_timeout_ms)); + EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); + + // Fast forward initial_timeout_ms, should be no-op. + EXPECT_CALL(session_, OnSendConnectivityProbingPacket(_, testPeerAddress)) + .Times(0); + test_task_runner_->FastForwardBy( + base::TimeDelta::FromMilliseconds(initial_timeout_ms)); + EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); + + // Notify the manager a connectivity probing packet is received from + // testPeerAddress to a different self address (which only differs in the + // port), manager should ignore the probing response and continue waiting. + EXPECT_CALL(session_, OnSendConnectivityProbingPacket(_, testPeerAddress)) + .Times(0); + uint16_t different_port = self_address_.port() + 1; + quic::QuicSocketAddress different_self_address(self_address_.host(), + different_port); + probing_manager_.OnConnectivityProbingReceived(different_self_address, + testPeerAddress); + EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); + // Verify that session's probed network is still not valid. + EXPECT_FALSE(session_.is_successfully_probed()); + + // Fast forward another initial_timeout_ms, another probing packet will be + // sent. + EXPECT_CALL(session_, OnSendConnectivityProbingPacket(_, testPeerAddress)) + .WillOnce(Return(true)); + test_task_runner_->FastForwardBy( + base::TimeDelta::FromMilliseconds(initial_timeout_ms)); + EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); + + // Finally receive the probing response on the same self address and peer + // address. + EXPECT_CALL(session_, OnSendConnectivityProbingPacket(_, testPeerAddress)) + .Times(0); + probing_manager_.OnConnectivityProbingReceived(self_address_, + testPeerAddress); + // Verify that session's probed network is not valid yet. + EXPECT_TRUE(session_.is_successfully_probed()); + EXPECT_TRUE(session_.IsProbedPathMatching( + NetworkChangeNotifier::kInvalidNetworkHandle, testPeerAddress, + self_address_)); EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); // Verify there's nothing to send. @@ -292,7 +386,7 @@ TEST_F(QuicConnectivityProbingManagerTest, CancelProbing) { EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); // Fast forward initial_timeout_ms, timeout the first connectivity probing - // packet, introduce another probing packet to sent out with timeout set to + // packet, cause another probing packet to be sent with timeout set to // 2 * initial_timeout_ms. EXPECT_CALL(session_, OnSendConnectivityProbingPacket(_, testPeerAddress)) .WillOnce(Return(true)); @@ -369,7 +463,7 @@ TEST_F(QuicConnectivityProbingManagerTest, ProbingWriterError) { EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); // Fast forward initial_timeout_ms, timeout the first connectivity probing - // packet, introduce another probing packet to sent out with timeout set to + // packet, cause another probing packet to be sent with timeout set to // 2 * initial_timeout_ms. EXPECT_CALL(session_, OnSendConnectivityProbingPacket(_, testPeerAddress)) .WillOnce(Return(true)); @@ -435,9 +529,10 @@ TEST_F(QuicConnectivityProbingManagerTest, // Verify that session marked as // successfully probed. - EXPECT_EQ(session_.probed_network(), - NetworkChangeNotifier::kInvalidNetworkHandle); - EXPECT_EQ(session_.probed_peer_address(), testPeerAddress); + EXPECT_TRUE(session_.is_successfully_probed()); + EXPECT_TRUE(session_.IsProbedPathMatching( + NetworkChangeNotifier::kInvalidNetworkHandle, testPeerAddress, + self_address_)); EXPECT_EQ(1u, test_task_runner_->GetPendingTaskCount()); EXPECT_CALL(session_, OnSendConnectivityProbingPacket(_, testPeerAddress)) diff --git a/chromium/net/quic/quic_end_to_end_unittest.cc b/chromium/net/quic/quic_end_to_end_unittest.cc index 85dabee8522..fa860122285 100644 --- a/chromium/net/quic/quic_end_to_end_unittest.cc +++ b/chromium/net/quic/quic_end_to_end_unittest.cc @@ -141,7 +141,7 @@ class QuicEndToEndTest : public ::testing::Test, // To simplify the test, and avoid the race with the HTTP request, we force // QUIC for these requests. - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("test.example.com:443")); transaction_factory_.reset( diff --git a/chromium/net/quic/quic_flags_list.h b/chromium/net/quic/quic_flags_list.h index 9f68e2cf365..16590ee9c3f 100644 --- a/chromium/net/quic/quic_flags_list.h +++ b/chromium/net/quic/quic_flags_list.h @@ -25,11 +25,6 @@ QUIC_FLAG(int64_t, FLAGS_quic_time_wait_list_seconds, 200) // no configured limit. QUIC_FLAG(int64_t, FLAGS_quic_time_wait_list_max_connections, 600000) -// Enables server-side support for QUIC stateless rejects. -QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_enable_quic_stateless_reject_support, - false) - // If true, require handshake confirmation for QUIC connections, functionally // disabling 0-rtt handshakes. // TODO(rtenneti): Enable this flag after CryptoServerTest's are fixed. @@ -43,12 +38,6 @@ QUIC_FLAG(bool, FLAGS_quic_disable_pacing_for_perf_tests, false) // If true, enforce that QUIC CHLOs fit in one packet. QUIC_FLAG(bool, FLAGS_quic_enforce_single_packet_chlo, true) -// If true, QUIC will use cheap stateless rejects without creating a full -// connection. -QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_use_cheap_stateless_rejects, - false) - // If true, allows packets to be buffered in anticipation of a future CHLO, and // allow CHLO packets to be buffered until next iteration of the event loop. QUIC_FLAG(bool, FLAGS_quic_allow_chlo_buffering, true) @@ -72,6 +61,10 @@ QUIC_FLAG(bool, // When true, defaults to BBR congestion control instead of Cubic. QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_default_to_bbr, false) +// If true, use BBRv2 as the default congestion controller. +// Takes precedence over --quic_default_to_bbr. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_default_to_bbr_v2, false) + // If buffered data in QUIC stream is less than this threshold, buffers all // provided data or asks upper layer for more data. QUIC_FLAG(uint32_t, FLAGS_quic_buffered_data_threshold, 8192u) @@ -83,9 +76,6 @@ QUIC_FLAG(uint32_t, FLAGS_quic_send_buffer_max_data_slice_size, 4096u) // protocol. QUIC_FLAG(bool, FLAGS_quic_supports_tls_handshake, false) -// Allow QUIC to accept initial packet numbers that are random, not 1. -QUIC_FLAG(bool, FLAGS_quic_restart_flag_quic_enable_accept_random_ipn, true) - // Enables 3 new connection options to make PROBE_RTT more aggressive QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_bbr_less_probe_rtt, false) @@ -103,12 +93,6 @@ QUIC_FLAG(int32_t, FLAGS_quic_lumpy_pacing_size, 1) // pacing. QUIC_FLAG(double, FLAGS_quic_lumpy_pacing_cwnd_fraction, 0.25f) -// If true, static streams in a QuicSession will be stored inside dynamic -// stream map. static_stream_map will no longer be used. -QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_eliminate_static_stream_map_3, - false) - // Default enables QUIC ack decimation and adds a connection option to disable // it. QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_enable_ack_decimation, false) @@ -125,17 +109,6 @@ QUIC_FLAG(double, FLAGS_quic_pace_time_into_future_srtt_fraction, 0.125f) // Mechanism to override version label and ALPN for IETF interop. QUIC_FLAG(int32_t, FLAGS_quic_ietf_draft_version, 0) -// If true, enable QUIC v44. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_enable_version_44, true) - -// Stop checking QuicUnackedPacketMap::HasUnackedRetransmittableFrames and -// instead rely on the existing check that bytes_in_flight > 0 -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_optimize_inflight_check, false) - -// When you\'re app-limited entering recovery, stay app-limited until you exit -// recovery in QUIC BBR. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_bbr_app_limited_recovery, false) - // If true, stop resetting ideal_next_packet_send_time_ in pacing sender. QUIC_FLAG( bool, @@ -149,10 +122,6 @@ QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_enable_pcc3, false) // ACK in packet conservation. QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_bbr_one_mss_conservation, false) -// Add 3 connection options to decrease the pacing and CWND gain in QUIC BBR -// STARTUP. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_bbr_slower_startup3, true) - // When true, the LOSS connection option allows for 1/8 RTT of reording instead // of the current 1/8th threshold which has been found to be too large for fast // loss recovery. @@ -174,33 +143,10 @@ QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_stop_reading_when_level_triggered, false) -// If true, QuicSession::HasPendingCryptoData checks whether the crypto stream's -// send buffer is empty. This flag fixes a bug where the retransmission alarm -// mode is wrong for the first CHLO packet. -QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_fix_has_pending_crypto_data, - true) - -// When true, fix initialization and updating of -// |time_of_first_packet_sent_after_receiving_| in QuicConnection. -QUIC_FLAG( - bool, - FLAGS_quic_reloadable_flag_quic_fix_time_of_first_packet_sent_after_receiving, - true) - // When the STMP connection option is sent by the client, timestamps in the QUIC // ACK frame are sent and processed. QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_send_timestamps, false) -// If true, dispatcher passes in a single version when creating a server -// connection, such that version negotiation is not supported in connection. -QUIC_FLAG(bool, - FLAGS_quic_restart_flag_quic_no_server_conn_ver_negotiation2, - true) - -// If true, enable QUIC version 46. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_enable_version_46, true) - // When in STARTUP and recovery, do not add bytes_acked to QUIC BBR's CWND in // CalculateCongestionWindow() QUIC_FLAG( @@ -217,21 +163,11 @@ QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_use_common_stream_check, false) // packets as no longer inflight when they're retransmitted. QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_loss_removes_from_inflight, - false) + true) // If true, QuicEpollClock::Now() will monotonically increase. QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_monotonic_epoll_clock, false) -// If true, a client connection would be closed when a version negotiation -// packet is received. It would be the higher layer's responsibility to do the -// reconnection. -QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_no_client_conn_ver_negotiation, - false) - -// If true, public reset packets sent from GFE will include a kEPID tag. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_fix_spurious_ack_alarm, false) - // If true, enables the BBS4 and BBS5 connection options, which reduce BBR's // pacing rate in STARTUP as more losses occur as a fraction of CWND. QUIC_FLAG(bool, @@ -243,53 +179,15 @@ QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_log_cert_name_for_empty_sct, true) -// If true, enable QUIC version 47 which adds CRYPTO frames. +// If true, enable QUIC version 47. QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_enable_version_47, false) +// If true, enable QUIC version 48. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_enable_version_48, false) + // If true, disable QUIC version 39. QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_disable_version_39, false) -// If true, use one loss algorithm per encryption level. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_use_uber_loss_algorithm, true) - -// If true, QuicStreamSequencerBuffer will switch to a new -// QuicIntervalSet::AddOptimizedForAppend method in OnStreamData(). -QUIC_FLAG( - bool, - FLAGS_quic_reloadable_flag_quic_faster_interval_add_in_sequence_buffer, - true) - -// If true, GFE time wait list will send termination packets based on current -// packet's encryption level. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_fix_termination_packets, true) - -// If true, stop using AckBundling mode to send ACK, also deprecate ack_queued -// from QuicConnection. -QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_deprecate_ack_bundling_mode, - true) - -// If both this flag and gfe2_reloadable_flag_quic_deprecate_ack_bundling_mode -// are true, QuicReceivedPacketManager decides when to send ACKs. -QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_rpm_decides_when_to_send_acks, - true) - -// In QUIC, do not close connection if received an in-order ACK with decreased -// largest_acked. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_tolerate_reneging, true) - -QUIC_FLAG( - bool, - FLAGS_quic_reloadable_flag_quic_validate_packet_number_post_decryption, - true) - -// If this flag and quic_rpm_decides_when_to_send_acks is true, use uber -// received packet manager instead of the single received packet manager. -QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_use_uber_received_packet_manager, - true) - // If true and using Leto for QUIC shared-key calculations, GFE will react to a // failure to contact Leto by sending a REJ containing a fallback ServerConfig, // allowing the client to continue the handshake. @@ -304,82 +202,141 @@ QUIC_FLAG(bool, FLAGS_quic_restart_flag_dont_fetch_quic_private_keys_from_leto, false) -// If true, disable lumpy pacing for low bandwidth flows. +// In v44 and above, where STOP_WAITING is never sent, close the connection if +// it's received. QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_no_lumpy_pacing_at_low_bw, + FLAGS_quic_reloadable_flag_quic_do_not_accept_stop_waiting, false) -// If true, in BbrSender, always get a bandwidth sample when a packet is acked, -// even if packet.bytes_acked is zero. +// If true, set burst token to 2 in cwnd bootstrapping experiment. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_conservative_bursts, false) + +// When true, QuicFramer will not override connection IDs in headers and will +// instead respect the source/destination direction as expected by IETF QUIC. QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_always_get_bw_sample_when_acked, + FLAGS_quic_restart_flag_quic_do_not_override_connection_id, true) -// If true, ignore TLPR for retransmission delay when sending pings from ping -// alarm. +// If true, export number of packets written per write operation histogram.") +QUIC_FLAG(bool, FLAGS_quic_export_server_num_packets_per_write_histogram, false) + +// If true, uses conservative cwnd gain and pacing gain. QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_ignore_tlpr_if_sending_ping, - true) + FLAGS_quic_reloadable_flag_quic_conservative_cwnd_and_pacing_gains, + false) -// If true, non-ASCII QUIC tags are printed as hex instead of integers." -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_print_tag_hex, false) +// When true, QuicConnectionId will allocate long connection IDs on the heap +// instead of inline in the object. +QUIC_FLAG(bool, FLAGS_quic_restart_flag_quic_use_allocated_connection_ids, true) -// If true, terminate Google QUIC connections similary as IETF QUIC. +// If enabled, do not call OnStreamFrame() with empty frame after receiving +// empty or too large headers with FIN. QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_terminate_gquic_connection_as_ietf, + FLAGS_quic_reloadable_flag_quic_avoid_empty_frame_after_empty_headers, true) -// If true, disable QUIC trial decryption in V44 and above. +// If true, disable QUIC version 44. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_disable_version_44, true) + +// If true, ignore TLPR if there is no pending stream data. QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_v44_disable_trial_decryption, - false) + FLAGS_quic_reloadable_flag_quic_ignore_tlpr_if_no_pending_stream_data, + true) -// In v44 and above, where STOP_WAITING is never sent, close the connection if -// it's received. +// If true, when detecting losses, use packets_acked of corresponding packet +// number space. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_fix_packets_acked, true) + +// QUIC version 99 will use this stream ID for the headers stream. +QUIC_FLAG(int64_t, FLAGS_quic_headers_stream_id_in_v99, 0) + +// When true, QuicDispatcher will drop packets that have an initial destination +// connection ID that is too short, instead of responding with a Version +// Negotiation packet to reject it. +QUIC_FLAG( + bool, + FLAGS_quic_reloadable_flag_quic_drop_invalid_small_initial_connection_id, + true) + +// When true, QUIC Version Negotiation packets will randomly include fake +// versions. QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_do_not_accept_stop_waiting, + FLAGS_quic_reloadable_flag_quic_version_negotiation_grease, false) -// If true, deprecate queued_control_frames_ from QuicPacketGenerator. +// If true, use predictable version negotiation versions. +QUIC_FLAG(bool, FLAGS_quic_disable_version_negotiation_grease_randomness, false) + +// Fixes quic::GetPacketHeaderSize and callsites when +// QuicVersionHasLongHeaderLengths is false. QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_deprecate_queued_control_frames, - false) + FLAGS_quic_reloadable_flag_quic_fix_get_packet_header_size, + true) -// When true, QUIC server will drop IETF QUIC Version Negotiation packets. +// Calls ClearQueuedPackets after sending a connection close packet. +QUIC_FLAG( + bool, + FLAGS_quic_reloadable_flag_quic_clear_queued_packets_on_connection_close, + true) + +// If true, QuicConnection will be closed if a WindowUpdate frame is received on +// a READ_UNIDIRECTIONAL stream. QUIC_FLAG(bool, - FLAGS_quic_restart_flag_quic_server_drop_version_negotiation, + FLAGS_quic_reloadable_flag_quic_no_window_update_on_read_only_stream, false) -// When true, version negotiation packets sent by the server will set the fixed -// bit. +// If true and --quic_lumpy_pacing_size is 1, QUIC will use a lumpy size of two +// for pacing. +QUIC_FLAG( + bool, + FLAGS_quic_reloadable_flag_quic_change_default_lumpy_pacing_size_to_two, + false) + +// If true, QuicSpdySession::GetSpdyDataStream() will close the connection +// if the returned stream is static. QUIC_FLAG(bool, - FLAGS_quic_reloadable_flag_quic_send_version_negotiation_fixed_bit, + FLAGS_quic_reloadable_flag_quic_handle_staticness_for_spdy_stream, false) -// When true, allow variable length QUIC connection IDs for unsupported -// versions. This allows performing version negotiation when the client-chosen -// server connection ID length is not 8. +// If true, do not add connection ID of packets with unknown connection ID +// and no version to time wait list, instead, send appropriate responses +// depending on the packets' sizes and drop them. QUIC_FLAG( bool, - FLAGS_quic_restart_flag_quic_allow_variable_length_connection_id_for_negotiation, + FLAGS_quic_reloadable_flag_quic_reject_unprocessable_packets_statelessly, false) -// If true, set burst token to 2 in cwnd bootstrapping experiment. -QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_conservative_bursts, false) +// When true, QuicConnectionId::Hash uses SipHash instead of XOR. +QUIC_FLAG(bool, FLAGS_quic_restart_flag_quic_connection_id_use_siphash, false) -// If true, make QuicDispatcher no longer have an instance of QuicFramer. -QUIC_FLAG(bool, - FLAGS_quic_restart_flag_quic_no_framer_object_in_dispatcher, - false) +// If true, when RTO fires and there is no packet to be RTOed, let connection +// send. +QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_fix_rto_retransmission, true) -// When true, QuicFramer will not override connection IDs in headers and will -// instead respect the source/destination direction as expected by IETF QUIC. +// If true, QuicSession::GetOrCreateDynamicStream() is deprecated, and its +// contents are moved to GetOrCreateStream(). QUIC_FLAG(bool, - FLAGS_quic_restart_flag_quic_do_not_override_connection_id, + FLAGS_quic_reloadable_flag_quic_inline_getorcreatedynamicstream, false) -// Do not send STOP_WAITING if no_stop_waiting_frame_ is true. +// Maximum number of tracked packets. +QUIC_FLAG(int64_t, FLAGS_quic_max_tracked_packet_count, 10000) + +// If true, HTTP request header names sent from QuicSpdyClientBase(and +// descendents) will be automatically converted to lower case. +QUIC_FLAG(bool, FLAGS_quic_client_convert_http_header_name_to_lowercase, true) + +// If true, do not send STOP_WAITING if no_stop_waiting_frame_. QUIC_FLAG(bool, FLAGS_quic_reloadable_flag_quic_simplify_stop_waiting, false) -// If true, export number of packets written per write operation histogram.") -QUIC_FLAG(bool, FLAGS_quic_export_server_num_packets_per_write_histogram, false) +// If true, allow client to enable BBRv2 on server via connection option 'B2ON'. +QUIC_FLAG(bool, + FLAGS_quic_reloadable_flag_quic_allow_client_enabled_bbr_v2, + false) + +// When true, QuicDispatcher will pass the version from the packet to the +// ChloExtractor instead of all supported versions. +QUIC_FLAG( + bool, + FLAGS_quic_restart_flag_quic_dispatcher_hands_chlo_extractor_one_version, + true) diff --git a/chromium/net/quic/quic_http_stream.cc b/chromium/net/quic/quic_http_stream.cc index 740f2298f8e..fe7c0a8961b 100644 --- a/chromium/net/quic/quic_http_stream.cc +++ b/chromium/net/quic/quic_http_stream.cc @@ -34,15 +34,25 @@ namespace net { namespace { -base::Value NetLogQuicPushStreamCallback(quic::QuicStreamId stream_id, - const GURL* url, - NetLogCaptureMode capture_mode) { +base::Value NetLogQuicPushStreamParams(quic::QuicStreamId stream_id, + const GURL& url) { base::DictionaryValue dict; dict.SetInteger("stream_id", stream_id); - dict.SetString("url", url->spec()); + dict.SetString("url", url.spec()); return std::move(dict); } +void NetLogQuicPushStream(const NetLogWithSource& net_log1, + const NetLogWithSource& net_log2, + NetLogEventType type, + quic::QuicStreamId stream_id, + const GURL& url) { + net_log1.AddEvent(type, + [&] { return NetLogQuicPushStreamParams(stream_id, url); }); + net_log2.AddEvent(type, + [&] { return NetLogQuicPushStreamParams(stream_id, url); }); +} + } // namespace QuicHttpStream::QuicHttpStream( @@ -67,8 +77,7 @@ QuicHttpStream::QuicHttpStream( user_buffer_len_(0), session_error_(ERR_UNEXPECTED), found_promise_(false), - in_loop_(false), - weak_factory_(this) {} + in_loop_(false) {} QuicHttpStream::~QuicHttpStream() { CHECK(!in_loop_); @@ -90,6 +99,8 @@ HttpResponseInfo::ConnectionInfo QuicHttpStream::ConnectionInfoFromQuicVersion( return HttpResponseInfo::CONNECTION_INFO_QUIC_46; case quic::QUIC_VERSION_47: return HttpResponseInfo::CONNECTION_INFO_QUIC_47; + case quic::QUIC_VERSION_48: + return HttpResponseInfo::CONNECTION_INFO_QUIC_48; case quic::QUIC_VERSION_99: return HttpResponseInfo::CONNECTION_INFO_QUIC_99; case quic::QUIC_VERSION_RESERVED_FOR_NEGOTIATION: @@ -115,14 +126,13 @@ int QuicHttpStream::InitializeStream(const HttpRequestInfo* request_info, if (!quic_session()->IsConnected()) return GetResponseStatus(); - stream_net_log.AddEvent( + stream_net_log.AddEventReferencingSource( NetLogEventType::HTTP_STREAM_REQUEST_BOUND_TO_QUIC_SESSION, - quic_session()->net_log().source().ToEventParametersCallback()); - stream_net_log.AddEvent( + quic_session()->net_log().source()); + stream_net_log.AddEventWithIntParams( NetLogEventType::QUIC_CONNECTION_MIGRATION_MODE, - NetLog::IntCallback( - "connection_migration_mode", - static_cast(quic_session()->connection_migration_mode()))); + "connection_migration_mode", + static_cast(quic_session()->connection_migration_mode())); stream_net_log_ = stream_net_log; request_info_ = request_info; @@ -137,14 +147,10 @@ int QuicHttpStream::InitializeStream(const HttpRequestInfo* request_info, quic_session()->GetPushPromiseIndex()->GetPromised(url); if (promised) { found_promise_ = true; - stream_net_log_.AddEvent( + NetLogQuicPushStream( + stream_net_log_, quic_session()->net_log(), NetLogEventType::QUIC_HTTP_STREAM_PUSH_PROMISE_RENDEZVOUS, - base::Bind(&NetLogQuicPushStreamCallback, promised->id(), - &request_info_->url)); - quic_session()->net_log().AddEvent( - NetLogEventType::QUIC_HTTP_STREAM_PUSH_PROMISE_RENDEZVOUS, - base::Bind(&NetLogQuicPushStreamCallback, promised->id(), - &request_info_->url)); + promised->id(), request_info_->url); return OK; } @@ -179,14 +185,9 @@ int QuicHttpStream::DoHandlePromiseComplete(int rv) { stream_->SetPriority(spdy_priority); next_state_ = STATE_OPEN; - stream_net_log_.AddEvent( - NetLogEventType::QUIC_HTTP_STREAM_ADOPTED_PUSH_STREAM, - base::Bind(&NetLogQuicPushStreamCallback, stream_->id(), - &request_info_->url)); - quic_session()->net_log().AddEvent( - NetLogEventType::QUIC_HTTP_STREAM_ADOPTED_PUSH_STREAM, - base::Bind(&NetLogQuicPushStreamCallback, stream_->id(), - &request_info_->url)); + NetLogQuicPushStream(stream_net_log_, quic_session()->net_log(), + NetLogEventType::QUIC_HTTP_STREAM_ADOPTED_PUSH_STREAM, + stream_->id(), request_info_->url); return OK; } @@ -345,9 +346,12 @@ bool QuicHttpStream::IsConnectionReused() const { } int64_t QuicHttpStream::GetTotalReceivedBytes() const { - // TODO(sclittle): Currently, this only includes headers and response body - // bytes. Change this to include QUIC overhead as well. - int64_t total_received_bytes = headers_bytes_received_; + // When QPACK is enabled, headers are sent and received on the stream, so + // the headers bytes do not need to be accounted for independently. + int64_t total_received_bytes = + quic::VersionUsesQpack(quic_session()->GetQuicVersion()) + ? 0 + : headers_bytes_received_; if (stream_) { DCHECK_LE(stream_->NumBytesConsumed(), stream_->stream_bytes_read()); // Only count the uniquely received bytes. @@ -359,9 +363,12 @@ int64_t QuicHttpStream::GetTotalReceivedBytes() const { } int64_t QuicHttpStream::GetTotalSentBytes() const { - // TODO(sclittle): Currently, this only includes request headers and body - // bytes. Change this to include QUIC overhead as well. - int64_t total_sent_bytes = headers_bytes_sent_; + // When QPACK is enabled, headers are sent and received on the stream, so + // the headers bytes do not need to be accounted for independently. + int64_t total_sent_bytes = + quic::VersionUsesQpack(quic_session()->GetQuicVersion()) + ? 0 + : headers_bytes_sent_; if (stream_) { total_sent_bytes += stream_->stream_bytes_written(); } else { @@ -463,8 +470,7 @@ int QuicHttpStream::DoLoop(int rv) { CHECK(!in_loop_); base::AutoReset auto_reset_in_loop(&in_loop_, true); std::unique_ptr packet_flusher = - quic_session()->CreatePacketBundler( - quic::QuicConnection::AckBundling::SEND_ACK_IF_QUEUED); + quic_session()->CreatePacketBundler(); do { State state = next_state_; next_state_ = STATE_NONE; @@ -575,8 +581,10 @@ int QuicHttpStream::DoSendHeaders() { // Log the actual request with the URL Request's net log. stream_net_log_.AddEvent( NetLogEventType::HTTP_TRANSACTION_QUIC_SEND_REQUEST_HEADERS, - base::Bind(&QuicRequestNetLogCallback, stream_->id(), &request_headers_, - priority_)); + [&](NetLogCaptureMode capture_mode) { + return QuicRequestNetLogParams(stream_->id(), &request_headers_, + priority_, capture_mode); + }); DispatchRequestHeadersCallback(request_headers_); bool has_upload_data = request_body_stream_ != nullptr; diff --git a/chromium/net/quic/quic_http_stream.h b/chromium/net/quic/quic_http_stream.h index babc2a1690f..0440c765387 100644 --- a/chromium/net/quic/quic_http_stream.h +++ b/chromium/net/quic/quic_http_stream.h @@ -218,7 +218,7 @@ class NET_EXPORT_PRIVATE QuicHttpStream : public MultiplexedHttpStream { // Session connect timing info. LoadTimingInfo::ConnectTiming connect_timing_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(QuicHttpStream); }; diff --git a/chromium/net/quic/quic_http_stream_test.cc b/chromium/net/quic/quic_http_stream_test.cc index 51384856d78..1ba21685cc9 100644 --- a/chromium/net/quic/quic_http_stream_test.cc +++ b/chromium/net/quic/quic_http_stream_test.cc @@ -19,6 +19,7 @@ #include "base/time/time.h" #include "net/base/chunked_upload_data_stream.h" #include "net/base/elements_upload_data_stream.h" +#include "net/base/load_flags.h" #include "net/base/load_timing_info.h" #include "net/base/load_timing_info_test_util.h" #include "net/base/net_errors.h" @@ -29,8 +30,10 @@ #include "net/log/net_log_event_type.h" #include "net/log/test_net_log.h" #include "net/log/test_net_log_util.h" +#include "net/quic/address_utils.h" #include "net/quic/crypto/proof_verifier_chromium.h" #include "net/quic/mock_crypto_client_stream_factory.h" +#include "net/quic/platform/impl/quic_test_impl.h" #include "net/quic/quic_chromium_alarm_factory.h" #include "net/quic/quic_chromium_connection_helper.h" #include "net/quic/quic_chromium_packet_reader.h" @@ -39,6 +42,7 @@ #include "net/quic/quic_server_info.h" #include "net/quic/quic_stream_factory.h" #include "net/quic/quic_test_packet_maker.h" +#include "net/quic/quic_test_packet_printer.h" #include "net/quic/test_task_runner.h" #include "net/socket/socket_performance_watcher.h" #include "net/socket/socket_test_util.h" @@ -51,11 +55,12 @@ #include "net/third_party/quiche/src/quic/core/crypto/crypto_protocol.h" #include "net/third_party/quiche/src/quic/core/crypto/quic_decrypter.h" #include "net/third_party/quiche/src/quic/core/crypto/quic_encrypter.h" -#include "net/third_party/quiche/src/quic/core/http/spdy_utils.h" +#include "net/third_party/quiche/src/quic/core/http/spdy_server_push_utils.h" #include "net/third_party/quiche/src/quic/core/quic_connection.h" #include "net/third_party/quiche/src/quic/core/quic_utils.h" #include "net/third_party/quiche/src/quic/core/quic_write_blocked_list.h" #include "net/third_party/quiche/src/quic/core/tls_client_handshaker.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_flags.h" #include "net/third_party/quiche/src/quic/platform/api/quic_string_piece.h" #include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h" #include "net/third_party/quiche/src/quic/test_tools/mock_clock.h" @@ -91,15 +96,14 @@ class TestQuicConnection : public quic::QuicConnection { QuicChromiumConnectionHelper* helper, QuicChromiumAlarmFactory* alarm_factory, quic::QuicPacketWriter* writer) - : quic::QuicConnection( - connection_id, - quic::QuicSocketAddress(quic::QuicSocketAddressImpl(address)), - helper, - alarm_factory, - writer, - true /* owns_writer */, - quic::Perspective::IS_CLIENT, - versions) {} + : quic::QuicConnection(connection_id, + ToQuicSocketAddress(address), + helper, + alarm_factory, + writer, + true /* owns_writer */, + quic::Perspective::IS_CLIENT, + versions) {} void SetSendAlgorithm(quic::SendAlgorithmInterface* send_algorithm) { quic::test::QuicConnectionPeer::SetSendAlgorithm(this, send_algorithm); @@ -112,7 +116,7 @@ class ReadErrorUploadDataStream : public UploadDataStream { enum class FailureMode { SYNC, ASYNC }; explicit ReadErrorUploadDataStream(FailureMode mode) - : UploadDataStream(true, 0), async_(mode), weak_factory_(this) {} + : UploadDataStream(true, 0), async_(mode) {} ~ReadErrorUploadDataStream() override {} private: @@ -135,7 +139,7 @@ class ReadErrorUploadDataStream : public UploadDataStream { const FailureMode async_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(ReadErrorUploadDataStream); }; @@ -195,8 +199,8 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< QuicHttpStreamTest() : version_(std::get<0>(GetParam())), client_headers_include_h2_stream_dependency_(std::get<1>(GetParam())), - crypto_config_(quic::test::crypto_test_utils::ProofVerifierForTesting(), - quic::TlsClientHandshaker::CreateSslCtx()), + crypto_config_( + quic::test::crypto_test_utils::ProofVerifierForTesting()), read_buffer_(base::MakeRefCounted(4096)), promise_id_(GetNthServerInitiatedUnidirectionalStreamId(0)), stream_id_(GetNthClientInitiatedBidirectionalStreamId(0)), @@ -214,7 +218,8 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< quic::Perspective::IS_SERVER, false), random_generator_(0), - response_offset_(0) { + printer_(version_) { + SetQuicFlag(FLAGS_quic_supports_tls_handshake, true); IPAddress ip(192, 0, 2, 33); peer_addr_ = IPEndPoint(ip, 443); self_addr_ = IPEndPoint(ip, 8435); @@ -249,10 +254,8 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< } void ProcessPacket(std::unique_ptr packet) { - connection_->ProcessUdpPacket( - quic::QuicSocketAddress(quic::QuicSocketAddressImpl(self_addr_)), - quic::QuicSocketAddress(quic::QuicSocketAddressImpl(peer_addr_)), - *packet); + connection_->ProcessUdpPacket(ToQuicSocketAddress(self_addr_), + ToQuicSocketAddress(peer_addr_), *packet); } // Configures the test fixture to use the list of expected writes. @@ -270,6 +273,7 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< socket_data_.reset(new StaticSocketDataProvider( base::span(), base::make_span(mock_writes_.get(), writes_.size()))); + socket_data_->set_printer(&printer_); std::unique_ptr socket(new MockUDPClientSocket( socket_data_.get(), net_log_.bound().net_log())); @@ -280,6 +284,8 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< EXPECT_CALL(*send_algorithm_, InSlowStart()).WillRepeatedly(Return(false)); EXPECT_CALL(*send_algorithm_, OnPacketSent(_, _, _, _, _)) .Times(testing::AtLeast(1)); + EXPECT_CALL(*send_algorithm_, OnCongestionEvent(_, _, _, _, _)) + .Times(AnyNumber()); EXPECT_CALL(*send_algorithm_, GetCongestionWindow()) .WillRepeatedly(Return(quic::kMaxOutgoingPacketSize)); EXPECT_CALL(*send_algorithm_, PacingRate(_)) @@ -321,14 +327,15 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< base::WrapUnique(static_cast(nullptr)), QuicSessionKey(kDefaultServerHostName, kDefaultServerPort, PRIVACY_MODE_DISABLED, SocketTag()), - /*require_confirmation=*/false, /*migrate_session_early_v2=*/false, + /*require_confirmation=*/false, + /*max_allowed_push_id=*/0, + /*migrate_session_early_v2=*/false, /*migrate_session_on_network_change_v2=*/false, /*default_network=*/NetworkChangeNotifier::kInvalidNetworkHandle, quic::QuicTime::Delta::FromMilliseconds( - kDefaultRetransmittableOnWireTimeoutMillisecs), - /*migrate_idle_session=*/false, - base::TimeDelta::FromSeconds(kDefaultIdleSessionMigrationPeriodSeconds), - base::TimeDelta::FromSeconds(kMaxTimeOnNonDefaultNetworkSecs), + kDefaultRetransmittableOnWireTimeout.InMilliseconds()), + /*migrate_idle_session=*/false, kDefaultIdleSessionMigrationPeriod, + kMaxTimeOnNonDefaultNetwork, kMaxMigrationsToNonDefaultNetworkOnWriteError, kMaxMigrationsToNonDefaultNetworkOnPathDegrading, kQuicYieldAfterPacketsRead, @@ -359,7 +366,8 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< promised_response_[":version"] = "HTTP/1.1"; promised_response_["content-type"] = "text/plain"; - promise_url_ = quic::SpdyUtils::GetPromisedUrlFromHeaders(push_promise_); + promise_url_ = + quic::SpdyServerPushUtils::GetPromisedUrlFromHeaders(push_promise_); } void SetRequest(const string& method, @@ -378,22 +386,19 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< quic::QuicStreamId stream_id, bool should_include_version, bool fin, - quic::QuicStreamOffset offset, quic::QuicStringPiece data, QuicTestPacketMaker* maker) { return maker->MakeDataPacket(packet_number, stream_id, - should_include_version, fin, offset, data); + should_include_version, fin, data); } std::unique_ptr ConstructClientDataPacket( uint64_t packet_number, bool should_include_version, bool fin, - quic::QuicStreamOffset offset, quic::QuicStringPiece data) { - return InnerConstructDataPacket(packet_number, stream_id_, - should_include_version, fin, offset, data, - &client_maker_); + return client_maker_.MakeDataPacket(packet_number, stream_id_, + should_include_version, fin, data); } std::unique_ptr @@ -401,21 +406,18 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< uint64_t packet_number, bool should_include_version, bool fin, - quic::QuicStreamOffset offset, const std::vector& data) { return client_maker_.MakeMultipleDataFramesPacket( - packet_number, stream_id_, should_include_version, fin, offset, data); + packet_number, stream_id_, should_include_version, fin, data); } std::unique_ptr ConstructServerDataPacket( uint64_t packet_number, bool should_include_version, bool fin, - quic::QuicStreamOffset offset, quic::QuicStringPiece data) { - return InnerConstructDataPacket(packet_number, stream_id_, - should_include_version, fin, offset, data, - &server_maker_); + return server_maker_.MakeDataPacket(packet_number, stream_id_, + should_include_version, fin, data); } std::unique_ptr InnerConstructRequestHeadersPacket( @@ -424,11 +426,10 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< bool should_include_version, bool fin, RequestPriority request_priority, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset) { + size_t* spdy_headers_frame_length) { return InnerConstructRequestHeadersPacket( packet_number, stream_id, should_include_version, fin, request_priority, - 0, spdy_headers_frame_length, offset); + 0, spdy_headers_frame_length); } std::unique_ptr InnerConstructRequestHeadersPacket( @@ -438,14 +439,13 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< bool fin, RequestPriority request_priority, quic::QuicStreamId parent_stream_id, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset) { + size_t* spdy_headers_frame_length) { spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(request_priority); return client_maker_.MakeRequestHeadersPacket( packet_number, stream_id, should_include_version, fin, priority, std::move(request_headers_), parent_stream_id, - spdy_headers_frame_length, offset); + spdy_headers_frame_length); } std::unique_ptr @@ -456,14 +456,13 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< bool fin, RequestPriority request_priority, quic::QuicStreamId parent_stream_id, - quic::QuicStreamOffset* offset, size_t* spdy_headers_frame_length, const std::vector& data_writes) { spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(request_priority); return client_maker_.MakeRequestHeadersAndMultipleDataFramesPacket( packet_number, stream_id, should_include_version, fin, priority, - std::move(request_headers_), parent_stream_id, offset, + std::move(request_headers_), parent_stream_id, spdy_headers_frame_length, data_writes); } @@ -475,16 +474,13 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< RequestPriority request_priority, quic::QuicStreamId parent_stream_id, size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* header_stream_offset, - quic::QuicRstStreamErrorCode error_code, - size_t bytes_written) { + quic::QuicRstStreamErrorCode error_code) { spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(request_priority); return client_maker_.MakeRequestHeadersAndRstPacket( packet_number, stream_id, should_include_version, fin, priority, std::move(request_headers_), parent_stream_id, - spdy_headers_frame_length, header_stream_offset, error_code, - bytes_written); + spdy_headers_frame_length, error_code); } std::unique_ptr ConstructRequestHeadersPacket( @@ -494,7 +490,7 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< size_t* spdy_headers_frame_length) { return InnerConstructRequestHeadersPacket( packet_number, stream_id_, kIncludeVersion, fin, request_priority, - spdy_headers_frame_length, nullptr); + spdy_headers_frame_length); } std::unique_ptr InnerConstructResponseHeadersPacket( @@ -504,8 +500,7 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< size_t* spdy_headers_frame_length) { return server_maker_.MakeResponseHeadersPacket( packet_number, stream_id, !kIncludeVersion, fin, - std::move(response_headers_), spdy_headers_frame_length, - &response_offset_); + std::move(response_headers_), spdy_headers_frame_length); } std::unique_ptr ConstructResponseHeadersPacket( @@ -516,25 +511,14 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< spdy_headers_frame_length); } - std::unique_ptr - ConstructResponseHeadersPacketWithOffset(uint64_t packet_number, - bool fin, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset) { - return server_maker_.MakeResponseHeadersPacket( - packet_number, stream_id_, !kIncludeVersion, fin, - std::move(response_headers_), spdy_headers_frame_length, offset); - } - std::unique_ptr ConstructResponseTrailersPacket( uint64_t packet_number, bool fin, spdy::SpdyHeaderBlock trailers, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset) { + size_t* spdy_headers_frame_length) { return server_maker_.MakeResponseHeadersPacket( packet_number, stream_id_, !kIncludeVersion, fin, std::move(trailers), - spdy_headers_frame_length, offset); + spdy_headers_frame_length); } std::unique_ptr ConstructClientRstStreamPacket( @@ -564,15 +548,14 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< bool fin, RequestPriority request_priority, quic::QuicStreamId parent_stream_id, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset) { + size_t* spdy_headers_frame_length) { spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(request_priority); return client_maker_.MakeRstAndRequestHeadersPacket( packet_number, should_include_version, promise_id_, quic::QUIC_PROMISE_VARY_MISMATCH, stream_id, fin, priority, std::move(request_headers_), parent_stream_id, - spdy_headers_frame_length, offset); + spdy_headers_frame_length); } std::unique_ptr ConstructAckAndRstStreamPacket( @@ -624,17 +607,14 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< bool should_include_version, quic::QuicStreamId id, quic::QuicStreamId parent_stream_id, - RequestPriority request_priority, - quic::QuicStreamOffset* header_stream_offset) { + RequestPriority request_priority) { return client_maker_.MakePriorityPacket( packet_number, should_include_version, id, parent_stream_id, - ConvertRequestPriorityToQuicPriority(request_priority), - header_stream_offset); + ConvertRequestPriorityToQuicPriority(request_priority)); } - std::unique_ptr ConstructInitialSettingsPacket( - quic::QuicStreamOffset* offset) { - return client_maker_.MakeInitialSettingsPacket(1, offset); + std::unique_ptr ConstructInitialSettingsPacket() { + return client_maker_.MakeInitialSettingsPacket(1); } std::string ConstructDataHeader(size_t body_len) { @@ -678,6 +658,8 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< version_.transport_version, n); } + QuicFlagSaver saver_; + const quic::ParsedQuicVersion version_; const bool client_headers_include_h2_stream_dependency_; @@ -723,14 +705,14 @@ class QuicHttpStreamTest : public ::testing::TestWithParam< ProofVerifyDetailsChromium verify_details_; MockCryptoClientStreamFactory crypto_client_stream_factory_; std::unique_ptr socket_data_; + QuicPacketPrinter printer_; std::vector writes_; - quic::QuicStreamOffset response_offset_; }; INSTANTIATE_TEST_SUITE_P( VersionIncludeStreamDependencySequence, QuicHttpStreamTest, - ::testing::Combine(::testing::ValuesIn(quic::AllVersionsExcept99()), + ::testing::Combine(::testing::ValuesIn(quic::AllSupportedVersions()), ::testing::Bool())); TEST_P(QuicHttpStreamTest, RenewStreamForAuth) { @@ -757,12 +739,10 @@ TEST_P(QuicHttpStreamTest, DisableConnectionMigrationForStream) { TEST_P(QuicHttpStreamTest, GetRequest) { SetRequest("GET", "/", DEFAULT_PRIORITY); size_t spdy_request_header_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(InnerConstructRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, kFin, - DEFAULT_PRIORITY, &spdy_request_header_frame_length, - &header_stream_offset)); + DEFAULT_PRIORITY, &spdy_request_header_frame_length)); Initialize(); @@ -820,18 +800,17 @@ TEST_P(QuicHttpStreamTest, LoadTimingTwoRequests) { SetRequest("GET", "/", DEFAULT_PRIORITY); size_t spdy_request_header_frame_length; - quic::QuicStreamOffset offset = 0; - AddWrite(ConstructInitialSettingsPacket(&offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(InnerConstructRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, kFin, - DEFAULT_PRIORITY, &spdy_request_header_frame_length, &offset)); + DEFAULT_PRIORITY, &spdy_request_header_frame_length)); // SetRequest() again for second request as |request_headers_| was moved. SetRequest("GET", "/", DEFAULT_PRIORITY); AddWrite(InnerConstructRequestHeadersPacket( 3, GetNthClientInitiatedBidirectionalStreamId(1), kIncludeVersion, kFin, DEFAULT_PRIORITY, GetNthClientInitiatedBidirectionalStreamId(0), - &spdy_request_header_frame_length, &offset)); + &spdy_request_header_frame_length)); AddWrite(ConstructClientAckPacket(4, 3, 1, 2)); // Ack the responses. Initialize(); @@ -907,12 +886,10 @@ TEST_P(QuicHttpStreamTest, LoadTimingTwoRequests) { TEST_P(QuicHttpStreamTest, GetRequestWithTrailers) { SetRequest("GET", "/", DEFAULT_PRIORITY); size_t spdy_request_header_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(InnerConstructRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, kFin, - DEFAULT_PRIORITY, &spdy_request_header_frame_length, - &header_stream_offset)); + DEFAULT_PRIORITY, &spdy_request_header_frame_length)); AddWrite(ConstructClientAckPacket(3, 3, 1, 2)); // Ack the data packet. Initialize(); @@ -936,9 +913,8 @@ TEST_P(QuicHttpStreamTest, GetRequestWithTrailers) { // Send the response headers. size_t spdy_response_header_frame_length; - quic::QuicStreamOffset offset = 0; - ProcessPacket(ConstructResponseHeadersPacketWithOffset( - 2, !kFin, &spdy_response_header_frame_length, &offset)); + ProcessPacket(ConstructResponseHeadersPacket( + 2, !kFin, &spdy_response_header_frame_length)); // Now that the headers have been processed, the callback will return. EXPECT_THAT(callback_.WaitForResult(), IsOk()); ASSERT_TRUE(response_.headers.get()); @@ -950,15 +926,17 @@ TEST_P(QuicHttpStreamTest, GetRequestWithTrailers) { // Send the response body. const char kResponseBody[] = "Hello world!"; std::string header = ConstructDataHeader(strlen(kResponseBody)); - ProcessPacket(ConstructServerDataPacket(3, false, !kFin, /*offset=*/0, - header + kResponseBody)); + ProcessPacket( + ConstructServerDataPacket(3, false, !kFin, header + kResponseBody)); spdy::SpdyHeaderBlock trailers; size_t spdy_trailers_frame_length; trailers["foo"] = "bar"; - trailers[quic::kFinalOffsetHeaderKey] = - base::NumberToString(strlen(kResponseBody) + header.length()); - ProcessPacket(ConstructResponseTrailersPacket( - 4, kFin, std::move(trailers), &spdy_trailers_frame_length, &offset)); + if (!quic::VersionUsesQpack(version_.transport_version)) { + trailers[quic::kFinalOffsetHeaderKey] = + base::NumberToString(strlen(kResponseBody) + header.length()); + } + ProcessPacket(ConstructResponseTrailersPacket(4, kFin, std::move(trailers), + &spdy_trailers_frame_length)); // Make sure trailers are processed. base::RunLoop().RunUntilIdle(); @@ -984,8 +962,7 @@ TEST_P(QuicHttpStreamTest, GetRequestWithTrailers) { +spdy_trailers_frame_length), stream_->GetTotalReceivedBytes()); // Check that NetLog was filled as expected. - TestNetLogEntry::List entries; - net_log_.GetEntries(&entries); + auto entries = net_log_.GetEntries(); size_t pos = ExpectLogContainsSomewhere( entries, /*min_offset=*/0, NetLogEventType::QUIC_CHROMIUM_CLIENT_STREAM_SEND_REQUEST_HEADERS, @@ -1004,12 +981,10 @@ TEST_P(QuicHttpStreamTest, GetRequestWithTrailers) { TEST_P(QuicHttpStreamTest, GetRequestLargeResponse) { SetRequest("GET", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(InnerConstructRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, kFin, - DEFAULT_PRIORITY, &spdy_request_headers_frame_length, - &header_stream_offset)); + DEFAULT_PRIORITY, &spdy_request_headers_frame_length)); Initialize(); request_.method = "GET"; @@ -1132,12 +1107,10 @@ TEST_P(QuicHttpStreamTest, GetAlternativeService) { TEST_P(QuicHttpStreamTest, LogGranularQuicConnectionError) { SetRequest("GET", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(InnerConstructRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, kFin, - DEFAULT_PRIORITY, &spdy_request_headers_frame_length, - &header_stream_offset)); + DEFAULT_PRIORITY, &spdy_request_headers_frame_length)); AddWrite(ConstructAckAndRstStreamPacket(3)); Initialize(); @@ -1166,6 +1139,14 @@ TEST_P(QuicHttpStreamTest, LogGranularQuicConnectionError) { } TEST_P(QuicHttpStreamTest, LogGranularQuicErrorIfHandshakeNotConfirmed) { + // TODO(nharper): Figure out why this test does not send packets + // when TLS is used. + if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3) { + Initialize(); + + return; + } + // By default the test setup defaults handshake to be confirmed. Manually set // it to be not confirmed. crypto_client_stream_factory_.set_handshake_mode( @@ -1173,12 +1154,10 @@ TEST_P(QuicHttpStreamTest, LogGranularQuicErrorIfHandshakeNotConfirmed) { SetRequest("GET", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); AddWrite(InnerConstructRequestHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, kFin, - DEFAULT_PRIORITY, &spdy_request_headers_frame_length, - &header_stream_offset)); + DEFAULT_PRIORITY, &spdy_request_headers_frame_length)); Initialize(); request_.method = "GET"; @@ -1208,12 +1187,10 @@ TEST_P(QuicHttpStreamTest, LogGranularQuicErrorIfHandshakeNotConfirmed) { TEST_P(QuicHttpStreamTest, SessionClosedBeforeReadResponseHeaders) { SetRequest("GET", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(InnerConstructRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, kFin, - DEFAULT_PRIORITY, &spdy_request_headers_frame_length, - &header_stream_offset)); + DEFAULT_PRIORITY, &spdy_request_headers_frame_length)); Initialize(); request_.method = "GET"; @@ -1241,20 +1218,19 @@ TEST_P(QuicHttpStreamTest, SessionClosedBeforeReadResponseHeaders) { TEST_P(QuicHttpStreamTest, SendPostRequest) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); std::string header = ConstructDataHeader(strlen(kUploadData)); if (version_.transport_version != quic::QUIC_VERSION_99) { AddWrite(ConstructRequestHeadersAndDataFramesPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, kFin, - DEFAULT_PRIORITY, 0, &header_stream_offset, - &spdy_request_headers_frame_length, {kUploadData})); + DEFAULT_PRIORITY, 0, &spdy_request_headers_frame_length, + {kUploadData})); } else { AddWrite(ConstructRequestHeadersAndDataFramesPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, kFin, - DEFAULT_PRIORITY, 0, &header_stream_offset, - &spdy_request_headers_frame_length, {header, kUploadData})); + DEFAULT_PRIORITY, 0, &spdy_request_headers_frame_length, + {header, kUploadData})); } AddWrite(ConstructClientAckPacket(3, 3, 1, 2)); @@ -1298,7 +1274,7 @@ TEST_P(QuicHttpStreamTest, SendPostRequest) { const char kResponseBody[] = "Hello world!"; std::string header2 = ConstructDataHeader(strlen(kResponseBody)); ProcessPacket( - ConstructServerDataPacket(3, false, kFin, 0, header2 + kResponseBody)); + ConstructServerDataPacket(3, false, kFin, header2 + kResponseBody)); // Since the body has already arrived, this should return immediately. EXPECT_EQ(static_cast(strlen(kResponseBody)), stream_->ReadResponseBody(read_buffer_.get(), read_buffer_->size(), @@ -1323,19 +1299,18 @@ TEST_P(QuicHttpStreamTest, SendPostRequest) { TEST_P(QuicHttpStreamTest, SendPostRequestAndReceiveSoloFin) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); std::string header = ConstructDataHeader(strlen(kUploadData)); if (version_.transport_version != quic::QUIC_VERSION_99) { AddWrite(ConstructRequestHeadersAndDataFramesPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, kFin, - DEFAULT_PRIORITY, 0, &header_stream_offset, - &spdy_request_headers_frame_length, {kUploadData})); + DEFAULT_PRIORITY, 0, &spdy_request_headers_frame_length, + {kUploadData})); } else { AddWrite(ConstructRequestHeadersAndDataFramesPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, kFin, - DEFAULT_PRIORITY, 0, &header_stream_offset, - &spdy_request_headers_frame_length, {header, kUploadData})); + DEFAULT_PRIORITY, 0, &spdy_request_headers_frame_length, + {header, kUploadData})); } AddWrite(ConstructClientAckPacket(3, 3, 1, 2)); @@ -1379,13 +1354,12 @@ TEST_P(QuicHttpStreamTest, SendPostRequestAndReceiveSoloFin) { const char kResponseBody[] = "Hello world!"; std::string header2 = ConstructDataHeader(strlen(kResponseBody)); ProcessPacket( - ConstructServerDataPacket(3, false, !kFin, 0, header2 + kResponseBody)); + ConstructServerDataPacket(3, false, !kFin, header2 + kResponseBody)); // Since the body has already arrived, this should return immediately. EXPECT_EQ(static_cast(strlen(kResponseBody)), stream_->ReadResponseBody(read_buffer_.get(), read_buffer_->size(), callback_.callback())); - ProcessPacket(ConstructServerDataPacket( - 4, false, kFin, base::size(kResponseBody) - 1 + header2.length(), "")); + ProcessPacket(ConstructServerDataPacket(4, false, kFin, "")); EXPECT_EQ(0, stream_->ReadResponseBody(read_buffer_.get(), read_buffer_->size(), callback_.callback())); @@ -1407,24 +1381,21 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequest) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t chunk_size = strlen(kUploadData); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); std::string header = ConstructDataHeader(chunk_size); if (version_.transport_version == quic::QUIC_VERSION_99) { AddWrite(ConstructRequestHeadersAndDataFramesPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, - !kFin, DEFAULT_PRIORITY, 0, &header_stream_offset, - &spdy_request_headers_frame_length, {header, kUploadData})); - AddWrite(ConstructClientMultipleDataFramesPacket( - 3, kIncludeVersion, kFin, header.length() + chunk_size, + !kFin, DEFAULT_PRIORITY, 0, &spdy_request_headers_frame_length, {header, kUploadData})); + AddWrite(ConstructClientMultipleDataFramesPacket(3, kIncludeVersion, kFin, + {header, kUploadData})); } else { AddWrite(ConstructRequestHeadersAndDataFramesPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, - !kFin, DEFAULT_PRIORITY, 0, &header_stream_offset, - &spdy_request_headers_frame_length, {kUploadData})); - AddWrite(ConstructClientDataPacket(3, kIncludeVersion, kFin, chunk_size, - kUploadData)); + !kFin, DEFAULT_PRIORITY, 0, &spdy_request_headers_frame_length, + {kUploadData})); + AddWrite(ConstructClientDataPacket(3, kIncludeVersion, kFin, kUploadData)); } AddWrite(ConstructClientAckPacket(4, 3, 1, 2)); @@ -1468,8 +1439,8 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequest) { // Send the response body. const char kResponseBody[] = "Hello world!"; std::string header2 = ConstructDataHeader(strlen(kResponseBody)); - ProcessPacket(ConstructServerDataPacket( - 3, false, kFin, response_data_.length(), header2 + kResponseBody)); + ProcessPacket( + ConstructServerDataPacket(3, false, kFin, header2 + kResponseBody)); // Since the body has already arrived, this should return immediately. ASSERT_EQ(static_cast(strlen(kResponseBody)), @@ -1493,23 +1464,21 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequestWithFinalEmptyDataPacket) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t chunk_size = strlen(kUploadData); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); std::string header = ConstructDataHeader(chunk_size); if (version_.transport_version != quic::QUIC_VERSION_99) { AddWrite(ConstructRequestHeadersAndDataFramesPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, - !kFin, DEFAULT_PRIORITY, 0, &header_stream_offset, - &spdy_request_headers_frame_length, {kUploadData})); + !kFin, DEFAULT_PRIORITY, 0, &spdy_request_headers_frame_length, + {kUploadData})); } else { AddWrite(ConstructRequestHeadersAndDataFramesPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, - !kFin, DEFAULT_PRIORITY, 0, &header_stream_offset, - &spdy_request_headers_frame_length, {header, kUploadData})); + !kFin, DEFAULT_PRIORITY, 0, &spdy_request_headers_frame_length, + {header, kUploadData})); } - AddWrite(ConstructClientDataPacket(3, kIncludeVersion, kFin, - chunk_size + header.length(), "")); + AddWrite(ConstructClientDataPacket(3, kIncludeVersion, kFin, "")); AddWrite(ConstructClientAckPacket(4, 3, 1, 2)); Initialize(); @@ -1550,8 +1519,8 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequestWithFinalEmptyDataPacket) { // Send the response body. const char kResponseBody[] = "Hello world!"; std::string header2 = ConstructDataHeader(strlen(kResponseBody)); - ProcessPacket(ConstructServerDataPacket( - 3, false, kFin, response_data_.length(), header2 + kResponseBody)); + ProcessPacket( + ConstructServerDataPacket(3, false, kFin, header2 + kResponseBody)); // The body has arrived, but it is delivered asynchronously ASSERT_EQ(static_cast(strlen(kResponseBody)), @@ -1573,13 +1542,11 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequestWithFinalEmptyDataPacket) { TEST_P(QuicHttpStreamTest, SendChunkedPostRequestWithOneEmptyDataPacket) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(InnerConstructRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, !kFin, - DEFAULT_PRIORITY, &spdy_request_headers_frame_length, - &header_stream_offset)); - AddWrite(ConstructClientDataPacket(3, kIncludeVersion, kFin, 0, "")); + DEFAULT_PRIORITY, &spdy_request_headers_frame_length)); + AddWrite(ConstructClientDataPacket(3, kIncludeVersion, kFin, "")); AddWrite(ConstructClientAckPacket(4, 3, 1, 2)); Initialize(); @@ -1619,8 +1586,8 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequestWithOneEmptyDataPacket) { // Send the response body. const char kResponseBody[] = "Hello world!"; std::string header = ConstructDataHeader(strlen(kResponseBody)); - ProcessPacket(ConstructServerDataPacket( - 3, false, kFin, response_data_.length(), header + kResponseBody)); + ProcessPacket( + ConstructServerDataPacket(3, false, kFin, header + kResponseBody)); // The body has arrived, but it is delivered asynchronously ASSERT_EQ(static_cast(strlen(kResponseBody)), @@ -1642,12 +1609,10 @@ TEST_P(QuicHttpStreamTest, SendChunkedPostRequestWithOneEmptyDataPacket) { TEST_P(QuicHttpStreamTest, DestroyedEarly) { SetRequest("GET", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(InnerConstructRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, kFin, - DEFAULT_PRIORITY, &spdy_request_headers_frame_length, - &header_stream_offset)); + DEFAULT_PRIORITY, &spdy_request_headers_frame_length)); AddWrite(ConstructAckAndRstStreamPacket(3)); Initialize(); @@ -1689,11 +1654,10 @@ TEST_P(QuicHttpStreamTest, DestroyedEarly) { TEST_P(QuicHttpStreamTest, Priority) { SetRequest("GET", "/", MEDIUM); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(InnerConstructRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, kFin, - MEDIUM, &spdy_request_headers_frame_length, &header_stream_offset)); + MEDIUM, &spdy_request_headers_frame_length)); Initialize(); request_.method = "GET"; @@ -1731,19 +1695,18 @@ TEST_P(QuicHttpStreamTest, Priority) { TEST_P(QuicHttpStreamTest, SessionClosedDuringDoLoop) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); std::string header = ConstructDataHeader(strlen(kUploadData)); if (version_.transport_version != quic::QUIC_VERSION_99) { AddWrite(ConstructRequestHeadersAndDataFramesPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, - !kFin, DEFAULT_PRIORITY, 0, &header_stream_offset, - &spdy_request_headers_frame_length, {kUploadData})); + !kFin, DEFAULT_PRIORITY, 0, &spdy_request_headers_frame_length, + {kUploadData})); } else { AddWrite(ConstructRequestHeadersAndDataFramesPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, - !kFin, DEFAULT_PRIORITY, 0, &header_stream_offset, - &spdy_request_headers_frame_length, {header, kUploadData})); + !kFin, DEFAULT_PRIORITY, 0, &spdy_request_headers_frame_length, + {header, kUploadData})); } // Second data write will result in a synchronous failure which will close @@ -1783,8 +1746,7 @@ TEST_P(QuicHttpStreamTest, SessionClosedDuringDoLoop) { TEST_P(QuicHttpStreamTest, SessionClosedBeforeSendHeadersComplete) { SetRequest("POST", "/", DEFAULT_PRIORITY); - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(SYNCHRONOUS, ERR_FAILED); Initialize(); @@ -1815,8 +1777,7 @@ TEST_P(QuicHttpStreamTest, SessionClosedBeforeSendHeadersComplete) { TEST_P(QuicHttpStreamTest, SessionClosedBeforeSendHeadersCompleteReadResponse) { SetRequest("POST", "/", DEFAULT_PRIORITY); - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(SYNCHRONOUS, ERR_FAILED); Initialize(); @@ -1851,12 +1812,10 @@ TEST_P(QuicHttpStreamTest, SessionClosedBeforeSendHeadersCompleteReadResponse) { TEST_P(QuicHttpStreamTest, SessionClosedBeforeSendBodyComplete) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(InnerConstructRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, !kFin, - DEFAULT_PRIORITY, &spdy_request_headers_frame_length, - &header_stream_offset)); + DEFAULT_PRIORITY, &spdy_request_headers_frame_length)); AddWrite(SYNCHRONOUS, ERR_FAILED); Initialize(); @@ -1892,19 +1851,18 @@ TEST_P(QuicHttpStreamTest, SessionClosedBeforeSendBodyComplete) { TEST_P(QuicHttpStreamTest, SessionClosedBeforeSendBundledBodyComplete) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); std::string header = ConstructDataHeader(strlen(kUploadData)); if (version_.transport_version != quic::QUIC_VERSION_99) { AddWrite(ConstructRequestHeadersAndDataFramesPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, - !kFin, DEFAULT_PRIORITY, 0, &header_stream_offset, - &spdy_request_headers_frame_length, {kUploadData})); + !kFin, DEFAULT_PRIORITY, 0, &spdy_request_headers_frame_length, + {kUploadData})); } else { AddWrite(ConstructRequestHeadersAndDataFramesPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, - !kFin, DEFAULT_PRIORITY, 0, &header_stream_offset, - &spdy_request_headers_frame_length, {header, kUploadData})); + !kFin, DEFAULT_PRIORITY, 0, &spdy_request_headers_frame_length, + {header, kUploadData})); } AddWrite(SYNCHRONOUS, ERR_FAILED); @@ -1977,12 +1935,12 @@ TEST_P(QuicHttpStreamTest, ServerPushGetRequest) { // Receive the promised response body. const char kResponseBody[] = "Hello world!"; std::string header = ConstructDataHeader(strlen(kResponseBody)); - ProcessPacket(InnerConstructDataPacket( - 2, promise_id_, false, kFin, 0, header + kResponseBody, &server_maker_)); + ProcessPacket(server_maker_.MakeDataPacket(2, promise_id_, false, kFin, + header + kResponseBody)); // Now sending a matching request will have successful rendezvous // with the promised stream. - EXPECT_EQ(OK, promised_stream_->SendRequest(headers_, &response_, + ASSERT_EQ(OK, promised_stream_->SendRequest(headers_, &response_, callback_.callback())); EXPECT_EQ( @@ -2049,8 +2007,8 @@ TEST_P(QuicHttpStreamTest, ServerPushGetRequestSlowResponse) { // Receive the promised response body. const char kResponseBody[] = "Hello world!"; std::string header = ConstructDataHeader(strlen(kResponseBody)); - ProcessPacket(InnerConstructDataPacket( - 2, promise_id_, false, kFin, 0, header + kResponseBody, &server_maker_)); + ProcessPacket(server_maker_.MakeDataPacket(2, promise_id_, false, kFin, + header + kResponseBody)); base::RunLoop().RunUntilIdle(); @@ -2143,7 +2101,8 @@ TEST_P(QuicHttpStreamTest, ServerPushCrossOriginOK) { // packet, but does it matter? push_promise_[":authority"] = "mail.example.org"; - promise_url_ = quic::SpdyUtils::GetPromisedUrlFromHeaders(push_promise_); + promise_url_ = + quic::SpdyServerPushUtils::GetPromisedUrlFromHeaders(push_promise_); ReceivePromise(promise_id_); EXPECT_NE(session_->GetPromisedByUrl(promise_url_), nullptr); @@ -2165,8 +2124,8 @@ TEST_P(QuicHttpStreamTest, ServerPushCrossOriginOK) { // Receive the promised response body. const char kResponseBody[] = "Hello world!"; std::string header = ConstructDataHeader(strlen(kResponseBody)); - ProcessPacket(InnerConstructDataPacket( - 2, promise_id_, false, kFin, 0, header + kResponseBody, &server_maker_)); + ProcessPacket(server_maker_.MakeDataPacket(2, promise_id_, false, kFin, + header + kResponseBody)); // Now sending a matching request will have successful rendezvous // with the promised stream. @@ -2213,7 +2172,8 @@ TEST_P(QuicHttpStreamTest, ServerPushCrossOriginFail) { // TODO(ckrasic) - could do this via constructing a PUSH_PROMISE // packet, but does it matter? push_promise_[":authority"] = "www.notexample.org"; - promise_url_ = quic::SpdyUtils::GetPromisedUrlFromHeaders(push_promise_); + promise_url_ = + quic::SpdyServerPushUtils::GetPromisedUrlFromHeaders(push_promise_); ReceivePromise(promise_id_); // The promise will have been rejected because the cert doesn't @@ -2265,8 +2225,8 @@ TEST_P(QuicHttpStreamTest, ServerPushVaryCheckOK) { // Receive the promised response body. const char kResponseBody[] = "Hello world!"; std::string header = ConstructDataHeader(strlen(kResponseBody)); - ProcessPacket(InnerConstructDataPacket( - 2, promise_id_, false, kFin, 0, header + kResponseBody, &server_maker_)); + ProcessPacket(server_maker_.MakeDataPacket(2, promise_id_, false, kFin, + header + kResponseBody)); base::RunLoop().RunUntilIdle(); @@ -2307,21 +2267,21 @@ TEST_P(QuicHttpStreamTest, ServerPushVaryCheckFail) { request_headers_["accept-encoding"] = "sdch"; size_t spdy_request_header_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); uint64_t client_packet_number = 2; - if (client_headers_include_h2_stream_dependency_ && - version_.transport_version >= quic::QUIC_VERSION_43) { - AddWrite(ConstructClientPriorityPacket( - client_packet_number++, kIncludeVersion, promise_id_, 0, - DEFAULT_PRIORITY, &header_stream_offset)); + if ((client_headers_include_h2_stream_dependency_ && + version_.transport_version >= quic::QUIC_VERSION_43) || + VersionHasStreamType(version_.transport_version)) { + AddWrite(ConstructClientPriorityPacket(client_packet_number++, + kIncludeVersion, promise_id_, 0, + DEFAULT_PRIORITY)); } AddWrite(ConstructClientRstStreamVaryMismatchAndRequestHeadersPacket( client_packet_number++, stream_id_ + quic::QuicUtils::StreamIdDelta(version_.transport_version), !kIncludeVersion, kFin, DEFAULT_PRIORITY, promise_id_, - &spdy_request_header_frame_length, &header_stream_offset)); + &spdy_request_header_frame_length)); AddWrite(ConstructClientAckPacket(client_packet_number++, 3, 1, 2)); AddWrite(ConstructClientRstStreamCancelledPacket(client_packet_number++)); @@ -2430,12 +2390,11 @@ TEST_P(QuicHttpStreamTest, ServerPushVaryCheckFail) { TEST_P(QuicHttpStreamTest, DataReadErrorSynchronous) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(ConstructRequestAndRstPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, !kFin, DEFAULT_PRIORITY, 0, &spdy_request_headers_frame_length, - &header_stream_offset, quic::QUIC_ERROR_PROCESSING_STREAM, 0)); + quic::QUIC_ERROR_PROCESSING_STREAM)); Initialize(); @@ -2465,12 +2424,10 @@ TEST_P(QuicHttpStreamTest, DataReadErrorSynchronous) { TEST_P(QuicHttpStreamTest, DataReadErrorAsynchronous) { SetRequest("POST", "/", DEFAULT_PRIORITY); size_t spdy_request_headers_frame_length; - quic::QuicStreamOffset header_stream_offset = 0; - AddWrite(ConstructInitialSettingsPacket(&header_stream_offset)); + AddWrite(ConstructInitialSettingsPacket()); AddWrite(InnerConstructRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), kIncludeVersion, !kFin, - DEFAULT_PRIORITY, &spdy_request_headers_frame_length, - &header_stream_offset)); + DEFAULT_PRIORITY, &spdy_request_headers_frame_length)); AddWrite(ConstructClientRstStreamErrorPacket(3, !kIncludeVersion)); Initialize(); diff --git a/chromium/net/quic/quic_http_utils.cc b/chromium/net/quic/quic_http_utils.cc index 1f1f2762c80..9b2e63c2b91 100644 --- a/chromium/net/quic/quic_http_utils.cc +++ b/chromium/net/quic/quic_http_utils.cc @@ -36,22 +36,22 @@ RequestPriority ConvertQuicPriorityToRequestPriority( : static_cast(HIGHEST - priority); } -base::Value QuicRequestNetLogCallback(quic::QuicStreamId stream_id, - const spdy::SpdyHeaderBlock* headers, - spdy::SpdyPriority priority, - NetLogCaptureMode capture_mode) { - base::Value dict = SpdyHeaderBlockNetLogCallback(headers, capture_mode); +base::Value QuicRequestNetLogParams(quic::QuicStreamId stream_id, + const spdy::SpdyHeaderBlock* headers, + spdy::SpdyPriority priority, + NetLogCaptureMode capture_mode) { + base::Value dict = SpdyHeaderBlockNetLogParams(headers, capture_mode); DCHECK(dict.is_dict()); dict.SetIntKey("quic_priority", static_cast(priority)); dict.SetIntKey("quic_stream_id", static_cast(stream_id)); return dict; } -base::Value QuicResponseNetLogCallback(quic::QuicStreamId stream_id, - bool fin_received, - const spdy::SpdyHeaderBlock* headers, - NetLogCaptureMode capture_mode) { - base::Value dict = SpdyHeaderBlockNetLogCallback(headers, capture_mode); +base::Value QuicResponseNetLogParams(quic::QuicStreamId stream_id, + bool fin_received, + const spdy::SpdyHeaderBlock* headers, + NetLogCaptureMode capture_mode) { + base::Value dict = SpdyHeaderBlockNetLogParams(headers, capture_mode); dict.SetIntKey("quic_stream_id", static_cast(stream_id)); dict.SetBoolKey("fin", fin_received); return dict; diff --git a/chromium/net/quic/quic_http_utils.h b/chromium/net/quic/quic_http_utils.h index 3fe19fcce64..f495bdb07f0 100644 --- a/chromium/net/quic/quic_http_utils.h +++ b/chromium/net/quic/quic_http_utils.h @@ -23,14 +23,14 @@ ConvertQuicPriorityToRequestPriority(spdy::SpdyPriority priority); // Converts a spdy::SpdyHeaderBlock, stream_id and priority into NetLog event // parameters. -NET_EXPORT base::Value QuicRequestNetLogCallback( +NET_EXPORT base::Value QuicRequestNetLogParams( quic::QuicStreamId stream_id, const spdy::SpdyHeaderBlock* headers, spdy::SpdyPriority priority, NetLogCaptureMode capture_mode); // Converts a spdy::SpdyHeaderBlock and stream into NetLog event parameters. -NET_EXPORT base::Value QuicResponseNetLogCallback( +NET_EXPORT base::Value QuicResponseNetLogParams( quic::QuicStreamId stream_id, bool fin_received, const spdy::SpdyHeaderBlock* headers, diff --git a/chromium/net/quic/quic_http_utils_test.cc b/chromium/net/quic/quic_http_utils_test.cc index 8a92955fa74..f9c13dfd041 100644 --- a/chromium/net/quic/quic_http_utils_test.cc +++ b/chromium/net/quic/quic_http_utils_test.cc @@ -44,16 +44,16 @@ TEST(QuicHttpUtilsTest, FilterSupportedAltSvcVersions) { quic::ParsedQuicVersionVector supported_versions = { ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, quic::QUIC_VERSION_46), ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, quic::QUIC_VERSION_39), - ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, quic::QUIC_VERSION_44)}; + }; - std::vector alt_svc_versions_google = {quic::QUIC_VERSION_44, + std::vector alt_svc_versions_google = {quic::QUIC_VERSION_46, quic::QUIC_VERSION_43}; std::vector alt_svc_versions_ietf = { - QuicVersionToQuicVersionLabel(quic::QUIC_VERSION_44), + QuicVersionToQuicVersionLabel(quic::QUIC_VERSION_46), QuicVersionToQuicVersionLabel(quic::QUIC_VERSION_43)}; quic::ParsedQuicVersionVector supported_alt_svc_versions = { - ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, quic::QUIC_VERSION_44)}; + ParsedQuicVersion(PROTOCOL_QUIC_CRYPTO, quic::QUIC_VERSION_46)}; spdy::SpdyAltSvcWireFormat::AlternativeService altsvc; altsvc.protocol_id = "quic"; diff --git a/chromium/net/quic/quic_network_transaction_unittest.cc b/chromium/net/quic/quic_network_transaction_unittest.cc index ca519c5d65c..2a24deba49f 100644 --- a/chromium/net/quic/quic_network_transaction_unittest.cc +++ b/chromium/net/quic/quic_network_transaction_unittest.cc @@ -17,8 +17,10 @@ #include "base/strings/string_piece.h" #include "base/strings/stringprintf.h" #include "base/test/metrics/histogram_tester.h" +#include "base/test/scoped_feature_list.h" #include "net/base/chunked_upload_data_stream.h" #include "net/base/completion_once_callback.h" +#include "net/base/features.h" #include "net/base/ip_endpoint.h" #include "net/base/mock_network_change_notifier.h" #include "net/base/test_completion_callback.h" @@ -38,7 +40,6 @@ #include "net/http/transport_security_state.h" #include "net/log/net_log_event_type.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/proxy_resolution/proxy_config_service_fixed.h" #include "net/proxy_resolution/proxy_resolution_service.h" @@ -157,14 +158,17 @@ std::string GenerateQuicVersionsListForAltSvcHeader( std::vector GetPoolingTestParams() { std::vector params; quic::ParsedQuicVersionVector all_supported_versions = - quic::AllVersionsExcept99(); + quic::AllSupportedVersions(); for (const quic::ParsedQuicVersion version : all_supported_versions) { - params.push_back(PoolingTestParams{version, SAME_AS_FIRST, false}); - params.push_back(PoolingTestParams{version, SAME_AS_FIRST, true}); - params.push_back(PoolingTestParams{version, SAME_AS_SECOND, false}); - params.push_back(PoolingTestParams{version, SAME_AS_SECOND, true}); - params.push_back(PoolingTestParams{version, DIFFERENT, false}); - params.push_back(PoolingTestParams{version, DIFFERENT, true}); + // TODO(rch): crbug.com/978745 - Make this work with TLS + if (version.handshake_protocol != quic::PROTOCOL_TLS1_3) { + params.push_back(PoolingTestParams{version, SAME_AS_FIRST, false}); + params.push_back(PoolingTestParams{version, SAME_AS_FIRST, true}); + params.push_back(PoolingTestParams{version, SAME_AS_SECOND, false}); + params.push_back(PoolingTestParams{version, SAME_AS_SECOND, true}); + params.push_back(PoolingTestParams{version, DIFFERENT, false}); + params.push_back(PoolingTestParams{version, DIFFERENT, true}); + } } return params; } @@ -369,10 +373,8 @@ class QuicNetworkTransactionTest std::unique_ptr ConstructClientRstPacket( uint64_t num, quic::QuicStreamId stream_id, - quic::QuicRstStreamErrorCode error_code, - size_t bytes_written) { + quic::QuicRstStreamErrorCode error_code) { return client_maker_.MakeRstPacket(num, false, stream_id, error_code, - bytes_written, /*include_stop_sending_if_v99=*/true); } @@ -409,9 +411,8 @@ class QuicNetworkTransactionTest } std::unique_ptr ConstructInitialSettingsPacket( - uint64_t packet_number, - quic::QuicStreamOffset* offset) { - return client_maker_.MakeInitialSettingsPacket(packet_number, offset); + uint64_t packet_number) { + return client_maker_.MakeInitialSettingsPacket(packet_number); } std::unique_ptr ConstructServerAckPacket( @@ -428,11 +429,10 @@ class QuicNetworkTransactionTest bool should_include_version, quic::QuicStreamId id, quic::QuicStreamId parent_stream_id, - RequestPriority request_priority, - quic::QuicStreamOffset* offset) { + RequestPriority request_priority) { return client_maker_.MakePriorityPacket( packet_number, should_include_version, id, parent_stream_id, - ConvertRequestPriorityToQuicPriority(request_priority), offset); + ConvertRequestPriorityToQuicPriority(request_priority)); } std::unique_ptr @@ -443,11 +443,10 @@ class QuicNetworkTransactionTest uint64_t smallest_received, uint64_t least_unacked, const std::vector& - priority_frames, - quic::QuicStreamOffset* offset) { + priority_frames) { return client_maker_.MakeAckAndMultiplePriorityFramesPacket( packet_number, should_include_version, largest_received, - smallest_received, least_unacked, priority_frames, offset); + smallest_received, least_unacked, priority_frames); } // Uses default QuicTestPacketMaker. @@ -484,10 +483,9 @@ class QuicNetworkTransactionTest quic::QuicStreamId stream_id, bool should_include_version, bool fin, - quic::QuicStreamOffset offset, quic::QuicStringPiece data) { - return server_maker_.MakeDataPacket( - packet_number, stream_id, should_include_version, fin, offset, data); + return server_maker_.MakeDataPacket(packet_number, stream_id, + should_include_version, fin, data); } std::unique_ptr ConstructClientDataPacket( @@ -495,10 +493,9 @@ class QuicNetworkTransactionTest quic::QuicStreamId stream_id, bool should_include_version, bool fin, - quic::QuicStreamOffset offset, quic::QuicStringPiece data) { - return client_maker_.MakeDataPacket( - packet_number, stream_id, should_include_version, fin, offset, data); + return client_maker_.MakeDataPacket(packet_number, stream_id, + should_include_version, fin, data); } std::unique_ptr @@ -507,11 +504,9 @@ class QuicNetworkTransactionTest quic::QuicStreamId stream_id, bool should_include_version, bool fin, - quic::QuicStreamOffset offset, const std::vector data_writes) { - return client_maker_.MakeMultipleDataFramesPacket(packet_number, stream_id, - should_include_version, - fin, offset, data_writes); + return client_maker_.MakeMultipleDataFramesPacket( + packet_number, stream_id, should_include_version, fin, data_writes); } std::unique_ptr ConstructClientAckAndDataPacket( @@ -522,11 +517,10 @@ class QuicNetworkTransactionTest uint64_t smallest_received, uint64_t least_unacked, bool fin, - quic::QuicStreamOffset offset, quic::QuicStringPiece data) { return client_maker_.MakeAckAndDataPacket( packet_number, include_version, stream_id, largest_received, - smallest_received, least_unacked, fin, offset, data); + smallest_received, least_unacked, fin, data); } std::unique_ptr @@ -538,11 +532,10 @@ class QuicNetworkTransactionTest uint64_t smallest_received, uint64_t least_unacked, bool fin, - quic::QuicStreamOffset offset, const std::vector data_writes) { return client_maker_.MakeAckAndMultipleDataFramesPacket( packet_number, include_version, stream_id, largest_received, - smallest_received, least_unacked, fin, offset, data_writes); + smallest_received, least_unacked, fin, data_writes); } std::unique_ptr ConstructClientForceHolDataPacket( @@ -564,19 +557,7 @@ class QuicNetworkTransactionTest spdy::SpdyHeaderBlock headers) { return ConstructClientRequestHeadersPacket(packet_number, stream_id, should_include_version, fin, - std::move(headers), nullptr); - } - - std::unique_ptr - ConstructClientRequestHeadersPacket(uint64_t packet_number, - quic::QuicStreamId stream_id, - bool should_include_version, - bool fin, - spdy::SpdyHeaderBlock headers, - quic::QuicStreamOffset* offset) { - return ConstructClientRequestHeadersPacket(packet_number, stream_id, - should_include_version, fin, - std::move(headers), 0, offset); + std::move(headers), 0); } std::unique_ptr @@ -585,11 +566,10 @@ class QuicNetworkTransactionTest bool should_include_version, bool fin, spdy::SpdyHeaderBlock headers, - quic::QuicStreamId parent_stream_id, - quic::QuicStreamOffset* offset) { + quic::QuicStreamId parent_stream_id) { return ConstructClientRequestHeadersPacket( packet_number, stream_id, should_include_version, fin, DEFAULT_PRIORITY, - std::move(headers), parent_stream_id, offset); + std::move(headers), parent_stream_id); } std::unique_ptr @@ -599,13 +579,12 @@ class QuicNetworkTransactionTest bool fin, RequestPriority request_priority, spdy::SpdyHeaderBlock headers, - quic::QuicStreamId parent_stream_id, - quic::QuicStreamOffset* offset) { + quic::QuicStreamId parent_stream_id) { spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(request_priority); - return client_maker_.MakeRequestHeadersPacketWithOffsetTracking( + return client_maker_.MakeRequestHeadersPacket( packet_number, stream_id, should_include_version, fin, priority, - std::move(headers), parent_stream_id, offset); + std::move(headers), parent_stream_id, nullptr); } std::unique_ptr @@ -617,39 +596,26 @@ class QuicNetworkTransactionTest RequestPriority request_priority, spdy::SpdyHeaderBlock headers, quic::QuicStreamId parent_stream_id, - quic::QuicStreamOffset* offset, size_t* spdy_headers_frame_length, const std::vector& data_writes) { spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(request_priority); return client_maker_.MakeRequestHeadersAndMultipleDataFramesPacket( packet_number, stream_id, should_include_version, fin, priority, - std::move(headers), parent_stream_id, offset, spdy_headers_frame_length, + std::move(headers), parent_stream_id, spdy_headers_frame_length, data_writes); } - std::unique_ptr - ConstructClientMultipleDataFramesPacket(uint64_t packet_number, - quic::QuicStreamId stream_id, - bool should_include_version, - bool fin, - const std::vector& data, - quic::QuicStreamOffset offset) { - return client_maker_.MakeMultipleDataFramesPacket( - packet_number, stream_id, should_include_version, fin, offset, data); - } - std::unique_ptr ConstructServerPushPromisePacket( uint64_t packet_number, quic::QuicStreamId stream_id, quic::QuicStreamId promised_stream_id, bool should_include_version, spdy::SpdyHeaderBlock headers, - quic::QuicStreamOffset* offset, QuicTestPacketMaker* maker) { return maker->MakePushPromisePacket( packet_number, stream_id, promised_stream_id, should_include_version, - false, std::move(headers), nullptr, offset); + false, std::move(headers), nullptr); } std::unique_ptr @@ -658,21 +624,9 @@ class QuicNetworkTransactionTest bool should_include_version, bool fin, spdy::SpdyHeaderBlock headers) { - return ConstructServerResponseHeadersPacket(packet_number, stream_id, - should_include_version, fin, - std::move(headers), nullptr); - } - - std::unique_ptr - ConstructServerResponseHeadersPacket(uint64_t packet_number, - quic::QuicStreamId stream_id, - bool should_include_version, - bool fin, - spdy::SpdyHeaderBlock headers, - quic::QuicStreamOffset* offset) { - return server_maker_.MakeResponseHeadersPacketWithOffsetTracking( - packet_number, stream_id, should_include_version, fin, - std::move(headers), offset); + return server_maker_.MakeResponseHeadersPacket(packet_number, stream_id, + should_include_version, fin, + std::move(headers), nullptr); } std::string ConstructDataHeader(size_t body_len) { @@ -687,8 +641,9 @@ class QuicNetworkTransactionTest void CreateSession(const quic::ParsedQuicVersionVector& supported_versions) { session_params_.enable_quic = true; - session_params_.quic_supported_versions = supported_versions; - session_params_.quic_headers_include_h2_stream_dependency = + session_params_.quic_params.supported_versions = supported_versions; + session_params_.quic_params.max_allowed_push_id = quic::kMaxQuicStreamId; + session_params_.quic_params.headers_include_h2_stream_dependency = client_headers_include_h2_stream_dependency_; session_context_.quic_clock = &clock_; @@ -863,9 +818,10 @@ class QuicNetworkTransactionTest } void SetUpTestForRetryConnectionOnAlternateNetwork() { - session_params_.quic_migrate_sessions_on_network_change_v2 = true; - session_params_.quic_migrate_sessions_early_v2 = true; - session_params_.quic_retry_on_alternate_network_before_handshake = true; + session_params_.quic_params.migrate_sessions_on_network_change_v2 = true; + session_params_.quic_params.migrate_sessions_early_v2 = true; + session_params_.quic_params.retry_on_alternate_network_before_handshake = + true; scoped_mock_change_notifier_.reset(new ScopedMockNetworkChangeNotifier()); MockNetworkChangeNotifier* mock_ncn = scoped_mock_change_notifier_->mock_network_change_notifier(); @@ -1005,24 +961,36 @@ class QuicNetworkTransactionTest } }; +quic::ParsedQuicVersionVector AllSupportedVersionsWithoutTls() { + quic::ParsedQuicVersionVector versions; + for (auto version : quic::AllSupportedVersions()) { + // TODO(rch): crbug.com/978745 - Make this work with TLS + if (version.handshake_protocol != quic::PROTOCOL_TLS1_3) { + versions.push_back(version); + } + } + return versions; +} + INSTANTIATE_TEST_SUITE_P( VersionIncludeStreamDependencySequence, QuicNetworkTransactionTest, - ::testing::Combine(::testing::ValuesIn(quic::AllVersionsExcept99()), + ::testing::Combine(::testing::ValuesIn(AllSupportedVersionsWithoutTls()), ::testing::Bool())); +// TODO(950069): Add testing for frame_origin in NetworkIsolationKey using +// kAppendInitiatingFrameOriginToNetworkIsolationKey. + TEST_P(QuicNetworkTransactionTest, WriteErrorHandshakeConfirmed) { - session_params_.retry_without_alt_svc_on_quic_errors = false; + session_params_.quic_params.retry_without_alt_svc_on_quic_errors = false; base::HistogramTester histograms; - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); crypto_client_stream_factory_.set_handshake_mode( MockCryptoClientStream::CONFIRM_HANDSHAKE); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite(SYNCHRONOUS, ERR_INTERNET_DISCONNECTED); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause mock_quic_data.AddRead(ASYNC, OK); // No more data to read @@ -1044,17 +1012,15 @@ TEST_P(QuicNetworkTransactionTest, WriteErrorHandshakeConfirmed) { } TEST_P(QuicNetworkTransactionTest, WriteErrorHandshakeConfirmedAsync) { - session_params_.retry_without_alt_svc_on_quic_errors = false; + session_params_.quic_params.retry_without_alt_svc_on_quic_errors = false; base::HistogramTester histograms; - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); crypto_client_stream_factory_.set_handshake_mode( MockCryptoClientStream::CONFIRM_HANDSHAKE); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite(ASYNC, ERR_INTERNET_DISCONNECTED); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause mock_quic_data.AddRead(ASYNC, OK); // No more data to read @@ -1076,18 +1042,15 @@ TEST_P(QuicNetworkTransactionTest, WriteErrorHandshakeConfirmedAsync) { } TEST_P(QuicNetworkTransactionTest, SocketWatcherEnabled) { - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -1096,7 +1059,7 @@ TEST_P(QuicNetworkTransactionTest, SocketWatcherEnabled) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read @@ -1113,18 +1076,15 @@ TEST_P(QuicNetworkTransactionTest, SocketWatcherEnabled) { } TEST_P(QuicNetworkTransactionTest, SocketWatcherDisabled) { - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -1133,7 +1093,7 @@ TEST_P(QuicNetworkTransactionTest, SocketWatcherDisabled) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read @@ -1150,18 +1110,15 @@ TEST_P(QuicNetworkTransactionTest, SocketWatcherDisabled) { } TEST_P(QuicNetworkTransactionTest, ForceQuic) { - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -1170,7 +1127,7 @@ TEST_P(QuicNetworkTransactionTest, ForceQuic) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read @@ -1181,8 +1138,7 @@ TEST_P(QuicNetworkTransactionTest, ForceQuic) { SendRequestAndExpectQuicResponse("hello!"); // Check that the NetLog was filled reasonably. - TestNetLogEntry::List entries; - net_log_.GetEntries(&entries); + auto entries = net_log_.GetEntries(); EXPECT_LT(0u, entries.size()); // Check that we logged a QUIC_SESSION_PACKET_RECEIVED. @@ -1198,9 +1154,7 @@ TEST_P(QuicNetworkTransactionTest, ForceQuic) { NetLogEventPhase::NONE); EXPECT_LT(0, pos); - int packet_number; - ASSERT_TRUE(entries[pos].GetIntegerValue("packet_number", &packet_number)); - EXPECT_EQ(1, packet_number); + EXPECT_EQ(1, GetIntegerValueFromParams(entries[pos], "packet_number")); // ... and also a TYPE_QUIC_SESSION_PACKET_AUTHENTICATED. pos = ExpectLogContainsSomewhere( @@ -1214,25 +1168,30 @@ TEST_P(QuicNetworkTransactionTest, ForceQuic) { NetLogEventPhase::NONE); EXPECT_LT(0, pos); - int log_stream_id; - ASSERT_TRUE(entries[pos].GetIntegerValue("stream_id", &log_stream_id)); - EXPECT_EQ(quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - static_cast(log_stream_id)); + int log_stream_id = GetIntegerValueFromParams(entries[pos], "stream_id"); + if (quic::VersionUsesQpack(version_.transport_version)) { + EXPECT_EQ(GetNthClientInitiatedBidirectionalStreamId(0), + static_cast(log_stream_id)); + } else { + EXPECT_EQ(quic::QuicUtils::GetHeadersStreamId(version_.transport_version), + static_cast(log_stream_id)); + } } TEST_P(QuicNetworkTransactionTest, LargeResponseHeaders) { - session_params_.origins_to_force_quic_on.insert( + // TODO(rch): honor the max header list size. b/136108828 + if (quic::VersionUsesQpack(version_.transport_version)) + return; + + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); spdy::SpdyHeaderBlock response_headers = GetResponseHeaders("200 OK"); response_headers["key1"] = std::string(30000, 'A'); response_headers["key2"] = std::string(30000, 'A'); @@ -1242,31 +1201,42 @@ TEST_P(QuicNetworkTransactionTest, LargeResponseHeaders) { response_headers["key6"] = std::string(30000, 'A'); response_headers["key7"] = std::string(30000, 'A'); response_headers["key8"] = std::string(30000, 'A'); - spdy::SpdyHeadersIR headers_frame( - GetNthClientInitiatedBidirectionalStreamId(0), - std::move(response_headers)); - spdy::SpdyFramer response_framer(spdy::SpdyFramer::ENABLE_COMPRESSION); - spdy::SpdySerializedFrame spdy_frame = - response_framer.SerializeFrame(headers_frame); + quic::QuicStreamId stream_id; + std::string response_data; + if (quic::VersionUsesQpack(version_.transport_version)) { + stream_id = GetNthClientInitiatedBidirectionalStreamId(0); + std::vector encoded = server_maker_.QpackEncodeHeaders( + stream_id, std::move(response_headers), nullptr); + for (const auto& e : encoded) { + response_data += e; + } + } else { + stream_id = quic::QuicUtils::GetHeadersStreamId(version_.transport_version); + spdy::SpdyHeadersIR headers_frame( + GetNthClientInitiatedBidirectionalStreamId(0), + std::move(response_headers)); + spdy::SpdyFramer response_framer(spdy::SpdyFramer::ENABLE_COMPRESSION); + spdy::SpdySerializedFrame spdy_frame = + response_framer.SerializeFrame(headers_frame); + response_data = std::string(spdy_frame.data(), spdy_frame.size()); + } uint64_t packet_number = 1; size_t chunk_size = 1200; - for (size_t offset = 0; offset < spdy_frame.size(); offset += chunk_size) { - size_t len = std::min(chunk_size, spdy_frame.size() - offset); + for (size_t offset = 0; offset < response_data.length(); + offset += chunk_size) { + size_t len = std::min(chunk_size, response_data.length() - offset); mock_quic_data.AddRead( - ASYNC, - ConstructServerDataPacket( - packet_number++, - quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - false, false, offset, - base::StringPiece(spdy_frame.data() + offset, len))); + ASYNC, ConstructServerDataPacket( + packet_number++, stream_id, false, false, + base::StringPiece(response_data.data() + offset, len))); } std::string header = ConstructDataHeader(6); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( packet_number, GetNthClientInitiatedBidirectionalStreamId(0), - false, true, 0, header + "hello!")); + false, true, header + "hello!")); mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read mock_quic_data.AddWrite(ASYNC, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddWrite(ASYNC, @@ -1282,19 +1252,17 @@ TEST_P(QuicNetworkTransactionTest, LargeResponseHeaders) { } TEST_P(QuicNetworkTransactionTest, TooLargeResponseHeaders) { - session_params_.retry_without_alt_svc_on_quic_errors = false; - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.retry_without_alt_svc_on_quic_errors = false; + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); + spdy::SpdyHeaderBlock response_headers = GetResponseHeaders("200 OK"); response_headers["key1"] = std::string(30000, 'A'); response_headers["key2"] = std::string(30000, 'A'); @@ -1305,24 +1273,36 @@ TEST_P(QuicNetworkTransactionTest, TooLargeResponseHeaders) { response_headers["key7"] = std::string(30000, 'A'); response_headers["key8"] = std::string(30000, 'A'); response_headers["key9"] = std::string(30000, 'A'); - spdy::SpdyHeadersIR headers_frame( - GetNthClientInitiatedBidirectionalStreamId(0), - std::move(response_headers)); - spdy::SpdyFramer response_framer(spdy::SpdyFramer::ENABLE_COMPRESSION); - spdy::SpdySerializedFrame spdy_frame = - response_framer.SerializeFrame(headers_frame); + + quic::QuicStreamId stream_id; + std::string response_data; + if (quic::VersionUsesQpack(version_.transport_version)) { + stream_id = GetNthClientInitiatedBidirectionalStreamId(0); + std::vector encoded = server_maker_.QpackEncodeHeaders( + stream_id, std::move(response_headers), nullptr); + for (const auto& e : encoded) { + response_data += e; + } + } else { + stream_id = quic::QuicUtils::GetHeadersStreamId(version_.transport_version); + spdy::SpdyHeadersIR headers_frame( + GetNthClientInitiatedBidirectionalStreamId(0), + std::move(response_headers)); + spdy::SpdyFramer response_framer(spdy::SpdyFramer::ENABLE_COMPRESSION); + spdy::SpdySerializedFrame spdy_frame = + response_framer.SerializeFrame(headers_frame); + response_data = std::string(spdy_frame.data(), spdy_frame.size()); + } uint64_t packet_number = 1; size_t chunk_size = 1200; - for (size_t offset = 0; offset < spdy_frame.size(); offset += chunk_size) { - size_t len = std::min(chunk_size, spdy_frame.size() - offset); + for (size_t offset = 0; offset < response_data.length(); + offset += chunk_size) { + size_t len = std::min(chunk_size, response_data.length() - offset); mock_quic_data.AddRead( - ASYNC, - ConstructServerDataPacket( - packet_number++, - quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - false, false, offset, - base::StringPiece(spdy_frame.data() + offset, len))); + ASYNC, ConstructServerDataPacket( + packet_number++, stream_id, false, false, + base::StringPiece(response_data.data() + offset, len))); } std::string header = ConstructDataHeader(6); @@ -1330,7 +1310,7 @@ TEST_P(QuicNetworkTransactionTest, TooLargeResponseHeaders) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( packet_number, GetNthClientInitiatedBidirectionalStreamId(0), - false, true, 0, header + "hello!")); + false, true, header + "hello!")); mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read mock_quic_data.AddWrite(ASYNC, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddWrite( @@ -1350,19 +1330,16 @@ TEST_P(QuicNetworkTransactionTest, TooLargeResponseHeaders) { } TEST_P(QuicNetworkTransactionTest, ForceQuicForAll) { - session_params_.origins_to_force_quic_on.insert(HostPortPair()); + session_params_.quic_params.origins_to_force_quic_on.insert(HostPortPair()); AddQuicAlternateProtocolMapping(MockCryptoClientStream::CONFIRM_HANDSHAKE); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -1371,7 +1348,7 @@ TEST_P(QuicNetworkTransactionTest, ForceQuicForAll) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read @@ -1389,15 +1366,12 @@ TEST_P(QuicNetworkTransactionTest, QuicProxy) { proxy_resolution_service_ = ProxyResolutionService::CreateFixedFromPacResult( "QUIC mail.example.org:70", TRAFFIC_ANNOTATION_FOR_TESTS); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "http", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "http", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -1406,7 +1380,7 @@ TEST_P(QuicNetworkTransactionTest, QuicProxy) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); // EOF @@ -1438,15 +1412,12 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyWithCert) { "QUIC " + proxy_host + ":70", TRAFFIC_ANNOTATION_FOR_TESTS); client_maker_.set_hostname(origin_host); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); - mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "http", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "http", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -1455,7 +1426,7 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyWithCert) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); @@ -1482,7 +1453,7 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyWithCert) { } TEST_P(QuicNetworkTransactionTest, AlternativeServicesDifferentHost) { - session_params_.quic_allow_remote_alt_svc = true; + session_params_.quic_params.allow_remote_alt_svc = true; HostPortPair origin("www.example.org", 443); HostPortPair alternative("mail.example.org", 443); @@ -1499,15 +1470,13 @@ TEST_P(QuicNetworkTransactionTest, AlternativeServicesDifferentHost) { crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); client_maker_.set_hostname(origin.host()); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -1516,7 +1485,7 @@ TEST_P(QuicNetworkTransactionTest, AlternativeServicesDifferentHost) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); @@ -1568,8 +1537,14 @@ TEST_P(QuicNetworkTransactionTest, DoNotUseQuicForUnsupportedVersion) { // in the stored AlternativeService is not supported by the client. However, // the response from the server will advertise new Alt-Svc with supported // versions. + quic::ParsedQuicVersionVector versions; + for (quic::QuicTransportVersion version : + quic::AllSupportedTransportVersions()) { + versions.push_back( + quic::ParsedQuicVersion(quic::PROTOCOL_QUIC_CRYPTO, version)); + } std::string advertised_versions_list_str = - GenerateQuicVersionsListForAltSvcHeader(quic::AllSupportedVersions()); + GenerateQuicVersionsListForAltSvcHeader(versions); std::string altsvc_header = base::StringPrintf("Alt-Svc: quic=\":443\"; v=\"%s\"\r\n\r\n", advertised_versions_list_str.c_str()); @@ -1586,15 +1561,12 @@ TEST_P(QuicNetworkTransactionTest, DoNotUseQuicForUnsupportedVersion) { // Second request should be sent via QUIC as a new list of verions supported // by the client has been advertised by the server. - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -1603,7 +1575,7 @@ TEST_P(QuicNetworkTransactionTest, DoNotUseQuicForUnsupportedVersion) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); // EOF @@ -1658,19 +1630,16 @@ TEST_P(QuicNetworkTransactionTest, RetryMisdirectedRequest) { // |http_data| exits the socket pool before the main job is aborted // deterministic. The first main job gets aborted without the socket pool ever // dispensing the socket, making it available for the second try. - MockQuicData mock_quic_data; - quic::QuicStreamOffset request_header_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &request_header_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &request_header_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - GetResponseHeaders("421"), nullptr)); + GetResponseHeaders("421"))); mock_quic_data.AddRead(ASYNC, OK); mock_quic_data.AddSocketDataToFactory(&socket_factory_); @@ -1715,18 +1684,15 @@ TEST_P(QuicNetworkTransactionTest, RetryMisdirectedRequest) { } TEST_P(QuicNetworkTransactionTest, ForceQuicWithErrorConnecting) { - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); - MockQuicData mock_quic_data1; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data1.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data1(version_); + mock_quic_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data1.AddRead(ASYNC, ERR_SOCKET_NOT_CONNECTED); - MockQuicData mock_quic_data2; - header_stream_offset = 0; - mock_quic_data2.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + client_maker_.Reset(); + MockQuicData mock_quic_data2(version_); + mock_quic_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details_); mock_quic_data2.AddRead(ASYNC, ERR_SOCKET_NOT_CONNECTED); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details_); @@ -1753,7 +1719,7 @@ TEST_P(QuicNetworkTransactionTest, ForceQuicWithErrorConnecting) { TEST_P(QuicNetworkTransactionTest, DoNotForceQuicForHttps) { // Attempt to "force" quic on 443, which will not be honored. - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("www.google.com:443")); MockRead http_reads[] = { @@ -1784,15 +1750,12 @@ TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceForQuic) { AddCertificate(&ssl_data_); socket_factory_.AddSSLSocketDataProvider(&ssl_data_); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -1801,7 +1764,7 @@ TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceForQuic) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); // EOF @@ -1851,15 +1814,12 @@ TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceWithVersionForQuic1) { AddCertificate(&ssl_data_); socket_factory_.AddSSLSocketDataProvider(&ssl_data_); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -1868,7 +1828,7 @@ TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceWithVersionForQuic1) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); // EOF @@ -1914,15 +1874,12 @@ TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceWithVersionForQuic2) { AddCertificate(&ssl_data_); socket_factory_.AddSSLSocketDataProvider(&ssl_data_); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -1931,7 +1888,7 @@ TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceWithVersionForQuic2) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); // EOF @@ -1959,15 +1916,12 @@ TEST_P(QuicNetworkTransactionTest, AddCertificate(&ssl_data_); socket_factory_.AddSSLSocketDataProvider(&ssl_data_); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -1976,7 +1930,7 @@ TEST_P(QuicNetworkTransactionTest, mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); // EOF @@ -2066,8 +2020,14 @@ TEST_P(QuicNetworkTransactionTest, break; } + quic::ParsedQuicVersionVector versions; + for (quic::QuicTransportVersion version : + quic::AllSupportedTransportVersions()) { + versions.push_back( + quic::ParsedQuicVersion(quic::PROTOCOL_QUIC_CRYPTO, version)); + } std::string advertised_versions_list_str = - GenerateQuicVersionsListForAltSvcHeader(quic::AllSupportedVersions()); + GenerateQuicVersionsListForAltSvcHeader(versions); std::string altsvc_header = base::StringPrintf("Alt-Svc: quic=\":443\"; v=\"%s\"\r\n\r\n", advertised_versions_list_str.c_str()); @@ -2082,15 +2042,12 @@ TEST_P(QuicNetworkTransactionTest, AddCertificate(&ssl_data_); socket_factory_.AddSSLSocketDataProvider(&ssl_data_); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); - mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -2099,7 +2056,7 @@ TEST_P(QuicNetworkTransactionTest, mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); // EOF @@ -2147,15 +2104,12 @@ TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceAllSupportedVersion) { AddCertificate(&ssl_data_); socket_factory_.AddSSLSocketDataProvider(&ssl_data_); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); - mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -2164,7 +2118,7 @@ TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceAllSupportedVersion) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); // EOF @@ -2183,15 +2137,12 @@ TEST_P(QuicNetworkTransactionTest, GoAwayWithConnectionMigrationOnPortsOnly) { // Not available under version 99 return; } - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); - mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -2207,7 +2158,7 @@ TEST_P(QuicNetworkTransactionTest, GoAwayWithConnectionMigrationOnPortsOnly) { mock_quic_data.AddRead( SYNCHRONOUS, ConstructServerDataPacket( 3, GetNthClientInitiatedBidirectionalStreamId(0), false, - true, 0, header + "hello!")); + true, header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckAndRstPacket( 4, GetNthClientInitiatedBidirectionalStreamId(0), @@ -2259,11 +2210,10 @@ TEST_P(QuicNetworkTransactionTest, GoAwayWithConnectionMigrationOnPortsOnly) { TEST_P(QuicNetworkTransactionTest, QuicFailsOnBothNetworksWhileTCPSucceeds) { SetUpTestForRetryConnectionOnAlternateNetwork(); - std::string request_data; client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); // The request will initially go out over QUIC. - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read int packet_num = 1; quic_data.AddWrite(SYNCHRONOUS, @@ -2304,7 +2254,7 @@ TEST_P(QuicNetworkTransactionTest, QuicFailsOnBothNetworksWhileTCPSucceeds) { socket_factory_.AddSSLSocketDataProvider(&ssl_data_); // Add data for the second QUIC connection to fail. - MockQuicData quic_data2; + MockQuicData quic_data2(version_); quic_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); quic_data2.AddWrite(SYNCHRONOUS, ERR_ADDRESS_UNREACHABLE); // Write error. quic_data2.AddSocketDataToFactory(&socket_factory_); @@ -2338,12 +2288,6 @@ TEST_P(QuicNetworkTransactionTest, QuicFailsOnBothNetworksWhileTCPSucceeds) { EXPECT_THAT(callback.WaitForResult(), IsOk()); CheckResponseData(&trans, "TCP succeeds"); - // Fire the retransmission alarm, from this point, connection will idle - // timeout after 4 seconds. - if (!GetQuicReloadableFlag( - quic_fix_time_of_first_packet_sent_after_receiving)) { - quic_task_runner_->RunNextTask(); - } // Fast forward to idle timeout the original connection. A new connection will // be kicked off on the alternate network. quic_task_runner_->FastForwardBy(quic::QuicTime::Delta::FromSeconds(4)); @@ -2374,11 +2318,10 @@ TEST_P(QuicNetworkTransactionTest, QuicFailsOnBothNetworksWhileTCPSucceeds) { TEST_P(QuicNetworkTransactionTest, RetryOnAlternateNetworkWhileTCPSucceeds) { SetUpTestForRetryConnectionOnAlternateNetwork(); - std::string request_data; client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); // The request will initially go out over QUIC. - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read int packet_num = 1; quic_data.AddWrite(SYNCHRONOUS, @@ -2420,15 +2363,13 @@ TEST_P(QuicNetworkTransactionTest, RetryOnAlternateNetworkWhileTCPSucceeds) { // Quic connection will be retried on the alternate network after the initial // one fails on the default network. - MockQuicData quic_data2; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData quic_data2(version_); quic_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Handing read. quic_data2.AddWrite(SYNCHRONOUS, client_maker_.MakeDummyCHLOPacket(1)); // CHLO client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - quic_data2.AddWrite(SYNCHRONOUS, - ConstructInitialSettingsPacket(2, &header_stream_offset)); + quic_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(2)); quic_data2.AddSocketDataToFactory(&socket_factory_); // Resolve the host resolution synchronously. @@ -2460,12 +2401,6 @@ TEST_P(QuicNetworkTransactionTest, RetryOnAlternateNetworkWhileTCPSucceeds) { EXPECT_THAT(callback.WaitForResult(), IsOk()); CheckResponseData(&trans, "TCP succeeds"); - // Fire the retransmission alarm, after which connection will idle - // timeout after 4 seconds. - if (!GetQuicReloadableFlag( - quic_fix_time_of_first_packet_sent_after_receiving)) { - quic_task_runner_->RunNextTask(); - } // Fast forward to idle timeout the original connection. A new connection will // be kicked off on the alternate network. quic_task_runner_->FastForwardBy(quic::QuicTime::Delta::FromSeconds(4)); @@ -2503,11 +2438,10 @@ TEST_P(QuicNetworkTransactionTest, RetryOnAlternateNetworkWhileTCPSucceeds) { TEST_P(QuicNetworkTransactionTest, RetryOnAlternateNetworkWhileTCPHanging) { SetUpTestForRetryConnectionOnAlternateNetwork(); - std::string request_data; client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); // The request will initially go out over QUIC. - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read int packet_num = 1; quic_data.AddWrite(SYNCHRONOUS, @@ -2538,8 +2472,7 @@ TEST_P(QuicNetworkTransactionTest, RetryOnAlternateNetworkWhileTCPHanging) { AddHangingNonAlternateProtocolSocketData(); // Quic connection will then be retried on the alternate network. - MockQuicData quic_data2; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData quic_data2(version_); quic_data2.AddWrite(SYNCHRONOUS, client_maker_.MakeDummyCHLOPacket(1)); // CHLO @@ -2547,13 +2480,11 @@ TEST_P(QuicNetworkTransactionTest, RetryOnAlternateNetworkWhileTCPHanging) { std::string header = ConstructDataHeader(body.length()); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - quic_data2.AddWrite(SYNCHRONOUS, - ConstructInitialSettingsPacket(2, &header_stream_offset)); + quic_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(2)); quic_data2.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 3, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 3, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); quic_data2.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -2561,7 +2492,7 @@ TEST_P(QuicNetworkTransactionTest, RetryOnAlternateNetworkWhileTCPHanging) { quic_data2.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + body)); + header + body)); quic_data2.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(4, 2, 1, 1)); quic_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read quic_data2.AddSocketDataToFactory(&socket_factory_); @@ -2591,10 +2522,6 @@ TEST_P(QuicNetworkTransactionTest, RetryOnAlternateNetworkWhileTCPHanging) { // Pump the message loop to get the request started. base::RunLoop().RunUntilIdle(); - if (!GetQuicReloadableFlag( - quic_fix_time_of_first_packet_sent_after_receiving)) { - quic_task_runner_->RunNextTask(); - } // Fast forward to idle timeout the original connection. A new connection will // be kicked off on the alternate network. @@ -2625,78 +2552,76 @@ TEST_P(QuicNetworkTransactionTest, RetryOnAlternateNetworkWhileTCPHanging) { // Verify that if a QUIC connection times out, the QuicHttpStream will // return QUIC_PROTOCOL_ERROR. TEST_P(QuicNetworkTransactionTest, TimeoutAfterHandshakeConfirmed) { - session_params_.retry_without_alt_svc_on_quic_errors = false; - session_params_.quic_idle_connection_timeout_seconds = 5; + session_params_.quic_params.retry_without_alt_svc_on_quic_errors = false; + session_params_.quic_params.idle_connection_timeout = + base::TimeDelta::FromSeconds(5); // The request will initially go out over QUIC. - MockQuicData quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData quic_data(version_); spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); - std::string request_data; + client_maker_.set_save_packet_frames(true); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeRequestHeadersPacketAndSaveData( - 1, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, priority, GetRequestHeaders("GET", "https", "/"), - 0, nullptr, &header_stream_offset, &request_data)); - - std::string settings_data; - quic::QuicStreamOffset settings_offset = header_stream_offset; - client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacketAndSaveData( - 2, &header_stream_offset, &settings_data)); - // TLP 1 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 3, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - // TLP 2 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 4, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 1 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 5, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 6, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 2 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 7, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 8, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 3 quic_data.AddWrite( SYNCHRONOUS, - client_maker_.MakeDataPacket( - 9, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 10, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); + client_maker_.MakeRequestHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), true, true, + priority, GetRequestHeaders("GET", "https", "/"), 0, nullptr)); - quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeConnectionClosePacket( - 11, true, quic::QUIC_NETWORK_IDLE_TIMEOUT, - "No recent network activity.")); + client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); + if (version_.transport_version != quic::QUIC_VERSION_99) { + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(2)); + // TLP 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 3, true)); + // TLP 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 4, true)); + // RTO 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 5, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 6, true)); + // RTO 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 7, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 8, true)); + // RTO 3 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 9, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 10, true)); + + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeConnectionClosePacket( + 11, true, quic::QUIC_NETWORK_IDLE_TIMEOUT, + "No recent network activity.")); + } else { + // Settings were sent in the request packet so there is only 1 packet to + // retransmit. + // TLP 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 2, true)); + // TLP 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 3, true)); + // RTO 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 4, true)); + // RTO 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 5, true)); + // RTO 3 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 6, true)); + + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeConnectionClosePacket( + 7, true, quic::QUIC_NETWORK_IDLE_TIMEOUT, + "No recent network activity.")); + } quic_data.AddRead(ASYNC, ERR_IO_PENDING); quic_data.AddRead(ASYNC, OK); @@ -2742,101 +2667,93 @@ TEST_P(QuicNetworkTransactionTest, TimeoutAfterHandshakeConfirmed) { // Verify that if a QUIC connection RTOs, the QuicHttpStream will // return QUIC_PROTOCOL_ERROR. TEST_P(QuicNetworkTransactionTest, TooManyRtosAfterHandshakeConfirmed) { - session_params_.retry_without_alt_svc_on_quic_errors = false; - session_params_.quic_connection_options.push_back(quic::k5RTO); + session_params_.quic_params.retry_without_alt_svc_on_quic_errors = false; + session_params_.quic_params.connection_options.push_back(quic::k5RTO); // The request will initially go out over QUIC. - MockQuicData quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData quic_data(version_); spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); - std::string request_data; + client_maker_.set_save_packet_frames(true); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeRequestHeadersPacketAndSaveData( - 1, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, priority, GetRequestHeaders("GET", "https", "/"), - 0, nullptr, &header_stream_offset, &request_data)); - - std::string settings_data; - quic::QuicStreamOffset settings_offset = header_stream_offset; - client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacketAndSaveData( - 2, &header_stream_offset, &settings_data)); - // TLP 1 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 3, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - // TLP 2 quic_data.AddWrite( SYNCHRONOUS, - client_maker_.MakeDataPacket( - 4, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 1 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 5, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 6, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 2 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 7, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 8, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 3 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 9, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 10, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 4 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 11, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 12, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 5 - quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeConnectionClosePacket( - 13, true, quic::QUIC_TOO_MANY_RTOS, - "5 consecutive retransmission timeouts")); - - quic_data.AddRead(ASYNC, OK); - quic_data.AddSocketDataToFactory(&socket_factory_); - - // In order for a new QUIC session to be established via alternate-protocol - // without racing an HTTP connection, we need the host resolution to happen - // synchronously. Of course, even though QUIC *could* perform a 0-RTT - // connection to the the server, in this test we require confirmation - // before encrypting so the HTTP job will still start. - host_resolver_.set_synchronous_mode(true); - host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1", - ""); + client_maker_.MakeRequestHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), true, true, + priority, GetRequestHeaders("GET", "https", "/"), 0, nullptr)); + + client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); + if (version_.transport_version != quic::QUIC_VERSION_99) { + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(2)); + // TLP 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 3, true)); + // TLP 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 4, true)); + // RTO 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 5, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 6, true)); + // RTO 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 7, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 8, true)); + // RTO 3 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 9, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 10, true)); + // RTO 4 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 11, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 12, true)); + // RTO 5 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeConnectionClosePacket( + 13, true, quic::QUIC_TOO_MANY_RTOS, + "5 consecutive retransmission timeouts")); + } else { + // TLP 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 2, true)); + // TLP 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 3, true)); + // RTO 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 4, true)); + // RTO 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 5, true)); + // RTO 3 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 6, true)); + // RTO 4 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 7, true)); + // RTO 5 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeConnectionClosePacket( + 8, true, quic::QUIC_TOO_MANY_RTOS, + "5 consecutive retransmission timeouts")); + } + + quic_data.AddRead(ASYNC, OK); + quic_data.AddSocketDataToFactory(&socket_factory_); + + // In order for a new QUIC session to be established via alternate-protocol + // without racing an HTTP connection, we need the host resolution to happen + // synchronously. Of course, even though QUIC *could* perform a 0-RTT + // connection to the the server, in this test we require confirmation + // before encrypting so the HTTP job will still start. + host_resolver_.set_synchronous_mode(true); + host_resolver_.rules()->AddIPLiteralRule("mail.example.org", "192.168.0.1", + ""); CreateSession(); // Use a TestTaskRunner to avoid waiting in real time for timeouts. @@ -2870,90 +2787,102 @@ TEST_P(QuicNetworkTransactionTest, TooManyRtosAfterHandshakeConfirmed) { // QUIC will not be marked as broken. TEST_P(QuicNetworkTransactionTest, TooManyRtosAfterHandshakeConfirmedAndStreamReset) { - session_params_.quic_connection_options.push_back(quic::k5RTO); + session_params_.quic_params.connection_options.push_back(quic::k5RTO); // The request will initially go out over QUIC. - MockQuicData quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData quic_data(version_); spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); - std::string request_data; + client_maker_.set_save_packet_frames(true); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeRequestHeadersPacketAndSaveData( - 1, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, priority, GetRequestHeaders("GET", "https", "/"), - 0, nullptr, &header_stream_offset, &request_data)); + quic_data.AddWrite( + SYNCHRONOUS, + client_maker_.MakeRequestHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), true, true, + priority, GetRequestHeaders("GET", "https", "/"), 0, nullptr)); - std::string settings_data; - quic::QuicStreamOffset settings_offset = header_stream_offset; client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacketAndSaveData( - 2, &header_stream_offset, &settings_data)); + if (version_.transport_version != quic::QUIC_VERSION_99) { + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(2)); + } - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeRstPacket( - 3, true, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED)); - // TLP 1 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 4, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - // TLP 2 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 5, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 1 - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeRstPacket( - 6, true, GetNthClientInitiatedBidirectionalStreamId(0), + if (quic::VersionUsesQpack(version_.transport_version)) { + quic_data.AddWrite( + SYNCHRONOUS, client_maker_.MakeRstPacket( + 2, true, GetNthClientInitiatedBidirectionalStreamId(0), quic::QUIC_STREAM_CANCELLED)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 7, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - // RTO 2 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 8, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeRstPacket( - 9, true, GetNthClientInitiatedBidirectionalStreamId(0), + // Since the headers are sent on the data stream, when the stream is reset + // the headers are no longer retransmitted. + client_maker_.RemoveSavedStreamFrames( + GetNthClientInitiatedBidirectionalStreamId(0)); + // TLP 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 3, true)); + // TLP 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 4, true)); + // RTO 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 5, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 6, true)); + // RTO 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 7, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 8, true)); + // RTO 3 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 9, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 10, true)); + // RTO 4 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 11, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 12, true)); + // RTO 5 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeConnectionClosePacket( + 13, true, quic::QUIC_TOO_MANY_RTOS, + "5 consecutive retransmission timeouts")); + } else { + quic_data.AddWrite( + SYNCHRONOUS, client_maker_.MakeRstPacket( + 3, true, GetNthClientInitiatedBidirectionalStreamId(0), quic::QUIC_STREAM_CANCELLED)); - // RTO 3 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 10, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 11, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 4 - quic_data.AddWrite( - SYNCHRONOUS, client_maker_.MakeRstPacket( - 12, true, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 13, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); + // TLP 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 4, true)); + // TLP 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 5, true)); + // RTO 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(3, 6, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 7, true)); + // RTO 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 8, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(3, 9, true)); + // RTO 3 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 10, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 11, true)); + // RTO 4 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(3, 12, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 13, true)); // RTO 5 quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeConnectionClosePacket( 14, true, quic::QUIC_TOO_MANY_RTOS, "5 consecutive retransmission timeouts")); + } quic_data.AddRead(ASYNC, OK); quic_data.AddSocketDataToFactory(&socket_factory_); @@ -3002,19 +2931,21 @@ TEST_P(QuicNetworkTransactionTest, // Verify that if a QUIC protocol error occurs after the handshake is confirmed // the request fails with QUIC_PROTOCOL_ERROR. TEST_P(QuicNetworkTransactionTest, ProtocolErrorAfterHandshakeConfirmed) { - session_params_.retry_without_alt_svc_on_quic_errors = false; + session_params_.quic_params.retry_without_alt_svc_on_quic_errors = false; // The request will initially go out over QUIC. - MockQuicData quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData quic_data(version_); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); - quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 1, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); - client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); quic_data.AddWrite(SYNCHRONOUS, - ConstructInitialSettingsPacket(2, &header_stream_offset)); + ConstructClientRequestHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); + client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); + uint64_t packet_number = 2; + if (version_.transport_version != quic::QUIC_VERSION_99) { + quic_data.AddWrite(SYNCHRONOUS, + ConstructInitialSettingsPacket(packet_number++)); + } + quic_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause // Peer sending data from an non-existing stream causes this end to raise // error and close connection. quic_data.AddRead( @@ -3022,10 +2953,10 @@ TEST_P(QuicNetworkTransactionTest, ProtocolErrorAfterHandshakeConfirmed) { 1, false, GetNthClientInitiatedBidirectionalStreamId(47), quic::QUIC_STREAM_LAST_ERROR)); std::string quic_error_details = "Data for nonexistent stream"; - quic_data.AddWrite(SYNCHRONOUS, - ConstructClientAckAndConnectionClosePacket( - 3, quic::QuicTime::Delta::Zero(), 1, 1, 1, - quic::QUIC_INVALID_STREAM_ID, quic_error_details)); + quic_data.AddWrite( + SYNCHRONOUS, ConstructClientAckAndConnectionClosePacket( + packet_number++, quic::QuicTime::Delta::Zero(), 1, 1, 1, + quic::QUIC_INVALID_STREAM_ID, quic_error_details)); quic_data.AddSocketDataToFactory(&socket_factory_); // In order for a new QUIC session to be established via alternate-protocol @@ -3053,6 +2984,7 @@ TEST_P(QuicNetworkTransactionTest, ProtocolErrorAfterHandshakeConfirmed) { quic::QuicSession::HANDSHAKE_CONFIRMED); ASSERT_FALSE(quic_data.AllReadDataConsumed()); + quic_data.Resume(); // Run the QUIC session to completion. base::RunLoop().RunUntilIdle(); @@ -3068,78 +3000,76 @@ TEST_P(QuicNetworkTransactionTest, ProtocolErrorAfterHandshakeConfirmed) { // connection times out, then QUIC will be marked as broken and the request // retried over TCP. TEST_P(QuicNetworkTransactionTest, TimeoutAfterHandshakeConfirmedThenBroken) { - session_params_.mark_quic_broken_when_network_blackholes = true; - session_params_.quic_idle_connection_timeout_seconds = 5; + session_params_.quic_params.mark_quic_broken_when_network_blackholes = true; + session_params_.quic_params.idle_connection_timeout = + base::TimeDelta::FromSeconds(5); // The request will initially go out over QUIC. - MockQuicData quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData quic_data(version_); spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); - std::string request_data; + client_maker_.set_save_packet_frames(true); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeRequestHeadersPacketAndSaveData( - 1, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, priority, GetRequestHeaders("GET", "https", "/"), - 0, nullptr, &header_stream_offset, &request_data)); - - std::string settings_data; - quic::QuicStreamOffset settings_offset = header_stream_offset; - client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacketAndSaveData( - 2, &header_stream_offset, &settings_data)); - // TLP 1 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 3, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - // TLP 2 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 4, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 1 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 5, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 6, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 2 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 7, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 8, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 3 quic_data.AddWrite( SYNCHRONOUS, - client_maker_.MakeDataPacket( - 9, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 10, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); + client_maker_.MakeRequestHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), true, true, + priority, GetRequestHeaders("GET", "https", "/"), 0, nullptr)); - quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeConnectionClosePacket( - 11, true, quic::QUIC_NETWORK_IDLE_TIMEOUT, - "No recent network activity.")); + client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); + if (version_.transport_version != quic::QUIC_VERSION_99) { + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(2)); + // TLP 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 3, true)); + // TLP 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 4, true)); + // RTO 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 5, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 6, true)); + // RTO 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 7, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 8, true)); + // RTO 3 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 9, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 10, true)); + + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeConnectionClosePacket( + 11, true, quic::QUIC_NETWORK_IDLE_TIMEOUT, + "No recent network activity.")); + } else { + // Settings were sent in the request packet so there is only 1 packet to + // retransmit. + // TLP 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 2, true)); + // TLP 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 3, true)); + // RTO 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 4, true)); + // RTO 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 5, true)); + // RTO 3 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 6, true)); + + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeConnectionClosePacket( + 7, true, quic::QUIC_NETWORK_IDLE_TIMEOUT, + "No recent network activity.")); + } quic_data.AddRead(ASYNC, ERR_IO_PENDING); quic_data.AddRead(ASYNC, OK); @@ -3210,77 +3140,75 @@ TEST_P(QuicNetworkTransactionTest, TimeoutAfterHandshakeConfirmedThenBroken) { // connection times out, then QUIC will be marked as broken and the request // retried over TCP. TEST_P(QuicNetworkTransactionTest, TimeoutAfterHandshakeConfirmedThenBroken2) { - session_params_.quic_idle_connection_timeout_seconds = 5; + session_params_.quic_params.idle_connection_timeout = + base::TimeDelta::FromSeconds(5); // The request will initially go out over QUIC. - MockQuicData quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData quic_data(version_); spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); - std::string request_data; + client_maker_.set_save_packet_frames(true); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeRequestHeadersPacketAndSaveData( - 1, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, priority, GetRequestHeaders("GET", "https", "/"), - 0, nullptr, &header_stream_offset, &request_data)); - - std::string settings_data; - quic::QuicStreamOffset settings_offset = header_stream_offset; - client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacketAndSaveData( - 2, &header_stream_offset, &settings_data)); - // TLP 1 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 3, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - // TLP 2 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 4, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 1 quic_data.AddWrite( SYNCHRONOUS, - client_maker_.MakeDataPacket( - 5, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 6, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 2 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 7, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 8, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 3 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 9, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 10, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); + client_maker_.MakeRequestHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), true, true, + priority, GetRequestHeaders("GET", "https", "/"), 0, nullptr)); - quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeConnectionClosePacket( - 11, true, quic::QUIC_NETWORK_IDLE_TIMEOUT, - "No recent network activity.")); + client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); + if (version_.transport_version != quic::QUIC_VERSION_99) { + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(2)); + // TLP 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 3, true)); + // TLP 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 4, true)); + // RTO 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 5, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 6, true)); + // RTO 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 7, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 8, true)); + // RTO 3 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 9, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 10, true)); + + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeConnectionClosePacket( + 11, true, quic::QUIC_NETWORK_IDLE_TIMEOUT, + "No recent network activity.")); + } else { + // Settings were sent in the request packet so there is only 1 packet to + // retransmit. + // TLP 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 2, true)); + // TLP 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 3, true)); + // RTO 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 4, true)); + // RTO 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 5, true)); + // RTO 3 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 6, true)); + + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeConnectionClosePacket( + 7, true, quic::QUIC_NETWORK_IDLE_TIMEOUT, + "No recent network activity.")); + } quic_data.AddRead(ASYNC, ERR_IO_PENDING); quic_data.AddRead(ASYNC, OK); @@ -3354,98 +3282,97 @@ TEST_P(QuicNetworkTransactionTest, TimeoutAfterHandshakeConfirmedThenBroken2) { // will not be retried over TCP. TEST_P(QuicNetworkTransactionTest, TimeoutAfterHandshakeConfirmedAndHeadersThenBrokenNotRetried) { - session_params_.mark_quic_broken_when_network_blackholes = true; - session_params_.quic_idle_connection_timeout_seconds = 5; + session_params_.quic_params.mark_quic_broken_when_network_blackholes = true; + session_params_.quic_params.idle_connection_timeout = + base::TimeDelta::FromSeconds(5); // The request will initially go out over QUIC. - MockQuicData quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData quic_data(version_); spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); - std::string request_data; + client_maker_.set_save_packet_frames(true); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeRequestHeadersPacketAndSaveData( - 1, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, priority, GetRequestHeaders("GET", "https", "/"), - 0, nullptr, &header_stream_offset, &request_data)); + quic_data.AddWrite( + SYNCHRONOUS, + client_maker_.MakeRequestHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), true, true, + priority, GetRequestHeaders("GET", "https", "/"), 0, nullptr)); - std::string settings_data; - quic::QuicStreamOffset settings_offset = header_stream_offset; client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacketAndSaveData( - 2, &header_stream_offset, &settings_data)); + if (version_.transport_version != quic::QUIC_VERSION_99) { + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(2)); - quic_data.AddRead(ASYNC, ConstructServerResponseHeadersPacket( - 1, GetNthClientInitiatedBidirectionalStreamId(0), - false, false, GetResponseHeaders("200 OK"))); - // quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 1, 1)); - quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientAckPacket(3, 1, 1, 1, - quic::QuicTime::Delta::FromMilliseconds(25))); + quic_data.AddRead( + ASYNC, ConstructServerResponseHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), false, + false, GetResponseHeaders("200 OK"))); + // quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 1, 1)); + quic_data.AddWrite( + SYNCHRONOUS, + ConstructClientAckPacket(3, 1, 1, 1, + quic::QuicTime::Delta::FromMilliseconds(25))); - // TLP 1 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 4, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - false, false, 0, request_data)); - // TLP 2 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 5, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - false, false, settings_offset, settings_data)); - // RTO 1 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 6, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - false, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 7, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - false, false, settings_offset, settings_data)); - // RTO 2 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 8, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - false, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 9, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - false, false, settings_offset, settings_data)); - // RTO 3 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 10, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - false, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 11, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - false, false, settings_offset, settings_data)); + // TLP 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 4, false)); + // TLP 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 5, false)); + // RTO 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 6, false)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 7, false)); + // RTO 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 8, false)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 9, false)); + // RTO 3 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 10, false)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 11, false)); - if (GetQuicReloadableFlag( - quic_fix_time_of_first_packet_sent_after_receiving)) { quic_data.AddWrite( SYNCHRONOUS, client_maker_.MakeAckAndConnectionClosePacket( 12, false, quic::QuicTime::Delta::FromMilliseconds(4000), 1, 1, 1, quic::QUIC_NETWORK_IDLE_TIMEOUT, "No recent network activity.")); - } else { + // Settings were sent in the request packet so there is only 1 packet to + // retransmit. + quic_data.AddRead( + ASYNC, ConstructServerResponseHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), false, + false, GetResponseHeaders("200 OK"))); + // quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 1, 1)); + quic_data.AddWrite( + SYNCHRONOUS, + ConstructClientAckPacket(2, 1, 1, 1, + quic::QuicTime::Delta::FromMilliseconds(25))); + + // TLP 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 3, false)); + // TLP 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 4, false)); + // RTO 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 5, false)); + // RTO 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 6, false)); + // RTO 3 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 7, false)); + quic_data.AddWrite( SYNCHRONOUS, client_maker_.MakeAckAndConnectionClosePacket( - 12, false, quic::QuicTime::Delta::FromMilliseconds(4200), 1, 1, 1, + 8, false, quic::QuicTime::Delta::FromMilliseconds(4000), 1, 1, 1, quic::QUIC_NETWORK_IDLE_TIMEOUT, "No recent network activity.")); } @@ -3506,90 +3433,84 @@ TEST_P(QuicNetworkTransactionTest, // over TCP. TEST_P(QuicNetworkTransactionTest, TooManyRtosAfterHandshakeConfirmedThenBroken) { - session_params_.mark_quic_broken_when_network_blackholes = true; - session_params_.quic_connection_options.push_back(quic::k5RTO); + session_params_.quic_params.mark_quic_broken_when_network_blackholes = true; + session_params_.quic_params.connection_options.push_back(quic::k5RTO); // The request will initially go out over QUIC. - MockQuicData quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData quic_data(version_); spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); - std::string request_data; + client_maker_.set_save_packet_frames(true); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeRequestHeadersPacketAndSaveData( - 1, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, priority, GetRequestHeaders("GET", "https", "/"), - 0, nullptr, &header_stream_offset, &request_data)); - - std::string settings_data; - quic::QuicStreamOffset settings_offset = header_stream_offset; - client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacketAndSaveData( - 2, &header_stream_offset, &settings_data)); - // TLP 1 quic_data.AddWrite( SYNCHRONOUS, - client_maker_.MakeDataPacket( - 3, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - // TLP 2 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 4, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 1 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 5, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 6, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 2 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 7, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 8, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 3 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 9, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 10, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 4 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 11, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 12, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); + client_maker_.MakeRequestHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), true, true, + priority, GetRequestHeaders("GET", "https", "/"), 0, nullptr)); - quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeConnectionClosePacket( - 13, true, quic::QUIC_TOO_MANY_RTOS, - "5 consecutive retransmission timeouts")); + client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); + if (version_.transport_version != quic::QUIC_VERSION_99) { + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(2)); + + // TLP 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 3, true)); + // TLP 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 4, true)); + // RTO 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 5, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 6, true)); + // RTO 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 7, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 8, true)); + // RTO 3 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 9, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 10, true)); + // RTO 4 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 11, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 12, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeConnectionClosePacket( + 13, true, quic::QUIC_TOO_MANY_RTOS, + "5 consecutive retransmission timeouts")); + } else { + // Settings were sent in the request packet so there is only 1 packet to + // retransmit. + // TLP 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 2, true)); + // TLP 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 3, true)); + // RTO 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 4, true)); + // RTO 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 5, true)); + // RTO 3 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 6, true)); + // RTO 4 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 7, true)); + + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeConnectionClosePacket( + 8, true, quic::QUIC_TOO_MANY_RTOS, + "5 consecutive retransmission timeouts")); + } quic_data.AddRead(ASYNC, OK); quic_data.AddSocketDataToFactory(&socket_factory_); @@ -3658,91 +3579,101 @@ TEST_P(QuicNetworkTransactionTest, // QUIC will be marked as broken. TEST_P(QuicNetworkTransactionTest, TooManyRtosAfterHandshakeConfirmedAndStreamResetThenBroken) { - session_params_.mark_quic_broken_when_network_blackholes = true; - session_params_.quic_connection_options.push_back(quic::k5RTO); + session_params_.quic_params.mark_quic_broken_when_network_blackholes = true; + session_params_.quic_params.connection_options.push_back(quic::k5RTO); // The request will initially go out over QUIC. - MockQuicData quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData quic_data(version_); spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); - std::string request_data; + client_maker_.set_save_packet_frames(true); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeRequestHeadersPacketAndSaveData( - 1, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, priority, GetRequestHeaders("GET", "https", "/"), - 0, nullptr, &header_stream_offset, &request_data)); + quic_data.AddWrite( + SYNCHRONOUS, + client_maker_.MakeRequestHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), true, true, + priority, GetRequestHeaders("GET", "https", "/"), 0, nullptr)); - std::string settings_data; - quic::QuicStreamOffset settings_offset = header_stream_offset; client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacketAndSaveData( - 2, &header_stream_offset, &settings_data)); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeRstPacket( - 3, true, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED)); - // TLP 1 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 4, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - // TLP 2 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 5, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 1 - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeRstPacket( - 6, true, GetNthClientInitiatedBidirectionalStreamId(0), + if (quic::VersionUsesQpack(version_.transport_version)) { + quic_data.AddWrite( + SYNCHRONOUS, client_maker_.MakeRstPacket( + 2, true, GetNthClientInitiatedBidirectionalStreamId(0), quic::QUIC_STREAM_CANCELLED)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 7, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - // RTO 2 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 8, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeRstPacket( - 9, true, GetNthClientInitiatedBidirectionalStreamId(0), + // Since the headers are sent on the data stream, when the stream is reset + // the headers are no longer retransmitted. + client_maker_.RemoveSavedStreamFrames( + GetNthClientInitiatedBidirectionalStreamId(0)); + // TLP 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 3, true)); + // TLP 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 4, true)); + // RTO 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 5, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 6, true)); + // RTO 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 7, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 8, true)); + // RTO 3 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 9, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 10, true)); + // RTO 4 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 11, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 12, true)); + // RTO 5 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeConnectionClosePacket( + 13, true, quic::QUIC_TOO_MANY_RTOS, + "5 consecutive retransmission timeouts")); + } else { + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(2)); + quic_data.AddWrite( + SYNCHRONOUS, client_maker_.MakeRstPacket( + 3, true, GetNthClientInitiatedBidirectionalStreamId(0), quic::QUIC_STREAM_CANCELLED)); - // RTO 3 - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 10, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 11, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, settings_offset, settings_data)); - // RTO 4 - quic_data.AddWrite( - SYNCHRONOUS, client_maker_.MakeRstPacket( - 12, true, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED)); - quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 13, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - true, false, 0, request_data)); + // TLP 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 4, true)); + // TLP 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 5, true)); + // RTO 1 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(3, 6, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 7, true)); + // RTO 2 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 8, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(3, 9, true)); + // RTO 3 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 10, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(2, 11, true)); + // RTO 4 + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(3, 12, true)); + quic_data.AddWrite(SYNCHRONOUS, + client_maker_.MakeRetransmissionPacket(1, 13, true)); // RTO 5 quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeConnectionClosePacket( 14, true, quic::QUIC_TOO_MANY_RTOS, "5 consecutive retransmission timeouts")); + } quic_data.AddRead(ASYNC, OK); quic_data.AddSocketDataToFactory(&socket_factory_); @@ -3793,20 +3724,24 @@ TEST_P(QuicNetworkTransactionTest, // retried over TCP and the QUIC will be marked as broken. TEST_P(QuicNetworkTransactionTest, ProtocolErrorAfterHandshakeConfirmedThenBroken) { - session_params_.quic_idle_connection_timeout_seconds = 5; + session_params_.quic_params.idle_connection_timeout = + base::TimeDelta::FromSeconds(5); // The request will initially go out over QUIC. - MockQuicData quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData quic_data(version_); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); - quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 1, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); - client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); quic_data.AddWrite(SYNCHRONOUS, - ConstructInitialSettingsPacket(2, &header_stream_offset)); + ConstructClientRequestHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); + client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); + uint64_t packet_number = 2; + if (version_.transport_version != quic::QUIC_VERSION_99) { + quic_data.AddWrite(SYNCHRONOUS, + ConstructInitialSettingsPacket(packet_number++)); + } + quic_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause + // Peer sending data from an non-existing stream causes this end to raise // error and close connection. quic_data.AddRead( @@ -3814,10 +3749,10 @@ TEST_P(QuicNetworkTransactionTest, 1, false, GetNthClientInitiatedBidirectionalStreamId(47), quic::QUIC_STREAM_LAST_ERROR)); std::string quic_error_details = "Data for nonexistent stream"; - quic_data.AddWrite(SYNCHRONOUS, - ConstructClientAckAndConnectionClosePacket( - 3, quic::QuicTime::Delta::Zero(), 1, 1, 1, - quic::QUIC_INVALID_STREAM_ID, quic_error_details)); + quic_data.AddWrite( + SYNCHRONOUS, ConstructClientAckAndConnectionClosePacket( + packet_number++, quic::QuicTime::Delta::Zero(), 1, 1, 1, + quic::QUIC_INVALID_STREAM_ID, quic_error_details)); quic_data.AddSocketDataToFactory(&socket_factory_); // After that fails, it will be resent via TCP. @@ -3857,6 +3792,7 @@ TEST_P(QuicNetworkTransactionTest, // Explicitly confirm the handshake. crypto_client_stream_factory_.last_stream()->SendOnCryptoHandshakeEvent( quic::QuicSession::HANDSHAKE_CONFIRMED); + quic_data.Resume(); // Run the QUIC session to completion. base::RunLoop().RunUntilIdle(); @@ -3883,25 +3819,22 @@ TEST_P(QuicNetworkTransactionTest, // retried over TCP. TEST_P(QuicNetworkTransactionTest, ResetAfterHandshakeConfirmedThenBroken) { // The request will initially go out over QUIC. - MockQuicData quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData quic_data(version_); spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); - std::string request_data; client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeRequestHeadersPacketAndSaveData( - 1, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, priority, GetRequestHeaders("GET", "https", "/"), - 0, nullptr, &header_stream_offset, &request_data)); + quic_data.AddWrite( + SYNCHRONOUS, + client_maker_.MakeRequestHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), true, true, + priority, GetRequestHeaders("GET", "https", "/"), 0, nullptr)); - std::string settings_data; - // quic::QuicStreamOffset settings_offset = header_stream_offset; client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - quic_data.AddWrite(SYNCHRONOUS, - client_maker_.MakeInitialSettingsPacketAndSaveData( - 2, &header_stream_offset, &settings_data)); + if (version_.transport_version != quic::QUIC_VERSION_99) { + quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeInitialSettingsPacket(2)); + } + quic_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause quic_data.AddRead(ASYNC, ConstructServerRstPacket( @@ -3948,6 +3881,7 @@ TEST_P(QuicNetworkTransactionTest, ResetAfterHandshakeConfirmedThenBroken) { // Explicitly confirm the handshake. crypto_client_stream_factory_.last_stream()->SendOnCryptoHandshakeEvent( quic::QuicSession::HANDSHAKE_CONFIRMED); + quic_data.Resume(); // Run the QUIC session to completion. ASSERT_TRUE(quic_data.AllWriteDataConsumed()); @@ -3973,7 +3907,7 @@ TEST_P(QuicNetworkTransactionTest, ResetAfterHandshakeConfirmedThenBroken) { // the remote Alt-Svc. // This is a regression test for crbug/825646. TEST_P(QuicNetworkTransactionTest, RemoteAltSvcWorkingWhileLocalAltSvcBroken) { - session_params_.quic_allow_remote_alt_svc = true; + session_params_.quic_params.allow_remote_alt_svc = true; GURL origin1 = request_.url; // mail.example.org GURL origin2("https://www.example.org/"); @@ -3989,31 +3923,27 @@ TEST_P(QuicNetworkTransactionTest, RemoteAltSvcWorkingWhileLocalAltSvcBroken) { verify_details.cert_verify_result.is_issued_by_known_root = true; crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData mock_quic_data; - quic::QuicStreamOffset request_header_offset(0); - quic::QuicStreamOffset response_header_offset(0); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &request_header_offset)); - mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &request_header_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - GetResponseHeaders("200 OK"), &response_header_offset)); + GetResponseHeaders("200 OK"))); std::string header = ConstructDataHeader(6); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); // EOF mock_quic_data.AddSocketDataToFactory(&socket_factory_); - MockQuicData mock_quic_data2; + MockQuicData mock_quic_data2(version_); mock_quic_data2.AddSocketDataToFactory(&socket_factory_); AddHangingNonAlternateProtocolSocketData(); @@ -4027,11 +3957,11 @@ TEST_P(QuicNetworkTransactionTest, RemoteAltSvcWorkingWhileLocalAltSvcBroken) { alternative_services.push_back( AlternativeServiceInfo::CreateQuicAlternativeServiceInfo( local_alternative, expiration, - session_->params().quic_supported_versions)); + session_->params().quic_params.supported_versions)); alternative_services.push_back( AlternativeServiceInfo::CreateQuicAlternativeServiceInfo( remote_alternative, expiration, - session_->params().quic_supported_versions)); + session_->params().quic_params.supported_versions)); http_server_properties_.SetAlternativeServices(url::SchemeHostPort(origin1), alternative_services); @@ -4047,15 +3977,13 @@ TEST_P(QuicNetworkTransactionTest, RemoteAltSvcWorkingWhileLocalAltSvcBroken) { // This is a regression tests for crbug/731303. TEST_P(QuicNetworkTransactionTest, ResetPooledAfterHandshakeConfirmedThenBroken) { - session_params_.quic_allow_remote_alt_svc = true; + session_params_.quic_params.allow_remote_alt_svc = true; GURL origin1 = request_.url; GURL origin2("https://www.example.org/"); ASSERT_NE(origin1.host(), origin2.host()); - MockQuicData mock_quic_data; - quic::QuicStreamOffset request_header_offset(0); - quic::QuicStreamOffset response_header_offset(0); + MockQuicData mock_quic_data(version_); scoped_refptr cert( ImportCertFromFile(GetTestCertsDirectory(), "wildcard.pem")); @@ -4067,23 +3995,21 @@ TEST_P(QuicNetworkTransactionTest, verify_details.cert_verify_result.is_issued_by_known_root = true; crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &request_header_offset)); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); // First request. mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &request_header_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - GetResponseHeaders("200 OK"), &response_header_offset)); + GetResponseHeaders("200 OK"))); std::string header = ConstructDataHeader(6); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); // Second request will go over the pooled QUIC connection, but will be @@ -4100,8 +4026,7 @@ TEST_P(QuicNetworkTransactionTest, ConstructClientRequestHeadersPacket( 4, GetNthClientInitiatedBidirectionalStreamId(1), false, true, GetRequestHeaders("GET", "https", "/", &client_maker2), - GetNthClientInitiatedBidirectionalStreamId(0), - &request_header_offset)); + GetNthClientInitiatedBidirectionalStreamId(0))); mock_quic_data.AddRead( ASYNC, ConstructServerRstPacket( 3, false, GetNthClientInitiatedBidirectionalStreamId(1), @@ -4195,7 +4120,7 @@ TEST_P(QuicNetworkTransactionTest, // If no existing QUIC session can be used, use the first alternative service // from the list. TEST_P(QuicNetworkTransactionTest, UseExistingAlternativeServiceForQuic) { - session_params_.quic_allow_remote_alt_svc = true; + session_params_.quic_params.allow_remote_alt_svc = true; MockRead http_reads[] = { MockRead("HTTP/1.1 200 OK\r\n"), MockRead("Alt-Svc: quic=\"foo.example.org:443\", quic=\":444\"\r\n\r\n"), @@ -4208,33 +4133,28 @@ TEST_P(QuicNetworkTransactionTest, UseExistingAlternativeServiceForQuic) { AddCertificate(&ssl_data_); socket_factory_.AddSSLSocketDataProvider(&ssl_data_); - quic::QuicStreamOffset request_header_offset = 0; - quic::QuicStreamOffset response_header_offset = 0; // First QUIC request data. // Open a session to foo.example.org:443 using the first entry of the // alternative service list. - MockQuicData mock_quic_data; + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &request_header_offset)); - mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &request_header_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); std::string alt_svc_list = "quic=\"mail.example.org:444\", quic=\"foo.example.org:443\", " "quic=\"bar.example.org:445\""; mock_quic_data.AddRead( - ASYNC, - ConstructServerResponseHeadersPacket( - 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - GetResponseHeaders("200 OK", alt_svc_list), &response_header_offset)); + ASYNC, ConstructServerResponseHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, + GetResponseHeaders("200 OK", alt_svc_list))); std::string header = ConstructDataHeader(6); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); // Second QUIC request data. @@ -4244,16 +4164,15 @@ TEST_P(QuicNetworkTransactionTest, UseExistingAlternativeServiceForQuic) { SYNCHRONOUS, ConstructClientRequestHeadersPacket( 4, GetNthClientInitiatedBidirectionalStreamId(1), false, true, GetRequestHeaders("GET", "https", "/"), - GetNthClientInitiatedBidirectionalStreamId(0), - &request_header_offset)); + GetNthClientInitiatedBidirectionalStreamId(0))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 3, GetNthClientInitiatedBidirectionalStreamId(1), false, false, - GetResponseHeaders("200 OK"), &response_header_offset)); + GetResponseHeaders("200 OK"))); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 4, GetNthClientInitiatedBidirectionalStreamId(1), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckAndConnectionClosePacket(5, 4, 3, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read @@ -4279,31 +4198,26 @@ TEST_P(QuicNetworkTransactionTest, UseExistingAlternativeServiceForQuic) { TEST_P(QuicNetworkTransactionTest, UseExistingQUICAlternativeProxy) { base::HistogramTester histogram_tester; - quic::QuicStreamOffset request_header_offset = 0; - quic::QuicStreamOffset response_header_offset = 0; // First QUIC request data. // Open a session to foo.example.org:443 using the first entry of the // alternative service list. - MockQuicData mock_quic_data; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &request_header_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "http", "/"), &request_header_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "http", "/"))); std::string alt_svc_list; mock_quic_data.AddRead( - ASYNC, - ConstructServerResponseHeadersPacket( - 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - GetResponseHeaders("200 OK", alt_svc_list), &response_header_offset)); + ASYNC, ConstructServerResponseHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, + GetResponseHeaders("200 OK", alt_svc_list))); std::string header = ConstructDataHeader(6); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); // Second QUIC request data. @@ -4313,16 +4227,15 @@ TEST_P(QuicNetworkTransactionTest, UseExistingQUICAlternativeProxy) { SYNCHRONOUS, ConstructClientRequestHeadersPacket( 4, GetNthClientInitiatedBidirectionalStreamId(1), false, true, GetRequestHeaders("GET", "http", "/"), - GetNthClientInitiatedBidirectionalStreamId(0), - &request_header_offset)); + GetNthClientInitiatedBidirectionalStreamId(0))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 3, GetNthClientInitiatedBidirectionalStreamId(1), false, false, - GetResponseHeaders("200 OK"), &response_header_offset)); + GetResponseHeaders("200 OK"))); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 4, GetNthClientInitiatedBidirectionalStreamId(1), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckAndConnectionClosePacket(5, 4, 3, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read @@ -4364,28 +4277,24 @@ TEST_P(QuicNetworkTransactionTest, UseExistingQUICAlternativeProxy) { // Pool to existing session with matching quic::QuicServerId // even if alternative service destination is different. TEST_P(QuicNetworkTransactionTest, PoolByOrigin) { - session_params_.quic_allow_remote_alt_svc = true; - MockQuicData mock_quic_data; - quic::QuicStreamOffset request_header_offset(0); - quic::QuicStreamOffset response_header_offset(0); + session_params_.quic_params.allow_remote_alt_svc = true; + MockQuicData mock_quic_data(version_); - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &request_header_offset)); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); // First request. mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &request_header_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - GetResponseHeaders("200 OK"), &response_header_offset)); + GetResponseHeaders("200 OK"))); std::string header = ConstructDataHeader(6); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); // Second request. @@ -4393,16 +4302,15 @@ TEST_P(QuicNetworkTransactionTest, PoolByOrigin) { SYNCHRONOUS, ConstructClientRequestHeadersPacket( 4, GetNthClientInitiatedBidirectionalStreamId(1), false, true, GetRequestHeaders("GET", "https", "/"), - GetNthClientInitiatedBidirectionalStreamId(0), - &request_header_offset)); + GetNthClientInitiatedBidirectionalStreamId(0))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 3, GetNthClientInitiatedBidirectionalStreamId(1), false, false, - GetResponseHeaders("200 OK"), &response_header_offset)); + GetResponseHeaders("200 OK"))); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 4, GetNthClientInitiatedBidirectionalStreamId(1), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckAndConnectionClosePacket(5, 4, 3, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read @@ -4445,32 +4353,28 @@ TEST_P(QuicNetworkTransactionTest, PoolByOrigin) { // even if origin is different, and even if the alternative service with // matching destination is not the first one on the list. TEST_P(QuicNetworkTransactionTest, PoolByDestination) { - session_params_.quic_allow_remote_alt_svc = true; + session_params_.quic_params.allow_remote_alt_svc = true; GURL origin1 = request_.url; GURL origin2("https://www.example.org/"); ASSERT_NE(origin1.host(), origin2.host()); - MockQuicData mock_quic_data; - quic::QuicStreamOffset request_header_offset(0); - quic::QuicStreamOffset response_header_offset(0); + MockQuicData mock_quic_data(version_); - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &request_header_offset)); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); // First request. mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &request_header_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - GetResponseHeaders("200 OK"), &response_header_offset)); + GetResponseHeaders("200 OK"))); std::string header = ConstructDataHeader(6); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); // Second request. @@ -4486,16 +4390,15 @@ TEST_P(QuicNetworkTransactionTest, PoolByDestination) { ConstructClientRequestHeadersPacket( 4, GetNthClientInitiatedBidirectionalStreamId(1), false, true, GetRequestHeaders("GET", "https", "/", &client_maker2), - GetNthClientInitiatedBidirectionalStreamId(0), - &request_header_offset)); + GetNthClientInitiatedBidirectionalStreamId(0))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 3, GetNthClientInitiatedBidirectionalStreamId(1), false, false, - GetResponseHeaders("200 OK"), &response_header_offset)); + GetResponseHeaders("200 OK"))); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 4, GetNthClientInitiatedBidirectionalStreamId(1), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckAndConnectionClosePacket(5, 4, 3, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read @@ -4531,11 +4434,11 @@ TEST_P(QuicNetworkTransactionTest, PoolByDestination) { alternative_services.push_back( AlternativeServiceInfo::CreateQuicAlternativeServiceInfo( alternative_service2, expiration, - session_->params().quic_supported_versions)); + session_->params().quic_params.supported_versions)); alternative_services.push_back( AlternativeServiceInfo::CreateQuicAlternativeServiceInfo( alternative_service1, expiration, - session_->params().quic_supported_versions)); + session_->params().quic_params.supported_versions)); http_server_properties_.SetAlternativeServices(url::SchemeHostPort(origin2), alternative_services); // First request opens connection to |destination1| @@ -4555,7 +4458,7 @@ TEST_P(QuicNetworkTransactionTest, PoolByDestination) { // if this is also the first existing QUIC session. TEST_P(QuicNetworkTransactionTest, UseSharedExistingAlternativeServiceForQuicWithValidCert) { - session_params_.quic_allow_remote_alt_svc = true; + session_params_.quic_params.allow_remote_alt_svc = true; // Default cert is valid for *.example.org // HTTP data for request to www.example.org. @@ -4583,34 +4486,29 @@ TEST_P(QuicNetworkTransactionTest, socket_factory_.AddSocketDataProvider(&http_data2); socket_factory_.AddSSLSocketDataProvider(&ssl_data_); - quic::QuicStreamOffset request_header_offset = 0; - quic::QuicStreamOffset response_header_offset = 0; - QuicTestPacketMaker client_maker( version_, quic::QuicUtils::CreateRandomConnectionId(&random_generator_), &clock_, "mail.example.org", quic::Perspective::IS_CLIENT, client_headers_include_h2_stream_dependency_); server_maker_.set_hostname("www.example.org"); client_maker_.set_hostname("www.example.org"); - MockQuicData mock_quic_data; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &request_header_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); // First QUIC request data. mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &request_header_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - GetResponseHeaders("200 OK"), &response_header_offset)); + GetResponseHeaders("200 OK"))); std::string header = ConstructDataHeader(21); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello from mail QUIC!")); + header + "hello from mail QUIC!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); // Second QUIC request data. mock_quic_data.AddWrite( @@ -4618,16 +4516,15 @@ TEST_P(QuicNetworkTransactionTest, ConstructClientRequestHeadersPacket( 4, GetNthClientInitiatedBidirectionalStreamId(1), false, true, GetRequestHeaders("GET", "https", "/", &client_maker), - GetNthClientInitiatedBidirectionalStreamId(0), - &request_header_offset)); + GetNthClientInitiatedBidirectionalStreamId(0))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 3, GetNthClientInitiatedBidirectionalStreamId(1), false, false, - GetResponseHeaders("200 OK"), &response_header_offset)); + GetResponseHeaders("200 OK"))); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 4, GetNthClientInitiatedBidirectionalStreamId(1), false, true, - 0, header + "hello from mail QUIC!")); + header + "hello from mail QUIC!")); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckAndConnectionClosePacket(5, 4, 3, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read @@ -4699,15 +4596,12 @@ TEST_P(QuicNetworkTransactionTest, ConfirmAlternativeService) { AddCertificate(&ssl_data_); socket_factory_.AddSSLSocketDataProvider(&ssl_data_); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); - mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -4716,7 +4610,7 @@ TEST_P(QuicNetworkTransactionTest, ConfirmAlternativeService) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); // EOF @@ -4756,15 +4650,12 @@ TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceForQuicForHttps) { socket_factory_.AddSocketDataProvider(&http_data); socket_factory_.AddSSLSocketDataProvider(&ssl_data_); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); - mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -4773,7 +4664,7 @@ TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceForQuicForHttps) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(SYNCHRONOUS, 0); // EOF @@ -4793,15 +4684,12 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyWithRacing) { proxy_resolution_service_ = ProxyResolutionService::CreateFixedFromPacResult( "HTTPS mail.example.org:443", TRAFFIC_ANNOTATION_FOR_TESTS); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); - mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "http", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "http", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -4810,7 +4698,7 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyWithRacing) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); // EOF @@ -4896,14 +4784,12 @@ TEST_P(QuicNetworkTransactionTest, HungAlternativeService) { } TEST_P(QuicNetworkTransactionTest, ZeroRTTWithHttpRace) { - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData mock_quic_data(version_); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 1, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -4912,7 +4798,7 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithHttpRace) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(2, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); // EOF @@ -4933,7 +4819,7 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithHttpRace) { } TEST_P(QuicNetworkTransactionTest, ZeroRTTWithNoHttpRace) { - MockQuicData mock_quic_data; + MockQuicData mock_quic_data(version_); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersPacket( @@ -4947,7 +4833,7 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithNoHttpRace) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(2, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); // EOF @@ -4998,15 +4884,12 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithProxy) { } TEST_P(QuicNetworkTransactionTest, ZeroRTTWithConfirmationRequired) { - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -5015,7 +4898,7 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithConfirmationRequired) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read mock_quic_data.AddSocketDataToFactory(&socket_factory_); @@ -5051,57 +4934,49 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithConfirmationRequired) { } TEST_P(QuicNetworkTransactionTest, ZeroRTTWithTooEarlyResponse) { - MockQuicData mock_quic_data; - quic::QuicStreamOffset client_header_stream_offset = 0; - quic::QuicStreamOffset server_header_stream_offset = 0; + uint64_t packet_number = 1; + MockQuicData mock_quic_data(version_); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructClientRequestHeadersPacket( - 1, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, GetRequestHeaders("GET", "https", "/"), - &client_header_stream_offset)); + SYNCHRONOUS, + ConstructClientRequestHeadersPacket( + packet_number++, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( - ASYNC, - ConstructServerResponseHeadersPacket( - 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - GetResponseHeaders("425 TOO_EARLY"), &server_header_stream_offset)); - mock_quic_data.AddWrite(SYNCHRONOUS, - ConstructClientAckAndRstPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); + ASYNC, ConstructServerResponseHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, + GetResponseHeaders("425 TOO_EARLY"))); + mock_quic_data.AddWrite( + SYNCHRONOUS, + ConstructClientAckAndRstPacket( + packet_number++, GetNthClientInitiatedBidirectionalStreamId(0), + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - spdy::SpdySettingsIR settings_frame; - settings_frame.AddSetting(spdy::SETTINGS_MAX_HEADER_LIST_SIZE, - quic::kDefaultMaxUncompressedHeaderSize); - spdy::SpdySerializedFrame spdy_frame( - client_maker_.spdy_request_framer()->SerializeFrame(settings_frame)); - mock_quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 3, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - false, false, client_header_stream_offset, - quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size()))); - client_header_stream_offset += spdy_frame.size(); + if (version_.transport_version != quic::QUIC_VERSION_99) { + mock_quic_data.AddWrite( + SYNCHRONOUS, client_maker_.MakeSettingsPacket(packet_number++, false)); + } mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructClientRequestHeadersPacket( - 4, GetNthClientInitiatedBidirectionalStreamId(1), false, - true, GetRequestHeaders("GET", "https", "/"), - GetNthClientInitiatedBidirectionalStreamId(0), - &client_header_stream_offset)); + SYNCHRONOUS, + ConstructClientRequestHeadersPacket( + packet_number++, GetNthClientInitiatedBidirectionalStreamId(1), false, + true, GetRequestHeaders("GET", "https", "/"), + GetNthClientInitiatedBidirectionalStreamId(0))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(1), false, false, - GetResponseHeaders("200 OK"), &server_header_stream_offset)); + GetResponseHeaders("200 OK"))); std::string header = ConstructDataHeader(6); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 3, GetNthClientInitiatedBidirectionalStreamId(1), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructClientAckAndConnectionClosePacket(5, 3, 1, 1)); + SYNCHRONOUS, + ConstructClientAckAndConnectionClosePacket(packet_number++, 3, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); // EOF @@ -5143,55 +5018,46 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithTooEarlyResponse) { } TEST_P(QuicNetworkTransactionTest, ZeroRTTWithMultipleTooEarlyResponse) { - MockQuicData mock_quic_data; - quic::QuicStreamOffset client_header_stream_offset = 0; - quic::QuicStreamOffset server_header_stream_offset = 0; + uint64_t packet_number = 1; + MockQuicData mock_quic_data(version_); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructClientRequestHeadersPacket( - 1, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, GetRequestHeaders("GET", "https", "/"), - &client_header_stream_offset)); + SYNCHRONOUS, + ConstructClientRequestHeadersPacket( + packet_number++, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( - ASYNC, - ConstructServerResponseHeadersPacket( - 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - GetResponseHeaders("425 TOO_EARLY"), &server_header_stream_offset)); - mock_quic_data.AddWrite(SYNCHRONOUS, - ConstructClientAckAndRstPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); + ASYNC, ConstructServerResponseHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, + GetResponseHeaders("425 TOO_EARLY"))); + mock_quic_data.AddWrite( + SYNCHRONOUS, + ConstructClientAckAndRstPacket( + packet_number++, GetNthClientInitiatedBidirectionalStreamId(0), + quic::QUIC_STREAM_CANCELLED, 1, 1, 1)); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - spdy::SpdySettingsIR settings_frame; - settings_frame.AddSetting(spdy::SETTINGS_MAX_HEADER_LIST_SIZE, - quic::kDefaultMaxUncompressedHeaderSize); - spdy::SpdySerializedFrame spdy_frame( - client_maker_.spdy_request_framer()->SerializeFrame(settings_frame)); - mock_quic_data.AddWrite( - SYNCHRONOUS, - client_maker_.MakeDataPacket( - 3, quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - false, false, client_header_stream_offset, - quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size()))); - client_header_stream_offset += spdy_frame.size(); + if (version_.transport_version != quic::QUIC_VERSION_99) { + mock_quic_data.AddWrite( + SYNCHRONOUS, client_maker_.MakeSettingsPacket(packet_number++, false)); + } mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructClientRequestHeadersPacket( - 4, GetNthClientInitiatedBidirectionalStreamId(1), false, - true, GetRequestHeaders("GET", "https", "/"), - GetNthClientInitiatedBidirectionalStreamId(0), - &client_header_stream_offset)); + SYNCHRONOUS, + ConstructClientRequestHeadersPacket( + packet_number++, GetNthClientInitiatedBidirectionalStreamId(1), false, + true, GetRequestHeaders("GET", "https", "/"), + GetNthClientInitiatedBidirectionalStreamId(0))); mock_quic_data.AddRead( - ASYNC, - ConstructServerResponseHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(1), false, false, - GetResponseHeaders("425 TOO_EARLY"), &server_header_stream_offset)); - mock_quic_data.AddWrite(SYNCHRONOUS, - ConstructClientAckAndRstPacket( - 5, GetNthClientInitiatedBidirectionalStreamId(1), - quic::QUIC_STREAM_CANCELLED, 2, 1, 1)); + ASYNC, ConstructServerResponseHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(1), false, false, + GetResponseHeaders("425 TOO_EARLY"))); + mock_quic_data.AddWrite( + SYNCHRONOUS, + ConstructClientAckAndRstPacket( + packet_number++, GetNthClientInitiatedBidirectionalStreamId(1), + quic::QUIC_STREAM_CANCELLED, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); // EOF @@ -5241,16 +5107,13 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithMultipleTooEarlyResponse) { TEST_P(QuicNetworkTransactionTest, LogGranularQuicErrorCodeOnQuicProtocolErrorLocal) { - session_params_.retry_without_alt_svc_on_quic_errors = false; - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + session_params_.quic_params.retry_without_alt_svc_on_quic_errors = false; + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); // Read a close connection packet with // quic::QuicErrorCode: quic::QUIC_CRYPTO_VERSION_NOT_SUPPORTED from the peer. mock_quic_data.AddRead(ASYNC, ConstructServerConnectionClosePacket(1)); @@ -5293,16 +5156,13 @@ TEST_P(QuicNetworkTransactionTest, TEST_P(QuicNetworkTransactionTest, LogGranularQuicErrorCodeOnQuicProtocolErrorRemote) { - session_params_.retry_without_alt_svc_on_quic_errors = false; - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + session_params_.quic_params.retry_without_alt_svc_on_quic_errors = false; + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); // Peer sending data from an non-existing stream causes this end to raise // error and close connection. mock_quic_data.AddRead( @@ -5349,15 +5209,12 @@ TEST_P(QuicNetworkTransactionTest, } TEST_P(QuicNetworkTransactionTest, RstSteamErrorHandling) { - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); // Read the response headers, then a RST_STREAM frame. mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( @@ -5413,16 +5270,13 @@ TEST_P(QuicNetworkTransactionTest, RstSteamErrorHandling) { } TEST_P(QuicNetworkTransactionTest, RstSteamBeforeHeaders) { - session_params_.retry_without_alt_svc_on_quic_errors = false; - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + session_params_.quic_params.retry_without_alt_svc_on_quic_errors = false; + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerRstPacket( 1, false, GetNthClientInitiatedBidirectionalStreamId(0), @@ -5551,14 +5405,12 @@ TEST_P(QuicNetworkTransactionTest, DelayTCPOnStartWithQuicSupportOnSameIP) { // local IP address is sorted out after we configure the UDP socket. http_server_properties_.SetSupportsQuic(true, IPAddress(192, 0, 2, 33)); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData mock_quic_data(version_); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 1, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -5567,7 +5419,7 @@ TEST_P(QuicNetworkTransactionTest, DelayTCPOnStartWithQuicSupportOnSameIP) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(2, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); // EOF @@ -5610,15 +5462,12 @@ TEST_P(QuicNetworkTransactionTest, // sorted out after we configure the UDP socket. http_server_properties_.SetSupportsQuic(true, IPAddress(1, 2, 3, 4)); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -5627,7 +5476,7 @@ TEST_P(QuicNetworkTransactionTest, mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read mock_quic_data.AddSocketDataToFactory(&socket_factory_); @@ -5665,7 +5514,7 @@ TEST_P(QuicNetworkTransactionTest, NetErrorDetailsSetBeforeHandshake) { // handshake has not yet been confirmed and no stream has been created. // QUIC job will pause. When resumed, it will fail. - MockQuicData mock_quic_data; + MockQuicData mock_quic_data(version_); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); mock_quic_data.AddRead(ASYNC, ERR_CONNECTION_CLOSED); mock_quic_data.AddSocketDataToFactory(&socket_factory_); @@ -5787,7 +5636,7 @@ TEST_P(QuicNetworkTransactionTest, BrokenAlternateProtocolOnConnectFailure) { } TEST_P(QuicNetworkTransactionTest, ConnectionCloseDuringConnect) { - MockQuicData mock_quic_data; + MockQuicData mock_quic_data(version_); mock_quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeDummyCHLOPacket(1)); mock_quic_data.AddRead(ASYNC, ConstructServerConnectionClosePacket(1)); mock_quic_data.AddSocketDataToFactory(&socket_factory_); @@ -5846,7 +5695,7 @@ TEST_P(QuicNetworkTransactionTest, BrokenAlternativeProxyAddressUnreachable) { } TEST_P(QuicNetworkTransactionTest, ConnectionCloseDuringConnectProxy) { - MockQuicData mock_quic_data; + MockQuicData mock_quic_data(version_); mock_quic_data.AddWrite(SYNCHRONOUS, client_maker_.MakeDummyCHLOPacket(1)); mock_quic_data.AddRead(ASYNC, ConstructServerConnectionClosePacket(1)); mock_quic_data.AddWrite( @@ -5896,15 +5745,12 @@ TEST_P(QuicNetworkTransactionTest, SecureResourceOverSecureQuic) { client_maker_.set_hostname("www.example.org"); EXPECT_FALSE( test_socket_performance_watcher_factory_.rtt_notification_received()); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -5913,7 +5759,7 @@ TEST_P(QuicNetworkTransactionTest, SecureResourceOverSecureQuic) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more read data. mock_quic_data.AddSocketDataToFactory(&socket_factory_); @@ -5977,7 +5823,7 @@ TEST_P(QuicNetworkTransactionTest, } TEST_P(QuicNetworkTransactionTest, QuicUpload) { - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; @@ -6004,7 +5850,7 @@ TEST_P(QuicNetworkTransactionTest, QuicUpload) { } TEST_P(QuicNetworkTransactionTest, QuicUploadWriteError) { - session_params_.retry_without_alt_svc_on_quic_errors = false; + session_params_.quic_params.retry_without_alt_svc_on_quic_errors = false; ScopedMockNetworkChangeNotifier network_change_notifier; MockNetworkChangeNotifier* mock_ncn = network_change_notifier.mock_network_change_notifier(); @@ -6012,23 +5858,21 @@ TEST_P(QuicNetworkTransactionTest, QuicUploadWriteError) { mock_ncn->SetConnectedNetworksList( {kDefaultNetworkForTests, kNewNetworkForTests}); - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); - session_params_.quic_migrate_sessions_on_network_change_v2 = true; + session_params_.quic_params.migrate_sessions_on_network_change_v2 = true; - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - quic::QuicStreamOffset offset = 0; - socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1, &offset)); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); socket_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, false, - GetRequestHeaders("POST", "https", "/"), &offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + false, GetRequestHeaders("POST", "https", "/"))); socket_data.AddWrite(SYNCHRONOUS, ERR_FAILED); socket_data.AddSocketDataToFactory(&socket_factory_); - MockQuicData socket_data2; + MockQuicData socket_data2(version_); socket_data2.AddConnect(SYNCHRONOUS, ERR_ADDRESS_INVALID); socket_data2.AddSocketDataToFactory(&socket_factory_); @@ -6058,17 +5902,16 @@ TEST_P(QuicNetworkTransactionTest, QuicUploadWriteError) { } TEST_P(QuicNetworkTransactionTest, RetryAfterAsyncNoBufferSpace) { - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); - MockQuicData socket_data; - quic::QuicStreamOffset offset = 0; - socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1, &offset)); + MockQuicData socket_data(version_); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); socket_data.AddWrite(ASYNC, ERR_NO_BUFFER_SPACE); socket_data.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, GetRequestHeaders("GET", "https", "/"), &offset)); + true, GetRequestHeaders("GET", "https", "/"))); socket_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -6077,7 +5920,7 @@ TEST_P(QuicNetworkTransactionTest, RetryAfterAsyncNoBufferSpace) { socket_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); socket_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read socket_data.AddWrite( @@ -6094,17 +5937,16 @@ TEST_P(QuicNetworkTransactionTest, RetryAfterAsyncNoBufferSpace) { } TEST_P(QuicNetworkTransactionTest, RetryAfterSynchronousNoBufferSpace) { - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); - MockQuicData socket_data; - quic::QuicStreamOffset offset = 0; - socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1, &offset)); + MockQuicData socket_data(version_); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); socket_data.AddWrite(SYNCHRONOUS, ERR_NO_BUFFER_SPACE); socket_data.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, GetRequestHeaders("GET", "https", "/"), &offset)); + true, GetRequestHeaders("GET", "https", "/"))); socket_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -6113,7 +5955,7 @@ TEST_P(QuicNetworkTransactionTest, RetryAfterSynchronousNoBufferSpace) { socket_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); socket_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read socket_data.AddWrite( @@ -6130,14 +5972,13 @@ TEST_P(QuicNetworkTransactionTest, RetryAfterSynchronousNoBufferSpace) { } TEST_P(QuicNetworkTransactionTest, MaxRetriesAfterAsyncNoBufferSpace) { - session_params_.retry_without_alt_svc_on_quic_errors = false; - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.retry_without_alt_svc_on_quic_errors = false; + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); - MockQuicData socket_data; - quic::QuicStreamOffset offset = 0; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read - socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1, &offset)); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); for (int i = 0; i < 13; ++i) { // 12 retries then one final failure. socket_data.AddWrite(ASYNC, ERR_NO_BUFFER_SPACE); } @@ -6167,14 +6008,13 @@ TEST_P(QuicNetworkTransactionTest, MaxRetriesAfterAsyncNoBufferSpace) { } TEST_P(QuicNetworkTransactionTest, MaxRetriesAfterSynchronousNoBufferSpace) { - session_params_.retry_without_alt_svc_on_quic_errors = false; - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.retry_without_alt_svc_on_quic_errors = false; + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); - MockQuicData socket_data; - quic::QuicStreamOffset offset = 0; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read - socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1, &offset)); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); for (int i = 0; i < 13; ++i) { // 12 retries then one final failure. socket_data.AddWrite(ASYNC, ERR_NO_BUFFER_SPACE); } @@ -6204,17 +6044,16 @@ TEST_P(QuicNetworkTransactionTest, MaxRetriesAfterSynchronousNoBufferSpace) { } TEST_P(QuicNetworkTransactionTest, NoMigrationForMsgTooBig) { - session_params_.retry_without_alt_svc_on_quic_errors = false; - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.retry_without_alt_svc_on_quic_errors = false; + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); const std::string error_details = quic::QuicStrCat("Write failed with error: ", ERR_MSG_TOO_BIG, " (", strerror(ERR_MSG_TOO_BIG), ")"); - MockQuicData socket_data; - quic::QuicStreamOffset offset = 0; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1, &offset)); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); socket_data.AddWrite(SYNCHRONOUS, ERR_MSG_TOO_BIG); // Connection close packet will be sent for MSG_TOO_BIG. socket_data.AddWrite( @@ -6237,59 +6076,56 @@ TEST_P(QuicNetworkTransactionTest, NoMigrationForMsgTooBig) { // Adds coverage to catch regression such as https://crbug.com/622043 TEST_P(QuicNetworkTransactionTest, QuicServerPush) { - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData mock_quic_data(version_); uint64_t client_packet_number = 1; mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(client_packet_number++, - &header_stream_offset)); + SYNCHRONOUS, ConstructInitialSettingsPacket(client_packet_number++)); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersPacket( client_packet_number++, GetNthClientInitiatedBidirectionalStreamId(0), - true, true, GetRequestHeaders("GET", "https", "/"), - &header_stream_offset)); - quic::QuicStreamOffset server_header_offset = 0; + true, true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( - ASYNC, ConstructServerPushPromisePacket( - 1, GetNthClientInitiatedBidirectionalStreamId(0), - GetNthServerInitiatedUnidirectionalStreamId(0), false, - GetRequestHeaders("GET", "https", "/pushed.jpg"), - &server_header_offset, &server_maker_)); - if (client_headers_include_h2_stream_dependency_ && - version_.transport_version >= quic::QUIC_VERSION_43) { - mock_quic_data.AddWrite(SYNCHRONOUS, - ConstructClientPriorityPacket( - client_packet_number++, false, - GetNthServerInitiatedUnidirectionalStreamId(0), - GetNthClientInitiatedBidirectionalStreamId(0), - DEFAULT_PRIORITY, &header_stream_offset)); + ASYNC, + ConstructServerPushPromisePacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), + GetNthServerInitiatedUnidirectionalStreamId(0), false, + GetRequestHeaders("GET", "https", "/pushed.jpg"), &server_maker_)); + if ((client_headers_include_h2_stream_dependency_ && + version_.transport_version >= quic::QUIC_VERSION_43) || + VersionHasStreamType(version_.transport_version)) { + mock_quic_data.AddWrite( + SYNCHRONOUS, + ConstructClientPriorityPacket( + client_packet_number++, false, + GetNthServerInitiatedUnidirectionalStreamId(0), + GetNthClientInitiatedBidirectionalStreamId(0), DEFAULT_PRIORITY)); } mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - GetResponseHeaders("200 OK"), &server_header_offset)); + GetResponseHeaders("200 OK"))); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckPacket(client_packet_number++, 2, 1, 1)); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 3, GetNthServerInitiatedUnidirectionalStreamId(0), false, - false, GetResponseHeaders("200 OK"), &server_header_offset)); + false, GetResponseHeaders("200 OK"))); std::string header = ConstructDataHeader(6); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 4, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckPacket(client_packet_number++, 4, 3, 1)); std::string header2 = ConstructDataHeader(10); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 5, GetNthServerInitiatedUnidirectionalStreamId(0), false, true, - 0, header2 + "and hello!")); + header2 + "and hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckAndRstPacket( client_packet_number++, @@ -6312,8 +6148,7 @@ TEST_P(QuicNetworkTransactionTest, QuicServerPush) { SendRequestAndExpectQuicResponse("and hello!"); // Check that the NetLog was filled reasonably. - TestNetLogEntry::List entries; - net_log_.GetEntries(&entries); + auto entries = net_log_.GetEntries(); EXPECT_LT(0u, entries.size()); // Check that we logged a QUIC_HTTP_STREAM_ADOPTED_PUSH_STREAM @@ -6327,46 +6162,43 @@ TEST_P(QuicNetworkTransactionTest, QuicServerPush) { // is closed before the pushed headers arrive, but after the connection // is closed and before the callbacks are executed. TEST_P(QuicNetworkTransactionTest, CancelServerPushAfterConnectionClose) { - session_params_.retry_without_alt_svc_on_quic_errors = false; - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.retry_without_alt_svc_on_quic_errors = false; + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData mock_quic_data(version_); uint64_t client_packet_number = 1; // Initial SETTINGS frame. mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(client_packet_number++, - &header_stream_offset)); + SYNCHRONOUS, ConstructInitialSettingsPacket(client_packet_number++)); // First request: GET https://mail.example.org/ mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersPacket( client_packet_number++, GetNthClientInitiatedBidirectionalStreamId(0), - true, true, GetRequestHeaders("GET", "https", "/"), - &header_stream_offset)); - quic::QuicStreamOffset server_header_offset = 0; + true, true, GetRequestHeaders("GET", "https", "/"))); // Server promise for: https://mail.example.org/pushed.jpg mock_quic_data.AddRead( - ASYNC, ConstructServerPushPromisePacket( - 1, GetNthClientInitiatedBidirectionalStreamId(0), - GetNthServerInitiatedUnidirectionalStreamId(0), false, - GetRequestHeaders("GET", "https", "/pushed.jpg"), - &server_header_offset, &server_maker_)); - if (client_headers_include_h2_stream_dependency_ && - version_.transport_version >= quic::QUIC_VERSION_43) { - mock_quic_data.AddWrite(SYNCHRONOUS, - ConstructClientPriorityPacket( - client_packet_number++, false, - GetNthServerInitiatedUnidirectionalStreamId(0), - GetNthClientInitiatedBidirectionalStreamId(0), - DEFAULT_PRIORITY, &header_stream_offset)); + ASYNC, + ConstructServerPushPromisePacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), + GetNthServerInitiatedUnidirectionalStreamId(0), false, + GetRequestHeaders("GET", "https", "/pushed.jpg"), &server_maker_)); + if ((client_headers_include_h2_stream_dependency_ && + version_.transport_version >= quic::QUIC_VERSION_43) || + VersionHasStreamType(version_.transport_version)) { + mock_quic_data.AddWrite( + SYNCHRONOUS, + ConstructClientPriorityPacket( + client_packet_number++, false, + GetNthServerInitiatedUnidirectionalStreamId(0), + GetNthClientInitiatedBidirectionalStreamId(0), DEFAULT_PRIORITY)); } // Response headers for first request. mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - GetResponseHeaders("200 OK"), &server_header_offset)); + GetResponseHeaders("200 OK"))); // Client ACKs the response headers. mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckPacket(client_packet_number++, 2, 1, 1)); @@ -6375,7 +6207,7 @@ TEST_P(QuicNetworkTransactionTest, CancelServerPushAfterConnectionClose) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 3, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); // Write error for the third request. mock_quic_data.AddWrite(SYNCHRONOUS, ERR_FAILED); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read @@ -6419,15 +6251,14 @@ TEST_P(QuicNetworkTransactionTest, CancelServerPushAfterConnectionClose) { } TEST_P(QuicNetworkTransactionTest, QuicForceHolBlocking) { - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); - MockQuicData mock_quic_data; + MockQuicData mock_quic_data(version_); - quic::QuicStreamOffset offset = 0; int write_packet_index = 1; - mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket( - write_packet_index++, &offset)); + mock_quic_data.AddWrite(SYNCHRONOUS, + ConstructInitialSettingsPacket(write_packet_index++)); std::string header = ConstructDataHeader(1); if (version_.transport_version != quic::QUIC_VERSION_99) { @@ -6436,15 +6267,14 @@ TEST_P(QuicNetworkTransactionTest, QuicForceHolBlocking) { ConstructClientRequestHeadersAndDataFramesPacket( write_packet_index++, GetNthClientInitiatedBidirectionalStreamId(0), true, true, DEFAULT_PRIORITY, - GetRequestHeaders("POST", "https", "/"), 0, &offset, nullptr, - {"1"})); + GetRequestHeaders("POST", "https", "/"), 0, nullptr, {"1"})); } else { mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersAndDataFramesPacket( write_packet_index++, GetNthClientInitiatedBidirectionalStreamId(0), true, true, DEFAULT_PRIORITY, - GetRequestHeaders("POST", "https", "/"), 0, &offset, nullptr, + GetRequestHeaders("POST", "https", "/"), 0, nullptr, {header, "1"})); } @@ -6457,7 +6287,7 @@ TEST_P(QuicNetworkTransactionTest, QuicForceHolBlocking) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header2 + "hello!")); + header2 + "hello!")); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckPacket(write_packet_index++, 2, 1, 1)); @@ -6515,33 +6345,35 @@ class QuicURLRequestContext : public URLRequestContext { }; TEST_P(QuicNetworkTransactionTest, RawHeaderSizeSuccessfullRequest) { - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); spdy::SpdyHeaderBlock headers(GetRequestHeaders("GET", "https", "/")); headers["user-agent"] = ""; headers["accept-encoding"] = "gzip, deflate"; mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, std::move(headers), &header_stream_offset)); + true, std::move(headers))); - quic::QuicStreamOffset expected_raw_header_response_size = 0; mock_quic_data.AddRead( - ASYNC, - ConstructServerResponseHeadersPacket( - 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - GetResponseHeaders("200 OK"), &expected_raw_header_response_size)); + ASYNC, ConstructServerResponseHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, + GetResponseHeaders("200 OK"))); + quic::QuicStreamOffset expected_raw_header_response_size = + server_maker_.stream_offset( + quic::VersionUsesQpack(version_.transport_version) + ? GetNthClientInitiatedBidirectionalStreamId(0) + : quic::QuicUtils::GetHeadersStreamId( + version_.transport_version)); std::string header = ConstructDataHeader(18); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, "Main Resource Data")); + "Main Resource Data")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, 0); // EOF @@ -6583,15 +6415,13 @@ TEST_P(QuicNetworkTransactionTest, RawHeaderSizeSuccessfullRequest) { } TEST_P(QuicNetworkTransactionTest, RawHeaderSizeSuccessfullPushHeadersFirst) { - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData mock_quic_data(version_); uint64_t client_packet_number = 1; mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(client_packet_number++, - &header_stream_offset)); + SYNCHRONOUS, ConstructInitialSettingsPacket(client_packet_number++)); spdy::SpdyHeaderBlock headers(GetRequestHeaders("GET", "https", "/")); headers["user-agent"] = ""; headers["accept-encoding"] = "gzip, deflate"; @@ -6599,35 +6429,40 @@ TEST_P(QuicNetworkTransactionTest, RawHeaderSizeSuccessfullPushHeadersFirst) { SYNCHRONOUS, ConstructClientRequestHeadersPacket( client_packet_number++, GetNthClientInitiatedBidirectionalStreamId(0), - true, true, std::move(headers), &header_stream_offset)); - - quic::QuicStreamOffset server_header_offset = 0; - quic::QuicStreamOffset expected_raw_header_response_size = 0; + true, true, std::move(headers))); mock_quic_data.AddRead( - ASYNC, ConstructServerPushPromisePacket( - 1, GetNthClientInitiatedBidirectionalStreamId(0), - GetNthServerInitiatedUnidirectionalStreamId(0), false, - GetRequestHeaders("GET", "https", "/pushed.jpg"), - &server_header_offset, &server_maker_)); - - if (client_headers_include_h2_stream_dependency_ && - version_.transport_version >= quic::QUIC_VERSION_43) { - mock_quic_data.AddWrite(SYNCHRONOUS, - ConstructClientPriorityPacket( - client_packet_number++, false, - GetNthServerInitiatedUnidirectionalStreamId(0), - GetNthClientInitiatedBidirectionalStreamId(0), - DEFAULT_PRIORITY, &header_stream_offset)); + ASYNC, + ConstructServerPushPromisePacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), + GetNthServerInitiatedUnidirectionalStreamId(0), false, + GetRequestHeaders("GET", "https", "/pushed.jpg"), &server_maker_)); + + if ((client_headers_include_h2_stream_dependency_ && + version_.transport_version >= quic::QUIC_VERSION_43) || + VersionHasStreamType(version_.transport_version)) { + mock_quic_data.AddWrite( + SYNCHRONOUS, + ConstructClientPriorityPacket( + client_packet_number++, false, + GetNthServerInitiatedUnidirectionalStreamId(0), + GetNthClientInitiatedBidirectionalStreamId(0), DEFAULT_PRIORITY)); } - expected_raw_header_response_size = server_header_offset; + const quic::QuicStreamOffset initial_offset = server_maker_.stream_offset( + quic::VersionUsesQpack(version_.transport_version) + ? GetNthClientInitiatedBidirectionalStreamId(0) + : quic::QuicUtils::GetHeadersStreamId(version_.transport_version)); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - GetResponseHeaders("200 OK"), &server_header_offset)); - expected_raw_header_response_size = - server_header_offset - expected_raw_header_response_size; + GetResponseHeaders("200 OK"))); + const quic::QuicStreamOffset final_offset = server_maker_.stream_offset( + quic::VersionUsesQpack(version_.transport_version) + ? GetNthClientInitiatedBidirectionalStreamId(0) + : quic::QuicUtils::GetHeadersStreamId(version_.transport_version)); + quic::QuicStreamOffset expected_raw_header_response_size = + final_offset - initial_offset; mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckPacket(client_packet_number++, 2, 1, 1)); @@ -6635,12 +6470,12 @@ TEST_P(QuicNetworkTransactionTest, RawHeaderSizeSuccessfullPushHeadersFirst) { mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 3, GetNthServerInitiatedUnidirectionalStreamId(0), false, - false, GetResponseHeaders("200 OK"), &server_header_offset)); + false, GetResponseHeaders("200 OK"))); std::string header = ConstructDataHeader(20); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 4, GetNthServerInitiatedUnidirectionalStreamId(0), false, true, - 0, header + "Pushed Resource Data")); + header + "Pushed Resource Data")); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckPacket(client_packet_number++, 4, 3, 1)); @@ -6648,7 +6483,7 @@ TEST_P(QuicNetworkTransactionTest, RawHeaderSizeSuccessfullPushHeadersFirst) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 5, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header2 + "Main Resource Data")); + header2 + "Main Resource Data")); mock_quic_data.AddRead(ASYNC, ConstructServerConnectionClosePacket(6)); @@ -6702,15 +6537,12 @@ TEST_P(QuicNetworkTransactionTest, HostInWhitelist) { AddCertificate(&ssl_data_); socket_factory_.AddSSLSocketDataProvider(&ssl_data_); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); - mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -6719,7 +6551,7 @@ TEST_P(QuicNetworkTransactionTest, HostInWhitelist) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read mock_quic_data.AddRead(ASYNC, 0); // EOF @@ -6781,9 +6613,9 @@ class QuicNetworkTransactionWithDestinationTest HttpNetworkSession::Params session_params; session_params.enable_quic = true; - session_params.quic_allow_remote_alt_svc = true; - session_params.quic_supported_versions = supported_versions_; - session_params.quic_headers_include_h2_stream_dependency = + session_params.quic_params.allow_remote_alt_svc = true; + session_params.quic_params.supported_versions = supported_versions_; + session_params.quic_params.headers_include_h2_stream_dependency = client_headers_include_h2_stream_dependency_; HttpNetworkSession::Context session_context; @@ -6844,30 +6676,20 @@ class QuicNetworkTransactionWithDestinationTest url::SchemeHostPort("https", origin, 443), alternative_service, expiration, supported_versions_); } - std::unique_ptr - ConstructClientRequestHeadersPacket(uint64_t packet_number, - quic::QuicStreamId stream_id, - bool should_include_version, - quic::QuicStreamOffset* offset, - QuicTestPacketMaker* maker) { - return ConstructClientRequestHeadersPacket( - packet_number, stream_id, should_include_version, 0, offset, maker); - } std::unique_ptr ConstructClientRequestHeadersPacket(uint64_t packet_number, quic::QuicStreamId stream_id, bool should_include_version, quic::QuicStreamId parent_stream_id, - quic::QuicStreamOffset* offset, QuicTestPacketMaker* maker) { spdy::SpdyPriority priority = ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY); spdy::SpdyHeaderBlock headers( maker->GetRequestHeaders("GET", "https", "/")); - return maker->MakeRequestHeadersPacketWithOffsetTracking( + return maker->MakeRequestHeadersPacket( packet_number, stream_id, should_include_version, true, priority, - std::move(headers), parent_stream_id, offset); + std::move(headers), parent_stream_id, nullptr); } std::unique_ptr @@ -6876,25 +6698,16 @@ class QuicNetworkTransactionWithDestinationTest bool should_include_version, QuicTestPacketMaker* maker) { return ConstructClientRequestHeadersPacket( - packet_number, stream_id, should_include_version, nullptr, maker); + packet_number, stream_id, should_include_version, 0, maker); } std::unique_ptr ConstructServerResponseHeadersPacket(uint64_t packet_number, quic::QuicStreamId stream_id, - quic::QuicStreamOffset* offset, QuicTestPacketMaker* maker) { spdy::SpdyHeaderBlock headers(maker->GetResponseHeaders("200 OK")); - return maker->MakeResponseHeadersPacketWithOffsetTracking( - packet_number, stream_id, false, false, std::move(headers), offset); - } - - std::unique_ptr - ConstructServerResponseHeadersPacket(uint64_t packet_number, - quic::QuicStreamId stream_id, - QuicTestPacketMaker* maker) { - return ConstructServerResponseHeadersPacket(packet_number, stream_id, - nullptr, maker); + return maker->MakeResponseHeadersPacket(packet_number, stream_id, false, + false, std::move(headers), nullptr); } std::unique_ptr ConstructServerDataPacket( @@ -6908,7 +6721,7 @@ class QuicNetworkTransactionWithDestinationTest auto header_length = encoder.SerializeDataFrameHeader(5, &buffer); header = std::string(buffer.get(), header_length); } - return maker->MakeDataPacket(packet_number, stream_id, false, true, 0, + return maker->MakeDataPacket(packet_number, stream_id, false, true, header + "hello"); } @@ -6924,9 +6737,8 @@ class QuicNetworkTransactionWithDestinationTest std::unique_ptr ConstructInitialSettingsPacket( uint64_t packet_number, - quic::QuicStreamOffset* offset, QuicTestPacketMaker* maker) { - return maker->MakeInitialSettingsPacket(packet_number, offset); + return maker->MakeInitialSettingsPacket(packet_number); } void AddRefusedSocketData() { @@ -7049,7 +6861,7 @@ TEST_P(QuicNetworkTransactionWithDestinationTest, InvalidCertificate) { verify_details.cert_verify_result.is_issued_by_known_root = true; crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData mock_quic_data; + MockQuicData mock_quic_data(version_); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); mock_quic_data.AddRead(ASYNC, 0); @@ -7099,21 +6911,17 @@ TEST_P(QuicNetworkTransactionWithDestinationTest, PoolIfCertificateValid) { version_, quic::QuicUtils::CreateRandomConnectionId(&random_generator_), &clock_, origin1_, quic::Perspective::IS_SERVER, false); - quic::QuicStreamOffset request_header_offset(0); - quic::QuicStreamOffset response_header_offset(0); - - MockQuicData mock_quic_data; - mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructInitialSettingsPacket(1, &request_header_offset, &client_maker)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, + ConstructInitialSettingsPacket(1, &client_maker)); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - &request_header_offset, &client_maker)); - mock_quic_data.AddRead(ASYNC, - ConstructServerResponseHeadersPacket( - 1, GetNthClientInitiatedBidirectionalStreamId(0), - &response_header_offset, &server_maker)); + &client_maker)); + mock_quic_data.AddRead( + ASYNC, + ConstructServerResponseHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), &server_maker)); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( @@ -7125,14 +6933,14 @@ TEST_P(QuicNetworkTransactionWithDestinationTest, PoolIfCertificateValid) { server_maker.set_hostname(origin2_); mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructClientRequestHeadersPacket( - 4, GetNthClientInitiatedBidirectionalStreamId(1), false, - GetNthClientInitiatedBidirectionalStreamId(0), - &request_header_offset, &client_maker)); - mock_quic_data.AddRead(ASYNC, - ConstructServerResponseHeadersPacket( - 3, GetNthClientInitiatedBidirectionalStreamId(1), - &response_header_offset, &server_maker)); + SYNCHRONOUS, + ConstructClientRequestHeadersPacket( + 4, GetNthClientInitiatedBidirectionalStreamId(1), false, + GetNthClientInitiatedBidirectionalStreamId(0), &client_maker)); + mock_quic_data.AddRead( + ASYNC, + ConstructServerResponseHeadersPacket( + 3, GetNthClientInitiatedBidirectionalStreamId(1), &server_maker)); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( @@ -7200,15 +7008,13 @@ TEST_P(QuicNetworkTransactionWithDestinationTest, version_, quic::QuicUtils::CreateRandomConnectionId(&random_generator_), &clock_, origin1_, quic::Perspective::IS_SERVER, false); - MockQuicData mock_quic_data1; - quic::QuicStreamOffset header_stream_offset1 = 0; - mock_quic_data1.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset1, - &client_maker1)); + MockQuicData mock_quic_data1(version_); + mock_quic_data1.AddWrite(SYNCHRONOUS, + ConstructInitialSettingsPacket(1, &client_maker1)); mock_quic_data1.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - &header_stream_offset1, &client_maker1)); + &client_maker1)); mock_quic_data1.AddRead( ASYNC, ConstructServerResponseHeadersPacket( @@ -7232,15 +7038,13 @@ TEST_P(QuicNetworkTransactionWithDestinationTest, version_, quic::QuicUtils::CreateRandomConnectionId(&random_generator_), &clock_, origin2_, quic::Perspective::IS_SERVER, false); - MockQuicData mock_quic_data2; - quic::QuicStreamOffset header_stream_offset2 = 0; - mock_quic_data2.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset2, - &client_maker2)); + MockQuicData mock_quic_data2(version_); + mock_quic_data2.AddWrite(SYNCHRONOUS, + ConstructInitialSettingsPacket(1, &client_maker2)); mock_quic_data2.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - &header_stream_offset2, &client_maker2)); + &client_maker2)); mock_quic_data2.AddRead( ASYNC, ConstructServerResponseHeadersPacket( @@ -7265,52 +7069,50 @@ TEST_P(QuicNetworkTransactionWithDestinationTest, // crbug.com/705109 - this confirms that matching request with a body // triggers a crash (pre-fix). TEST_P(QuicNetworkTransactionTest, QuicServerPushMatchesRequestWithBody) { - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData mock_quic_data(version_); uint64_t client_packet_number = 1; mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(client_packet_number++, - &header_stream_offset)); + SYNCHRONOUS, ConstructInitialSettingsPacket(client_packet_number++)); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersPacket( client_packet_number++, GetNthClientInitiatedBidirectionalStreamId(0), - true, true, GetRequestHeaders("GET", "https", "/"), - &header_stream_offset)); - quic::QuicStreamOffset server_header_offset = 0; + true, true, GetRequestHeaders("GET", "https", "/"))); mock_quic_data.AddRead( - ASYNC, ConstructServerPushPromisePacket( - 1, GetNthClientInitiatedBidirectionalStreamId(0), - GetNthServerInitiatedUnidirectionalStreamId(0), false, - GetRequestHeaders("GET", "https", "/pushed.jpg"), - &server_header_offset, &server_maker_)); - if (client_headers_include_h2_stream_dependency_ && - version_.transport_version >= quic::QUIC_VERSION_43) { - mock_quic_data.AddWrite(SYNCHRONOUS, - ConstructClientPriorityPacket( - client_packet_number++, false, - GetNthServerInitiatedUnidirectionalStreamId(0), - GetNthClientInitiatedBidirectionalStreamId(0), - DEFAULT_PRIORITY, &header_stream_offset)); + ASYNC, + ConstructServerPushPromisePacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), + GetNthServerInitiatedUnidirectionalStreamId(0), false, + GetRequestHeaders("GET", "https", "/pushed.jpg"), &server_maker_)); + + if ((client_headers_include_h2_stream_dependency_ && + version_.transport_version >= quic::QUIC_VERSION_43) || + VersionHasStreamType(version_.transport_version)) { + mock_quic_data.AddWrite( + SYNCHRONOUS, + ConstructClientPriorityPacket( + client_packet_number++, false, + GetNthServerInitiatedUnidirectionalStreamId(0), + GetNthClientInitiatedBidirectionalStreamId(0), DEFAULT_PRIORITY)); } mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - GetResponseHeaders("200 OK"), &server_header_offset)); + GetResponseHeaders("200 OK"))); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckPacket(client_packet_number++, 2, 1, 1)); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 3, GetNthServerInitiatedUnidirectionalStreamId(0), false, - false, GetResponseHeaders("200 OK"), &server_header_offset)); + false, GetResponseHeaders("200 OK"))); std::string header = ConstructDataHeader(6); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 4, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckPacket(client_packet_number++, 4, 3, 1)); @@ -7318,7 +7120,7 @@ TEST_P(QuicNetworkTransactionTest, QuicServerPushMatchesRequestWithBody) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 5, GetNthServerInitiatedUnidirectionalStreamId(0), false, true, - 0, header2 + "and hello!")); + header2 + "and hello!")); // Because the matching request has a body, we will see the push // stream get cancelled, and the matching request go out on the @@ -7337,8 +7139,7 @@ TEST_P(QuicNetworkTransactionTest, QuicServerPushMatchesRequestWithBody) { client_packet_number++, GetNthClientInitiatedBidirectionalStreamId(1), false, true, DEFAULT_PRIORITY, GetRequestHeaders("GET", "https", "/pushed.jpg"), - GetNthServerInitiatedUnidirectionalStreamId(0), - &header_stream_offset, nullptr, {kBody})); + GetNthServerInitiatedUnidirectionalStreamId(0), nullptr, {kBody})); } else { mock_quic_data.AddWrite( SYNCHRONOUS, @@ -7346,8 +7147,8 @@ TEST_P(QuicNetworkTransactionTest, QuicServerPushMatchesRequestWithBody) { client_packet_number++, GetNthClientInitiatedBidirectionalStreamId(1), false, true, DEFAULT_PRIORITY, GetRequestHeaders("GET", "https", "/pushed.jpg"), - GetNthServerInitiatedUnidirectionalStreamId(0), - &header_stream_offset, nullptr, {header3, kBody})); + GetNthServerInitiatedUnidirectionalStreamId(0), nullptr, + {header3, kBody})); } // We see the same response as for the earlier pushed and cancelled @@ -7355,11 +7156,11 @@ TEST_P(QuicNetworkTransactionTest, QuicServerPushMatchesRequestWithBody) { mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 6, GetNthClientInitiatedBidirectionalStreamId(1), false, false, - GetResponseHeaders("200 OK"), &server_header_offset)); + GetResponseHeaders("200 OK"))); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 7, GetNthClientInitiatedBidirectionalStreamId(1), false, true, - 0, header2 + "and hello!")); + header2 + "and hello!")); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckPacket(client_packet_number++, 7, 6, 1)); @@ -7393,47 +7194,42 @@ TEST_P(QuicNetworkTransactionTest, QuicServerPushWithEmptyHostname) { pushed_request_headers[":path"] = "/"; pushed_request_headers[":scheme"] = "nosuchscheme"; - session_params_.origins_to_force_quic_on.insert( + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); - MockQuicData mock_quic_data; + MockQuicData mock_quic_data(version_); - quic::QuicStreamOffset header_stream_offset = 0; + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); - mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - GetRequestHeaders("GET", "https", "/"), &header_stream_offset)); + SYNCHRONOUS, ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, + true, GetRequestHeaders("GET", "https", "/"))); - quic::QuicStreamOffset server_header_offset = 0; mock_quic_data.AddRead( ASYNC, ConstructServerPushPromisePacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), GetNthServerInitiatedUnidirectionalStreamId(0), false, - std::move(pushed_request_headers), &server_header_offset, - &server_maker_)); + std::move(pushed_request_headers), &server_maker_)); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientRstPacket( 3, GetNthServerInitiatedUnidirectionalStreamId(0), - quic::QUIC_INVALID_PROMISE_URL, 0)); + quic::QUIC_INVALID_PROMISE_URL)); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - GetResponseHeaders("200 OK"), &server_header_offset)); + GetResponseHeaders("200 OK"))); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(4, 2, 1, 1)); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 3, GetNthServerInitiatedUnidirectionalStreamId(0), false, - false, GetResponseHeaders("200 OK"), &server_header_offset)); + false, GetResponseHeaders("200 OK"))); std::string header = ConstructDataHeader(6); mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 4, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(5, 4, 3, 1)); mock_quic_data.AddRead(ASYNC, 0); @@ -7459,16 +7255,13 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectHttpsServer) { proxy_resolution_service_ = ProxyResolutionService::CreateFixedFromPacResult( "QUIC proxy.example.org:70", TRAFFIC_ANNOTATION_FOR_TESTS); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), true, false, HttpProxyConnectJob::kH2QuicTunnelPriority, - ConnectRequestHeaders("mail.example.org:443"), 0, - &header_stream_offset)); + ConnectRequestHeaders("mail.example.org:443"), 0)); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -7484,13 +7277,13 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectHttpsServer) { SYNCHRONOUS, ConstructClientAckAndDataPacket( 3, false, GetNthClientInitiatedBidirectionalStreamId(0), 1, 1, 1, - false, 0, quic::QuicStringPiece(get_request))); + false, quic::QuicStringPiece(get_request))); } else { mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckAndMultipleDataFramesPacket( 3, false, GetNthClientInitiatedBidirectionalStreamId(0), 1, 1, 1, - false, 0, {header, std::string(get_request)})); + false, {header, std::string(get_request)})); } const char get_response[] = @@ -7500,21 +7293,19 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectHttpsServer) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - 0, header2 + std::string(get_response))); + header2 + std::string(get_response))); std::string header3 = ConstructDataHeader(10); mock_quic_data.AddRead( SYNCHRONOUS, ConstructServerDataPacket( 3, GetNthClientInitiatedBidirectionalStreamId(0), false, - false, strlen(get_response) + header2.length(), - header3 + std::string("0123456789"))); + false, header3 + std::string("0123456789"))); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(4, 3, 2, 1)); mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRstPacket(5, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, - strlen(get_request) + header.length())); + quic::QUIC_STREAM_CANCELLED)); mock_quic_data.AddSocketDataToFactory(&socket_factory_); @@ -7552,16 +7343,13 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectSpdyServer) { proxy_resolution_service_ = ProxyResolutionService::CreateFixedFromPacResult( "QUIC proxy.example.org:70", TRAFFIC_ANNOTATION_FOR_TESTS); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), true, false, HttpProxyConnectJob::kH2QuicTunnelPriority, - ConnectRequestHeaders("mail.example.org:443"), 0, - &header_stream_offset)); + ConnectRequestHeaders("mail.example.org:443"), 0)); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, @@ -7577,24 +7365,21 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectSpdyServer) { SYNCHRONOUS, ConstructClientAckAndDataPacket( 3, false, GetNthClientInitiatedBidirectionalStreamId(0), 1, 1, 1, - false, 0, - quic::QuicStringPiece(get_frame.data(), get_frame.size()))); + false, quic::QuicStringPiece(get_frame.data(), get_frame.size()))); } else { mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckAndMultipleDataFramesPacket( 3, false, GetNthClientInitiatedBidirectionalStreamId(0), 1, 1, 1, - false, 0, - {header, std::string(get_frame.data(), get_frame.size())})); + false, {header, std::string(get_frame.data(), get_frame.size())})); } spdy::SpdySerializedFrame resp_frame = spdy_util.ConstructSpdyGetReply(nullptr, 0, 1); std::string header2 = ConstructDataHeader(resp_frame.size()); mock_quic_data.AddRead( - ASYNC, - ConstructServerDataPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, 0, - header2 + std::string(resp_frame.data(), resp_frame.size()))); + ASYNC, ConstructServerDataPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, + header2 + std::string(resp_frame.data(), resp_frame.size()))); spdy::SpdySerializedFrame data_frame = spdy_util.ConstructSpdyDataFrame(1, "0123456789", true); @@ -7603,7 +7388,6 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectSpdyServer) { SYNCHRONOUS, ConstructServerDataPacket( 3, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - resp_frame.size() + header2.length(), header3 + std::string(data_frame.data(), data_frame.size()))); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(4, 3, 2, 1)); mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read @@ -7611,8 +7395,7 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectSpdyServer) { mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRstPacket(5, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, - get_frame.size() + header.length())); + quic::QUIC_STREAM_CANCELLED)); mock_quic_data.AddSocketDataToFactory(&socket_factory_); @@ -7652,25 +7435,21 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectReuseTransportSocket) { proxy_resolution_service_ = ProxyResolutionService::CreateFixedFromPacResult( "QUIC proxy.example.org:70", TRAFFIC_ANNOTATION_FOR_TESTS); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData mock_quic_data(version_); int write_packet_index = 1; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(write_packet_index++, - &header_stream_offset)); + mock_quic_data.AddWrite(SYNCHRONOUS, + ConstructInitialSettingsPacket(write_packet_index++)); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersPacket( write_packet_index++, GetNthClientInitiatedBidirectionalStreamId(0), true, false, HttpProxyConnectJob::kH2QuicTunnelPriority, - ConnectRequestHeaders("mail.example.org:443"), 0, - &header_stream_offset)); + ConnectRequestHeaders("mail.example.org:443"), 0)); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, GetResponseHeaders("200 OK"))); - quic::QuicStreamOffset client_data_offset = 0; quic::QuicStreamOffset server_data_offset = 0; const char get_request_1[] = "GET / HTTP/1.1\r\n" @@ -7679,22 +7458,18 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectReuseTransportSocket) { std::string header = ConstructDataHeader(strlen(get_request_1)); if (version_.transport_version != quic::QUIC_VERSION_99) { mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientAckAndDataPacket( - write_packet_index++, false, - GetNthClientInitiatedBidirectionalStreamId(0), 1, 1, 1, false, - client_data_offset, quic::QuicStringPiece(get_request_1))); + SYNCHRONOUS, ConstructClientAckAndDataPacket( + write_packet_index++, false, + GetNthClientInitiatedBidirectionalStreamId(0), 1, 1, 1, + false, quic::QuicStringPiece(get_request_1))); } else { mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientAckAndMultipleDataFramesPacket( - write_packet_index++, false, - GetNthClientInitiatedBidirectionalStreamId(0), 1, 1, 1, false, - client_data_offset, {header, std::string(get_request_1)})); + SYNCHRONOUS, ConstructClientAckAndMultipleDataFramesPacket( + write_packet_index++, false, + GetNthClientInitiatedBidirectionalStreamId(0), 1, 1, 1, + false, {header, std::string(get_request_1)})); } - client_data_offset += strlen(get_request_1) + header.length(); - const char get_response_1[] = "HTTP/1.1 200 OK\r\n" "Content-Length: 10\r\n\r\n"; @@ -7702,15 +7477,14 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectReuseTransportSocket) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - server_data_offset, header2 + std::string(get_response_1))); + header2 + std::string(get_response_1))); server_data_offset += strlen(get_response_1) + header2.length(); std::string header3 = ConstructDataHeader(10); mock_quic_data.AddRead( - SYNCHRONOUS, - ConstructServerDataPacket( - 3, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - server_data_offset, header3 + std::string("0123456789"))); + SYNCHRONOUS, ConstructServerDataPacket( + 3, GetNthClientInitiatedBidirectionalStreamId(0), false, + false, header3 + std::string("0123456789"))); server_data_offset += 10 + header3.length(); mock_quic_data.AddWrite( @@ -7726,17 +7500,13 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectReuseTransportSocket) { SYNCHRONOUS, ConstructClientMultipleDataFramesPacket( write_packet_index++, GetNthClientInitiatedBidirectionalStreamId(0), - false, false, client_data_offset, - {header4, std::string(get_request_2)})); - client_data_offset += header4.length() + strlen(get_request_2); + false, false, {header4, std::string(get_request_2)})); } else { mock_quic_data.AddWrite( SYNCHRONOUS, - ConstructClientDataPacket(write_packet_index++, - GetNthClientInitiatedBidirectionalStreamId(0), - false, false, client_data_offset, - quic::QuicStringPiece(get_request_2))); - client_data_offset += strlen(get_request_2); + ConstructClientDataPacket( + write_packet_index++, GetNthClientInitiatedBidirectionalStreamId(0), + false, false, quic::QuicStringPiece(get_request_2))); } const char get_response_2[] = @@ -7746,15 +7516,14 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectReuseTransportSocket) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 4, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - server_data_offset, header5 + std::string(get_response_2))); + header5 + std::string(get_response_2))); server_data_offset += strlen(get_response_2) + header5.length(); std::string header6 = ConstructDataHeader(7); mock_quic_data.AddRead( - SYNCHRONOUS, - ConstructServerDataPacket( - 5, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - server_data_offset, header6 + std::string("0123456"))); + SYNCHRONOUS, ConstructServerDataPacket( + 5, GetNthClientInitiatedBidirectionalStreamId(0), false, + false, header6 + std::string("0123456"))); server_data_offset += 7 + header6.length(); mock_quic_data.AddWrite( @@ -7763,9 +7532,9 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectReuseTransportSocket) { mock_quic_data.AddWrite( SYNCHRONOUS, - ConstructClientRstPacket( - write_packet_index++, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, client_data_offset)); + ConstructClientRstPacket(write_packet_index++, + GetNthClientInitiatedBidirectionalStreamId(0), + quic::QUIC_STREAM_CANCELLED)); mock_quic_data.AddSocketDataToFactory(&socket_factory_); @@ -7817,23 +7586,19 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectReuseQuicSession) { proxy_resolution_service_ = ProxyResolutionService::CreateFixedFromPacResult( "QUIC proxy.example.org:70", TRAFFIC_ANNOTATION_FOR_TESTS); - MockQuicData mock_quic_data; - quic::QuicStreamOffset client_header_stream_offset = 0; - quic::QuicStreamOffset server_header_stream_offset = 0; - mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket( - 1, &client_header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); // CONNECT request and response for first request mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), true, false, HttpProxyConnectJob::kH2QuicTunnelPriority, - ConnectRequestHeaders("mail.example.org:443"), 0, - &client_header_stream_offset)); + ConnectRequestHeaders("mail.example.org:443"), 0)); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - GetResponseHeaders("200 OK"), &server_header_stream_offset)); + GetResponseHeaders("200 OK"))); // GET request, response, and data over QUIC tunnel for first request const char get_request[] = @@ -7846,13 +7611,13 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectReuseQuicSession) { SYNCHRONOUS, ConstructClientAckAndDataPacket( 3, false, GetNthClientInitiatedBidirectionalStreamId(0), 1, 1, 1, - false, 0, quic::QuicStringPiece(get_request))); + false, quic::QuicStringPiece(get_request))); } else { mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckAndMultipleDataFramesPacket( 3, false, GetNthClientInitiatedBidirectionalStreamId(0), 1, 1, 1, - false, 0, {header, std::string(get_request)})); + false, {header, std::string(get_request)})); } const char get_response[] = @@ -7862,13 +7627,12 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectReuseQuicSession) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - 0, header2 + std::string(get_response))); + header2 + std::string(get_response))); std::string header3 = ConstructDataHeader(10); mock_quic_data.AddRead( SYNCHRONOUS, ConstructServerDataPacket( 3, GetNthClientInitiatedBidirectionalStreamId(0), false, - false, strlen(get_response) + header2.length(), - header3 + std::string("0123456789"))); + false, header3 + std::string("0123456789"))); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(4, 3, 2, 1)); // CONNECT request and response for second request @@ -7877,12 +7641,11 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectReuseQuicSession) { 5, GetNthClientInitiatedBidirectionalStreamId(1), false, false, HttpProxyConnectJob::kH2QuicTunnelPriority, ConnectRequestHeaders("different.example.org:443"), - GetNthClientInitiatedBidirectionalStreamId(0), - &client_header_stream_offset)); + GetNthClientInitiatedBidirectionalStreamId(0))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 4, GetNthClientInitiatedBidirectionalStreamId(1), false, false, - GetResponseHeaders("200 OK"), &server_header_stream_offset)); + GetResponseHeaders("200 OK"))); // GET request, response, and data over QUIC tunnel for second request SpdyTestUtil spdy_util; @@ -7894,25 +7657,22 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectReuseQuicSession) { SYNCHRONOUS, ConstructClientAckAndDataPacket( 6, false, GetNthClientInitiatedBidirectionalStreamId(1), 4, 4, 1, - false, 0, - quic::QuicStringPiece(get_frame.data(), get_frame.size()))); + false, quic::QuicStringPiece(get_frame.data(), get_frame.size()))); } else { mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckAndMultipleDataFramesPacket( 6, false, GetNthClientInitiatedBidirectionalStreamId(1), 4, 4, 1, - false, 0, - {header4, std::string(get_frame.data(), get_frame.size())})); + false, {header4, std::string(get_frame.data(), get_frame.size())})); } spdy::SpdySerializedFrame resp_frame = spdy_util.ConstructSpdyGetReply(nullptr, 0, 1); std::string header5 = ConstructDataHeader(resp_frame.size()); mock_quic_data.AddRead( - ASYNC, - ConstructServerDataPacket( - 5, GetNthClientInitiatedBidirectionalStreamId(1), false, false, 0, - header5 + std::string(resp_frame.data(), resp_frame.size()))); + ASYNC, ConstructServerDataPacket( + 5, GetNthClientInitiatedBidirectionalStreamId(1), false, false, + header5 + std::string(resp_frame.data(), resp_frame.size()))); spdy::SpdySerializedFrame data_frame = spdy_util.ConstructSpdyDataFrame(1, "0123456", true); @@ -7920,7 +7680,6 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectReuseQuicSession) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 6, GetNthClientInitiatedBidirectionalStreamId(1), false, false, - resp_frame.size() + header5.length(), header6 + std::string(data_frame.data(), data_frame.size()))); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(7, 6, 5, 1)); @@ -7929,13 +7688,11 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectReuseQuicSession) { mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRstPacket(8, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, - strlen(get_request) + header.length())); + quic::QUIC_STREAM_CANCELLED)); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRstPacket(9, GetNthClientInitiatedBidirectionalStreamId(1), - quic::QUIC_STREAM_CANCELLED, - get_frame.size() + header4.length())); + quic::QUIC_STREAM_CANCELLED)); mock_quic_data.AddSocketDataToFactory(&socket_factory_); @@ -7989,16 +7746,13 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectFailure) { proxy_resolution_service_ = ProxyResolutionService::CreateFixedFromPacResult( "QUIC proxy.example.org:70", TRAFFIC_ANNOTATION_FOR_TESTS); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), true, false, HttpProxyConnectJob::kH2QuicTunnelPriority, - ConnectRequestHeaders("mail.example.org:443"), 0, - &header_stream_offset)); + ConnectRequestHeaders("mail.example.org:443"), 0)); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, true, @@ -8038,16 +7792,13 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyQuicConnectionError) { proxy_resolution_service_ = ProxyResolutionService::CreateFixedFromPacResult( "QUIC proxy.example.org:70", TRAFFIC_ANNOTATION_FOR_TESTS); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), true, false, HttpProxyConnectJob::kH2QuicTunnelPriority, - ConnectRequestHeaders("mail.example.org:443"), 0, - &header_stream_offset)); + ConnectRequestHeaders("mail.example.org:443"), 0)); mock_quic_data.AddRead(ASYNC, ERR_CONNECTION_FAILED); mock_quic_data.AddSocketDataToFactory(&socket_factory_); @@ -8077,21 +7828,17 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectBadCertificate) { proxy_resolution_service_ = ProxyResolutionService::CreateFixedFromPacResult( "QUIC proxy.example.org:70", TRAFFIC_ANNOTATION_FOR_TESTS); - MockQuicData mock_quic_data; - quic::QuicStreamOffset client_header_stream_offset = 0; - quic::QuicStreamOffset server_header_stream_offset = 0; - mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket( - 1, &client_header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), true, false, HttpProxyConnectJob::kH2QuicTunnelPriority, - ConnectRequestHeaders("mail.example.org:443"), 0, - &client_header_stream_offset)); + ConnectRequestHeaders("mail.example.org:443"), 0)); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false, - GetResponseHeaders("200 OK"), &server_header_stream_offset)); + GetResponseHeaders("200 OK"))); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckAndRstPacket( 3, GetNthClientInitiatedBidirectionalStreamId(0), @@ -8102,12 +7849,11 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectBadCertificate) { 4, GetNthClientInitiatedBidirectionalStreamId(1), false, false, HttpProxyConnectJob::kH2QuicTunnelPriority, ConnectRequestHeaders("mail.example.org:443"), - GetNthClientInitiatedBidirectionalStreamId(0), - &client_header_stream_offset)); + GetNthClientInitiatedBidirectionalStreamId(0))); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(1), false, false, - GetResponseHeaders("200 OK"), &server_header_stream_offset)); + GetResponseHeaders("200 OK"))); const char get_request[] = "GET / HTTP/1.1\r\n" @@ -8119,13 +7865,13 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectBadCertificate) { SYNCHRONOUS, ConstructClientAckAndDataPacket( 5, false, GetNthClientInitiatedBidirectionalStreamId(1), 2, 2, 1, - false, 0, quic::QuicStringPiece(get_request))); + false, quic::QuicStringPiece(get_request))); } else { mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckAndMultipleDataFramesPacket( 5, false, GetNthClientInitiatedBidirectionalStreamId(1), 2, 2, 1, - false, 0, {header, std::string(get_request)})); + false, {header, std::string(get_request)})); } const char get_response[] = "HTTP/1.1 200 OK\r\n" @@ -8134,22 +7880,20 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyConnectBadCertificate) { mock_quic_data.AddRead( ASYNC, ConstructServerDataPacket( 3, GetNthClientInitiatedBidirectionalStreamId(1), false, false, - 0, header2 + std::string(get_response))); + header2 + std::string(get_response))); std::string header3 = ConstructDataHeader(10); mock_quic_data.AddRead( SYNCHRONOUS, ConstructServerDataPacket( 4, GetNthClientInitiatedBidirectionalStreamId(1), false, - false, strlen(get_response) + header2.length(), - header3 + std::string("0123456789"))); + false, header3 + std::string("0123456789"))); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(6, 4, 3, 1)); mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRstPacket(7, GetNthClientInitiatedBidirectionalStreamId(1), - quic::QUIC_STREAM_CANCELLED, - strlen(get_request) + header.length())); + quic::QUIC_STREAM_CANCELLED)); mock_quic_data.AddSocketDataToFactory(&socket_factory_); @@ -8201,18 +7945,16 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyUserAgent) { proxy_resolution_service_ = ProxyResolutionService::CreateFixedFromPacResult( "QUIC proxy.example.org:70", TRAFFIC_ANNOTATION_FOR_TESTS); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); spdy::SpdyHeaderBlock headers = ConnectRequestHeaders("mail.example.org:443"); headers["user-agent"] = kConfiguredUserAgent; mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructClientRequestHeadersPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - false, HttpProxyConnectJob::kH2QuicTunnelPriority, - std::move(headers), 0, &header_stream_offset)); + SYNCHRONOUS, + ConstructClientRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, false, + HttpProxyConnectJob::kH2QuicTunnelPriority, std::move(headers), 0)); // Return an error, so the transaction stops here (this test isn't interested // in the rest). mock_quic_data.AddRead(ASYNC, ERR_CONNECTION_FAILED); @@ -8251,16 +7993,13 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyRequestPriority) { const RequestPriority request_priority = MEDIUM; - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), true, false, HttpProxyConnectJob::kH2QuicTunnelPriority, - ConnectRequestHeaders("mail.example.org:443"), 0, - &header_stream_offset)); + ConnectRequestHeaders("mail.example.org:443"), 0)); // Return an error, so the transaction stops here (this test isn't interested // in the rest). mock_quic_data.AddRead(ASYNC, ERR_CONNECTION_FAILED); @@ -8291,17 +8030,15 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyMultipleRequestsError) { const RequestPriority kRequestPriority = MEDIUM; const RequestPriority kRequestPriority2 = LOWEST; - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - mock_quic_data.AddWrite( - ASYNC, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(ASYNC, ConstructInitialSettingsPacket(1)); mock_quic_data.AddWrite(SYNCHRONOUS, ERR_FAILED); // This should never be reached. mock_quic_data.AddRead(ASYNC, ERR_CONNECTION_FAILED); mock_quic_data.AddSocketDataToFactory(&socket_factory_); // Second connection attempt just fails - result doesn't really matter. - MockQuicData mock_quic_data2; + MockQuicData mock_quic_data2(version_); mock_quic_data2.AddConnect(SYNCHRONOUS, ERR_FAILED); mock_quic_data2.AddSocketDataToFactory(&socket_factory_); @@ -8373,44 +8110,40 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyAuth) { ProxyResolutionService::CreateFixedFromPacResult( "QUIC proxy.example.org:70", TRAFFIC_ANNOTATION_FOR_TESTS); - MockQuicData mock_quic_data; - quic::QuicStreamOffset client_header_stream_offset = 0; - quic::QuicStreamOffset server_header_stream_offset = 0; - quic::QuicStreamOffset client_data_offset = 0; + MockQuicData mock_quic_data(version_); quic::QuicStreamOffset server_data_offset = 0; mock_quic_data.AddWrite(SYNCHRONOUS, - client_maker->MakeInitialSettingsPacket( - 1, &client_header_stream_offset)); + client_maker->MakeInitialSettingsPacket(1)); mock_quic_data.AddWrite( SYNCHRONOUS, - client_maker->MakeRequestHeadersPacketWithOffsetTracking( + client_maker->MakeRequestHeadersPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), true, false, ConvertRequestPriorityToQuicPriority( HttpProxyConnectJob::kH2QuicTunnelPriority), client_maker->ConnectRequestHeaders("mail.example.org:443"), 0, - &client_header_stream_offset)); + nullptr)); spdy::SpdyHeaderBlock headers = server_maker->GetResponseHeaders("407 Proxy Authentication Required"); headers["proxy-authenticate"] = "Basic realm=\"MyRealm1\""; headers["content-length"] = "10"; mock_quic_data.AddRead( - ASYNC, server_maker->MakeResponseHeadersPacketWithOffsetTracking( + ASYNC, server_maker->MakeResponseHeadersPacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), false, - false, std::move(headers), &server_header_stream_offset)); + false, std::move(headers), nullptr)); if (i == 0) { mock_quic_data.AddRead( ASYNC, server_maker->MakeDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, - false, server_data_offset, "0123456789")); + false, "0123456789")); } else { mock_quic_data.AddRead( SYNCHRONOUS, server_maker->MakeDataPacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), - false, false, server_data_offset, "0123456789")); + false, false, "0123456789")); } server_data_offset += 10; @@ -8421,19 +8154,19 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyAuth) { SYNCHRONOUS, client_maker->MakeRstPacket( 4, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, client_data_offset, + quic::QUIC_STREAM_CANCELLED, /*include_stop_sending_if_v99=*/true)); headers = client_maker->ConnectRequestHeaders("mail.example.org:443"); headers["proxy-authorization"] = "Basic Zm9vOmJheg=="; mock_quic_data.AddWrite( SYNCHRONOUS, - client_maker->MakeRequestHeadersPacketWithOffsetTracking( + client_maker->MakeRequestHeadersPacket( 5, GetNthClientInitiatedBidirectionalStreamId(1), false, false, ConvertRequestPriorityToQuicPriority( HttpProxyConnectJob::kH2QuicTunnelPriority), std::move(headers), GetNthClientInitiatedBidirectionalStreamId(0), - &client_header_stream_offset)); + nullptr)); // Response to wrong password headers = @@ -8441,9 +8174,9 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyAuth) { headers["proxy-authenticate"] = "Basic realm=\"MyRealm1\""; headers["content-length"] = "10"; mock_quic_data.AddRead( - ASYNC, server_maker->MakeResponseHeadersPacketWithOffsetTracking( + ASYNC, server_maker->MakeResponseHeadersPacket( 3, GetNthClientInitiatedBidirectionalStreamId(1), false, - false, std::move(headers), &server_header_stream_offset)); + false, std::move(headers), nullptr)); mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read @@ -8527,7 +8260,13 @@ TEST_P(QuicNetworkTransactionTest, QuicServerPushUpdatesPriority) { return; } - session_params_.origins_to_force_quic_on.insert( + if (quic::VersionUsesQpack(version_.transport_version)) { + // TODO(rch): both stream_dependencies and priority frames need to be + // supported in IETF QUIC. + return; + } + + session_params_.quic_params.origins_to_force_quic_on.insert( HostPortPair::FromString("mail.example.org:443")); const quic::QuicStreamId client_stream_0 = @@ -8541,79 +8280,68 @@ TEST_P(QuicNetworkTransactionTest, QuicServerPushUpdatesPriority) { const quic::QuicStreamId push_stream_1 = GetNthServerInitiatedUnidirectionalStreamId(1); - MockQuicData mock_quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - quic::QuicStreamOffset server_header_offset = 0; - mock_quic_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData mock_quic_data(version_); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); // Client sends "GET" requests for "/0.png", "/1.png", "/2.png". mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientRequestHeadersPacket( 2, client_stream_0, true, true, HIGHEST, - GetRequestHeaders("GET", "https", "/0.jpg"), 0, - &header_stream_offset)); - mock_quic_data.AddWrite(SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 3, client_stream_1, true, true, MEDIUM, - GetRequestHeaders("GET", "https", "/1.jpg"), - client_stream_0, &header_stream_offset)); - mock_quic_data.AddWrite(SYNCHRONOUS, - ConstructClientRequestHeadersPacket( - 4, client_stream_2, true, true, MEDIUM, - GetRequestHeaders("GET", "https", "/2.jpg"), - client_stream_1, &header_stream_offset)); + GetRequestHeaders("GET", "https", "/0.jpg"), 0)); + mock_quic_data.AddWrite( + SYNCHRONOUS, + ConstructClientRequestHeadersPacket( + 3, client_stream_1, true, true, MEDIUM, + GetRequestHeaders("GET", "https", "/1.jpg"), client_stream_0)); + mock_quic_data.AddWrite( + SYNCHRONOUS, + ConstructClientRequestHeadersPacket( + 4, client_stream_2, true, true, MEDIUM, + GetRequestHeaders("GET", "https", "/2.jpg"), client_stream_1)); // Server replies "OK" for the three requests. - mock_quic_data.AddRead( - ASYNC, ConstructServerResponseHeadersPacket( - 1, client_stream_0, false, false, GetResponseHeaders("200 OK"), - &server_header_offset)); - mock_quic_data.AddRead( - ASYNC, ConstructServerResponseHeadersPacket( - 2, client_stream_1, false, false, GetResponseHeaders("200 OK"), - &server_header_offset)); + mock_quic_data.AddRead(ASYNC, ConstructServerResponseHeadersPacket( + 1, client_stream_0, false, false, + GetResponseHeaders("200 OK"))); + mock_quic_data.AddRead(ASYNC, ConstructServerResponseHeadersPacket( + 2, client_stream_1, false, false, + GetResponseHeaders("200 OK"))); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(5, 2, 1, 1)); - mock_quic_data.AddRead( - ASYNC, ConstructServerResponseHeadersPacket( - 3, client_stream_2, false, false, GetResponseHeaders("200 OK"), - &server_header_offset)); + mock_quic_data.AddRead(ASYNC, ConstructServerResponseHeadersPacket( + 3, client_stream_2, false, false, + GetResponseHeaders("200 OK"))); // Server sends two push promises associated with |client_stream_0|; client // responds with a PRIORITY frame after each to notify server of HTTP/2 stream // dependency info for each push promise stream. - mock_quic_data.AddRead(ASYNC, - ConstructServerPushPromisePacket( - 4, client_stream_0, push_stream_0, false, - GetRequestHeaders("GET", "https", "/pushed_0.jpg"), - &server_header_offset, &server_maker_)); + mock_quic_data.AddRead( + ASYNC, + ConstructServerPushPromisePacket( + 4, client_stream_0, push_stream_0, false, + GetRequestHeaders("GET", "https", "/pushed_0.jpg"), &server_maker_)); mock_quic_data.AddWrite( SYNCHRONOUS, ConstructClientAckAndPriorityFramesPacket( 6, false, 4, 3, 1, {{push_stream_0, client_stream_2, - ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY)}}, - &header_stream_offset)); - mock_quic_data.AddRead(ASYNC, - ConstructServerPushPromisePacket( - 5, client_stream_0, push_stream_1, false, - GetRequestHeaders("GET", "https", "/pushed_1.jpg"), - &server_header_offset, &server_maker_)); - mock_quic_data.AddWrite( - SYNCHRONOUS, - ConstructClientPriorityPacket(7, false, push_stream_1, push_stream_0, - DEFAULT_PRIORITY, &header_stream_offset)); + ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY)}})); + mock_quic_data.AddRead( + ASYNC, + ConstructServerPushPromisePacket( + 5, client_stream_0, push_stream_1, false, + GetRequestHeaders("GET", "https", "/pushed_1.jpg"), &server_maker_)); + mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientPriorityPacket( + 7, false, push_stream_1, + push_stream_0, DEFAULT_PRIORITY)); // Server sends the response headers for the two push promises. mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( - 6, push_stream_0, false, false, GetResponseHeaders("200 OK"), - &server_header_offset)); + 6, push_stream_0, false, false, GetResponseHeaders("200 OK"))); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(8, 6, 5, 1)); mock_quic_data.AddRead( ASYNC, ConstructServerResponseHeadersPacket( - 7, push_stream_1, false, false, GetResponseHeaders("200 OK"), - &server_header_offset)); + 7, push_stream_1, false, false, GetResponseHeaders("200 OK"))); // Request for "pushed_0.jpg" matches |push_stream_0|. |push_stream_0|'s // priority updates to match the request's priority. Client sends PRIORITY @@ -8625,28 +8353,27 @@ TEST_P(QuicNetworkTransactionTest, QuicServerPushUpdatesPriority) { {{push_stream_1, client_stream_2, ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY)}, {push_stream_0, client_stream_0, - ConvertRequestPriorityToQuicPriority(HIGHEST)}}, - &header_stream_offset)); + ConvertRequestPriorityToQuicPriority(HIGHEST)}})); // Server sends data for the three requests and the two push promises. std::string header = ConstructDataHeader(8); mock_quic_data.AddRead( - ASYNC, ConstructServerDataPacket(8, client_stream_0, false, true, 0, + ASYNC, ConstructServerDataPacket(8, client_stream_0, false, true, header + "hello 0!")); mock_quic_data.AddRead( - SYNCHRONOUS, ConstructServerDataPacket(9, client_stream_1, false, true, 0, + SYNCHRONOUS, ConstructServerDataPacket(9, client_stream_1, false, true, header + "hello 1!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(10, 9, 8, 1)); mock_quic_data.AddRead( - ASYNC, ConstructServerDataPacket(10, client_stream_2, false, true, 0, + ASYNC, ConstructServerDataPacket(10, client_stream_2, false, true, header + "hello 2!")); std::string header2 = ConstructDataHeader(12); mock_quic_data.AddRead( - SYNCHRONOUS, ConstructServerDataPacket(11, push_stream_0, false, true, 0, + SYNCHRONOUS, ConstructServerDataPacket(11, push_stream_0, false, true, header2 + "and hello 0!")); mock_quic_data.AddWrite(SYNCHRONOUS, ConstructClientAckPacket(11, 11, 10, 1)); mock_quic_data.AddRead( - ASYNC, ConstructServerDataPacket(12, push_stream_1, false, true, 0, + ASYNC, ConstructServerDataPacket(12, push_stream_1, false, true, header2 + "and hello 1!")); mock_quic_data.AddRead(ASYNC, ERR_IO_PENDING); // No more data to read @@ -8706,5 +8433,383 @@ TEST_P(QuicNetworkTransactionTest, QuicServerPushUpdatesPriority) { EXPECT_TRUE(mock_quic_data.AllWriteDataConsumed()); } +// Test that NetworkIsolationKey is respected by QUIC connections, when +// kPartitionConnectionsByNetworkIsolationKey is enabled. +TEST_P(QuicNetworkTransactionTest, NetworkIsolation) { + const auto kOrigin1 = url::Origin::Create(GURL("http://origin1/")); + const auto kOrigin2 = url::Origin::Create(GURL("http://origin2/")); + NetworkIsolationKey network_isolation_key1(kOrigin1, kOrigin1); + NetworkIsolationKey network_isolation_key2(kOrigin2, kOrigin2); + + session_params_.quic_params.origins_to_force_quic_on.insert( + HostPortPair::FromString("mail.example.org:443")); + + // Whether to use an H2 proxy. When false, uses HTTPS H2 requests without a + // proxy, when true, uses HTTP requests over an H2 proxy. It's unnecessary to + // test tunneled HTTPS over an H2 proxy, since that path sets up H2 sessions + // the same way as the HTTP over H2 proxy case. + for (bool use_proxy : {false, true}) { + SCOPED_TRACE(use_proxy); + + if (use_proxy) { + proxy_resolution_service_ = + ProxyResolutionService::CreateFixedFromPacResult( + "QUIC mail.example.org:443", TRAFFIC_ANNOTATION_FOR_TESTS); + } else { + proxy_resolution_service_ = ProxyResolutionService::CreateDirect(); + } + + GURL url1; + GURL url2; + GURL url3; + if (use_proxy) { + url1 = GURL("http://mail.example.org/1"); + url2 = GURL("http://mail.example.org/2"); + url3 = GURL("http://mail.example.org/3"); + } else { + url1 = GURL("https://mail.example.org/1"); + url2 = GURL("https://mail.example.org/2"); + url3 = GURL("https://mail.example.org/3"); + } + + for (bool partition_connections : {false, true}) { + SCOPED_TRACE(partition_connections); + + base::test::ScopedFeatureList feature_list; + if (partition_connections) { + feature_list.InitAndEnableFeature( + features::kPartitionConnectionsByNetworkIsolationKey); + } else { + feature_list.InitAndDisableFeature( + features::kPartitionConnectionsByNetworkIsolationKey); + } + + // Reads and writes for the unpartitioned case, where only one socket is + // used. + + session_params_.quic_params.origins_to_force_quic_on.insert( + HostPortPair::FromString("mail.example.org:443")); + + MockQuicData unpartitioned_mock_quic_data(version_); + QuicTestPacketMaker client_maker1( + version_, + quic::QuicUtils::CreateRandomConnectionId(&random_generator_), + &clock_, kDefaultServerHostName, quic::Perspective::IS_CLIENT, + client_headers_include_h2_stream_dependency_); + QuicTestPacketMaker server_maker1( + version_, + quic::QuicUtils::CreateRandomConnectionId(&random_generator_), + &clock_, kDefaultServerHostName, quic::Perspective::IS_SERVER, false); + + unpartitioned_mock_quic_data.AddWrite( + SYNCHRONOUS, client_maker1.MakeInitialSettingsPacket(1)); + + unpartitioned_mock_quic_data.AddWrite( + SYNCHRONOUS, + client_maker1.MakeRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, + ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY), + GetRequestHeaders("GET", url1.scheme(), "/1"), 0, nullptr)); + unpartitioned_mock_quic_data.AddRead( + ASYNC, server_maker1.MakeResponseHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), false, + false, GetResponseHeaders("200 OK"), nullptr)); + unpartitioned_mock_quic_data.AddRead( + ASYNC, server_maker1.MakeDataPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), false, + true, ConstructDataHeader(1) + "1")); + unpartitioned_mock_quic_data.AddWrite( + SYNCHRONOUS, ConstructClientAckPacket(3, 2, 1, 1)); + + unpartitioned_mock_quic_data.AddWrite( + SYNCHRONOUS, + client_maker1.MakeRequestHeadersPacket( + 4, GetNthClientInitiatedBidirectionalStreamId(1), false, true, + ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY), + GetRequestHeaders("GET", url2.scheme(), "/2"), 0, nullptr)); + unpartitioned_mock_quic_data.AddRead( + ASYNC, server_maker1.MakeResponseHeadersPacket( + 3, GetNthClientInitiatedBidirectionalStreamId(1), false, + false, GetResponseHeaders("200 OK"), nullptr)); + unpartitioned_mock_quic_data.AddRead( + ASYNC, server_maker1.MakeDataPacket( + 4, GetNthClientInitiatedBidirectionalStreamId(1), false, + true, ConstructDataHeader(1) + "2")); + unpartitioned_mock_quic_data.AddWrite( + SYNCHRONOUS, ConstructClientAckAndConnectionClosePacket(5, 4, 3, 1)); + + unpartitioned_mock_quic_data.AddWrite( + SYNCHRONOUS, + client_maker1.MakeRequestHeadersPacket( + 6, GetNthClientInitiatedBidirectionalStreamId(2), false, true, + ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY), + GetRequestHeaders("GET", url3.scheme(), "/3"), 0, nullptr)); + unpartitioned_mock_quic_data.AddRead( + ASYNC, server_maker1.MakeResponseHeadersPacket( + 5, GetNthClientInitiatedBidirectionalStreamId(2), false, + false, GetResponseHeaders("200 OK"), nullptr)); + unpartitioned_mock_quic_data.AddRead( + ASYNC, server_maker1.MakeDataPacket( + 6, GetNthClientInitiatedBidirectionalStreamId(2), false, + true, ConstructDataHeader(1) + "3")); + unpartitioned_mock_quic_data.AddWrite( + SYNCHRONOUS, ConstructClientAckAndConnectionClosePacket(7, 6, 5, 1)); + + unpartitioned_mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); + + // Reads and writes for the partitioned case, where two sockets are used. + + MockQuicData partitioned_mock_quic_data1(version_); + QuicTestPacketMaker client_maker2( + version_, + quic::QuicUtils::CreateRandomConnectionId(&random_generator_), + &clock_, kDefaultServerHostName, quic::Perspective::IS_CLIENT, + client_headers_include_h2_stream_dependency_); + QuicTestPacketMaker server_maker2( + version_, + quic::QuicUtils::CreateRandomConnectionId(&random_generator_), + &clock_, kDefaultServerHostName, quic::Perspective::IS_SERVER, false); + + partitioned_mock_quic_data1.AddWrite( + SYNCHRONOUS, client_maker2.MakeInitialSettingsPacket(1)); + + partitioned_mock_quic_data1.AddWrite( + SYNCHRONOUS, + client_maker2.MakeRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, + ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY), + GetRequestHeaders("GET", url1.scheme(), "/1"), 0, nullptr)); + partitioned_mock_quic_data1.AddRead( + ASYNC, server_maker2.MakeResponseHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), false, + false, GetResponseHeaders("200 OK"), nullptr)); + partitioned_mock_quic_data1.AddRead( + ASYNC, server_maker2.MakeDataPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), false, + true, ConstructDataHeader(1) + "1")); + partitioned_mock_quic_data1.AddWrite( + SYNCHRONOUS, client_maker2.MakeAckPacket(3, 2, 1, 1, true)); + + partitioned_mock_quic_data1.AddWrite( + SYNCHRONOUS, + client_maker2.MakeRequestHeadersPacket( + 4, GetNthClientInitiatedBidirectionalStreamId(1), false, true, + ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY), + GetRequestHeaders("GET", url3.scheme(), "/3"), 0, nullptr)); + partitioned_mock_quic_data1.AddRead( + ASYNC, server_maker2.MakeResponseHeadersPacket( + 3, GetNthClientInitiatedBidirectionalStreamId(1), false, + false, GetResponseHeaders("200 OK"), nullptr)); + partitioned_mock_quic_data1.AddRead( + ASYNC, server_maker2.MakeDataPacket( + 4, GetNthClientInitiatedBidirectionalStreamId(1), false, + true, ConstructDataHeader(1) + "3")); + partitioned_mock_quic_data1.AddWrite( + SYNCHRONOUS, client_maker2.MakeAckPacket(5, 4, 3, 1, true)); + + partitioned_mock_quic_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); + + MockQuicData partitioned_mock_quic_data2(version_); + QuicTestPacketMaker client_maker3( + version_, + quic::QuicUtils::CreateRandomConnectionId(&random_generator_), + &clock_, kDefaultServerHostName, quic::Perspective::IS_CLIENT, + client_headers_include_h2_stream_dependency_); + QuicTestPacketMaker server_maker3( + version_, + quic::QuicUtils::CreateRandomConnectionId(&random_generator_), + &clock_, kDefaultServerHostName, quic::Perspective::IS_SERVER, false); + + partitioned_mock_quic_data2.AddWrite( + SYNCHRONOUS, client_maker3.MakeInitialSettingsPacket(1)); + + partitioned_mock_quic_data2.AddWrite( + SYNCHRONOUS, + client_maker3.MakeRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true, + ConvertRequestPriorityToQuicPriority(DEFAULT_PRIORITY), + GetRequestHeaders("GET", url2.scheme(), "/2"), 0, nullptr)); + partitioned_mock_quic_data2.AddRead( + ASYNC, server_maker3.MakeResponseHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), false, + false, GetResponseHeaders("200 OK"), nullptr)); + partitioned_mock_quic_data2.AddRead( + ASYNC, server_maker3.MakeDataPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), false, + true, ConstructDataHeader(1) + "2")); + partitioned_mock_quic_data2.AddWrite( + SYNCHRONOUS, client_maker3.MakeAckPacket(3, 2, 1, 1, true)); + + partitioned_mock_quic_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); + + if (partition_connections) { + partitioned_mock_quic_data1.AddSocketDataToFactory(&socket_factory_); + partitioned_mock_quic_data2.AddSocketDataToFactory(&socket_factory_); + } else { + unpartitioned_mock_quic_data.AddSocketDataToFactory(&socket_factory_); + } + + CreateSession(); + + TestCompletionCallback callback; + HttpRequestInfo request1; + request1.method = "GET"; + request1.url = GURL(url1); + request1.traffic_annotation = + net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS); + request1.network_isolation_key = network_isolation_key1; + HttpNetworkTransaction trans1(LOWEST, session_.get()); + int rv = trans1.Start(&request1, callback.callback(), NetLogWithSource()); + EXPECT_THAT(callback.GetResult(rv), IsOk()); + std::string response_data1; + EXPECT_THAT(ReadTransaction(&trans1, &response_data1), IsOk()); + EXPECT_EQ("1", response_data1); + + HttpRequestInfo request2; + request2.method = "GET"; + request2.url = GURL(url2); + request2.traffic_annotation = + net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS); + request2.network_isolation_key = network_isolation_key2; + HttpNetworkTransaction trans2(LOWEST, session_.get()); + rv = trans2.Start(&request2, callback.callback(), NetLogWithSource()); + EXPECT_THAT(callback.GetResult(rv), IsOk()); + std::string response_data2; + EXPECT_THAT(ReadTransaction(&trans2, &response_data2), IsOk()); + EXPECT_EQ("2", response_data2); + + HttpRequestInfo request3; + request3.method = "GET"; + request3.url = GURL(url3); + request3.traffic_annotation = + net::MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS); + request3.network_isolation_key = network_isolation_key1; + HttpNetworkTransaction trans3(LOWEST, session_.get()); + rv = trans3.Start(&request3, callback.callback(), NetLogWithSource()); + EXPECT_THAT(callback.GetResult(rv), IsOk()); + std::string response_data3; + EXPECT_THAT(ReadTransaction(&trans3, &response_data3), IsOk()); + EXPECT_EQ("3", response_data3); + + if (partition_connections) { + EXPECT_TRUE(partitioned_mock_quic_data1.AllReadDataConsumed()); + EXPECT_TRUE(partitioned_mock_quic_data1.AllWriteDataConsumed()); + EXPECT_TRUE(partitioned_mock_quic_data2.AllReadDataConsumed()); + EXPECT_TRUE(partitioned_mock_quic_data2.AllWriteDataConsumed()); + } else { + EXPECT_TRUE(unpartitioned_mock_quic_data.AllReadDataConsumed()); + EXPECT_TRUE(unpartitioned_mock_quic_data.AllWriteDataConsumed()); + } + } + } +} + +// Test that two requests to the same origin over QUIC tunnels use different +// QUIC sessions if their NetworkIsolationKeys don't match, and +// kPartitionConnectionsByNetworkIsolationKey is enabled. +TEST_P(QuicNetworkTransactionTest, NetworkIsolationTunnel) { + base::test::ScopedFeatureList feature_list; + feature_list.InitAndEnableFeature( + features::kPartitionConnectionsByNetworkIsolationKey); + + session_params_.enable_quic = true; + session_params_.enable_quic_proxies_for_https_urls = true; + proxy_resolution_service_ = ProxyResolutionService::CreateFixedFromPacResult( + "QUIC proxy.example.org:70", TRAFFIC_ANNOTATION_FOR_TESTS); + + const char kGetRequest[] = + "GET / HTTP/1.1\r\n" + "Host: mail.example.org\r\n" + "Connection: keep-alive\r\n\r\n"; + const char kGetResponse[] = + "HTTP/1.1 200 OK\r\n" + "Content-Length: 10\r\n\r\n"; + + std::unique_ptr mock_quic_data[2] = { + std::make_unique(version_), + std::make_unique(version_)}; + + for (int index : {0, 1}) { + QuicTestPacketMaker client_maker( + version_, quic::QuicUtils::CreateRandomConnectionId(&random_generator_), + &clock_, kDefaultServerHostName, quic::Perspective::IS_CLIENT, + client_headers_include_h2_stream_dependency_); + QuicTestPacketMaker server_maker( + version_, quic::QuicUtils::CreateRandomConnectionId(&random_generator_), + &clock_, kDefaultServerHostName, quic::Perspective::IS_SERVER, false); + + mock_quic_data[index]->AddWrite(SYNCHRONOUS, + client_maker.MakeInitialSettingsPacket(1)); + + mock_quic_data[index]->AddWrite( + SYNCHRONOUS, + client_maker.MakeRequestHeadersPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, false, + ConvertRequestPriorityToQuicPriority( + HttpProxyConnectJob::kH2QuicTunnelPriority), + ConnectRequestHeaders("mail.example.org:443"), 0, nullptr)); + mock_quic_data[index]->AddRead( + ASYNC, server_maker.MakeResponseHeadersPacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), false, + false, GetResponseHeaders("200 OK"), nullptr)); + + std::string header = ConstructDataHeader(strlen(kGetRequest)); + if (version_.transport_version != quic::QUIC_VERSION_99) { + mock_quic_data[index]->AddWrite( + SYNCHRONOUS, + client_maker.MakeAckAndDataPacket( + 3, false, GetNthClientInitiatedBidirectionalStreamId(0), 1, 1, 1, + false, quic::QuicStringPiece(kGetRequest))); + } else { + mock_quic_data[index]->AddWrite( + SYNCHRONOUS, + client_maker.MakeAckAndMultipleDataFramesPacket( + 3, false, GetNthClientInitiatedBidirectionalStreamId(0), 1, 1, 1, + false, {header, std::string(kGetRequest)})); + } + + std::string header2 = ConstructDataHeader(strlen(kGetResponse)); + mock_quic_data[index]->AddRead( + ASYNC, server_maker.MakeDataPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), false, + false, header2 + std::string(kGetResponse))); + mock_quic_data[index]->AddRead( + SYNCHRONOUS, + server_maker.MakeDataPacket( + 3, GetNthClientInitiatedBidirectionalStreamId(0), false, false, + ConstructDataHeader(10) + std::string("0123456789"))); + mock_quic_data[index]->AddWrite( + SYNCHRONOUS, client_maker.MakeAckPacket(4, 3, 2, 1, true)); + mock_quic_data[index]->AddRead(SYNCHRONOUS, + ERR_IO_PENDING); // No more data to read + + mock_quic_data[index]->AddSocketDataToFactory(&socket_factory_); + } + + socket_factory_.AddSSLSocketDataProvider(&ssl_data_); + SSLSocketDataProvider ssl_data2(ASYNC, OK); + socket_factory_.AddSSLSocketDataProvider(&ssl_data2); + + CreateSession(); + + request_.url = GURL("https://mail.example.org/"); + AddQuicAlternateProtocolMapping(MockCryptoClientStream::CONFIRM_HANDSHAKE); + HttpNetworkTransaction trans(DEFAULT_PRIORITY, session_.get()); + RunTransaction(&trans); + CheckResponseData(&trans, "0123456789"); + + HttpRequestInfo request2; + const auto kOrigin1 = url::Origin::Create(GURL("http://origin1/")); + request_.network_isolation_key = NetworkIsolationKey(kOrigin1, kOrigin1); + HttpNetworkTransaction trans2(DEFAULT_PRIORITY, session_.get()); + RunTransaction(&trans2); + CheckResponseData(&trans2, "0123456789"); + + EXPECT_TRUE(mock_quic_data[0]->AllReadDataConsumed()); + EXPECT_TRUE(mock_quic_data[0]->AllWriteDataConsumed()); + EXPECT_TRUE(mock_quic_data[1]->AllReadDataConsumed()); + EXPECT_TRUE(mock_quic_data[1]->AllWriteDataConsumed()); +} + } // namespace test } // namespace net diff --git a/chromium/net/quic/quic_proxy_client_socket.cc b/chromium/net/quic/quic_proxy_client_socket.cc index 3e925c90bee..3cb2ba3eae4 100644 --- a/chromium/net/quic/quic_proxy_client_socket.cc +++ b/chromium/net/quic/quic_proxy_client_socket.cc @@ -12,6 +12,7 @@ #include "base/callback_helpers.h" #include "base/values.h" #include "net/http/http_auth_controller.h" +#include "net/http/http_log_util.h" #include "net/http/http_response_headers.h" #include "net/log/net_log_source.h" #include "net/log/net_log_source_type.h" @@ -36,17 +37,16 @@ QuicProxyClientSocket::QuicProxyClientSocket( endpoint_(endpoint), auth_(auth_controller), user_agent_(user_agent), - net_log_(net_log), - weak_factory_(this) { + net_log_(net_log) { DCHECK(stream_->IsOpen()); request_.method = "CONNECT"; request_.url = GURL("https://" + endpoint.ToString()); - net_log_.BeginEvent(NetLogEventType::SOCKET_ALIVE, - net_log_.source().ToEventParametersCallback()); - net_log_.AddEvent(NetLogEventType::HTTP2_PROXY_CLIENT_SESSION, - stream_->net_log().source().ToEventParametersCallback()); + net_log_.BeginEventReferencingSource(NetLogEventType::SOCKET_ALIVE, + net_log_.source()); + net_log_.AddEventReferencingSource( + NetLogEventType::HTTP2_PROXY_CLIENT_SESSION, stream_->net_log().source()); } QuicProxyClientSocket::~QuicProxyClientSocket() { @@ -351,10 +351,9 @@ int QuicProxyClientSocket::DoSendRequest() { BuildTunnelRequest(endpoint_, authorization_headers, user_agent_, &request_line, &request_.extra_headers); - net_log_.AddEvent( - NetLogEventType::HTTP_TRANSACTION_SEND_TUNNEL_HEADERS, - base::Bind(&HttpRequestHeaders::NetLogCallback, - base::Unretained(&request_.extra_headers), &request_line)); + NetLogRequestHeaders(net_log_, + NetLogEventType::HTTP_TRANSACTION_SEND_TUNNEL_HEADERS, + request_line, &request_.extra_headers); spdy::SpdyHeaderBlock headers; CreateSpdyHeadersFromHttpRequest(request_, request_.extra_headers, &headers); @@ -400,9 +399,9 @@ int QuicProxyClientSocket::DoReadReplyComplete(int result) { if (response_.headers->GetHttpVersion() < HttpVersion(1, 0)) return ERR_TUNNEL_CONNECTION_FAILED; - net_log_.AddEvent( - NetLogEventType::HTTP_TRANSACTION_READ_TUNNEL_RESPONSE_HEADERS, - base::Bind(&HttpResponseHeaders::NetLogCallback, response_.headers)); + NetLogResponseHeaders( + net_log_, NetLogEventType::HTTP_TRANSACTION_READ_TUNNEL_RESPONSE_HEADERS, + response_.headers.get()); switch (response_.headers->response_code()) { case 200: // OK diff --git a/chromium/net/quic/quic_proxy_client_socket.h b/chromium/net/quic/quic_proxy_client_socket.h index d72aed881e7..299526c8488 100644 --- a/chromium/net/quic/quic_proxy_client_socket.h +++ b/chromium/net/quic/quic_proxy_client_socket.h @@ -145,7 +145,7 @@ class NET_EXPORT_PRIVATE QuicProxyClientSocket : public ProxyClientSocket { const NetLogWithSource net_log_; // The default weak pointer factory. - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(QuicProxyClientSocket); }; diff --git a/chromium/net/quic/quic_proxy_client_socket_unittest.cc b/chromium/net/quic/quic_proxy_client_socket_unittest.cc index 9f3b4384dff..75b361d2845 100644 --- a/chromium/net/quic/quic_proxy_client_socket_unittest.cc +++ b/chromium/net/quic/quic_proxy_client_socket_unittest.cc @@ -22,6 +22,7 @@ #include "net/http/transport_security_state.h" #include "net/log/test_net_log.h" #include "net/log/test_net_log_util.h" +#include "net/quic/address_utils.h" #include "net/quic/crypto/proof_verifier_chromium.h" #include "net/quic/mock_crypto_client_stream_factory.h" #include "net/quic/mock_quic_data.h" @@ -41,7 +42,6 @@ #include "net/test/test_with_scoped_task_environment.h" #include "net/third_party/quiche/src/quic/core/crypto/null_encrypter.h" #include "net/third_party/quiche/src/quic/core/quic_utils.h" -#include "net/third_party/quiche/src/quic/core/tls_client_handshaker.h" #include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h" #include "net/third_party/quiche/src/quic/test_tools/mock_clock.h" #include "net/third_party/quiche/src/quic/test_tools/mock_random.h" @@ -127,8 +127,9 @@ class QuicProxyClientSocketTest quic::QuicUtils::GetHeadersStreamId(version_.transport_version) + quic::QuicUtils::StreamIdDelta(version_.transport_version)), client_headers_include_h2_stream_dependency_(std::get<1>(GetParam())), - crypto_config_(quic::test::crypto_test_utils::ProofVerifierForTesting(), - quic::TlsClientHandshaker::CreateSslCtx()), + mock_quic_data_(version_), + crypto_config_( + quic::test::crypto_test_utils::ProofVerifierForTesting()), connection_id_(quic::test::TestConnectionId(2)), client_maker_(version_, connection_id_, @@ -143,8 +144,6 @@ class QuicProxyClientSocketTest quic::Perspective::IS_SERVER, false), random_generator_(0), - header_stream_offset_(0), - response_offset_(0), user_agent_(kUserAgent), proxy_host_port_(kProxyHost, kProxyPort), endpoint_host_port_(kOriginHost, kOriginPort), @@ -153,6 +152,9 @@ class QuicProxyClientSocketTest IPAddress ip(192, 0, 2, 33); peer_addr_ = IPEndPoint(ip, 443); clock_.AdvanceTime(quic::QuicTime::Delta::FromMilliseconds(20)); + if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3) { + SetQuicFlag(FLAGS_quic_supports_tls_handshake, true); + } } void SetUp() override {} @@ -192,9 +194,8 @@ class QuicProxyClientSocketTest QuicChromiumPacketWriter* writer = new QuicChromiumPacketWriter( socket.get(), base::ThreadTaskRunnerHandle::Get().get()); quic::QuicConnection* connection = new quic::QuicConnection( - connection_id_, - quic::QuicSocketAddress(quic::QuicSocketAddressImpl(peer_addr_)), - helper_.get(), alarm_factory_.get(), writer, true /* owns_writer */, + connection_id_, net::ToQuicSocketAddress(peer_addr_), helper_.get(), + alarm_factory_.get(), writer, true /* owns_writer */, quic::Perspective::IS_CLIENT, quic::test::SupportedVersions(version_)); connection->set_visitor(&visitor_); quic::test::QuicConnectionPeer::SetSendAlgorithm(connection, @@ -219,14 +220,15 @@ class QuicProxyClientSocketTest base::WrapUnique(static_cast(nullptr)), QuicSessionKey("mail.example.org", 80, PRIVACY_MODE_DISABLED, SocketTag()), - /*require_confirmation=*/false, /*migrate_session_early_v2=*/false, + /*require_confirmation=*/false, + /*max_allowed_push_id=*/0, + /*migrate_session_early_v2=*/false, /*migrate_session_on_network_change_v2=*/false, /*default_network=*/NetworkChangeNotifier::kInvalidNetworkHandle, quic::QuicTime::Delta::FromMilliseconds( - kDefaultRetransmittableOnWireTimeoutMillisecs), - /*migrate_idle_session=*/true, - base::TimeDelta::FromSeconds(kDefaultIdleSessionMigrationPeriodSeconds), - base::TimeDelta::FromSeconds(kMaxTimeOnNonDefaultNetworkSecs), + kDefaultRetransmittableOnWireTimeout.InMilliseconds()), + /*migrate_idle_session=*/true, kDefaultIdleSessionMigrationPeriod, + kMaxTimeOnNonDefaultNetwork, kMaxMigrationsToNonDefaultNetworkOnWriteError, kMaxMigrationsToNonDefaultNetworkOnPathDegrading, kQuicYieldAfterPacketsRead, @@ -278,19 +280,7 @@ class QuicProxyClientSocketTest std::unique_ptr ConstructSettingsPacket( uint64_t packet_number) { - return client_maker_.MakeInitialSettingsPacket(packet_number, - &header_stream_offset_); - } - - std::unique_ptr ConstructAckAndRstPacket( - uint64_t packet_number, - quic::QuicRstStreamErrorCode error_code, - uint64_t largest_received, - uint64_t smallest_received, - uint64_t least_unacked) { - return client_maker_.MakeAckAndRstPacket( - packet_number, !kIncludeVersion, client_data_stream_id1_, error_code, - largest_received, smallest_received, least_unacked, kSendFeedback); + return client_maker_.MakeInitialSettingsPacket(packet_number); } std::unique_ptr ConstructAckAndRstOnlyPacket( @@ -298,12 +288,10 @@ class QuicProxyClientSocketTest quic::QuicRstStreamErrorCode error_code, uint64_t largest_received, uint64_t smallest_received, - uint64_t least_unacked, - size_t bytes_written) { + uint64_t least_unacked) { return client_maker_.MakeAckAndRstPacket( packet_number, !kIncludeVersion, client_data_stream_id1_, error_code, largest_received, smallest_received, least_unacked, kSendFeedback, - bytes_written, /*include_stop_sending=*/false); } @@ -312,22 +300,18 @@ class QuicProxyClientSocketTest quic::QuicRstStreamErrorCode error_code, uint64_t largest_received, uint64_t smallest_received, - uint64_t least_unacked, - size_t bytes_written) { + uint64_t least_unacked) { return client_maker_.MakeAckAndRstPacket( packet_number, !kIncludeVersion, client_data_stream_id1_, error_code, largest_received, smallest_received, least_unacked, kSendFeedback, - bytes_written, /*include_stop_sending_if_v99=*/true); } std::unique_ptr ConstructRstPacket( uint64_t packet_number, - quic::QuicRstStreamErrorCode error_code, - size_t bytes_written) { + quic::QuicRstStreamErrorCode error_code) { return client_maker_.MakeRstPacket(packet_number, !kIncludeVersion, client_data_stream_id1_, error_code, - bytes_written, /*include_stop_sending_if_v99=*/true); } @@ -339,7 +323,7 @@ class QuicProxyClientSocketTest return client_maker_.MakeRequestHeadersPacket( packet_number, client_data_stream_id1_, kIncludeVersion, !kFin, ConvertRequestPriorityToQuicPriority(request_priority), - std::move(block), 0, nullptr, &header_stream_offset_); + std::move(block), 0, nullptr); } std::unique_ptr ConstructConnectAuthRequestPacket( @@ -350,23 +334,21 @@ class QuicProxyClientSocketTest return client_maker_.MakeRequestHeadersPacket( packet_number, client_data_stream_id1_, kIncludeVersion, !kFin, ConvertRequestPriorityToQuicPriority(LOWEST), std::move(block), 0, - nullptr, &header_stream_offset_); + nullptr); } std::unique_ptr ConstructDataPacket( uint64_t packet_number, - quic::QuicStreamOffset offset, quic::QuicStringPiece data) { return client_maker_.MakeDataPacket(packet_number, client_data_stream_id1_, - !kIncludeVersion, !kFin, offset, data); + !kIncludeVersion, !kFin, data); } std::unique_ptr ConstructMultipleDataFramesPacket( uint64_t packet_number, - quic::QuicStreamOffset offset, const std::vector data_writes) { return client_maker_.MakeMultipleDataFramesPacket( - packet_number, client_data_stream_id1_, !kIncludeVersion, !kFin, offset, + packet_number, client_data_stream_id1_, !kIncludeVersion, !kFin, data_writes); } @@ -375,12 +357,10 @@ class QuicProxyClientSocketTest uint64_t largest_received, uint64_t smallest_received, uint64_t least_unacked, - quic::QuicStreamOffset offset, quic::QuicStringPiece data) { return client_maker_.MakeAckAndDataPacket( packet_number, !kIncludeVersion, client_data_stream_id1_, - largest_received, smallest_received, least_unacked, !kFin, offset, - data); + largest_received, smallest_received, least_unacked, !kFin, data); } std::unique_ptr @@ -389,12 +369,10 @@ class QuicProxyClientSocketTest uint64_t largest_received, uint64_t smallest_received, uint64_t least_unacked, - quic::QuicStreamOffset offset, const std::vector data_writes) { return client_maker_.MakeAckAndMultipleDataFramesPacket( packet_number, !kIncludeVersion, client_data_stream_id1_, - largest_received, smallest_received, least_unacked, !kFin, offset, - data_writes); + largest_received, smallest_received, least_unacked, !kFin, data_writes); } std::unique_ptr ConstructAckPacket( @@ -411,28 +389,24 @@ class QuicProxyClientSocketTest std::unique_ptr ConstructServerRstPacket( uint64_t packet_number, - quic::QuicRstStreamErrorCode error_code, - size_t bytes_written) { + quic::QuicRstStreamErrorCode error_code) { return server_maker_.MakeRstPacket(packet_number, !kIncludeVersion, client_data_stream_id1_, error_code, - bytes_written, /*include_stop_sending_if_v99=*/true); } std::unique_ptr ConstructServerDataPacket( uint64_t packet_number, - quic::QuicStreamOffset offset, quic::QuicStringPiece data) { return server_maker_.MakeDataPacket(packet_number, client_data_stream_id1_, - !kIncludeVersion, !kFin, offset, data); + !kIncludeVersion, !kFin, data); } std::unique_ptr ConstructServerDataFinPacket( uint64_t packet_number, - quic::QuicStreamOffset offset, quic::QuicStringPiece data) { return server_maker_.MakeDataPacket(packet_number, client_data_stream_id1_, - !kIncludeVersion, kFin, offset, data); + !kIncludeVersion, kFin, data); } std::unique_ptr ConstructServerConnectReplyPacket( @@ -443,7 +417,7 @@ class QuicProxyClientSocketTest return server_maker_.MakeResponseHeadersPacket( packet_number, client_data_stream_id1_, !kIncludeVersion, fin, - std::move(block), nullptr, &response_offset_); + std::move(block), nullptr); } std::unique_ptr @@ -453,7 +427,7 @@ class QuicProxyClientSocketTest block["proxy-authenticate"] = "Basic realm=\"MyRealm1\""; return server_maker_.MakeResponseHeadersPacket( packet_number, client_data_stream_id1_, !kIncludeVersion, fin, - std::move(block), nullptr, &response_offset_); + std::move(block), nullptr); } std::unique_ptr @@ -464,7 +438,7 @@ class QuicProxyClientSocketTest block["set-cookie"] = "foo=bar"; return server_maker_.MakeResponseHeadersPacket( packet_number, client_data_stream_id1_, !kIncludeVersion, fin, - std::move(block), nullptr, &response_offset_); + std::move(block), nullptr); } std::unique_ptr @@ -474,7 +448,7 @@ class QuicProxyClientSocketTest return server_maker_.MakeResponseHeadersPacket( packet_number, client_data_stream_id1_, !kIncludeVersion, fin, - std::move(block), nullptr, &response_offset_); + std::move(block), nullptr); } void AssertConnectSucceeds() { @@ -562,6 +536,8 @@ class QuicProxyClientSocketTest return std::string(buffer.get(), header_length); } + BoundTestNetLog net_log_; + QuicFlagSaver saver_; const quic::ParsedQuicVersion version_; const quic::QuicStreamId client_data_stream_id1_; const bool client_headers_include_h2_stream_dependency_; @@ -574,8 +550,6 @@ class QuicProxyClientSocketTest std::unique_ptr session_handle_; std::unique_ptr sock_; - BoundTestNetLog net_log_; - quic::test::MockSendAlgorithm* send_algorithm_; scoped_refptr runner_; @@ -592,8 +566,6 @@ class QuicProxyClientSocketTest quic::test::MockRandom random_generator_; ProofVerifyDetailsChromium verify_details_; MockCryptoClientStreamFactory crypto_client_stream_factory_; - quic::QuicStreamOffset header_stream_offset_; - quic::QuicStreamOffset response_offset_; std::string user_agent_; HostPortPair proxy_host_port_; @@ -766,12 +738,12 @@ TEST_P(QuicProxyClientSocketTest, IsConnectedAndIdle) { mock_quic_data_.AddRead(ASYNC, ERR_IO_PENDING); // Pause std::string header = ConstructDataHeader(kLen1); - mock_quic_data_.AddRead(ASYNC, ConstructServerDataPacket( - 2, 0, header + std::string(kMsg1, kLen1))); + mock_quic_data_.AddRead( + ASYNC, ConstructServerDataPacket(2, header + std::string(kMsg1, kLen1))); mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckPacket(3, 2, 1, 1)); mock_quic_data_.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - mock_quic_data_.AddWrite( - SYNCHRONOUS, ConstructRstPacket(4, quic::QUIC_STREAM_CANCELLED, 0)); + mock_quic_data_.AddWrite(SYNCHRONOUS, + ConstructRstPacket(4, quic::QUIC_STREAM_CANCELLED)); Initialize(); @@ -800,11 +772,11 @@ TEST_P(QuicProxyClientSocketTest, GetTotalReceivedBytes) { std::string header = ConstructDataHeader(kLen333); mock_quic_data_.AddRead( ASYNC, - ConstructServerDataPacket(2, 0, header + std::string(kMsg333, kLen333))); + ConstructServerDataPacket(2, header + std::string(kMsg333, kLen333))); mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckPacket(3, 2, 1, 1)); mock_quic_data_.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - mock_quic_data_.AddWrite( - SYNCHRONOUS, ConstructRstPacket(4, quic::QUIC_STREAM_CANCELLED, 0)); + mock_quic_data_.AddWrite(SYNCHRONOUS, + ConstructRstPacket(4, quic::QUIC_STREAM_CANCELLED)); Initialize(); @@ -859,25 +831,21 @@ TEST_P(QuicProxyClientSocketTest, WriteSendsDataInDataFrame) { std::string header = ConstructDataHeader(kLen1); mock_quic_data_.AddWrite( SYNCHRONOUS, ConstructAckAndMultipleDataFramesPacket( - 3, 1, 1, 1, 0, {header, std::string(kMsg1, kLen1)})); + 3, 1, 1, 1, {header, std::string(kMsg1, kLen1)})); std::string header2 = ConstructDataHeader(kLen2); + mock_quic_data_.AddWrite(SYNCHRONOUS, + ConstructMultipleDataFramesPacket( + 4, {header2, std::string(kMsg2, kLen2)})); mock_quic_data_.AddWrite( - SYNCHRONOUS, - ConstructMultipleDataFramesPacket( - 4, kLen1 + header.length(), {header2, std::string(kMsg2, kLen2)})); - mock_quic_data_.AddWrite( - SYNCHRONOUS, - ConstructRstPacket(5, quic::QUIC_STREAM_CANCELLED, - kLen1 + kLen2 + header.length() + header2.length())); + SYNCHRONOUS, ConstructRstPacket(5, quic::QUIC_STREAM_CANCELLED)); } else { mock_quic_data_.AddWrite( SYNCHRONOUS, - ConstructAckAndDataPacket(3, 1, 1, 1, 0, std::string(kMsg1, kLen1))); - mock_quic_data_.AddWrite( - SYNCHRONOUS, ConstructDataPacket(4, kLen1, std::string(kMsg2, kLen2))); + ConstructAckAndDataPacket(3, 1, 1, 1, std::string(kMsg1, kLen1))); + mock_quic_data_.AddWrite(SYNCHRONOUS, + ConstructDataPacket(4, std::string(kMsg2, kLen2))); mock_quic_data_.AddWrite( - SYNCHRONOUS, - ConstructRstPacket(5, quic::QUIC_STREAM_CANCELLED, kLen1 + kLen2)); + SYNCHRONOUS, ConstructRstPacket(5, quic::QUIC_STREAM_CANCELLED)); } Initialize(); @@ -899,12 +867,12 @@ TEST_P(QuicProxyClientSocketTest, WriteSplitsLargeDataIntoMultiplePackets) { std::string header = ConstructDataHeader(kLen1); if (version_.transport_version != quic::QUIC_VERSION_99) { mock_quic_data_.AddWrite( - SYNCHRONOUS, ConstructAckAndDataPacket(write_packet_index++, 1, 1, 1, 0, + SYNCHRONOUS, ConstructAckAndDataPacket(write_packet_index++, 1, 1, 1, std::string(kMsg1, kLen1))); } else { mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckAndMultipleDataFramesPacket( - write_packet_index++, 1, 1, 1, 0, + write_packet_index++, 1, 1, 1, {header, std::string(kMsg1, kLen1)})); } @@ -914,7 +882,8 @@ TEST_P(QuicProxyClientSocketTest, WriteSplitsLargeDataIntoMultiplePackets) { std::string data(numDataPackets * quic::kDefaultMaxPacketSize, 'x'); quic::QuicStreamOffset offset = kLen1 + header.length(); - if (version_.transport_version == quic::QUIC_VERSION_99) { + if (version_.transport_version == quic::QUIC_VERSION_99 || + version_.handshake_protocol == quic::PROTOCOL_TLS1_3) { numDataPackets++; } size_t total_data_length = 0; @@ -928,20 +897,40 @@ TEST_P(QuicProxyClientSocketTest, WriteSplitsLargeDataIntoMultiplePackets) { std::string header2 = ConstructDataHeader(3973); mock_quic_data_.AddWrite( SYNCHRONOUS, ConstructMultipleDataFramesPacket( - write_packet_index++, offset, + write_packet_index++, {header2, std::string(data.c_str(), max_packet_data_length - 7)})); offset += max_packet_data_length - header2.length() - 1; + } else if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3 && i == 0) { + mock_quic_data_.AddWrite( + SYNCHRONOUS, + ConstructDataPacket( + write_packet_index++, + std::string(data.c_str(), max_packet_data_length - 4))); + offset += max_packet_data_length - 4; } else if (version_.transport_version == quic::QUIC_VERSION_99 && i == numDataPackets - 1) { mock_quic_data_.AddWrite( - SYNCHRONOUS, ConstructDataPacket(write_packet_index++, offset, + SYNCHRONOUS, ConstructDataPacket(write_packet_index++, std::string(data.c_str(), 7))); offset += 7; + } else if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3 && + i == numDataPackets - 1) { + mock_quic_data_.AddWrite( + SYNCHRONOUS, ConstructDataPacket(write_packet_index++, + std::string(data.c_str(), 12))); + offset += 12; + } else if (version_.handshake_protocol == quic::PROTOCOL_TLS1_3) { + mock_quic_data_.AddWrite( + SYNCHRONOUS, + ConstructDataPacket( + write_packet_index++, + std::string(data.c_str(), max_packet_data_length - 4))); + offset += max_packet_data_length - 4; } else { mock_quic_data_.AddWrite( SYNCHRONOUS, ConstructDataPacket( - write_packet_index++, offset, + write_packet_index++, std::string(data.c_str(), max_packet_data_length))); offset += max_packet_data_length; } @@ -951,8 +940,8 @@ TEST_P(QuicProxyClientSocketTest, WriteSplitsLargeDataIntoMultiplePackets) { } mock_quic_data_.AddWrite( - SYNCHRONOUS, ConstructRstPacket(write_packet_index++, - quic::QUIC_STREAM_CANCELLED, offset)); + SYNCHRONOUS, + ConstructRstPacket(write_packet_index++, quic::QUIC_STREAM_CANCELLED)); Initialize(); @@ -977,12 +966,12 @@ TEST_P(QuicProxyClientSocketTest, ReadReadsDataInDataFrame) { mock_quic_data_.AddRead(ASYNC, ERR_IO_PENDING); // Pause std::string header = ConstructDataHeader(kLen1); - mock_quic_data_.AddRead(ASYNC, ConstructServerDataPacket( - 2, 0, header + std::string(kMsg1, kLen1))); + mock_quic_data_.AddRead( + ASYNC, ConstructServerDataPacket(2, header + std::string(kMsg1, kLen1))); mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckPacket(3, 2, 1, 1)); mock_quic_data_.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - mock_quic_data_.AddWrite( - SYNCHRONOUS, ConstructRstPacket(4, quic::QUIC_STREAM_CANCELLED, 0)); + mock_quic_data_.AddWrite(SYNCHRONOUS, + ConstructRstPacket(4, quic::QUIC_STREAM_CANCELLED)); Initialize(); @@ -999,15 +988,14 @@ TEST_P(QuicProxyClientSocketTest, ReadDataFromBufferedFrames) { mock_quic_data_.AddRead(ASYNC, ERR_IO_PENDING); // Pause std::string header = ConstructDataHeader(kLen1); - mock_quic_data_.AddRead(ASYNC, ConstructServerDataPacket( - 2, 0, header + std::string(kMsg1, kLen1))); + mock_quic_data_.AddRead( + ASYNC, ConstructServerDataPacket(2, header + std::string(kMsg1, kLen1))); mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckPacket(3, 2, 1, 1)); mock_quic_data_.AddRead(ASYNC, ERR_IO_PENDING); // Pause std::string header2 = ConstructDataHeader(kLen2); mock_quic_data_.AddRead( - ASYNC, ConstructServerDataPacket(3, kLen1 + header.length(), - header2 + std::string(kMsg2, kLen2))); + ASYNC, ConstructServerDataPacket(3, header2 + std::string(kMsg2, kLen2))); mock_quic_data_.AddRead(SYNCHRONOUS, ERR_IO_PENDING); mock_quic_data_.AddWrite( @@ -1032,13 +1020,12 @@ TEST_P(QuicProxyClientSocketTest, ReadDataMultipleBufferedFrames) { mock_quic_data_.AddRead(ASYNC, ERR_IO_PENDING); // Pause std::string header = ConstructDataHeader(kLen1); - mock_quic_data_.AddRead(ASYNC, ConstructServerDataPacket( - 2, 0, header + std::string(kMsg1, kLen1))); + mock_quic_data_.AddRead( + ASYNC, ConstructServerDataPacket(2, header + std::string(kMsg1, kLen1))); mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckPacket(3, 2, 1, 1)); std::string header2 = ConstructDataHeader(kLen2); mock_quic_data_.AddRead( - ASYNC, ConstructServerDataPacket(3, kLen1 + header.length(), - header2 + std::string(kMsg2, kLen2))); + ASYNC, ConstructServerDataPacket(3, header2 + std::string(kMsg2, kLen2))); mock_quic_data_.AddRead(SYNCHRONOUS, ERR_IO_PENDING); mock_quic_data_.AddWrite( @@ -1063,13 +1050,12 @@ TEST_P(QuicProxyClientSocketTest, LargeReadWillMergeDataFromDifferentFrames) { mock_quic_data_.AddRead(ASYNC, ERR_IO_PENDING); // Pause std::string header = ConstructDataHeader(kLen3); - mock_quic_data_.AddRead(ASYNC, ConstructServerDataPacket( - 2, 0, header + std::string(kMsg3, kLen3))); + mock_quic_data_.AddRead( + ASYNC, ConstructServerDataPacket(2, header + std::string(kMsg3, kLen3))); mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckPacket(3, 2, 1, 1)); std::string header2 = ConstructDataHeader(kLen3); mock_quic_data_.AddRead( - ASYNC, ConstructServerDataPacket(3, kLen3 + header.length(), - header2 + std::string(kMsg3, kLen3))); + ASYNC, ConstructServerDataPacket(3, header2 + std::string(kMsg3, kLen3))); mock_quic_data_.AddRead(SYNCHRONOUS, ERR_IO_PENDING); mock_quic_data_.AddWrite( @@ -1097,26 +1083,22 @@ TEST_P(QuicProxyClientSocketTest, MultipleShortReadsThenMoreRead) { std::string header = ConstructDataHeader(kLen1); mock_quic_data_.AddRead( - ASYNC, - ConstructServerDataPacket(2, offset, header + std::string(kMsg1, kLen1))); + ASYNC, ConstructServerDataPacket(2, header + std::string(kMsg1, kLen1))); offset += kLen1 + header.length(); mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckPacket(3, 2, 1, 1)); std::string header2 = ConstructDataHeader(kLen3); mock_quic_data_.AddRead( - ASYNC, ConstructServerDataPacket(3, offset, - header2 + std::string(kMsg3, kLen3))); + ASYNC, ConstructServerDataPacket(3, header2 + std::string(kMsg3, kLen3))); offset += kLen3 + header2.length(); mock_quic_data_.AddRead( - ASYNC, ConstructServerDataPacket(4, offset, - header2 + std::string(kMsg3, kLen3))); + ASYNC, ConstructServerDataPacket(4, header2 + std::string(kMsg3, kLen3))); offset += kLen3 + header2.length(); mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckPacket(4, 4, 3, 1)); std::string header3 = ConstructDataHeader(kLen2); mock_quic_data_.AddRead( - ASYNC, ConstructServerDataPacket(5, offset, - header3 + std::string(kMsg2, kLen2))); + ASYNC, ConstructServerDataPacket(5, header3 + std::string(kMsg2, kLen2))); offset += kLen2 + header3.length(); mock_quic_data_.AddRead(SYNCHRONOUS, ERR_IO_PENDING); @@ -1145,13 +1127,12 @@ TEST_P(QuicProxyClientSocketTest, ReadWillSplitDataFromLargeFrame) { mock_quic_data_.AddRead(ASYNC, ERR_IO_PENDING); // Pause std::string header = ConstructDataHeader(kLen1); - mock_quic_data_.AddRead(ASYNC, ConstructServerDataPacket( - 2, 0, header + std::string(kMsg1, kLen1))); + mock_quic_data_.AddRead( + ASYNC, ConstructServerDataPacket(2, header + std::string(kMsg1, kLen1))); mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckPacket(3, 2, 1, 1)); std::string header2 = ConstructDataHeader(kLen33); - mock_quic_data_.AddRead( - ASYNC, ConstructServerDataPacket(3, kLen1 + header.length(), - header2 + std::string(kMsg33, kLen33))); + mock_quic_data_.AddRead(ASYNC, ConstructServerDataPacket( + 3, header2 + std::string(kMsg33, kLen33))); mock_quic_data_.AddRead(SYNCHRONOUS, ERR_IO_PENDING); mock_quic_data_.AddWrite( @@ -1181,12 +1162,12 @@ TEST_P(QuicProxyClientSocketTest, MultipleReadsFromSameLargeFrame) { std::string header = ConstructDataHeader(kLen333); mock_quic_data_.AddRead( ASYNC, - ConstructServerDataPacket(2, 0, header + std::string(kMsg333, kLen333))); + ConstructServerDataPacket(2, header + std::string(kMsg333, kLen333))); mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckPacket(3, 2, 1, 1)); mock_quic_data_.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - mock_quic_data_.AddWrite( - SYNCHRONOUS, ConstructRstPacket(4, quic::QUIC_STREAM_CANCELLED, 0)); + mock_quic_data_.AddWrite(SYNCHRONOUS, + ConstructRstPacket(4, quic::QUIC_STREAM_CANCELLED)); Initialize(); @@ -1215,13 +1196,12 @@ TEST_P(QuicProxyClientSocketTest, ReadAuthResponseBody) { mock_quic_data_.AddRead(ASYNC, ERR_IO_PENDING); // Pause std::string header = ConstructDataHeader(kLen1); - mock_quic_data_.AddRead(ASYNC, ConstructServerDataPacket( - 2, 0, header + std::string(kMsg1, kLen1))); + mock_quic_data_.AddRead( + ASYNC, ConstructServerDataPacket(2, header + std::string(kMsg1, kLen1))); mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckPacket(3, 2, 1, 1)); std::string header2 = ConstructDataHeader(kLen2); mock_quic_data_.AddRead( - ASYNC, ConstructServerDataPacket(3, kLen1 + header.length(), - header2 + std::string(kMsg2, kLen2))); + ASYNC, ConstructServerDataPacket(3, header2 + std::string(kMsg2, kLen2))); mock_quic_data_.AddRead(SYNCHRONOUS, ERR_IO_PENDING); mock_quic_data_.AddWrite( @@ -1247,13 +1227,12 @@ TEST_P(QuicProxyClientSocketTest, ReadErrorResponseBody) { std::string header = ConstructDataHeader(kLen1); mock_quic_data_.AddRead( SYNCHRONOUS, - ConstructServerDataPacket(2, 0, header + std::string(kMsg1, kLen1))); + ConstructServerDataPacket(2, header + std::string(kMsg1, kLen1))); mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckPacket(3, 2, 1, 1)); std::string header2 = ConstructDataHeader(kLen2); mock_quic_data_.AddRead( SYNCHRONOUS, - ConstructServerDataPacket(3, kLen1 + header.length(), - header2 + std::string(kMsg2, kLen2))); + ConstructServerDataPacket(3, header2 + std::string(kMsg2, kLen2))); mock_quic_data_.AddRead(SYNCHRONOUS, ERR_IO_PENDING); mock_quic_data_.AddWrite( @@ -1276,8 +1255,8 @@ TEST_P(QuicProxyClientSocketTest, AsyncReadAroundWrite) { mock_quic_data_.AddRead(ASYNC, ERR_IO_PENDING); // Pause std::string header = ConstructDataHeader(kLen1); - mock_quic_data_.AddRead(ASYNC, ConstructServerDataPacket( - 2, 0, header + std::string(kMsg1, kLen1))); + mock_quic_data_.AddRead( + ASYNC, ConstructServerDataPacket(2, header + std::string(kMsg1, kLen1))); mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckPacket(write_packet_index++, 2, 1, 1)); @@ -1286,25 +1265,24 @@ TEST_P(QuicProxyClientSocketTest, AsyncReadAroundWrite) { mock_quic_data_.AddWrite( SYNCHRONOUS, ConstructMultipleDataFramesPacket( - write_packet_index++, 0, {header2, std::string(kMsg2, kLen2)})); + write_packet_index++, {header2, std::string(kMsg2, kLen2)})); } else { mock_quic_data_.AddWrite( - SYNCHRONOUS, ConstructDataPacket(write_packet_index++, header2.length(), - std::string(kMsg2, kLen2))); + SYNCHRONOUS, + ConstructDataPacket(write_packet_index++, std::string(kMsg2, kLen2))); } mock_quic_data_.AddRead(ASYNC, ERR_IO_PENDING); // Pause std::string header3 = ConstructDataHeader(kLen3); mock_quic_data_.AddRead( - ASYNC, ConstructServerDataPacket(3, kLen1 + header.length(), - header3 + std::string(kMsg3, kLen3))); + ASYNC, ConstructServerDataPacket(3, header3 + std::string(kMsg3, kLen3))); mock_quic_data_.AddRead(SYNCHRONOUS, ERR_IO_PENDING); mock_quic_data_.AddWrite( - SYNCHRONOUS, ConstructAckAndRstPacket(write_packet_index++, - quic::QUIC_STREAM_CANCELLED, 3, 3, - 1, kLen2 + header2.length())); + SYNCHRONOUS, + ConstructAckAndRstPacket(write_packet_index++, + quic::QUIC_STREAM_CANCELLED, 3, 3, 1)); Initialize(); @@ -1333,38 +1311,36 @@ TEST_P(QuicProxyClientSocketTest, AsyncWriteAroundReads) { mock_quic_data_.AddRead(ASYNC, ERR_IO_PENDING); // Pause std::string header = ConstructDataHeader(kLen1); - mock_quic_data_.AddRead(ASYNC, ConstructServerDataPacket( - 2, 0, header + std::string(kMsg1, kLen1))); + mock_quic_data_.AddRead( + ASYNC, ConstructServerDataPacket(2, header + std::string(kMsg1, kLen1))); mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckPacket(3, 2, 1, 1)); mock_quic_data_.AddRead(ASYNC, ERR_IO_PENDING); // Pause std::string header2 = ConstructDataHeader(kLen3); mock_quic_data_.AddRead( - ASYNC, ConstructServerDataPacket(3, kLen1 + header.length(), - header2 + std::string(kMsg3, kLen3))); + ASYNC, ConstructServerDataPacket(3, header2 + std::string(kMsg3, kLen3))); mock_quic_data_.AddRead(SYNCHRONOUS, ERR_IO_PENDING); mock_quic_data_.AddWrite(ASYNC, ERR_IO_PENDING); // Pause std::string header3 = ConstructDataHeader(kLen2); if (version_.transport_version != quic::QUIC_VERSION_99) { + mock_quic_data_.AddWrite(ASYNC, + ConstructDataPacket(4, std::string(kMsg2, kLen2))); mock_quic_data_.AddWrite( - ASYNC, ConstructDataPacket(4, 0, std::string(kMsg2, kLen2))); - mock_quic_data_.AddWrite( - SYNCHRONOUS, ConstructAckAndDataPacket(5, 3, 3, 1, kLen2, - std::string(kMsg2, kLen2))); + SYNCHRONOUS, + ConstructAckAndDataPacket(5, 3, 3, 1, std::string(kMsg2, kLen2))); } else { mock_quic_data_.AddWrite(ASYNC, ConstructMultipleDataFramesPacket( - 4, 0, {header3, std::string(kMsg2, kLen2)})); + 4, {header3, std::string(kMsg2, kLen2)})); mock_quic_data_.AddWrite( - ASYNC, ConstructAckAndDataPacket(5, 3, 3, 1, header3.length() + kLen2, + ASYNC, ConstructAckAndDataPacket(5, 3, 3, 1, header3 + std::string(kMsg2, kLen2))); } - mock_quic_data_.AddWrite( - SYNCHRONOUS, ConstructRstPacket(6, quic::QUIC_STREAM_CANCELLED, - kLen2 + kLen2 + 2 * header3.length())); + mock_quic_data_.AddWrite(SYNCHRONOUS, + ConstructRstPacket(6, quic::QUIC_STREAM_CANCELLED)); Initialize(); @@ -1464,11 +1440,11 @@ TEST_P(QuicProxyClientSocketTest, ReadAfterFinReceivedReturnsBufferedData) { std::string header = ConstructDataHeader(kLen1); mock_quic_data_.AddRead(ASYNC, ConstructServerDataFinPacket( - 2, 0, header + std::string(kMsg1, kLen1))); + 2, header + std::string(kMsg1, kLen1))); mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckPacket(3, 2, 1, 1)); mock_quic_data_.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - mock_quic_data_.AddWrite( - SYNCHRONOUS, ConstructRstPacket(4, quic::QUIC_STREAM_CANCELLED, 0)); + mock_quic_data_.AddWrite(SYNCHRONOUS, + ConstructRstPacket(4, quic::QUIC_STREAM_CANCELLED)); Initialize(); @@ -1625,23 +1601,22 @@ TEST_P(QuicProxyClientSocketTest, RstWithReadAndWritePending) { mock_quic_data_.AddRead(ASYNC, ERR_IO_PENDING); // Pause mock_quic_data_.AddRead( - ASYNC, ConstructServerRstPacket(2, quic::QUIC_STREAM_CANCELLED, 0)); + ASYNC, ConstructServerRstPacket(2, quic::QUIC_STREAM_CANCELLED)); mock_quic_data_.AddRead(SYNCHRONOUS, ERR_IO_PENDING); std::string header = ConstructDataHeader(kLen2); if (version_.transport_version != quic::QUIC_VERSION_99) { + mock_quic_data_.AddWrite(ASYNC, ConstructAckAndDataPacket( + 3, 1, 1, 1, std::string(kMsg2, kLen2))); mock_quic_data_.AddWrite( - ASYNC, - ConstructAckAndDataPacket(3, 1, 1, 1, 0, std::string(kMsg2, kLen2))); - mock_quic_data_.AddWrite( - SYNCHRONOUS, ConstructAckAndRstPacket(4, quic::QUIC_RST_ACKNOWLEDGEMENT, - 2, 2, 1, kLen2)); + SYNCHRONOUS, + ConstructAckAndRstPacket(4, quic::QUIC_RST_ACKNOWLEDGEMENT, 2, 2, 1)); } else { mock_quic_data_.AddWrite( ASYNC, ConstructAckAndMultipleDataFramesPacket( - 3, 1, 1, 1, 0, {header, std::string(kMsg2, kLen2)})); - mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckAndRstOnlyPacket( - 4, quic::QUIC_STREAM_CANCELLED, 2, - 2, 1, header.length() + kLen2)); + 3, 1, 1, 1, {header, std::string(kMsg2, kLen2)})); + mock_quic_data_.AddWrite( + SYNCHRONOUS, + ConstructAckAndRstOnlyPacket(4, quic::QUIC_STREAM_CANCELLED, 2, 2, 1)); } Initialize(); @@ -1676,12 +1651,12 @@ TEST_P(QuicProxyClientSocketTest, NetLog) { mock_quic_data_.AddRead(ASYNC, ERR_IO_PENDING); // Pause std::string header = ConstructDataHeader(kLen1); - mock_quic_data_.AddRead(ASYNC, ConstructServerDataPacket( - 2, 0, header + std::string(kMsg1, kLen1))); + mock_quic_data_.AddRead( + ASYNC, ConstructServerDataPacket(2, header + std::string(kMsg1, kLen1))); mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckPacket(3, 2, 1, 1)); mock_quic_data_.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - mock_quic_data_.AddWrite( - SYNCHRONOUS, ConstructRstPacket(4, quic::QUIC_STREAM_CANCELLED, 0)); + mock_quic_data_.AddWrite(SYNCHRONOUS, + ConstructRstPacket(4, quic::QUIC_STREAM_CANCELLED)); Initialize(); @@ -1693,8 +1668,7 @@ TEST_P(QuicProxyClientSocketTest, NetLog) { NetLogSource sock_source = sock_->NetLog().source(); sock_.reset(); - TestNetLogEntry::List entry_list; - net_log_.GetEntriesForSource(sock_source, &entry_list); + auto entry_list = net_log_.GetEntriesForSource(sock_source); ASSERT_EQ(entry_list.size(), 10u); EXPECT_TRUE( @@ -1758,23 +1732,22 @@ TEST_P(QuicProxyClientSocketTest, RstWithReadAndWritePendingDelete) { mock_quic_data_.AddRead(ASYNC, ERR_IO_PENDING); // Pause mock_quic_data_.AddRead( - ASYNC, ConstructServerRstPacket(2, quic::QUIC_STREAM_CANCELLED, 0)); + ASYNC, ConstructServerRstPacket(2, quic::QUIC_STREAM_CANCELLED)); mock_quic_data_.AddRead(SYNCHRONOUS, ERR_IO_PENDING); if (version_.transport_version != quic::QUIC_VERSION_99) { + mock_quic_data_.AddWrite(ASYNC, ConstructAckAndDataPacket( + 3, 1, 1, 1, std::string(kMsg1, kLen1))); mock_quic_data_.AddWrite( - ASYNC, - ConstructAckAndDataPacket(3, 1, 1, 1, 0, std::string(kMsg1, kLen1))); - mock_quic_data_.AddWrite( - SYNCHRONOUS, ConstructAckAndRstPacket(4, quic::QUIC_RST_ACKNOWLEDGEMENT, - 2, 2, 1, kLen1)); + SYNCHRONOUS, + ConstructAckAndRstPacket(4, quic::QUIC_RST_ACKNOWLEDGEMENT, 2, 2, 1)); } else { std::string header = ConstructDataHeader(kLen1); mock_quic_data_.AddWrite( ASYNC, ConstructAckAndMultipleDataFramesPacket( - 3, 1, 1, 1, 0, {header, std::string(kMsg1, kLen1)})); - mock_quic_data_.AddWrite(SYNCHRONOUS, ConstructAckAndRstOnlyPacket( - 4, quic::QUIC_STREAM_CANCELLED, 2, - 2, 1, header.length() + kLen1)); + 3, 1, 1, 1, {header, std::string(kMsg1, kLen1)})); + mock_quic_data_.AddWrite( + SYNCHRONOUS, + ConstructAckAndRstOnlyPacket(4, quic::QUIC_STREAM_CANCELLED, 2, 2, 1)); } Initialize(); diff --git a/chromium/net/quic/quic_server_info.h b/chromium/net/quic/quic_server_info.h index 768243870d4..e3ae6726e15 100644 --- a/chromium/net/quic/quic_server_info.h +++ b/chromium/net/quic/quic_server_info.h @@ -60,7 +60,7 @@ class QUIC_EXPORT_PRIVATE QuicServerInfo { void Clear(); - // This class matches QuicClientCryptoConfig::CachedState. + // This class matches QuicCryptoClientConfig::CachedState. std::string server_config; // A serialized handshake message. std::string source_address_token; // An opaque proof of IP ownership. std::string cert_sct; // Signed timestamp of the leaf cert. diff --git a/chromium/net/quic/quic_session_key.cc b/chromium/net/quic/quic_session_key.cc index da9a601411f..d7907d6b10b 100644 --- a/chromium/net/quic/quic_session_key.cc +++ b/chromium/net/quic/quic_session_key.cc @@ -4,34 +4,50 @@ #include "net/quic/quic_session_key.h" +#include "base/feature_list.h" +#include "net/base/features.h" + namespace net { QuicSessionKey::QuicSessionKey(const HostPortPair& host_port_pair, PrivacyMode privacy_mode, - const SocketTag& socket_tag) + const SocketTag& socket_tag, + const NetworkIsolationKey& network_isolation_key) : QuicSessionKey(host_port_pair.host(), host_port_pair.port(), privacy_mode, - socket_tag) {} + socket_tag, + network_isolation_key) {} QuicSessionKey::QuicSessionKey(const std::string& host, uint16_t port, PrivacyMode privacy_mode, - const SocketTag& socket_tag) + const SocketTag& socket_tag, + const NetworkIsolationKey& network_isolation_key) : QuicSessionKey( quic::QuicServerId(host, port, privacy_mode == PRIVACY_MODE_ENABLED), - socket_tag) {} + socket_tag, + network_isolation_key) {} QuicSessionKey::QuicSessionKey(const quic::QuicServerId& server_id, - const SocketTag& socket_tag) - : server_id_(server_id), socket_tag_(socket_tag) {} + const SocketTag& socket_tag, + const NetworkIsolationKey& network_isolation_key) + : server_id_(server_id), + socket_tag_(socket_tag), + network_isolation_key_( + base::FeatureList::IsEnabled( + features::kPartitionConnectionsByNetworkIsolationKey) + ? network_isolation_key + : NetworkIsolationKey()) {} bool QuicSessionKey::operator<(const QuicSessionKey& other) const { - return std::tie(server_id_, socket_tag_) < - std::tie(other.server_id_, other.socket_tag_); + return std::tie(server_id_, socket_tag_, network_isolation_key_) < + std::tie(other.server_id_, other.socket_tag_, + other.network_isolation_key_); } bool QuicSessionKey::operator==(const QuicSessionKey& other) const { - return server_id_ == other.server_id_ && socket_tag_ == other.socket_tag_; + return server_id_ == other.server_id_ && socket_tag_ == other.socket_tag_ && + network_isolation_key_ == other.network_isolation_key_; } size_t QuicSessionKey::EstimateMemoryUsage() const { diff --git a/chromium/net/quic/quic_session_key.h b/chromium/net/quic/quic_session_key.h index 127726caa1e..506556453f7 100644 --- a/chromium/net/quic/quic_session_key.h +++ b/chromium/net/quic/quic_session_key.h @@ -6,6 +6,7 @@ #define NET_QUIC_QUIC_SESSION_KEY_H_ #include "net/base/host_port_pair.h" +#include "net/base/network_isolation_key.h" #include "net/base/privacy_mode.h" #include "net/socket/socket_tag.h" #include "net/third_party/quiche/src/quic/core/quic_server_id.h" @@ -16,16 +17,24 @@ namespace net { // tag. class QUIC_EXPORT_PRIVATE QuicSessionKey { public: + // TODO(mmenke): Remove default NetworkIsolationKey() values, which are only + // used in tests. QuicSessionKey() = default; - QuicSessionKey(const HostPortPair& host_port_pair, - PrivacyMode privacy_mode, - const SocketTag& socket_tag); - QuicSessionKey(const std::string& host, - uint16_t port, - PrivacyMode privacy_mode, - const SocketTag& socket_tag); - QuicSessionKey(const quic::QuicServerId& server_id, - const SocketTag& socket_tag); + QuicSessionKey( + const HostPortPair& host_port_pair, + PrivacyMode privacy_mode, + const SocketTag& socket_tag, + const NetworkIsolationKey& network_isolation_key = NetworkIsolationKey()); + QuicSessionKey( + const std::string& host, + uint16_t port, + PrivacyMode privacy_mode, + const SocketTag& socket_tag, + const NetworkIsolationKey& network_isolation_key = NetworkIsolationKey()); + QuicSessionKey( + const quic::QuicServerId& server_id, + const SocketTag& socket_tag, + const NetworkIsolationKey& network_isolation_key = NetworkIsolationKey()); ~QuicSessionKey() = default; // Needed to be an element of std::set. @@ -43,11 +52,17 @@ class QUIC_EXPORT_PRIVATE QuicSessionKey { SocketTag socket_tag() const { return socket_tag_; } + const NetworkIsolationKey& network_isolation_key() const { + return network_isolation_key_; + } + size_t EstimateMemoryUsage() const; private: quic::QuicServerId server_id_; SocketTag socket_tag_; + // Used to separate requests made in different contexts. + NetworkIsolationKey network_isolation_key_; }; } // namespace net diff --git a/chromium/net/quic/quic_stream_factory.cc b/chromium/net/quic/quic_stream_factory.cc index 7a73796abd8..ede94e16dff 100644 --- a/chromium/net/quic/quic_stream_factory.cc +++ b/chromium/net/quic/quic_stream_factory.cc @@ -57,7 +57,6 @@ #include "net/third_party/quiche/src/quic/core/http/quic_client_promised_info.h" #include "net/third_party/quiche/src/quic/core/quic_connection.h" #include "net/third_party/quiche/src/quic/core/quic_utils.h" -#include "net/third_party/quiche/src/quic/core/tls_client_handshaker.h" #include "net/third_party/quiche/src/quic/platform/api/quic_clock.h" #include "net/third_party/quiche/src/quic/platform/api/quic_flags.h" #include "third_party/boringssl/src/include/openssl/aead.h" @@ -92,6 +91,13 @@ enum InitialRttEstimateSource { INITIAL_RTT_SOURCE_MAX, }; +enum class EmptyStaleResultLocation { + kResolveHost = 0, + kMatchFreshResult = 1, + kNotEmpty = 2, + kMaxValue = kNotEmpty, +}; + // The maximum receive window sizes for QUIC sessions and streams. const int32_t kQuicSessionMaxRecvWindowSize = 15 * 1024 * 1024; // 15 MB const int32_t kQuicStreamMaxRecvWindowSize = 6 * 1024 * 1024; // 6 MB @@ -105,9 +111,8 @@ const int32_t kQuicSocketReceiveBufferSize = 1024 * 1024; // 1MB // Set the maximum number of undecryptable packets the connection will store. const int32_t kMaxUndecryptablePackets = 100; -base::Value NetLogQuicStreamFactoryJobCallback( - const quic::QuicServerId* server_id, - NetLogCaptureMode capture_mode) { +base::Value NetLogQuicStreamFactoryJobParams( + const quic::QuicServerId* server_id) { base::DictionaryValue dict; dict.SetString( "server_id", @@ -117,10 +122,6 @@ base::Value NetLogQuicStreamFactoryJobCallback( return std::move(dict); } -NetLogParametersCallback NetLogQuicConnectionMigrationTriggerCallback( - const char* trigger) { - return NetLog::StringCallback("trigger", trigger); -} // Helper class that is used to log a connection migration event. class ScopedConnectionMigrationEventLog { public: @@ -128,8 +129,9 @@ class ScopedConnectionMigrationEventLog { : net_log_(NetLogWithSource::Make( net_log, NetLogSourceType::QUIC_CONNECTION_MIGRATION)) { - net_log_.BeginEvent(NetLogEventType::QUIC_CONNECTION_MIGRATION_TRIGGERED, - NetLogQuicConnectionMigrationTriggerCallback(trigger)); + net_log_.BeginEventWithStringParams( + NetLogEventType::QUIC_CONNECTION_MIGRATION_TRIGGERED, "trigger", + trigger); } ~ScopedConnectionMigrationEventLog() { @@ -157,6 +159,15 @@ void LogConnectionIpPooling(bool pooled) { UMA_HISTOGRAM_BOOLEAN("Net.QuicSession.ConnectionIpPooled", pooled); } +void LogEmptyStaleResult(EmptyStaleResultLocation location) { + UMA_HISTOGRAM_ENUMERATION("Net.QuicSession.StaleHostResolveFailed", location); +} + +void LogSessionAvailabilityWhenValidatingHost(bool available) { + UMA_HISTOGRAM_BOOLEAN("Net.QuicSession.SessionAvailableWhenValidatingDNS", + available); +} + void SetInitialRttEstimate(base::TimeDelta estimate, enum InitialRttEstimateSource source, quic::QuicConfig* config) { @@ -169,30 +180,26 @@ void SetInitialRttEstimate(base::TimeDelta estimate, quic::QuicConfig InitializeQuicConfig( const quic::QuicTagVector& connection_options, const quic::QuicTagVector& client_connection_options, - int idle_connection_timeout_seconds, - int max_time_before_crypto_handshake_seconds, - int max_idle_time_before_crypto_handshake_seconds) { - DCHECK_GT(idle_connection_timeout_seconds, 0); + base::TimeDelta idle_connection_timeout, + base::TimeDelta max_time_before_crypto_handshake, + base::TimeDelta max_idle_time_before_crypto_handshake) { + DCHECK_GT(idle_connection_timeout, base::TimeDelta()); quic::QuicConfig config; - config.SetIdleNetworkTimeout( - quic::QuicTime::Delta::FromSeconds(idle_connection_timeout_seconds), - quic::QuicTime::Delta::FromSeconds(idle_connection_timeout_seconds)); + config.SetIdleNetworkTimeout(quic::QuicTime::Delta::FromMicroseconds( + idle_connection_timeout.InMicroseconds()), + quic::QuicTime::Delta::FromMicroseconds( + idle_connection_timeout.InMicroseconds())); config.set_max_time_before_crypto_handshake( - quic::QuicTime::Delta::FromSeconds( - max_time_before_crypto_handshake_seconds)); + quic::QuicTime::Delta::FromMicroseconds( + max_time_before_crypto_handshake.InMicroseconds())); config.set_max_idle_time_before_crypto_handshake( - quic::QuicTime::Delta::FromSeconds( - max_idle_time_before_crypto_handshake_seconds)); + quic::QuicTime::Delta::FromMicroseconds( + max_idle_time_before_crypto_handshake.InMicroseconds())); config.SetConnectionOptionsToSend(connection_options); config.SetClientConnectionOptions(client_connection_options); return config; } -bssl::UniquePtr QuicStreamFactoryCreateSslCtx() { - crypto::EnsureOpenSSLInit(); - return quic::TlsClientHandshaker::CreateSslCtx(); -} - // An implementation of quic::QuicCryptoClientConfig::ServerIdFilter that wraps // an |origin_filter|. class ServerIdOriginFilter @@ -219,6 +226,22 @@ class ServerIdOriginFilter } // namespace +QuicParams::QuicParams() + : max_packet_length(quic::kDefaultMaxPacketSize), + reduced_ping_timeout( + base::TimeDelta::FromSeconds(quic::kPingTimeoutSecs)), + max_time_before_crypto_handshake( + base::TimeDelta::FromSeconds(quic::kMaxTimeForCryptoHandshakeSecs)), + max_idle_time_before_crypto_handshake( + base::TimeDelta::FromSeconds(quic::kInitialIdleTimeoutSecs)) { + supported_versions.push_back(quic::ParsedQuicVersion( + quic::PROTOCOL_QUIC_CRYPTO, quic::QUIC_VERSION_46)); +} + +QuicParams::QuicParams(const QuicParams& other) = default; + +QuicParams::~QuicParams() = default; + // Responsible for verifying the certificates saved in // quic::QuicCryptoClientConfig, and for notifying any associated requests when // complete. Results from cert verification are ignored. @@ -257,8 +280,7 @@ class QuicStreamFactory::CertVerifierJob { std::make_unique(cert_verify_flags, net_log)), start_time_(base::TimeTicks::Now()), - net_log_(net_log), - weak_factory_(this) {} + net_log_(net_log) {} ~CertVerifierJob() { if (verify_callback_) @@ -309,7 +331,7 @@ class QuicStreamFactory::CertVerifierJob { const base::TimeTicks start_time_; const NetLogWithSource net_log_; CompletionOnceCallback callback_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(CertVerifierJob); }; @@ -319,7 +341,7 @@ class QuicStreamFactory::CertVerifierJob { class QuicStreamFactory::Job { public: Job(QuicStreamFactory* factory, - const quic::QuicTransportVersion& quic_version, + quic::ParsedQuicVersion quic_version, HostResolver* host_resolver, const QuicSessionAliasKey& key, bool was_alternative_service_recently_broken, @@ -343,6 +365,7 @@ class QuicStreamFactory::Job { void OnResolveHostComplete(int rv); void OnConnectComplete(int rv); + void OnSessionClosed(QuicChromiumClientSession* session); const QuicSessionAliasKey& key() const { return key_; } @@ -404,16 +427,31 @@ class QuicStreamFactory::Job { if (session_) { QuicChromiumClientSession* session = session_; session_ = nullptr; - session->CloseSessionOnErrorLater( - ERR_ABORTED, quic::QUIC_STALE_CONNECTION_CANCELLED, - quic::ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); + if (session) { + session->CloseSessionOnErrorLater( + ERR_ABORTED, quic::QUIC_STALE_CONNECTION_CANCELLED, + quic::ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET); + } } } bool DoesPeerAddressMatchWithFreshAddressList() { + LogSessionAvailabilityWhenValidatingHost(session_ != nullptr); + + if (!session_) + return false; + std::vector endpoints = fresh_resolve_host_request_->GetAddressResults().value().endpoints(); - IPEndPoint stale_address = ToIPEndPoint(session_->peer_address()); + + if (!resolve_host_request_->GetAddressResults()) { + LogEmptyStaleResult(EmptyStaleResultLocation::kMatchFreshResult); + return false; + } + + LogEmptyStaleResult(EmptyStaleResultLocation::kNotEmpty); + IPEndPoint stale_address = + resolve_host_request_->GetAddressResults().value().front(); if (std::find(endpoints.begin(), endpoints.end(), stale_address) != endpoints.end()) { @@ -450,7 +488,7 @@ class QuicStreamFactory::Job { IoState io_state_; QuicStreamFactory* factory_; - quic::QuicTransportVersion quic_version_; + quic::ParsedQuicVersion quic_version_; HostResolver* host_resolver_; const QuicSessionAliasKey key_; RequestPriority priority_; @@ -459,7 +497,6 @@ class QuicStreamFactory::Job { const bool retry_on_alternate_network_before_handshake_; const bool race_stale_dns_on_connection_; const NetLogWithSource net_log_; - int num_sent_client_hellos_; bool host_resolution_finished_; bool connection_retried_; QuicChromiumClientSession* session_; @@ -475,13 +512,13 @@ class QuicStreamFactory::Job { base::TimeTicks dns_resolution_start_time_; base::TimeTicks dns_resolution_end_time_; std::set stream_requests_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(Job); }; QuicStreamFactory::Job::Job(QuicStreamFactory* factory, - const quic::QuicTransportVersion& quic_version, + quic::ParsedQuicVersion quic_version, HostResolver* host_resolver, const QuicSessionAliasKey& key, bool was_alternative_service_recently_broken, @@ -505,22 +542,20 @@ QuicStreamFactory::Job::Job(QuicStreamFactory* factory, net_log_( NetLogWithSource::Make(net_log.net_log(), NetLogSourceType::QUIC_STREAM_FACTORY_JOB)), - num_sent_client_hellos_(0), host_resolution_finished_(false), connection_retried_(false), session_(nullptr), - network_(NetworkChangeNotifier::kInvalidNetworkHandle), - weak_factory_(this) { - net_log_.BeginEvent( - NetLogEventType::QUIC_STREAM_FACTORY_JOB, - base::Bind(&NetLogQuicStreamFactoryJobCallback, &key_.server_id())); + network_(NetworkChangeNotifier::kInvalidNetworkHandle) { + net_log_.BeginEvent(NetLogEventType::QUIC_STREAM_FACTORY_JOB, [&] { + return NetLogQuicStreamFactoryJobParams(&key_.server_id()); + }); // Associate |net_log_| with |net_log|. - net_log_.AddEvent( + net_log_.AddEventReferencingSource( NetLogEventType::QUIC_STREAM_FACTORY_JOB_BOUND_TO_HTTP_STREAM_JOB, - net_log.source().ToEventParametersCallback()); - net_log.AddEvent( + net_log.source()); + net_log.AddEventReferencingSource( NetLogEventType::HTTP_STREAM_JOB_BOUND_TO_QUIC_STREAM_FACTORY_JOB, - net_log_.source().ToEventParametersCallback()); + net_log_.source()); } QuicStreamFactory::Job::~Job() { @@ -572,6 +607,20 @@ int QuicStreamFactory::Job::DoLoop(int rv) { return rv; } +void QuicStreamFactory::Job::OnSessionClosed( + QuicChromiumClientSession* session) { + // When dns racing experiment is on, the job needs to know that the stale + // session is closed so that it will start the fresh session without matching + // dns results. + if (io_state_ == STATE_HOST_VALIDATION && session_ == session) { + DCHECK(race_stale_dns_on_connection_); + DCHECK(fresh_resolve_host_request_); + resolve_host_request_ = std::move(fresh_resolve_host_request_); + session_ = nullptr; + io_state_ = STATE_RESOLVE_HOST_COMPLETE; + } +} + void QuicStreamFactory::Job::OnResolveHostComplete(int rv) { DCHECK(!host_resolution_finished_); @@ -696,7 +745,15 @@ int QuicStreamFactory::Job::DoResolveHost() { // Fresh request returned immediate results. LogStaleHostRacing(false); resolve_host_request_ = std::move(fresh_resolve_host_request_); - return rv; + return fresh_rv; + } + + // Check to make sure stale host request does produce valid results. + if (!resolve_host_request_->GetAddressResults()) { + LogStaleHostRacing(false); + LogEmptyStaleResult(EmptyStaleResultLocation::kResolveHost); + resolve_host_request_ = std::move(fresh_resolve_host_request_); + return fresh_rv; } // No fresh host resolution is available at this time, but there is available @@ -733,11 +790,11 @@ int QuicStreamFactory::Job::DoConnect() { DCHECK(dns_resolution_end_time_ != base::TimeTicks()); io_state_ = STATE_CONNECT_COMPLETE; bool require_confirmation = was_alternative_service_recently_broken_; - net_log_.BeginEvent( - NetLogEventType::QUIC_STREAM_FACTORY_JOB_CONNECT, - NetLog::BoolCallback("require_confirmation", require_confirmation)); + net_log_.AddEntryWithBoolParams( + NetLogEventType::QUIC_STREAM_FACTORY_JOB_CONNECT, NetLogEventPhase::BEGIN, + "require_confirmation", require_confirmation); - DCHECK_NE(quic_version_, quic::QUIC_VERSION_UNSUPPORTED); + DCHECK_NE(quic_version_.transport_version, quic::QUIC_VERSION_UNSUPPORTED); int rv = factory_->CreateSession( key_, quic_version_, cert_verify_flags_, require_confirmation, resolve_host_request_->GetAddressResults().value(), @@ -811,17 +868,6 @@ int QuicStreamFactory::Job::DoConfirmConnection(int rv) { UMA_HISTOGRAM_TIMES("Net.QuicSession.TimeFromResolveHostToConfirmConnection", base::TimeTicks::Now() - dns_resolution_start_time_); net_log_.EndEvent(NetLogEventType::QUIC_STREAM_FACTORY_JOB_CONNECT); - if (session_ && - session_->error() == quic::QUIC_CRYPTO_HANDSHAKE_STATELESS_REJECT) { - num_sent_client_hellos_ += session_->GetNumSentClientHellos(); - if (num_sent_client_hellos_ >= - quic::QuicCryptoClientStream::kMaxClientHellos) - return ERR_QUIC_HANDSHAKE_FAILED; - // The handshake was rejected statelessly, so create another connection - // to resume the handshake. - io_state_ = STATE_CONNECT; - return OK; - } if (was_alternative_service_recently_broken_) UMA_HISTOGRAM_BOOLEAN("Net.QuicSession.ConnectAfterBroken", rv == OK); @@ -917,17 +963,18 @@ QuicStreamRequest::~QuicStreamRequest() { int QuicStreamRequest::Request( const HostPortPair& destination, - quic::QuicTransportVersion quic_version, + quic::ParsedQuicVersion quic_version, PrivacyMode privacy_mode, RequestPriority priority, const SocketTag& socket_tag, + const NetworkIsolationKey& network_isolation_key, int cert_verify_flags, const GURL& url, const NetLogWithSource& net_log, NetErrorDetails* net_error_details, CompletionOnceCallback failed_on_default_network_callback, CompletionOnceCallback callback) { - DCHECK_NE(quic_version, quic::QUIC_VERSION_UNSUPPORTED); + DCHECK_NE(quic_version.transport_version, quic::QUIC_VERSION_UNSUPPORTED); DCHECK(net_error_details); DCHECK(callback_.is_null()); DCHECK(host_resolution_callback_.is_null()); @@ -936,8 +983,8 @@ int QuicStreamRequest::Request( net_error_details_ = net_error_details; failed_on_default_network_callback_ = std::move(failed_on_default_network_callback); - session_key_ = - QuicSessionKey(HostPortPair::FromURL(url), privacy_mode, socket_tag); + session_key_ = QuicSessionKey(HostPortPair::FromURL(url), privacy_mode, + socket_tag, network_isolation_key); int rv = factory_->Create(session_key_, destination, quic_version, priority, cert_verify_flags, url, net_log, this); @@ -1022,35 +1069,7 @@ QuicStreamFactory::QuicStreamFactory( QuicCryptoClientStreamFactory* quic_crypto_client_stream_factory, quic::QuicRandom* random_generator, quic::QuicClock* clock, - size_t max_packet_length, - const std::string& user_agent_id, - bool store_server_configs_in_properties, - bool close_sessions_on_ip_change, - bool goaway_sessions_on_ip_change, - bool mark_quic_broken_when_network_blackholes, - int idle_connection_timeout_seconds, - int reduced_ping_timeout_seconds, - int retransmittable_on_wire_timeout_milliseconds, - int max_time_before_crypto_handshake_seconds, - int max_idle_time_before_crypto_handshake_seconds, - bool migrate_sessions_on_network_change_v2, - bool migrate_sessions_early_v2, - bool retry_on_alternate_network_before_handshake, - bool migrate_idle_sessions, - base::TimeDelta idle_session_migration_period, - base::TimeDelta max_time_on_non_default_network, - int max_migrations_to_non_default_network_on_write_error, - int max_migrations_to_non_default_network_on_path_degrading, - bool allow_server_migration, - bool race_stale_dns_on_connection, - bool go_away_on_path_degrading, - bool race_cert_verification, - bool estimate_initial_rtt, - bool headers_include_h2_stream_dependency, - const quic::QuicTagVector& connection_options, - const quic::QuicTagVector& client_connection_options, - bool enable_socket_recv_optimization, - int initial_rtt_for_handshake_milliseconds) + const QuicParams& params) : require_confirmation_(true), net_log_(net_log), host_resolver_(host_resolver), @@ -1062,70 +1081,47 @@ QuicStreamFactory::QuicStreamFactory( quic_crypto_client_stream_factory_(quic_crypto_client_stream_factory), random_generator_(random_generator), clock_(clock), - max_packet_length_(max_packet_length), + params_(params), clock_skew_detector_(base::TimeTicks::Now(), base::Time::Now()), socket_performance_watcher_factory_(socket_performance_watcher_factory), config_( - InitializeQuicConfig(connection_options, - client_connection_options, - idle_connection_timeout_seconds, - max_time_before_crypto_handshake_seconds, - max_idle_time_before_crypto_handshake_seconds)), + InitializeQuicConfig(params.connection_options, + params.client_connection_options, + params.idle_connection_timeout, + params.max_time_before_crypto_handshake, + params.max_idle_time_before_crypto_handshake)), crypto_config_( std::make_unique(cert_verifier, ct_policy_enforcer, transport_security_state, - cert_transparency_verifier), - QuicStreamFactoryCreateSslCtx()), - mark_quic_broken_when_network_blackholes_( - mark_quic_broken_when_network_blackholes), - store_server_configs_in_properties_(store_server_configs_in_properties), + cert_transparency_verifier)), ping_timeout_(quic::QuicTime::Delta::FromSeconds(quic::kPingTimeoutSecs)), - reduced_ping_timeout_( - quic::QuicTime::Delta::FromSeconds(reduced_ping_timeout_seconds)), - retransmittable_on_wire_timeout_(quic::QuicTime::Delta::FromMilliseconds( - retransmittable_on_wire_timeout_milliseconds)), + reduced_ping_timeout_(quic::QuicTime::Delta::FromMicroseconds( + params.reduced_ping_timeout.InMicroseconds())), + retransmittable_on_wire_timeout_(quic::QuicTime::Delta::FromMicroseconds( + params.retransmittable_on_wire_timeout.InMicroseconds())), yield_after_packets_(kQuicYieldAfterPacketsRead), yield_after_duration_(quic::QuicTime::Delta::FromMilliseconds( kQuicYieldAfterDurationMilliseconds)), - close_sessions_on_ip_change_(close_sessions_on_ip_change), - goaway_sessions_on_ip_change_(goaway_sessions_on_ip_change), migrate_sessions_on_network_change_v2_( - migrate_sessions_on_network_change_v2 && + params.migrate_sessions_on_network_change_v2 && NetworkChangeNotifier::AreNetworkHandlesSupported()), - migrate_sessions_early_v2_(migrate_sessions_early_v2 && + migrate_sessions_early_v2_(params.migrate_sessions_early_v2 && migrate_sessions_on_network_change_v2_), retry_on_alternate_network_before_handshake_( - retry_on_alternate_network_before_handshake && + params.retry_on_alternate_network_before_handshake && migrate_sessions_on_network_change_v2_), default_network_(NetworkChangeNotifier::kInvalidNetworkHandle), - migrate_idle_sessions_(migrate_idle_sessions && + migrate_idle_sessions_(params.migrate_idle_sessions && migrate_sessions_on_network_change_v2_), - idle_session_migration_period_(idle_session_migration_period), - max_time_on_non_default_network_(max_time_on_non_default_network), - max_migrations_to_non_default_network_on_write_error_( - max_migrations_to_non_default_network_on_write_error), - max_migrations_to_non_default_network_on_path_degrading_( - max_migrations_to_non_default_network_on_path_degrading), - allow_server_migration_(allow_server_migration), - race_stale_dns_on_connection_(race_stale_dns_on_connection), - go_away_on_path_degrading_(go_away_on_path_degrading), - race_cert_verification_(race_cert_verification), - estimate_initial_rtt(estimate_initial_rtt), - headers_include_h2_stream_dependency_( - headers_include_h2_stream_dependency), need_to_check_persisted_supports_quic_(true), num_push_streams_created_(0), tick_clock_(nullptr), task_runner_(nullptr), - ssl_config_service_(ssl_config_service), - enable_socket_recv_optimization_(enable_socket_recv_optimization), - initial_rtt_for_handshake_milliseconds_( - initial_rtt_for_handshake_milliseconds), - weak_factory_(this) { + ssl_config_service_(ssl_config_service) { DCHECK(transport_security_state_); DCHECK(http_server_properties_); - crypto_config_.set_user_agent_id(user_agent_id); + crypto_config_.set_user_agent_id(params.user_agent_id); crypto_config_.AddCanonicalSuffix(".c.youtube.com"); crypto_config_.AddCanonicalSuffix(".ggpht.com"); crypto_config_.AddCanonicalSuffix(".googlevideo.com"); @@ -1134,23 +1130,25 @@ QuicStreamFactory::QuicStreamFactory( !crypto_config_.aead.empty() && (crypto_config_.aead[0] == quic::kAESG); UMA_HISTOGRAM_BOOLEAN("Net.QuicSession.PreferAesGcm", prefer_aes_gcm); - if (migrate_sessions_early_v2 || retry_on_alternate_network_before_handshake) - DCHECK(migrate_sessions_on_network_change_v2); + if (params.migrate_sessions_early_v2 || + params.retry_on_alternate_network_before_handshake) + DCHECK(params.migrate_sessions_on_network_change_v2); - if (retransmittable_on_wire_timeout_milliseconds == 0 && - migrate_sessions_early_v2) { - retransmittable_on_wire_timeout_ = quic::QuicTime::Delta::FromMilliseconds( - kDefaultRetransmittableOnWireTimeoutMillisecs); + if (params.retransmittable_on_wire_timeout.is_zero() && + params.migrate_sessions_early_v2) { + retransmittable_on_wire_timeout_ = quic::QuicTime::Delta::FromMicroseconds( + kDefaultRetransmittableOnWireTimeout.InMicroseconds()); } // goaway_sessions_on_ip_change and close_sessions_on_ip_change should never // be simultaneously set to true. - DCHECK(!(close_sessions_on_ip_change_ && goaway_sessions_on_ip_change_)); + DCHECK(!(params_.close_sessions_on_ip_change && + params_.goaway_sessions_on_ip_change)); // Connection migration should not be set if explicitly handle ip address // change. - bool handle_ip_change = - close_sessions_on_ip_change_ || goaway_sessions_on_ip_change_; + bool handle_ip_change = params_.close_sessions_on_ip_change || + params_.goaway_sessions_on_ip_change; DCHECK(!(handle_ip_change && migrate_sessions_on_network_change_v2_)); if (handle_ip_change) @@ -1171,7 +1169,8 @@ QuicStreamFactory::~QuicStreamFactory() { active_jobs_.clear(); while (!active_cert_verifier_jobs_.empty()) active_cert_verifier_jobs_.erase(active_cert_verifier_jobs_.begin()); - if (close_sessions_on_ip_change_ || goaway_sessions_on_ip_change_) { + if (params_.close_sessions_on_ip_change || + params_.goaway_sessions_on_ip_change) { NetworkChangeNotifier::RemoveIPAddressObserver(this); } if (NetworkChangeNotifier::AreNetworkHandlesSupported()) { @@ -1244,14 +1243,15 @@ bool QuicStreamFactory::CanUseExistingSession(const QuicSessionKey& session_key, if (active_sessions_.empty()) return false; - if (base::ContainsKey(active_sessions_, session_key)) + if (base::Contains(active_sessions_, session_key)) return true; for (const auto& key_value : active_sessions_) { QuicChromiumClientSession* session = key_value.second; if (destination.Equals(all_sessions_[session].destination()) && session->CanPool(session_key.host(), session_key.privacy_mode(), - session_key.socket_tag())) { + session_key.socket_tag(), + session_key.network_isolation_key())) { return true; } } @@ -1268,7 +1268,7 @@ void QuicStreamFactory::MarkAllActiveSessionsGoingAway() { int QuicStreamFactory::Create(const QuicSessionKey& session_key, const HostPortPair& destination, - quic::QuicTransportVersion quic_version, + quic::ParsedQuicVersion quic_version, RequestPriority priority, int cert_verify_flags, const GURL& url, @@ -1315,12 +1315,12 @@ int QuicStreamFactory::Create(const QuicSessionKey& session_key, auto it = active_jobs_.find(session_key); if (it != active_jobs_.end()) { const NetLogWithSource& job_net_log = it->second->net_log(); - job_net_log.AddEvent( + job_net_log.AddEventReferencingSource( NetLogEventType::QUIC_STREAM_FACTORY_JOB_BOUND_TO_HTTP_STREAM_JOB, - net_log.source().ToEventParametersCallback()); - net_log.AddEvent( + net_log.source()); + net_log.AddEventReferencingSource( NetLogEventType::HTTP_STREAM_JOB_BOUND_TO_QUIC_STREAM_FACTORY_JOB, - job_net_log.source().ToEventParametersCallback()); + job_net_log.source()); it->second->AddRequest(request); return ERR_IO_PENDING; } @@ -1334,7 +1334,8 @@ int QuicStreamFactory::Create(const QuicSessionKey& session_key, session_key.server_id().privacy_mode_enabled() ? PRIVACY_MODE_ENABLED : PRIVACY_MODE_DISABLED, - session_key.socket_tag())) { + session_key.socket_tag(), + session_key.network_isolation_key())) { request->SetSession(session->CreateHandle(destination)); return OK; } @@ -1353,11 +1354,12 @@ int QuicStreamFactory::Create(const QuicSessionKey& session_key, StartCertVerifyJob(session_key.server_id(), cert_verify_flags, net_log)); QuicSessionAliasKey key(destination, session_key); - std::unique_ptr job = std::make_unique( - this, quic_version, host_resolver_, key, - WasQuicRecentlyBroken(session_key.server_id()), - retry_on_alternate_network_before_handshake_, - race_stale_dns_on_connection_, priority, cert_verify_flags, net_log); + std::unique_ptr job = + std::make_unique(this, quic_version, host_resolver_, key, + WasQuicRecentlyBroken(session_key.server_id()), + retry_on_alternate_network_before_handshake_, + params_.race_stale_dns_on_connection, priority, + cert_verify_flags, net_log); int rv = job->Run( base::BindRepeating(&QuicStreamFactory::OnJobComplete, base::Unretained(this), job.get())); @@ -1408,17 +1410,16 @@ bool QuicStreamFactory::HasMatchingIpSession(const QuicSessionAliasKey& key, const quic::QuicServerId& server_id(key.server_id()); DCHECK(!HasActiveSession(key.session_key())); for (const IPEndPoint& address : address_list) { - if (!base::ContainsKey(ip_aliases_, address)) + if (!base::Contains(ip_aliases_, address)) continue; const SessionSet& sessions = ip_aliases_[address]; for (QuicChromiumClientSession* session : sessions) { - if (!session->CanPool(server_id.host(), - server_id.privacy_mode_enabled() - ? PRIVACY_MODE_ENABLED - : PRIVACY_MODE_DISABLED, - key.session_key().socket_tag())) + if (!session->CanPool(server_id.host(), key.session_key().privacy_mode(), + key.session_key().socket_tag(), + key.session_key().network_isolation_key())) { continue; + } active_sessions_[key.session_key()] = session; session_aliases_[session].insert(key); return true; @@ -1474,7 +1475,7 @@ void QuicStreamFactory::OnSessionGoingAway(QuicChromiumClientSession* session) { } ProcessGoingAwaySession(session, all_sessions_[session].server_id(), false); if (!aliases.empty()) { - DCHECK(base::ContainsKey(session_peer_ip_, session)); + DCHECK(base::Contains(session_peer_ip_, session)); const IPEndPoint peer_address = session_peer_ip_[session]; ip_aliases_[peer_address].erase(session); if (ip_aliases_[peer_address].empty()) @@ -1487,6 +1488,12 @@ void QuicStreamFactory::OnSessionGoingAway(QuicChromiumClientSession* session) { void QuicStreamFactory::OnSessionClosed(QuicChromiumClientSession* session) { DCHECK_EQ(0u, session->GetNumActiveStreams()); OnSessionGoingAway(session); + + for (const auto& iter : active_jobs_) { + if (iter.first == session->quic_session_key()) { + iter.second->OnSessionClosed(session); + } + } delete session; all_sessions_.erase(session); } @@ -1497,7 +1504,7 @@ void QuicStreamFactory::OnBlackholeAfterHandshakeConfirmed( if (ping_timeout_ > reduced_ping_timeout_) ping_timeout_ = reduced_ping_timeout_; - if (mark_quic_broken_when_network_blackholes_) { + if (params_.mark_quic_broken_when_network_blackholes) { http_server_properties_->MarkAlternativeServiceBroken(AlternativeService( kProtoQUIC, HostPortPair(session->server_id().host(), session->server_id().port()))); @@ -1573,10 +1580,10 @@ void QuicStreamFactory::OnIPAddressChanged() { return; set_require_confirmation(true); - if (close_sessions_on_ip_change_) { + if (params_.close_sessions_on_ip_change) { CloseAllSessions(ERR_NETWORK_CHANGED, quic::QUIC_IP_ADDRESS_CHANGED); } else { - DCHECK(goaway_sessions_on_ip_change_); + DCHECK(params_.goaway_sessions_on_ip_change); MarkAllActiveSessionsGoingAway(); } } @@ -1665,7 +1672,7 @@ std::unique_ptr QuicStreamFactory::CreateSocket( const NetLogSource& source) { auto socket = client_socket_factory_->CreateDatagramClientSocket( DatagramSocket::DEFAULT_BIND, net_log, source); - if (enable_socket_recv_optimization_) + if (params_.enable_socket_recv_optimization) socket->EnableRecvOptimization(); return socket; } @@ -1688,16 +1695,16 @@ bool QuicStreamFactory::HasActiveSession( // TODO(rtenneti): crbug.com/498823 - delete active_sessions_.empty() check. if (active_sessions_.empty()) return false; - return base::ContainsKey(active_sessions_, session_key); + return base::Contains(active_sessions_, session_key); } bool QuicStreamFactory::HasActiveJob(const QuicSessionKey& session_key) const { - return base::ContainsKey(active_jobs_, session_key); + return base::Contains(active_jobs_, session_key); } bool QuicStreamFactory::HasActiveCertVerifierJob( const quic::QuicServerId& server_id) const { - return base::ContainsKey(active_cert_verifier_jobs_, server_id); + return base::Contains(active_cert_verifier_jobs_, server_id); } int QuicStreamFactory::ConfigureSocket(DatagramClientSocket* socket, @@ -1765,7 +1772,7 @@ int QuicStreamFactory::ConfigureSocket(DatagramClientSocket* socket, int QuicStreamFactory::CreateSession( const QuicSessionAliasKey& key, - const quic::QuicTransportVersion& quic_version, + quic::ParsedQuicVersion quic_version, int cert_verify_flags, bool require_confirmation, const AddressList& address_list, @@ -1812,7 +1819,7 @@ int QuicStreamFactory::CreateSession( quic::QuicConnectionId connection_id = quic::QuicUtils::CreateRandomConnectionId(random_generator_); std::unique_ptr server_info; - if (store_server_configs_in_properties_) { + if (params_.max_server_configs_stored_in_properties > 0) { server_info = std::make_unique( server_id, http_server_properties_); } @@ -1821,13 +1828,11 @@ int QuicStreamFactory::CreateSession( QuicChromiumPacketWriter* writer = new QuicChromiumPacketWriter(socket.get(), task_runner_); quic::QuicConnection* connection = new quic::QuicConnection( - connection_id, quic::QuicSocketAddress(quic::QuicSocketAddressImpl(addr)), - helper_.get(), alarm_factory_.get(), writer, true /* owns_writer */, - quic::Perspective::IS_CLIENT, - quic::ParsedQuicVersionVector{ - quic::ParsedQuicVersion(quic::PROTOCOL_QUIC_CRYPTO, quic_version)}); + connection_id, ToQuicSocketAddress(addr), helper_.get(), + alarm_factory_.get(), writer, true /* owns_writer */, + quic::Perspective::IS_CLIENT, {quic_version}); connection->set_ping_timeout(ping_timeout_); - connection->SetMaxPacketLength(max_packet_length_); + connection->SetMaxPacketLength(params_.max_packet_length); quic::QuicConfig config = config_; config.set_max_undecryptable_packets(kMaxUndecryptablePackets); @@ -1836,7 +1841,7 @@ int QuicStreamFactory::CreateSession( config.SetInitialStreamFlowControlWindowToSend(kQuicStreamMaxRecvWindowSize); config.SetBytesForConnectionIdToSend(0); ConfigureInitialRttEstimate(server_id, &config); - if (quic_version < quic::QUIC_VERSION_44 && + if (quic_version.transport_version <= quic::QUIC_VERSION_43 && !config.HasClientSentConnectionOption(quic::kNSTP, quic::Perspective::IS_CLIENT)) { // Enable the no stop waiting frames connection option by default. @@ -1863,14 +1868,16 @@ int QuicStreamFactory::CreateSession( connection, std::move(socket), this, quic_crypto_client_stream_factory_, clock_, transport_security_state_, ssl_config_service_, std::move(server_info), key.session_key(), require_confirmation, - migrate_sessions_early_v2_, migrate_sessions_on_network_change_v2_, - default_network_, retransmittable_on_wire_timeout_, - migrate_idle_sessions_, idle_session_migration_period_, - max_time_on_non_default_network_, - max_migrations_to_non_default_network_on_write_error_, - max_migrations_to_non_default_network_on_path_degrading_, - yield_after_packets_, yield_after_duration_, go_away_on_path_degrading_, - headers_include_h2_stream_dependency_, cert_verify_flags, config, + params_.max_allowed_push_id, migrate_sessions_early_v2_, + migrate_sessions_on_network_change_v2_, default_network_, + retransmittable_on_wire_timeout_, migrate_idle_sessions_, + params_.idle_session_migration_period, + params_.max_time_on_non_default_network, + params_.max_migrations_to_non_default_network_on_write_error, + params_.max_migrations_to_non_default_network_on_path_degrading, + yield_after_packets_, yield_after_duration_, + params_.go_away_on_path_degrading, + params_.headers_include_h2_stream_dependency, cert_verify_flags, config, &crypto_config_, network_connection_.connection_description(), dns_resolution_start_time, dns_resolution_end_time, &push_promise_index_, push_delegate_, tick_clock_, task_runner_, @@ -1880,7 +1887,7 @@ int QuicStreamFactory::CreateSession( writer->set_delegate(*session); (*session)->Initialize(); - bool closed_during_initialize = !base::ContainsKey(all_sessions_, *session) || + bool closed_during_initialize = !base::Contains(all_sessions_, *session) || !(*session)->connection()->connected(); UMA_HISTOGRAM_BOOLEAN("Net.QuicSession.ClosedDuringInitializeSession", closed_during_initialize); @@ -1905,9 +1912,9 @@ void QuicStreamFactory::ActivateSession(const QuicSessionAliasKey& key, session_aliases_[session].insert(key); const IPEndPoint peer_address = ToIPEndPoint(session->connection()->peer_address()); - DCHECK(!base::ContainsKey(ip_aliases_[peer_address], session)); + DCHECK(!base::Contains(ip_aliases_[peer_address], session)); ip_aliases_[peer_address].insert(session); - DCHECK(!base::ContainsKey(session_peer_ip_, session)); + DCHECK(!base::Contains(session_peer_ip_, session)); session_peer_ip_[session] = peer_address; } @@ -1934,10 +1941,11 @@ void QuicStreamFactory::ConfigureInitialRttEstimate( return; } - if (initial_rtt_for_handshake_milliseconds_ > 0) { - SetInitialRttEstimate(base::TimeDelta::FromMilliseconds( - initial_rtt_for_handshake_milliseconds_), - INITIAL_RTT_DEFAULT, config); + if (params_.initial_rtt_for_handshake > base::TimeDelta()) { + SetInitialRttEstimate( + base::TimeDelta::FromMicroseconds( + params_.initial_rtt_for_handshake.InMicroseconds()), + INITIAL_RTT_DEFAULT, config); return; } @@ -1979,7 +1987,7 @@ quic::QuicAsyncStatus QuicStreamFactory::StartCertVerifyJob( const quic::QuicServerId& server_id, int cert_verify_flags, const NetLogWithSource& net_log) { - if (!race_cert_verification_) + if (!params_.race_cert_verification) return quic::QUIC_FAILURE; quic::QuicCryptoClientConfig::CachedState* cached = crypto_config_.LookupOrCreate(server_id); @@ -2007,11 +2015,13 @@ void QuicStreamFactory::InitializeCachedStateInCryptoConfig( if (cached->has_server_designated_connection_id()) *connection_id = cached->GetNextServerDesignatedConnectionId(); - if (!cached->IsEmpty()) + if (!cached->IsEmpty()) { return; + } - if (!server_info || !server_info->Load()) + if (!server_info || !server_info->Load()) { return; + } cached->Initialize(server_info->state().server_config, server_info->state().source_address_token, diff --git a/chromium/net/quic/quic_stream_factory.h b/chromium/net/quic/quic_stream_factory.h index bae47ec979e..4b543b1bfc2 100644 --- a/chromium/net/quic/quic_stream_factory.h +++ b/chromium/net/quic/quic_stream_factory.h @@ -65,6 +65,7 @@ class CTVerifier; class HostResolver; class HttpServerProperties; class NetLog; +class NetworkIsolationKey; class QuicChromiumConnectionHelper; class QuicCryptoClientStreamFactory; class QuicServerInfo; @@ -78,20 +79,24 @@ class QuicStreamFactoryPeer; } // namespace test // When a connection is idle for 30 seconds it will be closed. -const int kIdleConnectionTimeoutSeconds = 30; +constexpr base::TimeDelta kIdleConnectionTimeout = + base::TimeDelta::FromSeconds(30); // Sessions can migrate if they have been idle for less than this period. -const int kDefaultIdleSessionMigrationPeriodSeconds = 30; +constexpr base::TimeDelta kDefaultIdleSessionMigrationPeriod = + base::TimeDelta::FromSeconds(30); // The default maximum time allowed to have no retransmittable packets on the // wire (after sending the first retransmittable packet) if // |migrate_session_early_v2_| is true. PING frames will be sent as needed to // enforce this. -const int64_t kDefaultRetransmittableOnWireTimeoutMillisecs = 100; +constexpr base::TimeDelta kDefaultRetransmittableOnWireTimeout = + base::TimeDelta::FromMilliseconds(100); // The default maximum time QUIC session could be on non-default network before // migrate back to default network. -const int64_t kMaxTimeOnNonDefaultNetworkSecs = 128; +constexpr base::TimeDelta kMaxTimeOnNonDefaultNetwork = + base::TimeDelta::FromSeconds(128); // The default maximum number of migrations to non default network on write // error per network. @@ -101,6 +106,118 @@ const int64_t kMaxMigrationsToNonDefaultNetworkOnWriteError = 5; // degrading per network. const int64_t kMaxMigrationsToNonDefaultNetworkOnPathDegrading = 5; +// Structure containing simple configuration options and experiments for QUIC. +struct NET_EXPORT QuicParams { + QuicParams(); + QuicParams(const QuicParams& other); + ~QuicParams(); + + // QUIC runtime configuration options. + + // Versions of QUIC which may be used. + quic::ParsedQuicVersionVector supported_versions; + // User agent description to send in the QUIC handshake. + std::string user_agent_id; + // Limit on the size of QUIC packets. + size_t max_packet_length; + // Maximum number of server configs that are to be stored in + // HttpServerProperties, instead of the disk cache. + size_t max_server_configs_stored_in_properties = 0u; + // QUIC will be used for all connections in this set. + std::set origins_to_force_quic_on; + // Set of QUIC tags to send in the handshake's connection options. + quic::QuicTagVector connection_options; + // Set of QUIC tags to send in the handshake's connection options that only + // affect the client. + quic::QuicTagVector client_connection_options; + // Enables experimental optimization for receiving data in UDPSocket. + bool enable_socket_recv_optimization = false; + // Initial value of QuicSpdyClientSessionBase::max_allowed_push_id_. + quic::QuicStreamId max_allowed_push_id = 0; + + // Active QUIC experiments + + // Marks a QUIC server broken when a connection blackholes after the + // handshake is confirmed. + bool mark_quic_broken_when_network_blackholes = false; + // Retry requests which fail with QUIC_PROTOCOL_ERROR, and mark QUIC + // broken if the retry succeeds. + bool retry_without_alt_svc_on_quic_errors = true; + // If true, alt-svc headers advertising QUIC in IETF format will be + // supported. + bool support_ietf_format_quic_altsvc = false; + // If true, all QUIC sessions are closed when any local IP address changes. + bool close_sessions_on_ip_change = false; + // If true, all QUIC sessions are marked as goaway when any local IP address + // changes. + bool goaway_sessions_on_ip_change = false; + // Specifies QUIC idle connection state lifetime. + base::TimeDelta idle_connection_timeout = kIdleConnectionTimeout; + // Specifies the reduced ping timeout subsequent connections should use when + // a connection was timed out with open streams. + base::TimeDelta reduced_ping_timeout; + // Maximum time that a session can have no retransmittable packets on the + // wire. Set to zero if not specified and no retransmittable PING will be + // sent to peer when the wire has no retransmittable packets. + base::TimeDelta retransmittable_on_wire_timeout; + // Maximum time the session can be alive before crypto handshake is + // finished. + base::TimeDelta max_time_before_crypto_handshake; + // Maximum idle time before the crypto handshake has completed. + base::TimeDelta max_idle_time_before_crypto_handshake; + // If true, connection migration v2 will be used to migrate existing + // sessions to network when the platform indicates that the default network + // is changing. + bool migrate_sessions_on_network_change_v2 = false; + // If true, connection migration v2 may be used to migrate active QUIC + // sessions to alternative network if current network connectivity is poor. + bool migrate_sessions_early_v2 = false; + // If true, a new connection may be kicked off on an alternate network when + // a connection fails on the default network before handshake is confirmed. + bool retry_on_alternate_network_before_handshake = false; + // If true, an idle session will be migrated within the idle migration + // period. + bool migrate_idle_sessions = false; + // A session can be migrated if its idle time is within this period. + base::TimeDelta idle_session_migration_period = + kDefaultIdleSessionMigrationPeriod; + // Maximum time the session could be on the non-default network before + // migrates back to default network. Defaults to + // kMaxTimeOnNonDefaultNetwork. + base::TimeDelta max_time_on_non_default_network = kMaxTimeOnNonDefaultNetwork; + // Maximum number of migrations to the non-default network on write error + // per network for each session. + int max_migrations_to_non_default_network_on_write_error = + kMaxMigrationsToNonDefaultNetworkOnWriteError; + // Maximum number of migrations to the non-default network on path + // degrading per network for each session. + int max_migrations_to_non_default_network_on_path_degrading = + kMaxMigrationsToNonDefaultNetworkOnPathDegrading; + // If true, allows migration of QUIC connections to a server-specified + // alternate server address. + bool allow_server_migration = false; + // If true, allows QUIC to use alternative services with a different + // hostname from the origin. + bool allow_remote_alt_svc = true; + // If true, the quic stream factory may race connection from stale dns + // result with the original dns resolution + bool race_stale_dns_on_connection = false; + // If true, the quic session may mark itself as GOAWAY on path degrading. + bool go_away_on_path_degrading = false; + // If true, bidirectional streams over QUIC will be disabled. + bool disable_bidirectional_streams = false; + // If true, race cert verification with host resolution. + bool race_cert_verification = false; + // If true, estimate the initial RTT for QUIC connections based on network. + bool estimate_initial_rtt = false; + // If true, client headers will include HTTP/2 stream dependency info + // derived from the request priority. + bool headers_include_h2_stream_dependency = false; + // The initial rtt that will be used in crypto handshake if no cached + // smoothed rtt is present. + base::TimeDelta initial_rtt_for_handshake; +}; + enum QuicPlatformNotification { NETWORK_CONNECTED, NETWORK_MADE_DEFAULT, @@ -124,10 +241,11 @@ class NET_EXPORT_PRIVATE QuicStreamRequest { // quic::QuicConnection. This can be different than // HostPortPair::FromURL(url). int Request(const HostPortPair& destination, - quic::QuicTransportVersion quic_version, + quic::ParsedQuicVersion quic_version, PrivacyMode privacy_mode, RequestPriority priority, const SocketTag& socket_tag, + const NetworkIsolationKey& network_isolation_key, int cert_verify_flags, const GURL& url, const NetLogWithSource& net_log, @@ -248,35 +366,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory QuicCryptoClientStreamFactory* quic_crypto_client_stream_factory, quic::QuicRandom* random_generator, quic::QuicClock* clock, - size_t max_packet_length, - const std::string& user_agent_id, - bool store_server_configs_in_properties, - bool close_sessions_on_ip_change, - bool goway_sessions_on_ip_change, - bool mark_quic_broken_when_network_blackholes, - int idle_connection_timeout_seconds, - int reduced_ping_timeout_seconds, - int retransmittable_on_wire_timeout_milliseconds_, - int max_time_before_crypto_handshake_seconds, - int max_idle_time_before_crypto_handshake_seconds, - bool migrate_sessions_on_network_change_v2, - bool migrate_sessions_early_v2, - bool retry_on_alternate_network_before_handshake, - bool migrate_idle_sessions, - base::TimeDelta idle_session_migration_period, - base::TimeDelta max_time_on_non_default_network, - int max_migrations_to_non_default_network_on_write_error, - int max_migrations_to_non_default_network_on_path_degrading, - bool allow_server_migration, - bool race_stale_dns_on_connection, - bool go_away_on_path_degrading, - bool race_cert_verification, - bool estimate_initial_rtt, - bool headers_include_h2_stream_dependency, - const quic::QuicTagVector& connection_options, - const quic::QuicTagVector& client_connection_options, - bool enable_socket_recv_optimization, - int initial_rtt_for_handshake_milliseconds); + const QuicParams& params); ~QuicStreamFactory() override; // Returns true if there is an existing session for |session_key| or if the @@ -292,7 +382,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory // OnRequestComplete asynchronously. int Create(const QuicSessionKey& session_key, const HostPortPair& destination, - quic::QuicTransportVersion quic_version, + quic::ParsedQuicVersion quic_version, RequestPriority priority, int cert_verify_flags, const GURL& url, @@ -370,7 +460,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory bool require_confirmation() const { return require_confirmation_; } - bool allow_server_migration() const { return allow_server_migration_; } + bool allow_server_migration() const { return params_.allow_server_migration; } void set_require_confirmation(bool require_confirmation); @@ -387,7 +477,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory } bool mark_quic_broken_when_network_blackholes() const { - return mark_quic_broken_when_network_blackholes_; + return params_.mark_quic_broken_when_network_blackholes; } NetworkChangeNotifier::NetworkHandle default_network() const { @@ -424,7 +514,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory bool HasActiveJob(const QuicSessionKey& session_key) const; bool HasActiveCertVerifierJob(const quic::QuicServerId& server_id) const; int CreateSession(const QuicSessionAliasKey& key, - const quic::QuicTransportVersion& quic_version, + quic::ParsedQuicVersion quic_version, int cert_verify_flags, bool require_confirmation, const AddressList& address_list, @@ -458,8 +548,8 @@ class NET_EXPORT_PRIVATE QuicStreamFactory bool CryptoConfigCacheIsEmpty(const quic::QuicServerId& server_id); // Starts an asynchronous job for cert verification if - // |race_cert_verification_| is enabled and if there are cached certs for the - // given |server_id|. + // |params_.race_cert_verification| is enabled and if there are cached certs + // for the given |server_id|. quic::QuicAsyncStatus StartCertVerifyJob(const quic::QuicServerId& server_id, int cert_verify_flags, const NetLogWithSource& net_log); @@ -488,7 +578,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory QuicCryptoClientStreamFactory* quic_crypto_client_stream_factory_; quic::QuicRandom* random_generator_; // Unowned. quic::QuicClock* clock_; // Unowned. - const size_t max_packet_length_; + QuicParams params_; QuicClockSkewDetector clock_skew_detector_; // Factory which is used to create socket performance watcher. A new watcher @@ -525,13 +615,6 @@ class NET_EXPORT_PRIVATE QuicStreamFactory // Map of quic::QuicServerId to owning CertVerifierJob. CertVerifierJobMap active_cert_verifier_jobs_; - // True if QUIC should be marked as broken when a connection blackholes after - // the handshake is confirmed. - bool mark_quic_broken_when_network_blackholes_; - - // Set if QUIC server configs should be stored in HttpServerProperties. - bool store_server_configs_in_properties_; - // PING timeout for connections. quic::QuicTime::Delta ping_timeout_; quic::QuicTime::Delta reduced_ping_timeout_; @@ -545,13 +628,6 @@ class NET_EXPORT_PRIVATE QuicStreamFactory int yield_after_packets_; quic::QuicTime::Delta yield_after_duration_; - // Set if all sessions should be closed when any local IP address changes. - const bool close_sessions_on_ip_change_; - - // Set if all sessions should be marked as go away when any local IP address - // changes. - const bool goaway_sessions_on_ip_change_; - // Set if migration should be attempted after probing. const bool migrate_sessions_on_network_change_v2_; @@ -569,44 +645,10 @@ class NET_EXPORT_PRIVATE QuicStreamFactory NetworkChangeNotifier::NetworkHandle default_network_; // Set if idle sessions can be migrated within - // |idle_session_migration_period_| when connection migration is triggered. + // |params_.idle_session_migration_period| when connection migration is + // triggered. const bool migrate_idle_sessions_; - // Sessions can migrate if they have been idle for less than this period. - const base::TimeDelta idle_session_migration_period_; - - // Maximum time sessions could use on non-default network before try to - // migrate back to default network. - const base::TimeDelta max_time_on_non_default_network_; - - // Maximum number of migrations to non default network on write error. - const int max_migrations_to_non_default_network_on_write_error_; - - // Maximum number of migrations to non default network on path degrading. - const int max_migrations_to_non_default_network_on_path_degrading_; - - // If set, allows migration of connection to server-specified alternate - // server address. - const bool allow_server_migration_; - - // Set if stale DNS result may be speculatively used to connect and then - // compared with the original DNS result. - const bool race_stale_dns_on_connection_; - - // Set if client should mark the session as GOAWAY when the connection - // experiences poor connectivity - const bool go_away_on_path_degrading_; - - // Set if cert verification is to be raced with host resolution. - bool race_cert_verification_; - - // If true, estimate the initial RTT based on network type. - bool estimate_initial_rtt; - - // If true, client headers will include HTTP/2 stream dependency info - // derived from spdy::SpdyPriority. - bool headers_include_h2_stream_dependency_; - // Local address of socket that was created in CreateSession. IPEndPoint local_address_; // True if we need to check HttpServerProperties if QUIC was supported last @@ -625,14 +667,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory SSLConfigService* const ssl_config_service_; - // If set to true, the stream factory will create UDP Sockets with - // experimental optimization enabled for receiving data. - bool enable_socket_recv_optimization_; - - // The initial rtt for handshake. - const int initial_rtt_for_handshake_milliseconds_; - - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(QuicStreamFactory); }; diff --git a/chromium/net/quic/quic_stream_factory_fuzzer.cc b/chromium/net/quic/quic_stream_factory_fuzzer.cc index 60d828be793..783cb01036d 100644 --- a/chromium/net/quic/quic_stream_factory_fuzzer.cc +++ b/chromium/net/quic/quic_stream_factory_fuzzer.cc @@ -4,9 +4,8 @@ #include "net/quic/quic_stream_factory.h" -#include "base/test/fuzzed_data_provider.h" - #include "base/stl_util.h" +#include "net/base/network_isolation_key.h" #include "net/base/test_completion_callback.h" #include "net/cert/ct_policy_enforcer.h" #include "net/cert/do_nothing_ct_verifier.h" @@ -27,6 +26,7 @@ #include "net/third_party/quiche/src/quic/test_tools/mock_clock.h" #include "net/third_party/quiche/src/quic/test_tools/mock_random.h" #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" namespace net { @@ -82,7 +82,7 @@ struct Env { static struct Env* env = new Env(); extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - base::FuzzedDataProvider data_provider(data, size); + FuzzedDataProvider data_provider(data, size); std::unique_ptr host_resolver = CreateFuzzedContextHostResolver(HostResolver::ManagerOptions(), nullptr, @@ -93,40 +93,44 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { // Initialize this on each loop since some options mutate this. HttpServerPropertiesImpl http_server_properties; - bool store_server_configs_in_properties = data_provider.ConsumeBool(); - bool close_sessions_on_ip_change = data_provider.ConsumeBool(); - bool mark_quic_broken_when_network_blackholes = data_provider.ConsumeBool(); - bool allow_server_migration = data_provider.ConsumeBool(); - bool race_cert_verification = data_provider.ConsumeBool(); - bool estimate_initial_rtt = data_provider.ConsumeBool(); - bool headers_include_h2_stream_dependency = data_provider.ConsumeBool(); - bool enable_socket_recv_optimization = data_provider.ConsumeBool(); - bool race_stale_dns_on_connection = data_provider.ConsumeBool(); + QuicParams params; + params.max_server_configs_stored_in_properties = + data_provider.ConsumeBool() ? 1 : 0; + params.close_sessions_on_ip_change = data_provider.ConsumeBool(); + params.mark_quic_broken_when_network_blackholes = data_provider.ConsumeBool(); + params.allow_server_migration = data_provider.ConsumeBool(); + params.race_cert_verification = data_provider.ConsumeBool(); + params.estimate_initial_rtt = data_provider.ConsumeBool(); + params.headers_include_h2_stream_dependency = data_provider.ConsumeBool(); + params.enable_socket_recv_optimization = data_provider.ConsumeBool(); + params.race_stale_dns_on_connection = data_provider.ConsumeBool(); env->crypto_client_stream_factory.AddProofVerifyDetails(&env->verify_details); - bool goaway_sessions_on_ip_change = false; - bool migrate_sessions_early_v2 = false; - bool migrate_sessions_on_network_change_v2 = false; - bool retry_on_alternate_network_before_handshake = false; - bool migrate_idle_sessions = false; - bool go_away_on_path_degrading = false; - - if (!close_sessions_on_ip_change) { - goaway_sessions_on_ip_change = data_provider.ConsumeBool(); - if (!goaway_sessions_on_ip_change) { - migrate_sessions_on_network_change_v2 = data_provider.ConsumeBool(); - if (migrate_sessions_on_network_change_v2) { - migrate_sessions_early_v2 = data_provider.ConsumeBool(); - retry_on_alternate_network_before_handshake = + params.goaway_sessions_on_ip_change = false; + params.migrate_sessions_early_v2 = false; + params.migrate_sessions_on_network_change_v2 = false; + params.retry_on_alternate_network_before_handshake = false; + params.migrate_idle_sessions = false; + params.go_away_on_path_degrading = false; + + if (!params.close_sessions_on_ip_change) { + params.goaway_sessions_on_ip_change = data_provider.ConsumeBool(); + if (!params.goaway_sessions_on_ip_change) { + params.migrate_sessions_on_network_change_v2 = + data_provider.ConsumeBool(); + if (params.migrate_sessions_on_network_change_v2) { + params.migrate_sessions_early_v2 = data_provider.ConsumeBool(); + params.retry_on_alternate_network_before_handshake = data_provider.ConsumeBool(); - migrate_idle_sessions = data_provider.ConsumeBool(); + params.migrate_idle_sessions = data_provider.ConsumeBool(); } } } - if (!migrate_sessions_early_v2) - go_away_on_path_degrading = data_provider.ConsumeBool(); + if (!params.migrate_sessions_early_v2) { + params.go_away_on_path_degrading = data_provider.ConsumeBool(); + } std::unique_ptr factory = std::make_unique( @@ -136,34 +140,20 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { &env->ct_policy_enforcer, &env->transport_security_state, env->cert_transparency_verifier.get(), nullptr, &env->crypto_client_stream_factory, &env->random_generator, - &env->clock, quic::kDefaultMaxPacketSize, std::string(), - store_server_configs_in_properties, close_sessions_on_ip_change, - goaway_sessions_on_ip_change, - mark_quic_broken_when_network_blackholes, - kIdleConnectionTimeoutSeconds, quic::kPingTimeoutSecs, - kDefaultRetransmittableOnWireTimeoutMillisecs, - quic::kMaxTimeForCryptoHandshakeSecs, quic::kInitialIdleTimeoutSecs, - migrate_sessions_on_network_change_v2, migrate_sessions_early_v2, - retry_on_alternate_network_before_handshake, migrate_idle_sessions, - base::TimeDelta::FromSeconds( - kDefaultIdleSessionMigrationPeriodSeconds), - base::TimeDelta::FromSeconds(kMaxTimeOnNonDefaultNetworkSecs), - kMaxMigrationsToNonDefaultNetworkOnWriteError, - kMaxMigrationsToNonDefaultNetworkOnPathDegrading, - allow_server_migration, race_stale_dns_on_connection, - go_away_on_path_degrading, race_cert_verification, - estimate_initial_rtt, headers_include_h2_stream_dependency, - env->connection_options, env->client_connection_options, - enable_socket_recv_optimization, 0); + &env->clock, params); + SetQuicFlag(FLAGS_quic_supports_tls_handshake, true); QuicStreamRequest request(factory.get()); TestCompletionCallback callback; NetErrorDetails net_error_details; + quic::ParsedQuicVersionVector versions = quic::AllSupportedVersions(); + quic::ParsedQuicVersion version = + versions[data_provider.ConsumeIntegralInRange( + 0, versions.size() - 1)]; request.Request( - env->host_port_pair, - data_provider.PickValueInArray(quic::kSupportedTransportVersions), - PRIVACY_MODE_DISABLED, DEFAULT_PRIORITY, SocketTag(), kCertVerifyFlags, - GURL(kUrl), env->net_log, &net_error_details, + env->host_port_pair, version, PRIVACY_MODE_DISABLED, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), kCertVerifyFlags, GURL(kUrl), + env->net_log, &net_error_details, /*failed_on_default_network_callback=*/CompletionOnceCallback(), callback.callback()); diff --git a/chromium/net/quic/quic_stream_factory_peer.cc b/chromium/net/quic/quic_stream_factory_peer.cc index cb9262e45cb..565e5300c76 100644 --- a/chromium/net/quic/quic_stream_factory_peer.cc +++ b/chromium/net/quic/quic_stream_factory_peer.cc @@ -113,13 +113,13 @@ quic::QuicTime::Delta QuicStreamFactoryPeer::GetPingTimeout( bool QuicStreamFactoryPeer::GetRaceCertVerification( QuicStreamFactory* factory) { - return factory->race_cert_verification_; + return factory->params_.race_cert_verification; } void QuicStreamFactoryPeer::SetRaceCertVerification( QuicStreamFactory* factory, bool race_cert_verification) { - factory->race_cert_verification_ = race_cert_verification; + factory->params_.race_cert_verification = race_cert_verification; } quic::QuicAsyncStatus QuicStreamFactoryPeer::StartCertVerifyJob( diff --git a/chromium/net/quic/quic_stream_factory_test.cc b/chromium/net/quic/quic_stream_factory_test.cc index 4c909798498..760da17499e 100644 --- a/chromium/net/quic/quic_stream_factory_test.cc +++ b/chromium/net/quic/quic_stream_factory_test.cc @@ -16,7 +16,9 @@ #include "base/test/simple_test_tick_clock.h" #include "base/test/test_mock_time_task_runner.h" #include "build/build_config.h" +#include "net/base/load_flags.h" #include "net/base/mock_network_change_notifier.h" +#include "net/base/network_isolation_key.h" #include "net/cert/ct_policy_enforcer.h" #include "net/cert/do_nothing_ct_verifier.h" #include "net/cert/mock_cert_verifier.h" @@ -38,11 +40,13 @@ #include "net/quic/quic_server_info.h" #include "net/quic/quic_stream_factory_peer.h" #include "net/quic/quic_test_packet_maker.h" +#include "net/quic/quic_test_packet_printer.h" #include "net/quic/test_task_runner.h" #include "net/socket/next_proto.h" #include "net/socket/socket_test_util.h" #include "net/spdy/spdy_session_test_util.h" #include "net/spdy/spdy_test_util_common.h" +#include "net/ssl/ssl_config_service_defaults.h" #include "net/test/cert_test_util.h" #include "net/test/gtest_util.h" #include "net/test/test_data_directory.h" @@ -69,26 +73,6 @@ using std::string; namespace net { -namespace { - -class MockSSLConfigService : public SSLConfigService { - public: - MockSSLConfigService() {} - ~MockSSLConfigService() override {} - - void GetSSLConfig(SSLConfig* config) override { *config = config_; } - - bool CanShareConnectionWithClientCerts( - const std::string& hostname) const override { - return false; - } - - private: - SSLConfig config_; -}; - -} // namespace - namespace test { namespace { @@ -132,10 +116,13 @@ struct TestParams { std::vector GetTestParams() { std::vector params; quic::ParsedQuicVersionVector all_supported_versions = - quic::AllVersionsExcept99(); + quic::AllSupportedVersions(); for (const auto& version : all_supported_versions) { - params.push_back(TestParams{version, false}); - params.push_back(TestParams{version, true}); + // TODO(rch): crbug.com/978745 - Make this work with TLS + if (version.handshake_protocol != quic::PROTOCOL_TLS1_3) { + params.push_back(TestParams{version, false}); + params.push_back(TestParams{version, true}); + } } return params; } @@ -172,14 +159,17 @@ struct PoolingTestParams { std::vector GetPoolingTestParams() { std::vector params; quic::ParsedQuicVersionVector all_supported_versions = - quic::AllVersionsExcept99(); + quic::AllSupportedVersions(); for (const quic::ParsedQuicVersion version : all_supported_versions) { - params.push_back(PoolingTestParams{version, SAME_AS_FIRST, false}); - params.push_back(PoolingTestParams{version, SAME_AS_FIRST, true}); - params.push_back(PoolingTestParams{version, SAME_AS_SECOND, false}); - params.push_back(PoolingTestParams{version, SAME_AS_SECOND, true}); - params.push_back(PoolingTestParams{version, DIFFERENT, false}); - params.push_back(PoolingTestParams{version, DIFFERENT, true}); + // TODO(rch): crbug.com/978745 - Make this work with TLS + if (version.handshake_protocol != quic::PROTOCOL_TLS1_3) { + params.push_back(PoolingTestParams{version, SAME_AS_FIRST, false}); + params.push_back(PoolingTestParams{version, SAME_AS_FIRST, true}); + params.push_back(PoolingTestParams{version, SAME_AS_SECOND, false}); + params.push_back(PoolingTestParams{version, SAME_AS_SECOND, true}); + params.push_back(PoolingTestParams{version, DIFFERENT, false}); + params.push_back(PoolingTestParams{version, DIFFERENT, true}); + } } return params; } @@ -223,7 +213,7 @@ class QuicStreamFactoryTestBase : public WithScopedTaskEnvironment { QuicStreamFactoryTestBase(quic::ParsedQuicVersion version, bool client_headers_include_h2_stream_dependency) : host_resolver_(new MockHostResolver), - ssl_config_service_(new MockSSLConfigService), + ssl_config_service_(new SSLConfigServiceDefaults), socket_factory_(new MockClientSocketFactory), random_generator_(0), runner_(new TestTaskRunner(&clock_)), @@ -255,9 +245,8 @@ class QuicStreamFactoryTestBase : public WithScopedTaskEnvironment { failed_on_default_network_callback_(base::BindRepeating( &QuicStreamFactoryTestBase::OnFailedOnDefaultNetwork, base::Unretained(this))), - failed_on_default_network_(false), - store_server_configs_in_properties_(false) { - test_params_.quic_headers_include_h2_stream_dependency = + failed_on_default_network_(false) { + test_params_.quic_params.headers_include_h2_stream_dependency = client_headers_include_h2_stream_dependency; clock_.AdvanceTime(quic::QuicTime::Delta::FromSeconds(1)); } @@ -271,35 +260,7 @@ class QuicStreamFactoryTestBase : public WithScopedTaskEnvironment { cert_transparency_verifier_.get(), /*SocketPerformanceWatcherFactory*/ nullptr, &crypto_client_stream_factory_, &random_generator_, &clock_, - test_params_.quic_max_packet_length, test_params_.quic_user_agent_id, - store_server_configs_in_properties_, - test_params_.quic_close_sessions_on_ip_change, - test_params_.quic_goaway_sessions_on_ip_change, - test_params_.mark_quic_broken_when_network_blackholes, - test_params_.quic_idle_connection_timeout_seconds, - test_params_.quic_reduced_ping_timeout_seconds, - test_params_.quic_retransmittable_on_wire_timeout_milliseconds, - test_params_.quic_max_time_before_crypto_handshake_seconds, - test_params_.quic_max_idle_time_before_crypto_handshake_seconds, - test_params_.quic_migrate_sessions_on_network_change_v2, - test_params_.quic_migrate_sessions_early_v2, - test_params_.quic_retry_on_alternate_network_before_handshake, - test_params_.quic_migrate_idle_sessions, - test_params_.quic_idle_session_migration_period, - test_params_.quic_max_time_on_non_default_network, - test_params_.quic_max_migrations_to_non_default_network_on_write_error, - test_params_ - .quic_max_migrations_to_non_default_network_on_path_degrading, - test_params_.quic_allow_server_migration, - test_params_.quic_race_stale_dns_on_connection, - test_params_.quic_go_away_on_path_degrading, - test_params_.quic_race_cert_verification, - test_params_.quic_estimate_initial_rtt, - test_params_.quic_headers_include_h2_stream_dependency, - test_params_.quic_connection_options, - test_params_.quic_client_connection_options, - test_params_.quic_enable_socket_recv_optimization, - test_params_.quic_initial_rtt_for_handshake_milliseconds)); + test_params_.quic_params)); } void InitializeConnectionMigrationV2Test( @@ -310,8 +271,8 @@ class QuicStreamFactoryTestBase : public WithScopedTaskEnvironment { scoped_mock_network_change_notifier_->mock_network_change_notifier(); mock_ncn->ForceNetworkHandlesSupported(); mock_ncn->SetConnectedNetworksList(connected_networks); - test_params_.quic_migrate_sessions_on_network_change_v2 = true; - test_params_.quic_migrate_sessions_early_v2 = true; + test_params_.quic_params.migrate_sessions_on_network_change_v2 = true; + test_params_.quic_params.migrate_sessions_early_v2 = true; socket_factory_.reset(new TestConnectionMigrationSocketFactory); Initialize(); } @@ -380,7 +341,7 @@ class QuicStreamFactoryTestBase : public WithScopedTaskEnvironment { EXPECT_FALSE(HasActiveSession(destination)); size_t socket_count = socket_factory_->udp_client_socket_ports().size(); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -389,8 +350,8 @@ class QuicStreamFactoryTestBase : public WithScopedTaskEnvironment { GURL url("https://" + destination.host() + "/"); EXPECT_EQ(ERR_IO_PENDING, request.Request( - destination, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + destination, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -471,8 +432,7 @@ class QuicStreamFactoryTestBase : public WithScopedTaskEnvironment { quic::QuicStreamId stream_id, quic::QuicStreamId parent_stream_id, bool should_include_version, - bool fin, - quic::QuicStreamOffset* offset) { + bool fin) { spdy::SpdyHeaderBlock headers = client_maker_.GetRequestHeaders("GET", "https", "/"); spdy::SpdyPriority priority = @@ -480,18 +440,7 @@ class QuicStreamFactoryTestBase : public WithScopedTaskEnvironment { size_t spdy_headers_frame_len; return client_maker_.MakeRequestHeadersPacket( packet_number, stream_id, should_include_version, fin, priority, - std::move(headers), parent_stream_id, &spdy_headers_frame_len, offset); - } - - std::unique_ptr ConstructGetRequestPacket( - uint64_t packet_number, - quic::QuicStreamId stream_id, - bool should_include_version, - bool fin, - quic::QuicStreamOffset* offset) { - return ConstructGetRequestPacket(packet_number, stream_id, - /*parent_stream_id=*/0, - should_include_version, fin, offset); + std::move(headers), parent_stream_id, &spdy_headers_frame_len); } std::unique_ptr ConstructOkResponsePacket( @@ -507,19 +456,18 @@ class QuicStreamFactoryTestBase : public WithScopedTaskEnvironment { } std::unique_ptr ConstructInitialSettingsPacket() { - return client_maker_.MakeInitialSettingsPacket(1, nullptr); + return client_maker_.MakeInitialSettingsPacket(1); } std::unique_ptr ConstructInitialSettingsPacket( - uint64_t packet_number, - quic::QuicStreamOffset* offset) { - return client_maker_.MakeInitialSettingsPacket(packet_number, offset); + uint64_t packet_number) { + return client_maker_.MakeInitialSettingsPacket(packet_number); } // Helper method for server migration tests. void VerifyServerMigration(const quic::QuicConfig& config, IPEndPoint expected_address) { - test_params_.quic_allow_server_migration = true; + test_params_.quic_params.allow_server_migration = true; Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -527,13 +475,14 @@ class QuicStreamFactoryTestBase : public WithScopedTaskEnvironment { crypto_client_stream_factory_.SetConfig(config); // Set up first socket data provider. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data1.AddSocketDataToFactory(socket_factory_.get()); + client_maker_.set_coalesce_http_frames(true); // Set up second socket data provider that is used after // migration. - MockQuicData socket_data2; + MockQuicData socket_data2(version_); socket_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data2.AddWrite( @@ -548,8 +497,8 @@ class QuicStreamFactoryTestBase : public WithScopedTaskEnvironment { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -591,8 +540,9 @@ class QuicStreamFactoryTestBase : public WithScopedTaskEnvironment { // Verifies that the QUIC stream factory is initialized correctly. void VerifyInitialization() { - store_server_configs_in_properties_ = true; - test_params_.quic_idle_connection_timeout_seconds = 500; + test_params_.quic_params.max_server_configs_stored_in_properties = 1; + test_params_.quic_params.idle_connection_timeout = + base::TimeDelta::FromSeconds(500); Initialize(); factory_->set_require_confirmation(false); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -728,7 +678,7 @@ class QuicStreamFactoryTestBase : public WithScopedTaskEnvironment { "192.168.0.1", ""); // Create a session and verify that the cached state is loaded. - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -736,8 +686,8 @@ class QuicStreamFactoryTestBase : public WithScopedTaskEnvironment { EXPECT_EQ(ERR_IO_PENDING, request.Request( HostPortPair(quic_server_id.host(), quic_server_id.port()), - version_.transport_version, privacy_mode_, DEFAULT_PRIORITY, - SocketTag(), + version_, privacy_mode_, DEFAULT_PRIORITY, SocketTag(), + NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -761,7 +711,7 @@ class QuicStreamFactoryTestBase : public WithScopedTaskEnvironment { EXPECT_TRUE(socket_data.AllWriteDataConsumed()); // Create a session and verify that the cached state is loaded. - MockQuicData socket_data2; + MockQuicData socket_data2(version_); socket_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -772,8 +722,8 @@ class QuicStreamFactoryTestBase : public WithScopedTaskEnvironment { EXPECT_EQ(ERR_IO_PENDING, request2.Request( HostPortPair(quic_server_id2.host(), quic_server_id2.port()), - version_.transport_version, privacy_mode_, DEFAULT_PRIORITY, - SocketTag(), + version_, privacy_mode_, DEFAULT_PRIORITY, SocketTag(), + NetworkIsolationKey(), /*cert_verify_flags=*/0, GURL("https://mail.example.org/"), net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -819,10 +769,9 @@ class QuicStreamFactoryTestBase : public WithScopedTaskEnvironment { quic::QuicStreamId stream_id, bool should_include_version, bool fin, - quic::QuicStreamOffset offset, quic::QuicStringPiece data) { - return server_maker_.MakeDataPacket( - packet_number, stream_id, should_include_version, fin, offset, data); + return server_maker_.MakeDataPacket(packet_number, stream_id, + should_include_version, fin, data); } quic::QuicStreamId GetNthServerInitiatedUnidirectionalStreamId(int n) { @@ -901,7 +850,6 @@ class QuicStreamFactoryTestBase : public WithScopedTaskEnvironment { // Variables to configure QuicStreamFactory. HttpNetworkSession::Params test_params_; - bool store_server_configs_in_properties_; }; class QuicStreamFactoryTest : public QuicStreamFactoryTestBase, @@ -922,7 +870,7 @@ TEST_P(QuicStreamFactoryTest, Create) { ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -930,8 +878,8 @@ TEST_P(QuicStreamFactoryTest, Create) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -942,12 +890,12 @@ TEST_P(QuicStreamFactoryTest, Create) { EXPECT_EQ(DEFAULT_PRIORITY, host_resolver_->last_request_priority()); QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(host_port_pair_, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request2.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); // Will reset stream 3. stream = CreateStream(&request2); @@ -956,12 +904,12 @@ TEST_P(QuicStreamFactoryTest, Create) { // TODO(rtenneti): We should probably have a tests that HTTP and HTTPS result // in streams on different sessions. QuicStreamRequest request3(factory_.get()); - EXPECT_EQ(OK, request3.Request(host_port_pair_, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request3.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); stream = CreateStream(&request3); // Will reset stream 5. stream.reset(); // Will reset stream 7. @@ -975,7 +923,7 @@ TEST_P(QuicStreamFactoryTest, CreateZeroRtt) { ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -986,12 +934,12 @@ TEST_P(QuicStreamFactoryTest, CreateZeroRtt) { "192.168.0.1", ""); QuicStreamRequest request(factory_.get()); - EXPECT_EQ(OK, request.Request(host_port_pair_, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); std::unique_ptr stream = CreateStream(&request); EXPECT_TRUE(stream.get()); @@ -1004,7 +952,7 @@ TEST_P(QuicStreamFactoryTest, DefaultInitialRtt) { ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -1012,8 +960,8 @@ TEST_P(QuicStreamFactoryTest, DefaultInitialRtt) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -1032,7 +980,7 @@ TEST_P(QuicStreamFactoryTest, FactoryDestroyedWhenJobPending) { ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -1040,8 +988,8 @@ TEST_P(QuicStreamFactoryTest, FactoryDestroyedWhenJobPending) { auto request = std::make_unique(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request->Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); request.reset(); @@ -1062,7 +1010,7 @@ TEST_P(QuicStreamFactoryTest, RequireConfirmation) { ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -1070,8 +1018,8 @@ TEST_P(QuicStreamFactoryTest, RequireConfirmation) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -1104,15 +1052,15 @@ TEST_P(QuicStreamFactoryTest, DontRequireConfirmationFromSameIP) { ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); QuicStreamRequest request(factory_.get()); EXPECT_THAT(request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback()), IsOk()); @@ -1137,13 +1085,13 @@ TEST_P(QuicStreamFactoryTest, CachedInitialRtt) { stats.srtt = base::TimeDelta::FromMilliseconds(10); http_server_properties_.SetServerNetworkStats(url::SchemeHostPort(url_), stats); - test_params_.quic_estimate_initial_rtt = true; + test_params_.quic_params.estimate_initial_rtt = true; Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -1151,8 +1099,8 @@ TEST_P(QuicStreamFactoryTest, CachedInitialRtt) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -1170,13 +1118,13 @@ TEST_P(QuicStreamFactoryTest, 2gInitialRtt) { ScopedMockNetworkChangeNotifier notifier; notifier.mock_network_change_notifier()->SetConnectionType( NetworkChangeNotifier::CONNECTION_2G); - test_params_.quic_estimate_initial_rtt = true; + test_params_.quic_params.estimate_initial_rtt = true; Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -1184,8 +1132,8 @@ TEST_P(QuicStreamFactoryTest, 2gInitialRtt) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -1203,13 +1151,13 @@ TEST_P(QuicStreamFactoryTest, 3gInitialRtt) { ScopedMockNetworkChangeNotifier notifier; notifier.mock_network_change_notifier()->SetConnectionType( NetworkChangeNotifier::CONNECTION_3G); - test_params_.quic_estimate_initial_rtt = true; + test_params_.quic_params.estimate_initial_rtt = true; Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -1217,8 +1165,8 @@ TEST_P(QuicStreamFactoryTest, 3gInitialRtt) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -1237,7 +1185,7 @@ TEST_P(QuicStreamFactoryTest, GoAway) { ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -1245,8 +1193,8 @@ TEST_P(QuicStreamFactoryTest, GoAway) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -1269,7 +1217,7 @@ TEST_P(QuicStreamFactoryTest, GoAwayForConnectionMigrationWithPortOnly) { ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -1277,8 +1225,8 @@ TEST_P(QuicStreamFactoryTest, GoAwayForConnectionMigrationWithPortOnly) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -1310,7 +1258,7 @@ TEST_P(QuicStreamFactoryTest, Pooling) { ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -1322,23 +1270,23 @@ TEST_P(QuicStreamFactoryTest, Pooling) { host_resolver_->rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); QuicStreamRequest request(factory_.get()); - EXPECT_EQ(OK, request.Request(host_port_pair_, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); std::unique_ptr stream = CreateStream(&request); EXPECT_TRUE(stream.get()); TestCompletionCallback callback; QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(server2, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url2_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback.callback())); + EXPECT_EQ(OK, + request2.Request( + server2, version_, privacy_mode_, DEFAULT_PRIORITY, SocketTag(), + NetworkIsolationKey(), + /*cert_verify_flags=*/0, url2_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback.callback())); std::unique_ptr stream2 = CreateStream(&request2); EXPECT_TRUE(stream2.get()); @@ -1354,8 +1302,7 @@ TEST_P(QuicStreamFactoryTest, PoolingWithServerMigration) { "192.168.0.1", ""); IPEndPoint alt_address = IPEndPoint(IPAddress(1, 2, 3, 4), 443); quic::QuicConfig config; - config.SetAlternateServerAddressToSend( - quic::QuicSocketAddress(quic::QuicSocketAddressImpl(alt_address))); + config.SetAlternateServerAddressToSend(ToQuicSocketAddress(alt_address)); VerifyServerMigration(config, alt_address); @@ -1364,17 +1311,21 @@ TEST_P(QuicStreamFactoryTest, PoolingWithServerMigration) { session->CloseSessionOnError(0u, quic::QUIC_NO_ERROR, quic::ConnectionCloseBehavior::SILENT_CLOSE); + client_maker_.Reset(); + client_maker_.set_coalesce_http_frames(false); // Set up server IP, socket, proof, and config for new session. HostPortPair server2(kServer2HostName, kDefaultServerPort); host_resolver_->rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); MockWrite writes[] = {MockWrite(SYNCHRONOUS, settings_packet->data(), settings_packet->length(), 1)}; SequencedSocketData socket_data(reads, writes); + QuicPacketPrinter printer(version_); + socket_data.set_printer(&printer); socket_factory_->AddSocketDataProvider(&socket_data); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -1387,8 +1338,8 @@ TEST_P(QuicStreamFactoryTest, PoolingWithServerMigration) { QuicStreamRequest request2(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request2.Request( - server2, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + server2, version_, privacy_mode_, DEFAULT_PRIORITY, SocketTag(), + NetworkIsolationKey(), /*cert_verify_flags=*/0, url2_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback.callback())); EXPECT_EQ(OK, callback.WaitForResult()); @@ -1406,11 +1357,12 @@ TEST_P(QuicStreamFactoryTest, NoPoolingAfterGoAway) { crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data1.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData socket_data2; + client_maker_.Reset(); + MockQuicData socket_data2(version_); socket_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -1422,23 +1374,23 @@ TEST_P(QuicStreamFactoryTest, NoPoolingAfterGoAway) { host_resolver_->rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); QuicStreamRequest request(factory_.get()); - EXPECT_EQ(OK, request.Request(host_port_pair_, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); std::unique_ptr stream = CreateStream(&request); EXPECT_TRUE(stream.get()); TestCompletionCallback callback; QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(server2, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url2_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback.callback())); + EXPECT_EQ(OK, + request2.Request( + server2, version_, privacy_mode_, DEFAULT_PRIORITY, SocketTag(), + NetworkIsolationKey(), + /*cert_verify_flags=*/0, url2_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback.callback())); std::unique_ptr stream2 = CreateStream(&request2); EXPECT_TRUE(stream2.get()); @@ -1448,12 +1400,12 @@ TEST_P(QuicStreamFactoryTest, NoPoolingAfterGoAway) { TestCompletionCallback callback3; QuicStreamRequest request3(factory_.get()); - EXPECT_EQ(OK, request3.Request(server2, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url2_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback3.callback())); + EXPECT_EQ(OK, + request3.Request( + server2, version_, privacy_mode_, DEFAULT_PRIORITY, SocketTag(), + NetworkIsolationKey(), + /*cert_verify_flags=*/0, url2_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback3.callback())); std::unique_ptr stream3 = CreateStream(&request3); EXPECT_TRUE(stream3.get()); @@ -1468,7 +1420,7 @@ TEST_P(QuicStreamFactoryTest, NoPoolingAfterGoAway) { TEST_P(QuicStreamFactoryTest, HttpsPooling) { Initialize(); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -1484,23 +1436,23 @@ TEST_P(QuicStreamFactoryTest, HttpsPooling) { host_resolver_->rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); QuicStreamRequest request(factory_.get()); - EXPECT_EQ(OK, request.Request(server1, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request.Request( + server1, version_, privacy_mode_, DEFAULT_PRIORITY, SocketTag(), + NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); std::unique_ptr stream = CreateStream(&request); EXPECT_TRUE(stream.get()); TestCompletionCallback callback; QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(server2, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url2_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request2.Request( + server2, version_, privacy_mode_, DEFAULT_PRIORITY, SocketTag(), + NetworkIsolationKey(), + /*cert_verify_flags=*/0, url2_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); std::unique_ptr stream2 = CreateStream(&request2); EXPECT_TRUE(stream2.get()); @@ -1512,7 +1464,7 @@ TEST_P(QuicStreamFactoryTest, HttpsPooling) { TEST_P(QuicStreamFactoryTest, HttpsPoolingWithMatchingPins) { Initialize(); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -1534,23 +1486,23 @@ TEST_P(QuicStreamFactoryTest, HttpsPoolingWithMatchingPins) { host_resolver_->rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); QuicStreamRequest request(factory_.get()); - EXPECT_EQ(OK, request.Request(server1, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request.Request( + server1, version_, privacy_mode_, DEFAULT_PRIORITY, SocketTag(), + NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); std::unique_ptr stream = CreateStream(&request); EXPECT_TRUE(stream.get()); TestCompletionCallback callback; QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(server2, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url2_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request2.Request( + server2, version_, privacy_mode_, DEFAULT_PRIORITY, SocketTag(), + NetworkIsolationKey(), + /*cert_verify_flags=*/0, url2_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); std::unique_ptr stream2 = CreateStream(&request2); EXPECT_TRUE(stream2.get()); @@ -1563,11 +1515,12 @@ TEST_P(QuicStreamFactoryTest, HttpsPoolingWithMatchingPins) { TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithDifferentPins) { Initialize(); - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data1.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData socket_data2; + client_maker_.Reset(); + MockQuicData socket_data2(version_); socket_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -1595,23 +1548,23 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithDifferentPins) { host_resolver_->rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", ""); QuicStreamRequest request(factory_.get()); - EXPECT_EQ(OK, request.Request(server1, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request.Request( + server1, version_, privacy_mode_, DEFAULT_PRIORITY, SocketTag(), + NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); std::unique_ptr stream = CreateStream(&request); EXPECT_TRUE(stream.get()); TestCompletionCallback callback; QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(server2, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url2_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request2.Request( + server2, version_, privacy_mode_, DEFAULT_PRIORITY, SocketTag(), + NetworkIsolationKey(), + /*cert_verify_flags=*/0, url2_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); std::unique_ptr stream2 = CreateStream(&request2); EXPECT_TRUE(stream2.get()); @@ -1629,11 +1582,12 @@ TEST_P(QuicStreamFactoryTest, Goaway) { crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData socket_data2; + client_maker_.Reset(); + MockQuicData socket_data2(version_); socket_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -1641,8 +1595,8 @@ TEST_P(QuicStreamFactoryTest, Goaway) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -1663,8 +1617,8 @@ TEST_P(QuicStreamFactoryTest, Goaway) { QuicStreamRequest request2(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request2.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -1691,7 +1645,7 @@ TEST_P(QuicStreamFactoryTest, MaxOpenStream) { crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); quic::QuicStreamId stream_id = GetNthClientInitiatedBidirectionalStreamId(0); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); if (version_.transport_version == quic::QUIC_VERSION_99) { socket_data.AddWrite(SYNCHRONOUS, client_maker_.MakeStreamsBlockedPacket( @@ -1727,8 +1681,8 @@ TEST_P(QuicStreamFactoryTest, MaxOpenStream) { for (size_t i = 0; i < quic::kDefaultMaxStreamsPerConnection / 2; i++) { QuicStreamRequest request(factory_.get()); int rv = request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, SocketTag(), + NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback()); if (i == 0) { @@ -1746,12 +1700,12 @@ TEST_P(QuicStreamFactoryTest, MaxOpenStream) { } QuicStreamRequest request(factory_.get()); - EXPECT_EQ(OK, request.Request(host_port_pair_, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - CompletionOnceCallback())); + EXPECT_EQ(OK, + request.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, CompletionOnceCallback())); std::unique_ptr stream = CreateStream(&request); EXPECT_TRUE(stream); EXPECT_EQ(ERR_IO_PENDING, @@ -1779,7 +1733,7 @@ TEST_P(QuicStreamFactoryTest, MaxOpenStream) { TEST_P(QuicStreamFactoryTest, ResolutionErrorInCreate) { Initialize(); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddSocketDataToFactory(socket_factory_.get()); host_resolver_->rules()->AddSimulatedFailure(kDefaultServerHostName); @@ -1787,8 +1741,8 @@ TEST_P(QuicStreamFactoryTest, ResolutionErrorInCreate) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -1801,15 +1755,15 @@ TEST_P(QuicStreamFactoryTest, ResolutionErrorInCreate) { TEST_P(QuicStreamFactoryTest, ConnectErrorInCreate) { Initialize(); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddConnect(SYNCHRONOUS, ERR_ADDRESS_IN_USE); socket_data.AddSocketDataToFactory(socket_factory_.get()); QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -1821,7 +1775,7 @@ TEST_P(QuicStreamFactoryTest, ConnectErrorInCreate) { TEST_P(QuicStreamFactoryTest, CancelCreate) { Initialize(); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -1829,8 +1783,8 @@ TEST_P(QuicStreamFactoryTest, CancelCreate) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); } @@ -1838,12 +1792,12 @@ TEST_P(QuicStreamFactoryTest, CancelCreate) { base::RunLoop().RunUntilIdle(); QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(host_port_pair_, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request2.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); std::unique_ptr stream = CreateStream(&request2); EXPECT_TRUE(stream.get()); @@ -1859,17 +1813,18 @@ TEST_P(QuicStreamFactoryTest, CloseAllSessions) { crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddWrite( SYNCHRONOUS, ConstructClientRstPacket(2, quic::QUIC_RST_ACKNOWLEDGEMENT)); socket_data.AddWrite(SYNCHRONOUS, client_maker_.MakeConnectionClosePacket( - 3, true, quic::QUIC_INTERNAL_ERROR, "net error")); + 3, true, quic::QUIC_PEER_GOING_AWAY, "net error")); socket_data.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData socket_data2; + client_maker_.Reset(); + MockQuicData socket_data2(version_); socket_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -1877,8 +1832,8 @@ TEST_P(QuicStreamFactoryTest, CloseAllSessions) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -1892,7 +1847,7 @@ TEST_P(QuicStreamFactoryTest, CloseAllSessions) { // Close the session and verify that stream saw the error. factory_->CloseAllSessions(ERR_INTERNET_DISCONNECTED, - quic::QUIC_INTERNAL_ERROR); + quic::QUIC_PEER_GOING_AWAY); EXPECT_EQ(ERR_INTERNET_DISCONNECTED, stream->ReadResponseHeaders(callback_.callback())); @@ -1902,8 +1857,8 @@ TEST_P(QuicStreamFactoryTest, CloseAllSessions) { QuicStreamRequest request2(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request2.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -1928,7 +1883,7 @@ TEST_P(QuicStreamFactoryTest, crypto_client_stream_factory_.set_handshake_mode( MockCryptoClientStream::COLD_START_WITH_CHLO_SENT); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Trigger PACKET_WRITE_ERROR when sending packets in crypto connect. socket_data.AddWrite(SYNCHRONOUS, ERR_ADDRESS_UNREACHABLE); @@ -1938,8 +1893,8 @@ TEST_P(QuicStreamFactoryTest, QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(ERR_QUIC_HANDSHAKE_FAILED, callback_.WaitForResult()); @@ -1951,7 +1906,8 @@ TEST_P(QuicStreamFactoryTest, MockCryptoClientStream::COLD_START); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data2; + client_maker_.Reset(); + MockQuicData socket_data2(version_); socket_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -1959,8 +1915,8 @@ TEST_P(QuicStreamFactoryTest, QuicStreamRequest request2(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request2.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_FALSE(HasActiveSession(host_port_pair_)); @@ -1994,7 +1950,7 @@ TEST_P(QuicStreamFactoryTest, WriteErrorInCryptoConnectWithSyncHostResolution) { host_resolver_->rules()->AddIPLiteralRule(host_port_pair_.host(), "192.168.0.1", ""); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Trigger PACKET_WRITE_ERROR when sending packets in crypto connect. socket_data.AddWrite(SYNCHRONOUS, ERR_ADDRESS_UNREACHABLE); @@ -2004,8 +1960,8 @@ TEST_P(QuicStreamFactoryTest, WriteErrorInCryptoConnectWithSyncHostResolution) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_QUIC_HANDSHAKE_FAILED, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); // Check no active session, or active jobs left for this server. @@ -2017,7 +1973,8 @@ TEST_P(QuicStreamFactoryTest, WriteErrorInCryptoConnectWithSyncHostResolution) { MockCryptoClientStream::COLD_START); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data2; + client_maker_.Reset(); + MockQuicData socket_data2(version_); socket_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -2025,8 +1982,8 @@ TEST_P(QuicStreamFactoryTest, WriteErrorInCryptoConnectWithSyncHostResolution) { QuicStreamRequest request2(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request2.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_FALSE(HasActiveSession(host_port_pair_)); @@ -2050,13 +2007,13 @@ TEST_P(QuicStreamFactoryTest, WriteErrorInCryptoConnectWithSyncHostResolution) { } TEST_P(QuicStreamFactoryTest, CloseSessionsOnIPAddressChanged) { - test_params_.quic_close_sessions_on_ip_change = true; + test_params_.quic_params.close_sessions_on_ip_change = true; Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddWrite( @@ -2066,7 +2023,8 @@ TEST_P(QuicStreamFactoryTest, CloseSessionsOnIPAddressChanged) { 3, true, quic::QUIC_IP_ADDRESS_CHANGED, "net error")); socket_data.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData socket_data2; + client_maker_.Reset(); + MockQuicData socket_data2(version_); socket_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -2074,8 +2032,8 @@ TEST_P(QuicStreamFactoryTest, CloseSessionsOnIPAddressChanged) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -2109,8 +2067,8 @@ TEST_P(QuicStreamFactoryTest, CloseSessionsOnIPAddressChanged) { QuicStreamRequest request2(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request2.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -2134,20 +2092,18 @@ TEST_P(QuicStreamFactoryTest, CloseSessionsOnIPAddressChanged) { // as going away on IP address change instead of being closed. New requests will // go to a new connection. TEST_P(QuicStreamFactoryTest, GoAwaySessionsOnIPAddressChanged) { - test_params_.quic_goaway_sessions_on_ip_change = true; + test_params_.quic_params.goaway_sessions_on_ip_change = true; Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData quic_data1; - quic::QuicStreamOffset header_stream_offset = 0; - quic_data1.AddWrite(SYNCHRONOUS, - ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData quic_data1(version_); + quic_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); quic_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); quic_data1.AddRead(ASYNC, ERR_IO_PENDING); // Pause quic_data1.AddRead( ASYNC, @@ -2156,19 +2112,18 @@ TEST_P(QuicStreamFactoryTest, GoAwaySessionsOnIPAddressChanged) { quic_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. quic_data1.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData quic_data2; - quic::QuicStreamOffset header_stream_offset2 = 0; + client_maker_.Reset(); + MockQuicData quic_data2(version_); quic_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. - quic_data2.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset2)); + quic_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(1)); quic_data2.AddSocketDataToFactory(socket_factory_.get()); // Create request and QuicHttpStream. QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -2213,8 +2168,8 @@ TEST_P(QuicStreamFactoryTest, GoAwaySessionsOnIPAddressChanged) { QuicStreamRequest request2(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request2.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -2242,7 +2197,7 @@ TEST_P(QuicStreamFactoryTest, OnIPAddressChangedWithConnectionMigration) { crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddWrite( @@ -2252,8 +2207,8 @@ TEST_P(QuicStreamFactoryTest, OnIPAddressChangedWithConnectionMigration) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -2275,12 +2230,12 @@ TEST_P(QuicStreamFactoryTest, OnIPAddressChangedWithConnectionMigration) { // Attempting a new request to the same origin uses the same connection. QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(host_port_pair_, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request2.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); stream = CreateStream(&request2); stream.reset(); @@ -2314,20 +2269,18 @@ void QuicStreamFactoryTestBase::TestMigrationOnNetworkMadeDefault( scoped_mock_network_change_notifier_->mock_network_change_notifier() ->QueueNetworkMadeDefault(kDefaultNetworkForTests); - MockQuicData quic_data1; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData quic_data1(version_); quic_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging Read. - quic_data1.AddWrite(SYNCHRONOUS, - ConstructInitialSettingsPacket(1, &header_stream_offset)); + quic_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); quic_data1.AddWrite( - write_mode, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + write_mode, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); quic_data1.AddSocketDataToFactory(socket_factory_.get()); // Set up the second socket data provider that is used after migration. // The response to the earlier request is read on the new socket. - MockQuicData quic_data2; + MockQuicData quic_data2(version_); // Connectivity probe to be sent on the new path. quic_data2.AddWrite(SYNCHRONOUS, client_maker_.MakeConnectivityProbingPacket(3, true)); @@ -2353,8 +2306,8 @@ void QuicStreamFactoryTestBase::TestMigrationOnNetworkMadeDefault( QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -2489,20 +2442,18 @@ TEST_P(QuicStreamFactoryTest, MigratedToBlockedSocketAfterProbing) { scoped_mock_network_change_notifier_->mock_network_change_notifier() ->QueueNetworkMadeDefault(kDefaultNetworkForTests); - MockQuicData quic_data1; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData quic_data1(version_); quic_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging Read. - quic_data1.AddWrite(SYNCHRONOUS, - ConstructInitialSettingsPacket(1, &header_stream_offset)); + quic_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); quic_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); quic_data1.AddSocketDataToFactory(socket_factory_.get()); // Set up the second socket data provider that is used after migration. // The response to the earlier request is read on the new socket. - MockQuicData quic_data2; + MockQuicData quic_data2(version_); // First connectivity probe to be sent on the new path. quic_data2.AddWrite(SYNCHRONOUS, client_maker_.MakeConnectivityProbingPacket(3, true)); @@ -2532,8 +2483,8 @@ TEST_P(QuicStreamFactoryTest, MigratedToBlockedSocketAfterProbing) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -2667,7 +2618,7 @@ TEST_P(QuicStreamFactoryTest, MigrationTimeoutWithNoNewNetwork) { auto task_runner = base::MakeRefCounted(); QuicStreamFactoryPeer::SetTaskRunner(factory_.get(), task_runner.get()); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -2676,8 +2627,8 @@ TEST_P(QuicStreamFactoryTest, MigrationTimeoutWithNoNewNetwork) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -2744,13 +2695,13 @@ TEST_P(QuicStreamFactoryTest, void QuicStreamFactoryTestBase::TestOnNetworkMadeDefaultNonMigratableStream( bool migrate_idle_sessions) { - test_params_.quic_migrate_idle_sessions = migrate_idle_sessions; + test_params_.quic_params.migrate_idle_sessions = migrate_idle_sessions; InitializeConnectionMigrationV2Test( {kDefaultNetworkForTests, kNewNetworkForTests}); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); if (!migrate_idle_sessions) { @@ -2767,7 +2718,7 @@ void QuicStreamFactoryTestBase::TestOnNetworkMadeDefaultNonMigratableStream( socket_data.AddSocketDataToFactory(socket_factory_.get()); // Set up the second socket data provider that is used for probing. - MockQuicData quic_data1; + MockQuicData quic_data1(version_); // Connectivity probe to be sent on the new path. quic_data1.AddWrite(SYNCHRONOUS, client_maker_.MakeConnectivityProbingPacket(2, true)); @@ -2793,8 +2744,8 @@ void QuicStreamFactoryTestBase::TestOnNetworkMadeDefaultNonMigratableStream( QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -2845,7 +2796,7 @@ TEST_P(QuicStreamFactoryTest, OnNetworkMadeDefaultConnectionMigrationDisabled) { ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddWrite( @@ -2858,8 +2809,8 @@ TEST_P(QuicStreamFactoryTest, OnNetworkMadeDefaultConnectionMigrationDisabled) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -2910,19 +2861,17 @@ TEST_P(QuicStreamFactoryTest, void QuicStreamFactoryTestBase::TestOnNetworkDisconnectedNonMigratableStream( bool migrate_idle_sessions) { - test_params_.quic_migrate_idle_sessions = migrate_idle_sessions; + test_params_.quic_params.migrate_idle_sessions = migrate_idle_sessions; InitializeConnectionMigrationV2Test( {kDefaultNetworkForTests, kNewNetworkForTests}); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData failed_socket_data; - MockQuicData socket_data; + MockQuicData failed_socket_data(version_); + MockQuicData socket_data(version_); if (migrate_idle_sessions) { - quic::QuicStreamOffset header_stream_offset = 0; failed_socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - failed_socket_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + failed_socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); // A RESET will be sent to the peer to cancel the non-migratable stream. failed_socket_data.AddWrite( SYNCHRONOUS, client_maker_.MakeRstPacket( @@ -2950,8 +2899,8 @@ void QuicStreamFactoryTestBase::TestOnNetworkDisconnectedNonMigratableStream( QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -3001,7 +2950,7 @@ TEST_P(QuicStreamFactoryTest, ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddWrite( @@ -3014,8 +2963,8 @@ TEST_P(QuicStreamFactoryTest, QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -3064,13 +3013,13 @@ TEST_P(QuicStreamFactoryTest, void QuicStreamFactoryTestBase::TestOnNetworkMadeDefaultNoOpenStreams( bool migrate_idle_sessions) { - test_params_.quic_migrate_idle_sessions = migrate_idle_sessions; + test_params_.quic_params.migrate_idle_sessions = migrate_idle_sessions; InitializeConnectionMigrationV2Test( {kDefaultNetworkForTests, kNewNetworkForTests}); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); if (!migrate_idle_sessions) { @@ -3082,7 +3031,7 @@ void QuicStreamFactoryTestBase::TestOnNetworkMadeDefaultNoOpenStreams( } socket_data.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData quic_data1; + MockQuicData quic_data1(version_); if (migrate_idle_sessions) { // Set up the second socket data provider that is used for probing. // Connectivity probe to be sent on the new path. @@ -3103,8 +3052,8 @@ void QuicStreamFactoryTestBase::TestOnNetworkMadeDefaultNoOpenStreams( QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -3145,18 +3094,18 @@ TEST_P(QuicStreamFactoryTest, void QuicStreamFactoryTestBase::TestOnNetworkDisconnectedNoOpenStreams( bool migrate_idle_sessions) { - test_params_.quic_migrate_idle_sessions = migrate_idle_sessions; + test_params_.quic_params.migrate_idle_sessions = migrate_idle_sessions; InitializeConnectionMigrationV2Test( {kDefaultNetworkForTests, kNewNetworkForTests}); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData default_socket_data; + MockQuicData default_socket_data(version_); default_socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); default_socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); default_socket_data.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData alternate_socket_data; + MockQuicData alternate_socket_data(version_); if (migrate_idle_sessions) { // Set up second socket data provider that is used after migration. alternate_socket_data.AddRead(SYNCHRONOUS, @@ -3171,8 +3120,8 @@ void QuicStreamFactoryTestBase::TestOnNetworkDisconnectedNoOpenStreams( QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -3223,17 +3172,15 @@ void QuicStreamFactoryTestBase::TestMigrationOnNetworkDisconnected( QuicStreamFactoryPeer::SetTaskRunner(factory_.get(), runner_.get()); int packet_number = 1; - MockQuicData socket_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data.AddWrite( - SYNCHRONOUS, - ConstructInitialSettingsPacket(packet_number++, &header_stream_offset)); + socket_data.AddWrite(SYNCHRONOUS, + ConstructInitialSettingsPacket(packet_number++)); socket_data.AddWrite( SYNCHRONOUS, ConstructGetRequestPacket(packet_number++, GetNthClientInitiatedBidirectionalStreamId(0), - true, true, &header_stream_offset)); + true, true)); if (async_write_before) { socket_data.AddWrite(ASYNC, OK); packet_number++; @@ -3244,8 +3191,8 @@ void QuicStreamFactoryTestBase::TestMigrationOnNetworkDisconnected( QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -3277,7 +3224,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnNetworkDisconnected( // Set up second socket data provider that is used after migration. // The response to the earlier request is read on this new socket. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddWrite( SYNCHRONOUS, client_maker_.MakePingPacket(packet_number++, /*include_version=*/true)); @@ -3348,23 +3295,21 @@ TEST_P(QuicStreamFactoryTest, NewNetworkConnectedAfterNoNetwork) { // Use the test task runner. QuicStreamFactoryPeer::SetTaskRunner(factory_.get(), runner_.get()); - MockQuicData socket_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); - socket_data.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data.AddSocketDataToFactory(socket_factory_.get()); // Create request and QuicHttpStream. QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -3404,7 +3349,7 @@ TEST_P(QuicStreamFactoryTest, NewNetworkConnectedAfterNoNetwork) { // Set up second socket data provider that is used after migration. // The response to the earlier request is read on this new socket. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddWrite( SYNCHRONOUS, client_maker_.MakePingPacket(3, /*include_version=*/true)); socket_data1.AddRead( @@ -3478,21 +3423,20 @@ TEST_P(QuicStreamFactoryTest, MigrateToProbingSocket) { ->QueueNetworkMadeDefault(kDefaultNetworkForTests); int packet_number = 1; - MockQuicData quic_data1; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData quic_data1(version_); quic_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging Read. - quic_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket( - packet_number++, &header_stream_offset)); + quic_data1.AddWrite(SYNCHRONOUS, + ConstructInitialSettingsPacket(packet_number++)); quic_data1.AddWrite( SYNCHRONOUS, ConstructGetRequestPacket(packet_number++, GetNthClientInitiatedBidirectionalStreamId(0), - true, true, &header_stream_offset)); + true, true)); quic_data1.AddSocketDataToFactory(socket_factory_.get()); // Set up the second socket data provider that is used for probing on the // alternate network. - MockQuicData quic_data2; + MockQuicData quic_data2(version_); // Connectivity probe to be sent on the new path. quic_data2.AddWrite(SYNCHRONOUS, client_maker_.MakeConnectivityProbingPacket( packet_number++, true)); @@ -3526,8 +3470,8 @@ TEST_P(QuicStreamFactoryTest, MigrateToProbingSocket) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -3655,16 +3599,15 @@ void QuicStreamFactoryTestBase::TestMigrationOnPathDegrading( ->QueueNetworkMadeDefault(kDefaultNetworkForTests); int packet_number = 1; - MockQuicData quic_data1; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData quic_data1(version_); quic_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging Read. - quic_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket( - packet_number++, &header_stream_offset)); + quic_data1.AddWrite(SYNCHRONOUS, + ConstructInitialSettingsPacket(packet_number++)); quic_data1.AddWrite( SYNCHRONOUS, ConstructGetRequestPacket(packet_number++, GetNthClientInitiatedBidirectionalStreamId(0), - true, true, &header_stream_offset)); + true, true)); if (async_write_before) { quic_data1.AddWrite(ASYNC, OK); packet_number++; @@ -3673,7 +3616,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnPathDegrading( // Set up the second socket data provider that is used after migration. // The response to the earlier request is read on the new socket. - MockQuicData quic_data2; + MockQuicData quic_data2(version_); // Connectivity probe to be sent on the new path. quic_data2.AddWrite(SYNCHRONOUS, client_maker_.MakeConnectivityProbingPacket( packet_number++, true)); @@ -3700,8 +3643,8 @@ void QuicStreamFactoryTestBase::TestMigrationOnPathDegrading( QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -3805,20 +3748,18 @@ void QuicStreamFactoryTestBase::TestMigrationOnPathDegrading( // This test verifies that the session marks itself GOAWAY on path degrading // and it does not receive any new request TEST_P(QuicStreamFactoryTest, GoawayOnPathDegrading) { - test_params_.quic_go_away_on_path_degrading = true; + test_params_.quic_params.go_away_on_path_degrading = true; Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData quic_data1; - quic::QuicStreamOffset header_stream_offset = 0; - quic_data1.AddWrite(SYNCHRONOUS, - ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData quic_data1(version_); + quic_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); quic_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); quic_data1.AddRead(ASYNC, ERR_IO_PENDING); // Pause quic_data1.AddRead( ASYNC, @@ -3827,19 +3768,18 @@ TEST_P(QuicStreamFactoryTest, GoawayOnPathDegrading) { quic_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. quic_data1.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData quic_data2; - quic::QuicStreamOffset header_stream_offset2 = 0; + client_maker_.Reset(); + MockQuicData quic_data2(version_); quic_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. - quic_data2.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset2)); + quic_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); quic_data2.AddSocketDataToFactory(socket_factory_.get()); // Creat request and QuicHttpStream. QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cerf_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -3879,8 +3819,8 @@ TEST_P(QuicStreamFactoryTest, GoawayOnPathDegrading) { QuicStreamRequest request2(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request2.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -3925,14 +3865,12 @@ TEST_P(QuicStreamFactoryTest, DoNotMigrateToBadSocketOnPathDegrading) { scoped_mock_network_change_notifier_->mock_network_change_notifier() ->QueueNetworkMadeDefault(kDefaultNetworkForTests); - MockQuicData quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - quic_data.AddWrite(SYNCHRONOUS, - ConstructInitialSettingsPacket(1, &header_stream_offset)); - quic_data.AddWrite(SYNCHRONOUS, - ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + MockQuicData quic_data(version_); + quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); + quic_data.AddWrite( + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); quic_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause quic_data.AddRead(ASYNC, ConstructOkResponsePacket( 1, GetNthClientInitiatedBidirectionalStreamId(0), @@ -3955,8 +3893,8 @@ TEST_P(QuicStreamFactoryTest, DoNotMigrateToBadSocketOnPathDegrading) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -4044,31 +3982,24 @@ void QuicStreamFactoryTestBase::TestMigrateSessionWithDrainingStream( ->QueueNetworkMadeDefault(kDefaultNetworkForTests); int packet_number = 1; - MockQuicData quic_data1; - quic::QuicStreamOffset header_stream_offset = 0; - quic_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket( - packet_number++, &header_stream_offset)); + MockQuicData quic_data1(version_); + quic_data1.AddWrite(SYNCHRONOUS, + ConstructInitialSettingsPacket(packet_number++)); quic_data1.AddWrite( SYNCHRONOUS, ConstructGetRequestPacket(packet_number++, GetNthClientInitiatedBidirectionalStreamId(0), - true, true, &header_stream_offset)); + true, true)); // Read an out of order packet with FIN to drain the stream. quic_data1.AddRead( ASYNC, ConstructOkResponsePacket( 2, GetNthClientInitiatedBidirectionalStreamId(0), false, true)); // keep sending version. - if (!GetQuicRestartFlag(quic_enable_accept_random_ipn)) { - // Packet 2 is considered as out of order packet and an ACK will be sent - // immediately. - quic_data1.AddWrite(SYNCHRONOUS, client_maker_.MakeAckPacket( - packet_number++, 2, 2, 2, 1, true)); - } quic_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); quic_data1.AddSocketDataToFactory(socket_factory_.get()); // Set up the second socket data provider that is used after migration. - MockQuicData quic_data2; + MockQuicData quic_data2(version_); // Connectivity probe to be sent on the new path. quic_data2.AddWrite(SYNCHRONOUS, client_maker_.MakeConnectivityProbingPacket( packet_number++, false)); @@ -4084,6 +4015,7 @@ void QuicStreamFactoryTestBase::TestMigrateSessionWithDrainingStream( quic_data2.AddWrite(ASYNC, client_maker_.MakePingPacket(packet_number++, false)); } + server_maker_.Reset(); quic_data2.AddRead( ASYNC, ConstructOkResponsePacket( @@ -4097,8 +4029,8 @@ void QuicStreamFactoryTestBase::TestMigrateSessionWithDrainingStream( QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -4215,20 +4147,18 @@ TEST_P(QuicStreamFactoryTest, MigrateOnNewNetworkConnectAfterPathDegrading) { scoped_mock_network_change_notifier_->mock_network_change_notifier() ->QueueNetworkMadeDefault(kDefaultNetworkForTests); - MockQuicData quic_data1; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData quic_data1(version_); quic_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging Read. - quic_data1.AddWrite(SYNCHRONOUS, - ConstructInitialSettingsPacket(1, &header_stream_offset)); + quic_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); quic_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); quic_data1.AddSocketDataToFactory(socket_factory_.get()); // Set up the second socket data provider that is used after migration. // The response to the earlier request is read on the new socket. - MockQuicData quic_data2; + MockQuicData quic_data2(version_); // Connectivity probe to be sent on the new path. quic_data2.AddWrite(SYNCHRONOUS, client_maker_.MakeConnectivityProbingPacket(3, true)); @@ -4254,8 +4184,8 @@ TEST_P(QuicStreamFactoryTest, MigrateOnNewNetworkConnectAfterPathDegrading) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -4369,12 +4299,13 @@ TEST_P(QuicStreamFactoryTest, MigrateMultipleSessionsToBadSocketsAfterDisconnected) { InitializeConnectionMigrationV2Test({kDefaultNetworkForTests}); - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data1.AddWrite(ASYNC, OK); socket_data1.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData socket_data2; + client_maker_.Reset(); + MockQuicData socket_data2(version_); socket_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data2.AddWrite(ASYNC, OK); @@ -4393,23 +4324,23 @@ TEST_P(QuicStreamFactoryTest, // Create request and QuicHttpStream to create session1. QuicStreamRequest request1(factory_.get()); - EXPECT_EQ(OK, request1.Request(server1, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request1.Request( + server1, version_, privacy_mode_, DEFAULT_PRIORITY, SocketTag(), + NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); std::unique_ptr stream1 = CreateStream(&request1); EXPECT_TRUE(stream1.get()); // Create request and QuicHttpStream to create session2. QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(server2, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url2_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request2.Request( + server2, version_, privacy_mode_, DEFAULT_PRIORITY, SocketTag(), + NetworkIsolationKey(), + /*cert_verify_flags=*/0, url2_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); std::unique_ptr stream2 = CreateStream(&request2); EXPECT_TRUE(stream2.get()); @@ -4494,14 +4425,12 @@ TEST_P(QuicStreamFactoryTest, MigrateOnPathDegradingWithNoNewNetwork) { ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData quic_data; - quic::QuicStreamOffset header_stream_offset = 0; - quic_data.AddWrite(SYNCHRONOUS, - ConstructInitialSettingsPacket(1, &header_stream_offset)); - quic_data.AddWrite(SYNCHRONOUS, - ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + MockQuicData quic_data(version_); + quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); + quic_data.AddWrite( + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); quic_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause for path degrading signal. // The rest of the data will still flow in the original socket as there is no @@ -4520,8 +4449,8 @@ TEST_P(QuicStreamFactoryTest, MigrateOnPathDegradingWithNoNewNetwork) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -4586,13 +4515,13 @@ TEST_P(QuicStreamFactoryTest, void QuicStreamFactoryTestBase::TestMigrateSessionEarlyNonMigratableStream( bool migrate_idle_sessions) { - test_params_.quic_migrate_idle_sessions = migrate_idle_sessions; + test_params_.quic_params.migrate_idle_sessions = migrate_idle_sessions; InitializeConnectionMigrationV2Test( {kDefaultNetworkForTests, kNewNetworkForTests}); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); if (!migrate_idle_sessions) { @@ -4608,7 +4537,7 @@ void QuicStreamFactoryTestBase::TestMigrateSessionEarlyNonMigratableStream( socket_data.AddSocketDataToFactory(socket_factory_.get()); // Set up the second socket data provider that is used for probing. - MockQuicData quic_data1; + MockQuicData quic_data1(version_); // Connectivity probe to be sent on the new path. quic_data1.AddWrite(SYNCHRONOUS, client_maker_.MakeConnectivityProbingPacket(2, true)); @@ -4634,8 +4563,8 @@ void QuicStreamFactoryTestBase::TestMigrateSessionEarlyNonMigratableStream( QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -4687,7 +4616,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarlyConnectionMigrationDisabled) { ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddWrite( @@ -4700,8 +4629,8 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionEarlyConnectionMigrationDisabled) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -4760,27 +4689,26 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionOnAysncWriteError) { auto task_runner = base::MakeRefCounted(); QuicStreamFactoryPeer::SetTaskRunner(factory_.get(), task_runner.get()); - MockQuicData socket_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddWrite(ASYNC, ERR_ADDRESS_UNREACHABLE); socket_data.AddSocketDataToFactory(socket_factory_.get()); // Set up second socket data provider that is used after // migration. The request is rewritten to this new socket, and the // response to the request is read on this new socket. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); - socket_data1.AddWrite(SYNCHRONOUS, - ConstructGetRequestPacket( - 3, GetNthClientInitiatedBidirectionalStreamId(1), - GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); + client_maker_.set_coalesce_http_frames(true); + socket_data1.AddWrite( + SYNCHRONOUS, + ConstructGetRequestPacket( + 3, GetNthClientInitiatedBidirectionalStreamId(1), + GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data1.AddRead( ASYNC, ConstructOkResponsePacket( @@ -4793,7 +4721,7 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionOnAysncWriteError) { socket_data1.AddWrite( SYNCHRONOUS, client_maker_.MakeRstPacket( 5, false, GetNthClientInitiatedBidirectionalStreamId(1), - quic::QUIC_STREAM_CANCELLED, 0, + quic::QUIC_STREAM_CANCELLED, /*include_stop_sending_if_v99=*/true)); socket_data1.AddSocketDataToFactory(socket_factory_.get()); @@ -4802,8 +4730,8 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionOnAysncWriteError) { QuicStreamRequest request1(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request1.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -4822,12 +4750,12 @@ TEST_P(QuicStreamFactoryTest, MigrateSessionOnAysncWriteError) { // Request #2 returns synchronously because it pools to existing session. TestCompletionCallback callback2; QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(host_port_pair_, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback2.callback())); + EXPECT_EQ(OK, + request2.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback2.callback())); std::unique_ptr stream2 = CreateStream(&request2); EXPECT_TRUE(stream2.get()); @@ -4912,22 +4840,20 @@ TEST_P(QuicStreamFactoryTest, MigrateBackToDefaultPostMigrationOnWriteError) { auto task_runner = base::MakeRefCounted(); QuicStreamFactoryPeer::SetTaskRunner(factory_.get(), task_runner.get()); - MockQuicData socket_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddWrite(ASYNC, ERR_ADDRESS_UNREACHABLE); socket_data.AddSocketDataToFactory(socket_factory_.get()); // Set up second socket data provider that is used after // migration. The request is rewritten to this new socket, and the // response to the request is read on this new socket. - MockQuicData quic_data2; + MockQuicData quic_data2(version_); quic_data2.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); quic_data2.AddRead( ASYNC, ConstructOkResponsePacket( @@ -4939,8 +4865,8 @@ TEST_P(QuicStreamFactoryTest, MigrateBackToDefaultPostMigrationOnWriteError) { QuicStreamRequest request1(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request1.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -4995,7 +4921,7 @@ TEST_P(QuicStreamFactoryTest, MigrateBackToDefaultPostMigrationOnWriteError) { EXPECT_EQ(200, response.headers->response_code()); // Set up the third socket data provider for migrate back to default network. - MockQuicData quic_data3; + MockQuicData quic_data3(version_); // Connectivity probe to be sent on the new path. quic_data3.AddWrite(SYNCHRONOUS, client_maker_.MakeConnectivityProbingPacket(3, false)); @@ -5007,7 +4933,7 @@ TEST_P(QuicStreamFactoryTest, MigrateBackToDefaultPostMigrationOnWriteError) { quic_data3.AddWrite( SYNCHRONOUS, client_maker_.MakeRstPacket( 5, false, GetNthClientInitiatedBidirectionalStreamId(0), - quic::QUIC_STREAM_CANCELLED, 0, + quic::QUIC_STREAM_CANCELLED, /*include_stop_sending_if_v99=*/true)); quic_data3.AddSocketDataToFactory(socket_factory_.get()); @@ -5052,7 +4978,7 @@ TEST_P(QuicStreamFactoryTest, crypto_client_stream_factory_.set_handshake_mode( MockCryptoClientStream::COLD_START_WITH_CHLO_SENT); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(ASYNC, client_maker_.MakeDummyCHLOPacket(1)); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -5061,8 +4987,8 @@ TEST_P(QuicStreamFactoryTest, QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -5113,7 +5039,7 @@ void QuicStreamFactoryTestBase::TestNoAlternateNetworkBeforeHandshake( crypto_client_stream_factory_.set_handshake_mode( MockCryptoClientStream::COLD_START_WITH_CHLO_SENT); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(ASYNC, client_maker_.MakeDummyCHLOPacket(1)); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -5122,8 +5048,8 @@ void QuicStreamFactoryTestBase::TestNoAlternateNetworkBeforeHandshake( QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -5191,7 +5117,7 @@ void QuicStreamFactoryTestBase:: quic::QuicErrorCode quic_error) { DCHECK(quic_error == quic::QUIC_NETWORK_IDLE_TIMEOUT || quic_error == quic::QUIC_HANDSHAKE_TIMEOUT); - test_params_.quic_retry_on_alternate_network_before_handshake = true; + test_params_.quic_params.retry_on_alternate_network_before_handshake = true; InitializeConnectionMigrationV2Test( {kDefaultNetworkForTests, kNewNetworkForTests}); @@ -5204,24 +5130,21 @@ void QuicStreamFactoryTestBase:: MockCryptoClientStream::COLD_START_WITH_CHLO_SENT); // Socket data for connection on the default network. - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(ASYNC, client_maker_.MakeDummyCHLOPacket(1)); socket_data.AddSocketDataToFactory(socket_factory_.get()); // Socket data for connection on the alternate network. - MockQuicData socket_data2; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData socket_data2(version_); socket_data2.AddWrite(SYNCHRONOUS, client_maker_.MakeDummyCHLOPacket(1)); socket_data2.AddRead(ASYNC, ERR_IO_PENDING); // Pause. // Change the encryption level after handshake is confirmed. client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - socket_data2.AddWrite( - ASYNC, ConstructInitialSettingsPacket(2, &header_stream_offset)); + socket_data2.AddWrite(ASYNC, ConstructInitialSettingsPacket(2)); socket_data2.AddWrite( ASYNC, ConstructGetRequestPacket( - 3, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - &header_stream_offset)); + 3, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data2.AddRead( ASYNC, ConstructOkResponsePacket( @@ -5234,7 +5157,7 @@ void QuicStreamFactoryTestBase:: socket_data2.AddSocketDataToFactory(socket_factory_.get()); // Socket data for probing on the default network. - MockQuicData probing_data; + MockQuicData probing_data(version_); probing_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. probing_data.AddWrite(SYNCHRONOUS, client_maker_.MakeConnectivityProbingPacket(4, false)); @@ -5244,8 +5167,8 @@ void QuicStreamFactoryTestBase:: QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -5343,7 +5266,7 @@ void QuicStreamFactoryTestBase:: // is triggered before handshake is confirmed and connection migration is turned // on. TEST_P(QuicStreamFactoryTest, MigrationOnWriteErrorBeforeHandshakeConfirmed) { - DCHECK(!test_params_.quic_retry_on_alternate_network_before_handshake); + DCHECK(!test_params_.quic_params.retry_on_alternate_network_before_handshake); InitializeConnectionMigrationV2Test( {kDefaultNetworkForTests, kNewNetworkForTests}); @@ -5351,7 +5274,7 @@ TEST_P(QuicStreamFactoryTest, MigrationOnWriteErrorBeforeHandshakeConfirmed) { crypto_client_stream_factory_.set_handshake_mode( MockCryptoClientStream::COLD_START_WITH_CHLO_SENT); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Trigger PACKET_WRITE_ERROR when sending packets in crypto connect. socket_data.AddWrite(SYNCHRONOUS, ERR_ADDRESS_UNREACHABLE); @@ -5361,8 +5284,8 @@ TEST_P(QuicStreamFactoryTest, MigrationOnWriteErrorBeforeHandshakeConfirmed) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(ERR_QUIC_HANDSHAKE_FAILED, callback_.WaitForResult()); @@ -5374,7 +5297,8 @@ TEST_P(QuicStreamFactoryTest, MigrationOnWriteErrorBeforeHandshakeConfirmed) { MockCryptoClientStream::COLD_START); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data2; + client_maker_.Reset(); + MockQuicData socket_data2(version_); socket_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -5382,8 +5306,8 @@ TEST_P(QuicStreamFactoryTest, MigrationOnWriteErrorBeforeHandshakeConfirmed) { QuicStreamRequest request2(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request2.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_FALSE(HasActiveSession(host_port_pair_)); @@ -5413,7 +5337,7 @@ TEST_P(QuicStreamFactoryTest, MigrationOnWriteErrorBeforeHandshakeConfirmed) { // on, a new connection will be retried on the alternate network. TEST_P(QuicStreamFactoryTest, RetryConnectionOnWriteErrorBeforeHandshakeConfirmed) { - test_params_.quic_retry_on_alternate_network_before_handshake = true; + test_params_.quic_params.retry_on_alternate_network_before_handshake = true; InitializeConnectionMigrationV2Test( {kDefaultNetworkForTests, kNewNetworkForTests}); @@ -5422,25 +5346,22 @@ TEST_P(QuicStreamFactoryTest, MockCryptoClientStream::COLD_START_WITH_CHLO_SENT); // Socket data for connection on the default network. - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Trigger PACKET_WRITE_ERROR when sending packets in crypto connect. socket_data.AddWrite(SYNCHRONOUS, ERR_ADDRESS_UNREACHABLE); socket_data.AddSocketDataToFactory(socket_factory_.get()); // Socket data for connection on the alternate network. - MockQuicData socket_data2; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData socket_data2(version_); socket_data2.AddWrite(SYNCHRONOUS, client_maker_.MakeDummyCHLOPacket(1)); socket_data2.AddRead(ASYNC, ERR_IO_PENDING); // Pause. // Change the encryption level after handshake is confirmed. client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - socket_data2.AddWrite( - ASYNC, ConstructInitialSettingsPacket(2, &header_stream_offset)); + socket_data2.AddWrite(ASYNC, ConstructInitialSettingsPacket(2)); socket_data2.AddWrite( ASYNC, ConstructGetRequestPacket( - 3, GetNthClientInitiatedBidirectionalStreamId(0), true, true, - &header_stream_offset)); + 3, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data2.AddRead( ASYNC, ConstructOkResponsePacket( @@ -5456,8 +5377,8 @@ TEST_P(QuicStreamFactoryTest, QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); // Ensure that the session is alive but not active. @@ -5514,11 +5435,9 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteError( auto task_runner = base::MakeRefCounted(); - MockQuicData socket_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddWrite(write_error_mode, ERR_ADDRESS_UNREACHABLE); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -5526,8 +5445,8 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteError( QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -5551,11 +5470,11 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteError( // Set up second socket data provider that is used after // migration. The request is rewritten to this new socket, and the // response to the request is read on this new socket. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data1.AddRead( ASYNC, ConstructOkResponsePacket( @@ -5613,7 +5532,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorNoNewNetwork( // Use the test task runner, to force the migration alarm timeout later. QuicStreamFactoryPeer::SetTaskRunner(factory_.get(), runner_.get()); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddWrite(write_error_mode, ERR_ADDRESS_UNREACHABLE); @@ -5623,8 +5542,8 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorNoNewNetwork( QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -5723,22 +5642,20 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorWithMultipleRequests( crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddWrite(write_error_mode, ERR_ADDRESS_UNREACHABLE); socket_data.AddSocketDataToFactory(socket_factory_.get()); // Set up second socket data provider that is used after // migration. The request is rewritten to this new socket, and the // response to the request is read on this new socket. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data1.AddRead( ASYNC, ConstructOkResponsePacket( @@ -5751,7 +5668,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorWithMultipleRequests( socket_data1.AddWrite( SYNCHRONOUS, client_maker_.MakeRstPacket( 4, false, GetNthClientInitiatedBidirectionalStreamId(1), - quic::QUIC_STREAM_CANCELLED, 0, + quic::QUIC_STREAM_CANCELLED, /*include_stop_sending_if_v99=*/true)); socket_data1.AddSocketDataToFactory(socket_factory_.get()); @@ -5760,8 +5677,8 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorWithMultipleRequests( QuicStreamRequest request1(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request1.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -5780,12 +5697,12 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorWithMultipleRequests( // Second request returns synchronously because it pools to existing session. TestCompletionCallback callback2; QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(host_port_pair_, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback2.callback())); + EXPECT_EQ(OK, + request2.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback2.callback())); std::unique_ptr stream2 = CreateStream(&request2); EXPECT_TRUE(stream2.get()); HttpRequestInfo request_info2; @@ -5856,29 +5773,28 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorMixedStreams( crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); int packet_number = 1; - MockQuicData socket_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData socket_data(version_); + socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data.AddWrite( - SYNCHRONOUS, - ConstructInitialSettingsPacket(packet_number++, &header_stream_offset)); + socket_data.AddWrite(SYNCHRONOUS, + ConstructInitialSettingsPacket(packet_number++)); socket_data.AddWrite(write_error_mode, ERR_ADDRESS_UNREACHABLE); socket_data.AddSocketDataToFactory(socket_factory_.get()); // Set up second socket data provider that is used after // migration. The request is rewritten to this new socket, and the // response to the request is read on this new socket. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddWrite( SYNCHRONOUS, ConstructGetRequestPacket(packet_number++, GetNthClientInitiatedBidirectionalStreamId(0), - true, true, &header_stream_offset)); + true, true)); socket_data1.AddWrite( SYNCHRONOUS, client_maker_.MakeRstPacket(packet_number++, true, GetNthClientInitiatedBidirectionalStreamId(1), - quic::QUIC_STREAM_CANCELLED, 0, + quic::QUIC_STREAM_CANCELLED, /*include_stop_sending_if_v99=*/true)); socket_data1.AddRead( ASYNC, @@ -5896,8 +5812,8 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorMixedStreams( QuicStreamRequest request1(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request1.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -5916,12 +5832,12 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorMixedStreams( // Second request returns synchronously because it pools to existing session. TestCompletionCallback callback2; QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(host_port_pair_, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback2.callback())); + EXPECT_EQ(OK, + request2.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback2.callback())); std::unique_ptr stream2 = CreateStream(&request2); EXPECT_TRUE(stream2.get()); @@ -5995,12 +5911,10 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorMixedStreams2( crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); int packet_number = 1; - MockQuicData socket_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data.AddWrite( - SYNCHRONOUS, - ConstructInitialSettingsPacket(packet_number++, &header_stream_offset)); + socket_data.AddWrite(SYNCHRONOUS, + ConstructInitialSettingsPacket(packet_number++)); socket_data.AddWrite(write_error_mode, ERR_ADDRESS_UNREACHABLE); // Write error. socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -6008,25 +5922,25 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorMixedStreams2( // Set up second socket data provider that is used after // migration. The request is rewritten to this new socket, and the // response to the request is read on this new socket. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); // The packet triggered writer error will be sent anyway even if the stream // will be cancelled later. socket_data1.AddWrite( SYNCHRONOUS, ConstructGetRequestPacket(packet_number++, GetNthClientInitiatedBidirectionalStreamId(1), - true, true, &header_stream_offset)); + true, true)); socket_data1.AddWrite( SYNCHRONOUS, client_maker_.MakeRstPacket(packet_number++, true, GetNthClientInitiatedBidirectionalStreamId(1), - quic::QUIC_STREAM_CANCELLED, 0, + quic::QUIC_STREAM_CANCELLED, /*include_stop_sending_if_v99=*/true)); socket_data1.AddWrite( SYNCHRONOUS, ConstructGetRequestPacket(packet_number++, GetNthClientInitiatedBidirectionalStreamId(0), - true, true, &header_stream_offset)); + true, true)); socket_data1.AddRead( ASYNC, ConstructOkResponsePacket( @@ -6043,8 +5957,8 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorMixedStreams2( QuicStreamRequest request1(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request1.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -6063,12 +5977,12 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorMixedStreams2( // Second request returns synchronously because it pools to existing session. TestCompletionCallback callback2; QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(host_port_pair_, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback2.callback())); + EXPECT_EQ(OK, + request2.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback2.callback())); std::unique_ptr stream2 = CreateStream(&request2); EXPECT_TRUE(stream2.get()); @@ -6133,20 +6047,18 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorNonMigratableStream( DVLOG(1) << "Write error mode: " << ((write_error_mode == SYNCHRONOUS) ? "SYNCHRONOUS" : "ASYNC"); DVLOG(1) << "Migrate idle sessions: " << migrate_idle_sessions; - test_params_.quic_migrate_idle_sessions = migrate_idle_sessions; + test_params_.quic_params.migrate_idle_sessions = migrate_idle_sessions; InitializeConnectionMigrationV2Test( {kDefaultNetworkForTests, kNewNetworkForTests}); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData failed_socket_data; - MockQuicData socket_data; + MockQuicData failed_socket_data(version_); + MockQuicData socket_data(version_); if (migrate_idle_sessions) { - quic::QuicStreamOffset header_stream_offset = 0; // The socket data provider for the original socket before migration. failed_socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - failed_socket_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + failed_socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); failed_socket_data.AddWrite(write_error_mode, ERR_ADDRESS_UNREACHABLE); failed_socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -6156,9 +6068,9 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorNonMigratableStream( // non-migratable stream and the stream will be cancelled during migration, // the packet will still be retransimitted at the connection level. socket_data.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); // A RESET will be sent to the peer to cancel the non-migratable stream. socket_data.AddWrite( SYNCHRONOUS, client_maker_.MakeRstPacket( @@ -6176,8 +6088,8 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorNonMigratableStream( QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -6253,7 +6165,7 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorMigrationDisabled( ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddWrite(write_error_mode, ERR_ADDRESS_UNREACHABLE); @@ -6263,8 +6175,8 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorMigrationDisabled( QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -6343,25 +6255,23 @@ void QuicStreamFactoryTestBase::TestMigrationOnMultipleWriteErrors( // Set up the socket data used by the original network, which encounters a // write erorr. - MockQuicData socket_data1; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData socket_data1(version_); socket_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data1.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + socket_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data1.AddWrite(write_error_mode_on_old_network, ERR_ADDRESS_UNREACHABLE); // Write Error socket_data1.AddSocketDataToFactory(socket_factory_.get()); // Set up the socket data used by the alternate network, which also // encounters a write error. - MockQuicData failed_quic_data2; + MockQuicData failed_quic_data2(version_); failed_quic_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); failed_quic_data2.AddWrite(write_error_mode_on_new_network, ERR_FAILED); failed_quic_data2.AddSocketDataToFactory(socket_factory_.get()); // Set up the third socket data used by original network, which encounters a // write error again. - MockQuicData failed_quic_data1; + MockQuicData failed_quic_data1(version_); failed_quic_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); failed_quic_data1.AddWrite(write_error_mode_on_old_network, ERR_FAILED); failed_quic_data1.AddSocketDataToFactory(socket_factory_.get()); @@ -6369,11 +6279,11 @@ void QuicStreamFactoryTestBase::TestMigrationOnMultipleWriteErrors( // Set up the last socket data used by the alternate network, which will // finish migration successfully. The request is rewritten to this new socket, // and the response to the request is read on this socket. - MockQuicData socket_data2; + MockQuicData socket_data2(version_); socket_data2.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data2.AddRead( ASYNC, ConstructOkResponsePacket( @@ -6389,8 +6299,8 @@ void QuicStreamFactoryTestBase::TestMigrationOnMultipleWriteErrors( QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -6475,7 +6385,7 @@ TEST_P(QuicStreamFactoryTest, NoMigrationBeforeHandshakeOnNetworkDisconnected) { crypto_client_stream_factory_.set_handshake_mode( MockCryptoClientStream::COLD_START_WITH_CHLO_SENT); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(ASYNC, client_maker_.MakeDummyCHLOPacket(1)); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -6484,8 +6394,8 @@ TEST_P(QuicStreamFactoryTest, NoMigrationBeforeHandshakeOnNetworkDisconnected) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); // Deliver the network notification, which should cause the connection to be @@ -6511,11 +6421,9 @@ void QuicStreamFactoryTestBase:: crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddWrite(SYNCHRONOUS, ERR_ADDRESS_UNREACHABLE); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -6523,8 +6431,8 @@ void QuicStreamFactoryTestBase:: QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -6548,11 +6456,11 @@ void QuicStreamFactoryTestBase:: // Set up second socket data provider that is used after // migration. The request is rewritten to this new socket, and the // response to the request is read on this new socket. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data1.AddRead( ASYNC, ConstructOkResponsePacket( @@ -6645,11 +6553,9 @@ void QuicStreamFactoryTestBase:: crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddWrite(SYNCHRONOUS, ERR_ADDRESS_UNREACHABLE); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -6657,8 +6563,8 @@ void QuicStreamFactoryTestBase:: QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -6682,11 +6588,11 @@ void QuicStreamFactoryTestBase:: // Set up second socket data provider that is used after // migration. The request is rewritten to this new socket, and the // response to the request is read on this new socket. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data1.AddRead( ASYNC, ConstructOkResponsePacket( @@ -6785,11 +6691,9 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorPauseBeforeConnected( // Use the test task runner. QuicStreamFactoryPeer::SetTaskRunner(factory_.get(), runner_.get()); - MockQuicData socket_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. - socket_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddWrite(write_error_mode, ERR_FAILED); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -6797,8 +6701,8 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorPauseBeforeConnected( QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -6833,11 +6737,11 @@ void QuicStreamFactoryTestBase::TestMigrationOnWriteErrorPauseBeforeConnected( // Set up second socket data provider that is used after migration. // The response to the earlier request is read on this new socket. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data1.AddRead( ASYNC, ConstructOkResponsePacket( @@ -6915,12 +6819,13 @@ TEST_P(QuicStreamFactoryTest, IgnoreWriteErrorFromOldWriterAfterMigration) { auto task_runner = base::MakeRefCounted(); QuicStreamFactoryPeer::SetTaskRunner(factory_.get(), task_runner.get()); - MockQuicData socket_data; - quic::QuicStreamOffset header_stream_offset = 0; - socket_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData socket_data(version_); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause - socket_data.AddWrite(ASYNC, ERR_ADDRESS_UNREACHABLE); + socket_data.AddWrite( + ASYNC, ERR_ADDRESS_UNREACHABLE, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -6928,8 +6833,8 @@ TEST_P(QuicStreamFactoryTest, IgnoreWriteErrorFromOldWriterAfterMigration) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -6952,7 +6857,7 @@ TEST_P(QuicStreamFactoryTest, IgnoreWriteErrorFromOldWriterAfterMigration) { // Set up second socket data provider that is used after // migration. The response to the request is read on this new socket. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddWrite( SYNCHRONOUS, client_maker_.MakePingPacket(3, /*include_version=*/true)); socket_data1.AddRead( @@ -7020,10 +6925,8 @@ TEST_P(QuicStreamFactoryTest, IgnoreReadErrorFromOldReaderAfterMigration) { auto task_runner = base::MakeRefCounted(); QuicStreamFactoryPeer::SetTaskRunner(factory_.get(), task_runner.get()); - MockQuicData socket_data; - quic::QuicStreamOffset header_stream_offset = 0; - socket_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData socket_data(version_); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause socket_data.AddRead(ASYNC, ERR_ADDRESS_UNREACHABLE); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -7032,8 +6935,8 @@ TEST_P(QuicStreamFactoryTest, IgnoreReadErrorFromOldReaderAfterMigration) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -7057,13 +6960,13 @@ TEST_P(QuicStreamFactoryTest, IgnoreReadErrorFromOldReaderAfterMigration) { // Set up second socket data provider that is used after // migration. The request is written to this new socket, and the // response to the request is read on this new socket. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddWrite( SYNCHRONOUS, client_maker_.MakePingPacket(2, /*include_version=*/true)); socket_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 3, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 3, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data1.AddRead( ASYNC, ConstructOkResponsePacket( @@ -7134,10 +7037,8 @@ TEST_P(QuicStreamFactoryTest, IgnoreReadErrorOnOldReaderDuringMigration) { auto task_runner = base::MakeRefCounted(); QuicStreamFactoryPeer::SetTaskRunner(factory_.get(), task_runner.get()); - MockQuicData socket_data; - quic::QuicStreamOffset header_stream_offset = 0; - socket_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData socket_data(version_); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause socket_data.AddRead(ASYNC, ERR_ADDRESS_UNREACHABLE); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -7146,8 +7047,8 @@ TEST_P(QuicStreamFactoryTest, IgnoreReadErrorOnOldReaderDuringMigration) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -7171,13 +7072,13 @@ TEST_P(QuicStreamFactoryTest, IgnoreReadErrorOnOldReaderDuringMigration) { // Set up second socket data provider that is used after // migration. The request is written to this new socket, and the // response to the request is read on this new socket. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddWrite( SYNCHRONOUS, client_maker_.MakePingPacket(2, /*include_version=*/true)); socket_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 3, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 3, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data1.AddRead( ASYNC, ConstructOkResponsePacket( @@ -7250,10 +7151,8 @@ TEST_P(QuicStreamFactoryTest, DefaultRetransmittableOnWireTimeoutForMigration) { factory_.get(), std::make_unique(task_runner.get(), &clock_)); - MockQuicData socket_data; - quic::QuicStreamOffset header_stream_offset = 0; - socket_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData socket_data(version_); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause socket_data.AddRead(ASYNC, ERR_ADDRESS_UNREACHABLE); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -7261,36 +7160,24 @@ TEST_P(QuicStreamFactoryTest, DefaultRetransmittableOnWireTimeoutForMigration) { // Set up second socket data provider that is used after // migration. The request is written to this new socket, and the // response to the request is read on this new socket. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); // The PING packet sent post migration. socket_data1.AddWrite(SYNCHRONOUS, client_maker_.MakePingPacket(2, true)); socket_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 3, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 3, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data1.AddRead(ASYNC, ERR_IO_PENDING); // Pause. // Read two packets so that client will send ACK immedaitely. - spdy::SpdyHeaderBlock response_headers = - server_maker_.GetResponseHeaders("200 OK"); - response_headers["key1"] = std::string(2000, 'A'); - spdy::SpdyHeadersIR headers_frame( - GetNthClientInitiatedBidirectionalStreamId(0), - std::move(response_headers)); - spdy::SpdyFramer response_framer(spdy::SpdyFramer::ENABLE_COMPRESSION); - spdy::SpdySerializedFrame spdy_frame = - response_framer.SerializeFrame(headers_frame); - size_t chunk_size = 1200; - unsigned int packet_number = 1; - for (size_t offset = 0; offset < spdy_frame.size(); offset += chunk_size) { - size_t len = std::min(chunk_size, spdy_frame.size() - offset); - socket_data1.AddRead( - ASYNC, - server_maker_.MakeDataPacket( - packet_number++, - quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - false, false, offset, - base::StringPiece(spdy_frame.data() + offset, len))); - } + socket_data1.AddRead( + ASYNC, + ConstructOkResponsePacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false)); + socket_data1.AddRead( + ASYNC, server_maker_.MakeDataPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, + base::StringPiece("Hello World"))); + // Read an ACK from server which acks all client data. socket_data1.AddRead(SYNCHRONOUS, server_maker_.MakeAckPacket(3, 3, 1, 1, false)); @@ -7302,7 +7189,7 @@ TEST_P(QuicStreamFactoryTest, DefaultRetransmittableOnWireTimeoutForMigration) { socket_data1.AddRead( ASYNC, ConstructServerDataPacket( 3, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); socket_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read. socket_data1.AddWrite( SYNCHRONOUS, client_maker_.MakeRstPacket( @@ -7314,8 +7201,8 @@ TEST_P(QuicStreamFactoryTest, DefaultRetransmittableOnWireTimeoutForMigration) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -7356,17 +7243,18 @@ TEST_P(QuicStreamFactoryTest, DefaultRetransmittableOnWireTimeoutForMigration) { base::RunLoop().RunUntilIdle(); // Ack delay time. - int delay = task_runner->NextPendingTaskDelay().InMilliseconds(); - EXPECT_GT(kDefaultRetransmittableOnWireTimeoutMillisecs, delay); + base::TimeDelta delay = task_runner->NextPendingTaskDelay(); + EXPECT_GT(kDefaultRetransmittableOnWireTimeout, delay); // Fire the ack alarm, since ack has been sent, no ack will be sent. - clock_.AdvanceTime(quic::QuicTime::Delta::FromMilliseconds(delay)); + clock_.AdvanceTime( + quic::QuicTime::Delta::FromMilliseconds(delay.InMilliseconds())); task_runner->FastForwardBy(task_runner->NextPendingTaskDelay()); // Fire the ping alarm with retransmittable-on-wire timeout, send PING. - delay = kDefaultRetransmittableOnWireTimeoutMillisecs - delay; - EXPECT_EQ(base::TimeDelta::FromMilliseconds(delay), - task_runner->NextPendingTaskDelay()); - clock_.AdvanceTime(quic::QuicTime::Delta::FromMilliseconds(delay)); + delay = kDefaultRetransmittableOnWireTimeout - delay; + EXPECT_EQ(delay, task_runner->NextPendingTaskDelay()); + clock_.AdvanceTime( + quic::QuicTime::Delta::FromMilliseconds(delay.InMilliseconds())); task_runner->FastForwardBy(task_runner->NextPendingTaskDelay()); socket_data1.Resume(); @@ -7394,8 +7282,9 @@ TEST_P(QuicStreamFactoryTest, DefaultRetransmittableOnWireTimeoutForMigration) { // enabled, and a custom retransmittable on wire timeout is specified, the // custom value is used. TEST_P(QuicStreamFactoryTest, CustomRetransmittableOnWireTimeoutForMigration) { - int custom_timeout_value = 200; - test_params_.quic_retransmittable_on_wire_timeout_milliseconds = + constexpr base::TimeDelta custom_timeout_value = + base::TimeDelta::FromMilliseconds(200); + test_params_.quic_params.retransmittable_on_wire_timeout = custom_timeout_value; InitializeConnectionMigrationV2Test( {kDefaultNetworkForTests, kNewNetworkForTests}); @@ -7410,10 +7299,8 @@ TEST_P(QuicStreamFactoryTest, CustomRetransmittableOnWireTimeoutForMigration) { factory_.get(), std::make_unique(task_runner.get(), &clock_)); - MockQuicData socket_data; - quic::QuicStreamOffset header_stream_offset = 0; - socket_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData socket_data(version_); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause socket_data.AddRead(ASYNC, ERR_ADDRESS_UNREACHABLE); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -7421,36 +7308,23 @@ TEST_P(QuicStreamFactoryTest, CustomRetransmittableOnWireTimeoutForMigration) { // Set up second socket data provider that is used after // migration. The request is written to this new socket, and the // response to the request is read on this new socket. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); // The PING packet sent post migration. socket_data1.AddWrite(SYNCHRONOUS, client_maker_.MakePingPacket(2, true)); socket_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 3, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 3, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data1.AddRead(ASYNC, ERR_IO_PENDING); // Pause. // Read two packets so that client will send ACK immedaitely. - spdy::SpdyHeaderBlock response_headers = - server_maker_.GetResponseHeaders("200 OK"); - response_headers["key1"] = std::string(2000, 'A'); - spdy::SpdyHeadersIR headers_frame( - GetNthClientInitiatedBidirectionalStreamId(0), - std::move(response_headers)); - spdy::SpdyFramer response_framer(spdy::SpdyFramer::ENABLE_COMPRESSION); - spdy::SpdySerializedFrame spdy_frame = - response_framer.SerializeFrame(headers_frame); - size_t chunk_size = 1200; - unsigned int packet_number = 1; - for (size_t offset = 0; offset < spdy_frame.size(); offset += chunk_size) { - size_t len = std::min(chunk_size, spdy_frame.size() - offset); - socket_data1.AddRead( - ASYNC, - server_maker_.MakeDataPacket( - packet_number++, - quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - false, false, offset, - base::StringPiece(spdy_frame.data() + offset, len))); - } + socket_data1.AddRead( + ASYNC, + ConstructOkResponsePacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false)); + socket_data1.AddRead( + ASYNC, server_maker_.MakeDataPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, + base::StringPiece("Hello World"))); // Read an ACK from server which acks all client data. socket_data1.AddRead(SYNCHRONOUS, server_maker_.MakeAckPacket(3, 3, 1, 1, false)); @@ -7462,7 +7336,7 @@ TEST_P(QuicStreamFactoryTest, CustomRetransmittableOnWireTimeoutForMigration) { socket_data1.AddRead( ASYNC, ConstructServerDataPacket( 3, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); socket_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read. socket_data1.AddWrite( SYNCHRONOUS, client_maker_.MakeRstPacket( @@ -7474,8 +7348,8 @@ TEST_P(QuicStreamFactoryTest, CustomRetransmittableOnWireTimeoutForMigration) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -7516,17 +7390,18 @@ TEST_P(QuicStreamFactoryTest, CustomRetransmittableOnWireTimeoutForMigration) { base::RunLoop().RunUntilIdle(); // Ack delay time. - int delay = task_runner->NextPendingTaskDelay().InMilliseconds(); + base::TimeDelta delay = task_runner->NextPendingTaskDelay(); EXPECT_GT(custom_timeout_value, delay); // Fire the ack alarm, since ack has been sent, no ack will be sent. - clock_.AdvanceTime(quic::QuicTime::Delta::FromMilliseconds(delay)); + clock_.AdvanceTime( + quic::QuicTime::Delta::FromMilliseconds(delay.InMilliseconds())); task_runner->FastForwardBy(task_runner->NextPendingTaskDelay()); // Fire the ping alarm with retransmittable-on-wire timeout, send PING. delay = custom_timeout_value - delay; - EXPECT_EQ(base::TimeDelta::FromMilliseconds(delay), - task_runner->NextPendingTaskDelay()); - clock_.AdvanceTime(quic::QuicTime::Delta::FromMilliseconds(delay)); + EXPECT_EQ(delay, task_runner->NextPendingTaskDelay()); + clock_.AdvanceTime( + quic::QuicTime::Delta::FromMilliseconds(delay.InMilliseconds())); task_runner->FastForwardBy(task_runner->NextPendingTaskDelay()); socket_data1.Resume(); @@ -7554,8 +7429,9 @@ TEST_P(QuicStreamFactoryTest, CustomRetransmittableOnWireTimeoutForMigration) { // retransmittable-on-wire timeout is specified, the ping alarm is set up to // send retransmittable pings with the custom value. TEST_P(QuicStreamFactoryTest, CustomRetransmittableOnWireTimeout) { - int custom_timeout_value = 200; - test_params_.quic_retransmittable_on_wire_timeout_milliseconds = + constexpr base::TimeDelta custom_timeout_value = + base::TimeDelta::FromMilliseconds(200); + test_params_.quic_params.retransmittable_on_wire_timeout = custom_timeout_value; Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -7569,37 +7445,22 @@ TEST_P(QuicStreamFactoryTest, CustomRetransmittableOnWireTimeout) { factory_.get(), std::make_unique(task_runner.get(), &clock_)); - MockQuicData socket_data1; - quic::QuicStreamOffset header_stream_offset = 0; - socket_data1.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData socket_data1(version_); + socket_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data1.AddRead(ASYNC, ERR_IO_PENDING); // Pause. // Read two packets so that client will send ACK immedaitely. - spdy::SpdyHeaderBlock response_headers = - server_maker_.GetResponseHeaders("200 OK"); - response_headers["key1"] = std::string(2000, 'A'); - spdy::SpdyHeadersIR headers_frame( - GetNthClientInitiatedBidirectionalStreamId(0), - std::move(response_headers)); - spdy::SpdyFramer response_framer(spdy::SpdyFramer::ENABLE_COMPRESSION); - spdy::SpdySerializedFrame spdy_frame = - response_framer.SerializeFrame(headers_frame); - size_t chunk_size = 1200; - unsigned int packet_number = 1; - for (size_t offset = 0; offset < spdy_frame.size(); offset += chunk_size) { - size_t len = std::min(chunk_size, spdy_frame.size() - offset); - socket_data1.AddRead( - ASYNC, - server_maker_.MakeDataPacket( - packet_number++, - quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - false, false, offset, - base::StringPiece(spdy_frame.data() + offset, len))); - } + socket_data1.AddRead( + ASYNC, + ConstructOkResponsePacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false)); + socket_data1.AddRead( + ASYNC, server_maker_.MakeDataPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, + base::StringPiece("Hello World"))); // Read an ACK from server which acks all client data. socket_data1.AddRead(SYNCHRONOUS, server_maker_.MakeAckPacket(3, 2, 1, 1, false)); @@ -7611,7 +7472,7 @@ TEST_P(QuicStreamFactoryTest, CustomRetransmittableOnWireTimeout) { socket_data1.AddRead( ASYNC, ConstructServerDataPacket( 3, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); socket_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read. socket_data1.AddWrite( SYNCHRONOUS, client_maker_.MakeRstPacket( @@ -7623,8 +7484,8 @@ TEST_P(QuicStreamFactoryTest, CustomRetransmittableOnWireTimeout) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -7660,17 +7521,18 @@ TEST_P(QuicStreamFactoryTest, CustomRetransmittableOnWireTimeout) { base::RunLoop().RunUntilIdle(); // Ack delay time. - int delay = task_runner->NextPendingTaskDelay().InMilliseconds(); + base::TimeDelta delay = task_runner->NextPendingTaskDelay(); EXPECT_GT(custom_timeout_value, delay); // Fire the ack alarm, since ack has been sent, no ack will be sent. - clock_.AdvanceTime(quic::QuicTime::Delta::FromMilliseconds(delay)); + clock_.AdvanceTime( + quic::QuicTime::Delta::FromMilliseconds(delay.InMilliseconds())); task_runner->FastForwardBy(task_runner->NextPendingTaskDelay()); // Fire the ping alarm with retransmittable-on-wire timeout, send PING. delay = custom_timeout_value - delay; - EXPECT_EQ(base::TimeDelta::FromMilliseconds(delay), - task_runner->NextPendingTaskDelay()); - clock_.AdvanceTime(quic::QuicTime::Delta::FromMilliseconds(delay)); + EXPECT_EQ(delay, task_runner->NextPendingTaskDelay()); + clock_.AdvanceTime( + quic::QuicTime::Delta::FromMilliseconds(delay.InMilliseconds())); task_runner->FastForwardBy(task_runner->NextPendingTaskDelay()); socket_data1.Resume(); @@ -7707,37 +7569,22 @@ TEST_P(QuicStreamFactoryTest, NoRetransmittableOnWireTimeout) { factory_.get(), std::make_unique(task_runner.get(), &clock_)); - MockQuicData socket_data1; - quic::QuicStreamOffset header_stream_offset = 0; - socket_data1.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData socket_data1(version_); + socket_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data1.AddRead(ASYNC, ERR_IO_PENDING); // Pause. // Read two packets so that client will send ACK immedaitely. - spdy::SpdyHeaderBlock response_headers = - server_maker_.GetResponseHeaders("200 OK"); - response_headers["key1"] = std::string(2000, 'A'); - spdy::SpdyHeadersIR headers_frame( - GetNthClientInitiatedBidirectionalStreamId(0), - std::move(response_headers)); - spdy::SpdyFramer response_framer(spdy::SpdyFramer::ENABLE_COMPRESSION); - spdy::SpdySerializedFrame spdy_frame = - response_framer.SerializeFrame(headers_frame); - size_t chunk_size = 1200; - unsigned int packet_number = 1; - for (size_t offset = 0; offset < spdy_frame.size(); offset += chunk_size) { - size_t len = std::min(chunk_size, spdy_frame.size() - offset); - socket_data1.AddRead( - ASYNC, - server_maker_.MakeDataPacket( - packet_number++, - quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - false, false, offset, - base::StringPiece(spdy_frame.data() + offset, len))); - } + socket_data1.AddRead( + ASYNC, + ConstructOkResponsePacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false)); + socket_data1.AddRead( + ASYNC, server_maker_.MakeDataPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, + base::StringPiece("Hello World"))); // Read an ACK from server which acks all client data. socket_data1.AddRead(SYNCHRONOUS, server_maker_.MakeAckPacket(3, 2, 1, 1, false)); @@ -7746,7 +7593,7 @@ TEST_P(QuicStreamFactoryTest, NoRetransmittableOnWireTimeout) { socket_data1.AddRead( ASYNC, ConstructServerDataPacket( 3, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); socket_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read. socket_data1.AddWrite( SYNCHRONOUS, client_maker_.MakeRstPacket( @@ -7758,8 +7605,8 @@ TEST_P(QuicStreamFactoryTest, NoRetransmittableOnWireTimeout) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -7795,17 +7642,19 @@ TEST_P(QuicStreamFactoryTest, NoRetransmittableOnWireTimeout) { base::RunLoop().RunUntilIdle(); // Ack delay time. - int delay = task_runner->NextPendingTaskDelay().InMilliseconds(); - EXPECT_GT(kDefaultRetransmittableOnWireTimeoutMillisecs, delay); + base::TimeDelta delay = task_runner->NextPendingTaskDelay(); + EXPECT_GT(kDefaultRetransmittableOnWireTimeout, delay); // Fire the ack alarm, since ack has been sent, no ack will be sent. - clock_.AdvanceTime(quic::QuicTime::Delta::FromMilliseconds(delay)); + clock_.AdvanceTime( + quic::QuicTime::Delta::FromMilliseconds(delay.InMilliseconds())); task_runner->FastForwardBy(task_runner->NextPendingTaskDelay()); // Verify that the ping alarm is not set with any default value. - int wrong_delay = kDefaultRetransmittableOnWireTimeoutMillisecs - delay; - delay = task_runner->NextPendingTaskDelay().InMilliseconds(); + base::TimeDelta wrong_delay = kDefaultRetransmittableOnWireTimeout - delay; + delay = task_runner->NextPendingTaskDelay(); EXPECT_NE(wrong_delay, delay); - clock_.AdvanceTime(quic::QuicTime::Delta::FromMilliseconds(delay)); + clock_.AdvanceTime( + quic::QuicTime::Delta::FromMilliseconds(delay.InMilliseconds())); task_runner->FastForwardBy(task_runner->NextPendingTaskDelay()); // Verify that response headers on the migrated socket were delivered to the @@ -7829,10 +7678,11 @@ TEST_P(QuicStreamFactoryTest, NoRetransmittableOnWireTimeout) { // send retransmittable pings to the peer with custom value. TEST_P(QuicStreamFactoryTest, CustomeRetransmittableOnWireTimeoutWithMigrationOnNetworkChangeOnly) { - int custom_timeout_value = 200; - test_params_.quic_retransmittable_on_wire_timeout_milliseconds = + constexpr base::TimeDelta custom_timeout_value = + base::TimeDelta::FromMilliseconds(200); + test_params_.quic_params.retransmittable_on_wire_timeout = custom_timeout_value; - test_params_.quic_migrate_sessions_on_network_change_v2 = true; + test_params_.quic_params.migrate_sessions_on_network_change_v2 = true; Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); @@ -7845,37 +7695,22 @@ TEST_P(QuicStreamFactoryTest, factory_.get(), std::make_unique(task_runner.get(), &clock_)); - MockQuicData socket_data1; - quic::QuicStreamOffset header_stream_offset = 0; - socket_data1.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData socket_data1(version_); + socket_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data1.AddRead(ASYNC, ERR_IO_PENDING); // Pause. // Read two packets so that client will send ACK immedaitely. - spdy::SpdyHeaderBlock response_headers = - server_maker_.GetResponseHeaders("200 OK"); - response_headers["key1"] = std::string(2000, 'A'); - spdy::SpdyHeadersIR headers_frame( - GetNthClientInitiatedBidirectionalStreamId(0), - std::move(response_headers)); - spdy::SpdyFramer response_framer(spdy::SpdyFramer::ENABLE_COMPRESSION); - spdy::SpdySerializedFrame spdy_frame = - response_framer.SerializeFrame(headers_frame); - size_t chunk_size = 1200; - unsigned int packet_number = 1; - for (size_t offset = 0; offset < spdy_frame.size(); offset += chunk_size) { - size_t len = std::min(chunk_size, spdy_frame.size() - offset); - socket_data1.AddRead( - ASYNC, - server_maker_.MakeDataPacket( - packet_number++, - quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - false, false, offset, - base::StringPiece(spdy_frame.data() + offset, len))); - } + socket_data1.AddRead( + ASYNC, + ConstructOkResponsePacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false)); + socket_data1.AddRead( + ASYNC, server_maker_.MakeDataPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, + base::StringPiece("Hello World"))); // Read an ACK from server which acks all client data. socket_data1.AddRead(SYNCHRONOUS, server_maker_.MakeAckPacket(3, 2, 1, 1, false)); @@ -7887,7 +7722,7 @@ TEST_P(QuicStreamFactoryTest, socket_data1.AddRead( ASYNC, ConstructServerDataPacket( 3, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); socket_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read. socket_data1.AddWrite( SYNCHRONOUS, client_maker_.MakeRstPacket( @@ -7899,8 +7734,8 @@ TEST_P(QuicStreamFactoryTest, QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -7936,17 +7771,18 @@ TEST_P(QuicStreamFactoryTest, base::RunLoop().RunUntilIdle(); // Ack delay time. - int delay = task_runner->NextPendingTaskDelay().InMilliseconds(); + base::TimeDelta delay = task_runner->NextPendingTaskDelay(); EXPECT_GT(custom_timeout_value, delay); // Fire the ack alarm, since ack has been sent, no ack will be sent. - clock_.AdvanceTime(quic::QuicTime::Delta::FromMilliseconds(delay)); + clock_.AdvanceTime( + quic::QuicTime::Delta::FromMilliseconds(delay.InMilliseconds())); task_runner->FastForwardBy(task_runner->NextPendingTaskDelay()); // Fire the ping alarm with retransmittable-on-wire timeout, send PING. delay = custom_timeout_value - delay; - EXPECT_EQ(base::TimeDelta::FromMilliseconds(delay), - task_runner->NextPendingTaskDelay()); - clock_.AdvanceTime(quic::QuicTime::Delta::FromMilliseconds(delay)); + EXPECT_EQ(delay, task_runner->NextPendingTaskDelay()); + clock_.AdvanceTime( + quic::QuicTime::Delta::FromMilliseconds(delay.InMilliseconds())); task_runner->FastForwardBy(task_runner->NextPendingTaskDelay()); socket_data1.Resume(); @@ -7972,7 +7808,7 @@ TEST_P(QuicStreamFactoryTest, // NOT send retransmittable pings to the peer with custom value. TEST_P(QuicStreamFactoryTest, NoRetransmittableOnWireTimeoutWithMigrationOnNetworkChangeOnly) { - test_params_.quic_migrate_sessions_on_network_change_v2 = true; + test_params_.quic_params.migrate_sessions_on_network_change_v2 = true; Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); @@ -7985,37 +7821,22 @@ TEST_P(QuicStreamFactoryTest, factory_.get(), std::make_unique(task_runner.get(), &clock_)); - MockQuicData socket_data1; - quic::QuicStreamOffset header_stream_offset = 0; - socket_data1.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData socket_data1(version_); + socket_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data1.AddRead(ASYNC, ERR_IO_PENDING); // Pause. // Read two packets so that client will send ACK immedaitely. - spdy::SpdyHeaderBlock response_headers = - server_maker_.GetResponseHeaders("200 OK"); - response_headers["key1"] = std::string(2000, 'A'); - spdy::SpdyHeadersIR headers_frame( - GetNthClientInitiatedBidirectionalStreamId(0), - std::move(response_headers)); - spdy::SpdyFramer response_framer(spdy::SpdyFramer::ENABLE_COMPRESSION); - spdy::SpdySerializedFrame spdy_frame = - response_framer.SerializeFrame(headers_frame); - size_t chunk_size = 1200; - unsigned int packet_number = 1; - for (size_t offset = 0; offset < spdy_frame.size(); offset += chunk_size) { - size_t len = std::min(chunk_size, spdy_frame.size() - offset); - socket_data1.AddRead( - ASYNC, - server_maker_.MakeDataPacket( - packet_number++, - quic::QuicUtils::GetHeadersStreamId(version_.transport_version), - false, false, offset, - base::StringPiece(spdy_frame.data() + offset, len))); - } + socket_data1.AddRead( + ASYNC, + ConstructOkResponsePacket( + 1, GetNthClientInitiatedBidirectionalStreamId(0), false, false)); + socket_data1.AddRead( + ASYNC, server_maker_.MakeDataPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), false, false, + base::StringPiece("Hello World"))); // Read an ACK from server which acks all client data. socket_data1.AddRead(SYNCHRONOUS, server_maker_.MakeAckPacket(3, 2, 1, 1, false)); @@ -8024,7 +7845,7 @@ TEST_P(QuicStreamFactoryTest, socket_data1.AddRead( ASYNC, ConstructServerDataPacket( 3, GetNthClientInitiatedBidirectionalStreamId(0), false, true, - 0, header + "hello!")); + header + "hello!")); socket_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // No more data to read. socket_data1.AddWrite( SYNCHRONOUS, client_maker_.MakeRstPacket( @@ -8036,8 +7857,8 @@ TEST_P(QuicStreamFactoryTest, QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -8073,17 +7894,19 @@ TEST_P(QuicStreamFactoryTest, base::RunLoop().RunUntilIdle(); // Ack delay time. - int delay = task_runner->NextPendingTaskDelay().InMilliseconds(); - EXPECT_GT(kDefaultRetransmittableOnWireTimeoutMillisecs, delay); + base::TimeDelta delay = task_runner->NextPendingTaskDelay(); + EXPECT_GT(kDefaultRetransmittableOnWireTimeout, delay); // Fire the ack alarm, since ack has been sent, no ack will be sent. - clock_.AdvanceTime(quic::QuicTime::Delta::FromMilliseconds(delay)); + clock_.AdvanceTime( + quic::QuicTime::Delta::FromMilliseconds(delay.InMilliseconds())); task_runner->FastForwardBy(task_runner->NextPendingTaskDelay()); // Verify ping alarm is not set with default value. - int wrong_delay = kDefaultRetransmittableOnWireTimeoutMillisecs - delay; - delay = task_runner->NextPendingTaskDelay().InMilliseconds(); + base::TimeDelta wrong_delay = kDefaultRetransmittableOnWireTimeout - delay; + delay = task_runner->NextPendingTaskDelay(); EXPECT_NE(wrong_delay, delay); - clock_.AdvanceTime(quic::QuicTime::Delta::FromMilliseconds(delay)); + clock_.AdvanceTime( + quic::QuicTime::Delta::FromMilliseconds(delay.InMilliseconds())); task_runner->FastForwardBy(task_runner->NextPendingTaskDelay()); // Verify that response headers on the migrated socket were delivered to the @@ -8117,10 +7940,8 @@ TEST_P(QuicStreamFactoryTest, auto task_runner = base::MakeRefCounted(); QuicStreamFactoryPeer::SetTaskRunner(factory_.get(), task_runner.get()); - MockQuicData socket_data; - quic::QuicStreamOffset header_stream_offset = 0; - socket_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + MockQuicData socket_data(version_); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddWrite(ASYNC, ERR_FAILED); // Write error. socket_data.AddRead(ASYNC, ERR_ADDRESS_UNREACHABLE); // Read error. socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -8129,8 +7950,8 @@ TEST_P(QuicStreamFactoryTest, QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -8154,11 +7975,12 @@ TEST_P(QuicStreamFactoryTest, // Set up second socket data provider that is used after // migration. The request is written to this new socket, and the // response to the request is read on this new socket. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); + client_maker_.set_coalesce_http_frames(true); socket_data1.AddRead( ASYNC, ConstructOkResponsePacket( @@ -8262,11 +8084,9 @@ void QuicStreamFactoryTestBase:: crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddWrite(write_error_mode, ERR_FAILED); // Write error. socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -8274,8 +8094,8 @@ void QuicStreamFactoryTestBase:: QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -8316,11 +8136,12 @@ void QuicStreamFactoryTestBase:: // Set up second socket data provider that is used after // migration. The request is rewritten to this new socket, and the // response to the request is read on this new socket. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); + client_maker_.set_coalesce_http_frames(true); socket_data1.AddRead( ASYNC, ConstructOkResponsePacket( @@ -8367,12 +8188,12 @@ void QuicStreamFactoryTestBase:: ->NotifyNetworkMadeDefault(kNewNetworkForTests); QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(host_port_pair_, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request2.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); std::unique_ptr stream2 = CreateStream(&request2); EXPECT_TRUE(stream2.get()); @@ -8393,7 +8214,7 @@ void QuicStreamFactoryTestBase:: // default network or the idle migration period threshold is exceeded. // The default threshold is 30s. TEST_P(QuicStreamFactoryTest, DefaultIdleMigrationPeriod) { - test_params_.quic_migrate_idle_sessions = true; + test_params_.quic_params.migrate_idle_sessions = true; InitializeConnectionMigrationV2Test( {kDefaultNetworkForTests, kNewNetworkForTests}); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -8405,13 +8226,13 @@ TEST_P(QuicStreamFactoryTest, DefaultIdleMigrationPeriod) { QuicStreamFactoryPeer::SetTickClock(factory_.get(), task_runner->GetMockTickClock()); - MockQuicData default_socket_data; + MockQuicData default_socket_data(version_); default_socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); default_socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); default_socket_data.AddSocketDataToFactory(socket_factory_.get()); // Set up second socket data provider that is used after migration. - MockQuicData alternate_socket_data; + MockQuicData alternate_socket_data(version_); alternate_socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. // Ping packet to send after migration. alternate_socket_data.AddWrite( @@ -8419,32 +8240,36 @@ TEST_P(QuicStreamFactoryTest, DefaultIdleMigrationPeriod) { alternate_socket_data.AddSocketDataToFactory(socket_factory_.get()); // Set up probing socket for migrating back to the default network. - MockQuicData quic_data; // retry count: 0. + MockQuicData quic_data(version_); // retry count: 0. quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. quic_data.AddWrite(SYNCHRONOUS, ERR_ADDRESS_UNREACHABLE); quic_data.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData quic_data1; // retry count: 1 + MockQuicData quic_data1(version_); // retry count: 1 quic_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. quic_data1.AddWrite(SYNCHRONOUS, ERR_ADDRESS_UNREACHABLE); quic_data1.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData quic_data2; // retry count: 2 + client_maker_.Reset(); + MockQuicData quic_data2(version_); // retry count: 2 quic_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. quic_data2.AddWrite(SYNCHRONOUS, ERR_ADDRESS_UNREACHABLE); quic_data2.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData quic_data3; // retry count: 3 + client_maker_.Reset(); + MockQuicData quic_data3(version_); // retry count: 3 quic_data3.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. quic_data3.AddWrite(SYNCHRONOUS, ERR_ADDRESS_UNREACHABLE); quic_data3.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData quic_data4; // retry count: 4 + client_maker_.Reset(); + MockQuicData quic_data4(version_); // retry count: 4 quic_data4.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. quic_data4.AddWrite(SYNCHRONOUS, ERR_ADDRESS_UNREACHABLE); quic_data4.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData quic_data5; // retry count: 5 + client_maker_.Reset(); + MockQuicData quic_data5(version_); // retry count: 5 quic_data5.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. quic_data5.AddWrite(SYNCHRONOUS, ERR_ADDRESS_UNREACHABLE); quic_data5.AddSocketDataToFactory(socket_factory_.get()); @@ -8453,8 +8278,8 @@ TEST_P(QuicStreamFactoryTest, DefaultIdleMigrationPeriod) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -8510,8 +8335,8 @@ TEST_P(QuicStreamFactoryTest, DefaultIdleMigrationPeriod) { TEST_P(QuicStreamFactoryTest, CustomIdleMigrationPeriod) { // The customized threshold is 15s. - test_params_.quic_migrate_idle_sessions = true; - test_params_.quic_idle_session_migration_period = + test_params_.quic_params.migrate_idle_sessions = true; + test_params_.quic_params.idle_session_migration_period = base::TimeDelta::FromSeconds(15); InitializeConnectionMigrationV2Test( {kDefaultNetworkForTests, kNewNetworkForTests}); @@ -8524,13 +8349,13 @@ TEST_P(QuicStreamFactoryTest, CustomIdleMigrationPeriod) { QuicStreamFactoryPeer::SetTickClock(factory_.get(), task_runner->GetMockTickClock()); - MockQuicData default_socket_data; + MockQuicData default_socket_data(version_); default_socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); default_socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); default_socket_data.AddSocketDataToFactory(socket_factory_.get()); // Set up second socket data provider that is used after migration. - MockQuicData alternate_socket_data; + MockQuicData alternate_socket_data(version_); alternate_socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. // Ping packet to send after migration. alternate_socket_data.AddWrite( @@ -8538,27 +8363,31 @@ TEST_P(QuicStreamFactoryTest, CustomIdleMigrationPeriod) { alternate_socket_data.AddSocketDataToFactory(socket_factory_.get()); // Set up probing socket for migrating back to the default network. - MockQuicData quic_data; // retry count: 0. + MockQuicData quic_data(version_); // retry count: 0. quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. quic_data.AddWrite(SYNCHRONOUS, ERR_ADDRESS_UNREACHABLE); quic_data.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData quic_data1; // retry count: 1 + client_maker_.Reset(); + MockQuicData quic_data1(version_); // retry count: 1 quic_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. quic_data1.AddWrite(SYNCHRONOUS, ERR_ADDRESS_UNREACHABLE); quic_data1.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData quic_data2; // retry count: 2 + client_maker_.Reset(); + MockQuicData quic_data2(version_); // retry count: 2 quic_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. quic_data2.AddWrite(SYNCHRONOUS, ERR_ADDRESS_UNREACHABLE); quic_data2.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData quic_data3; // retry count: 3 + client_maker_.Reset(); + MockQuicData quic_data3(version_); // retry count: 3 quic_data3.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. quic_data3.AddWrite(SYNCHRONOUS, ERR_ADDRESS_UNREACHABLE); quic_data3.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData quic_data4; // retry count: 4 + client_maker_.Reset(); + MockQuicData quic_data4(version_); // retry count: 4 quic_data4.AddRead(SYNCHRONOUS, ERR_IO_PENDING); // Hanging read. quic_data4.AddWrite(SYNCHRONOUS, ERR_ADDRESS_UNREACHABLE); quic_data4.AddSocketDataToFactory(socket_factory_.get()); @@ -8567,8 +8396,8 @@ TEST_P(QuicStreamFactoryTest, CustomIdleMigrationPeriod) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -8623,30 +8452,28 @@ TEST_P(QuicStreamFactoryTest, CustomIdleMigrationPeriod) { } TEST_P(QuicStreamFactoryTest, ServerMigration) { - test_params_.quic_allow_server_migration = true; + test_params_.quic_params.allow_server_migration = true; Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data1; - quic::QuicStreamOffset header_stream_offset = 0; + MockQuicData socket_data1(version_); socket_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); + socket_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data1.AddWrite( - SYNCHRONOUS, ConstructInitialSettingsPacket(1, &header_stream_offset)); - socket_data1.AddWrite( - SYNCHRONOUS, ConstructGetRequestPacket( - 2, GetNthClientInitiatedBidirectionalStreamId(0), true, - true, &header_stream_offset)); + SYNCHRONOUS, + ConstructGetRequestPacket( + 2, GetNthClientInitiatedBidirectionalStreamId(0), true, true)); socket_data1.AddSocketDataToFactory(socket_factory_.get()); // Create request and QuicHttpStream. QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -8681,7 +8508,7 @@ TEST_P(QuicStreamFactoryTest, ServerMigration) { // Set up second socket data provider that is used after // migration. The request is rewritten to this new socket, and the // response to the request is read on this new socket. - MockQuicData socket_data2; + MockQuicData socket_data2(version_); socket_data2.AddWrite( SYNCHRONOUS, client_maker_.MakePingPacket(3, /*include_version=*/true)); socket_data2.AddRead( @@ -8731,8 +8558,7 @@ TEST_P(QuicStreamFactoryTest, ServerMigrationIPv4ToIPv4) { // Add alternate IPv4 server address to config. IPEndPoint alt_address = IPEndPoint(IPAddress(1, 2, 3, 4), 123); quic::QuicConfig config; - config.SetAlternateServerAddressToSend( - quic::QuicSocketAddress(quic::QuicSocketAddressImpl(alt_address))); + config.SetAlternateServerAddressToSend(ToQuicSocketAddress(alt_address)); VerifyServerMigration(config, alt_address); } @@ -8744,8 +8570,7 @@ TEST_P(QuicStreamFactoryTest, ServerMigrationIPv6ToIPv6) { IPEndPoint alt_address = IPEndPoint( IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16), 123); quic::QuicConfig config; - config.SetAlternateServerAddressToSend( - quic::QuicSocketAddress(quic::QuicSocketAddressImpl(alt_address))); + config.SetAlternateServerAddressToSend(ToQuicSocketAddress(alt_address)); VerifyServerMigration(config, alt_address); } @@ -8756,15 +8581,14 @@ TEST_P(QuicStreamFactoryTest, ServerMigrationIPv6ToIPv4) { // Add alternate IPv4 server address to config. IPEndPoint alt_address = IPEndPoint(IPAddress(1, 2, 3, 4), 123); quic::QuicConfig config; - config.SetAlternateServerAddressToSend( - quic::QuicSocketAddress(quic::QuicSocketAddressImpl(alt_address))); + config.SetAlternateServerAddressToSend(ToQuicSocketAddress(alt_address)); IPEndPoint expected_address( ConvertIPv4ToIPv4MappedIPv6(alt_address.address()), alt_address.port()); VerifyServerMigration(config, expected_address); } TEST_P(QuicStreamFactoryTest, ServerMigrationIPv4ToIPv6Fails) { - test_params_.quic_allow_server_migration = true; + test_params_.quic_params.allow_server_migration = true; Initialize(); // Add a resolver rule to make initial connection to an IPv4 address. @@ -8774,8 +8598,7 @@ TEST_P(QuicStreamFactoryTest, ServerMigrationIPv4ToIPv6Fails) { IPEndPoint alt_address = IPEndPoint( IPAddress(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16), 123); quic::QuicConfig config; - config.SetAlternateServerAddressToSend( - quic::QuicSocketAddress(quic::QuicSocketAddressImpl(alt_address))); + config.SetAlternateServerAddressToSend(ToQuicSocketAddress(alt_address)); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); @@ -8784,7 +8607,7 @@ TEST_P(QuicStreamFactoryTest, ServerMigrationIPv4ToIPv6Fails) { crypto_client_stream_factory_.SetConfig(config); // Set up only socket data provider. - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data1.AddWrite( @@ -8797,8 +8620,8 @@ TEST_P(QuicStreamFactoryTest, ServerMigrationIPv4ToIPv6Fails) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -8841,22 +8664,22 @@ TEST_P(QuicStreamFactoryTest, OnCertDBChanged) { crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData socket_data2; + client_maker_.Reset(); + MockQuicData socket_data2(version_); socket_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data2.AddWrite(SYNCHRONOUS, - ConstructInitialSettingsPacket(1, nullptr)); + socket_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data2.AddSocketDataToFactory(socket_factory_.get()); QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -8878,8 +8701,8 @@ TEST_P(QuicStreamFactoryTest, OnCertDBChanged) { QuicStreamRequest request2(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request2.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -8985,7 +8808,7 @@ TEST_P(QuicStreamFactoryTest, EnableNotLoadFromDiskCache) { QuicStreamFactoryPeer::SetTaskRunner(factory_.get(), runner_.get()); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -8996,12 +8819,12 @@ TEST_P(QuicStreamFactoryTest, EnableNotLoadFromDiskCache) { "192.168.0.1", ""); QuicStreamRequest request(factory_.get()); - EXPECT_EQ(OK, request.Request(host_port_pair_, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); // If we are waiting for disk cache, we would have posted a task. Verify that // the CancelWaitForDataReady task hasn't been posted. @@ -9014,7 +8837,8 @@ TEST_P(QuicStreamFactoryTest, EnableNotLoadFromDiskCache) { } TEST_P(QuicStreamFactoryTest, ReducePingTimeoutOnConnectionTimeOutOpenStreams) { - test_params_.quic_reduced_ping_timeout_seconds = 10; + test_params_.quic_params.reduced_ping_timeout = + base::TimeDelta::FromSeconds(10); Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); @@ -9022,15 +8846,15 @@ TEST_P(QuicStreamFactoryTest, ReducePingTimeoutOnConnectionTimeOutOpenStreams) { QuicStreamFactoryPeer::SetTaskRunner(factory_.get(), runner_.get()); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData socket_data2; + client_maker_.Reset(); + MockQuicData socket_data2(version_); socket_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); - socket_data2.AddWrite(SYNCHRONOUS, - ConstructInitialSettingsPacket(1, nullptr)); + socket_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data2.AddSocketDataToFactory(socket_factory_.get()); HostPortPair server2(kServer2HostName, kDefaultServerPort); @@ -9047,12 +8871,12 @@ TEST_P(QuicStreamFactoryTest, ReducePingTimeoutOnConnectionTimeOutOpenStreams) { EXPECT_EQ(quic::QuicTime::Delta::FromSeconds(quic::kPingTimeoutSecs), QuicStreamFactoryPeer::GetPingTimeout(factory_.get())); QuicStreamRequest request(factory_.get()); - EXPECT_EQ(OK, request.Request(host_port_pair_, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); QuicChromiumClientSession* session = GetActiveSession(host_port_pair_); EXPECT_EQ(quic::QuicTime::Delta::FromSeconds(quic::kPingTimeoutSecs), @@ -9085,12 +8909,12 @@ TEST_P(QuicStreamFactoryTest, ReducePingTimeoutOnConnectionTimeOutOpenStreams) { DVLOG(1) << "Create 2nd session and timeout with open stream"; TestCompletionCallback callback2; QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(server2, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url2_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback2.callback())); + EXPECT_EQ(OK, + request2.Request( + server2, version_, privacy_mode_, DEFAULT_PRIORITY, SocketTag(), + NetworkIsolationKey(), + /*cert_verify_flags=*/0, url2_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback2.callback())); QuicChromiumClientSession* session2 = GetActiveSession(server2); EXPECT_EQ(quic::QuicTime::Delta::FromSeconds(10), session2->connection()->ping_timeout()); @@ -9122,7 +8946,7 @@ TEST_P(QuicStreamFactoryTest, MaybeInitialize) { TEST_P(QuicStreamFactoryTest, StartCertVerifyJob) { Initialize(); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -9159,8 +8983,8 @@ TEST_P(QuicStreamFactoryTest, StartCertVerifyJob) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -9188,7 +9012,7 @@ TEST_P(QuicStreamFactoryTest, YieldAfterPackets) { crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); QuicStreamFactoryPeer::SetYieldAfterPackets(factory_.get(), 0); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ConstructClientConnectionClosePacket(1)); socket_data.AddRead(ASYNC, OK); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -9206,12 +9030,12 @@ TEST_P(QuicStreamFactoryTest, YieldAfterPackets) { "StartReading"); QuicStreamRequest request(factory_.get()); - EXPECT_EQ(OK, request.Request(host_port_pair_, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); // Call run_loop so that QuicChromiumPacketReader::OnReadComplete() gets // called. @@ -9237,7 +9061,7 @@ TEST_P(QuicStreamFactoryTest, YieldAfterDuration) { QuicStreamFactoryPeer::SetYieldAfterDuration( factory_.get(), quic::QuicTime::Delta::FromMilliseconds(-1)); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ConstructClientConnectionClosePacket(1)); socket_data.AddRead(ASYNC, OK); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -9255,12 +9079,12 @@ TEST_P(QuicStreamFactoryTest, YieldAfterDuration) { "StartReading"); QuicStreamRequest request(factory_.get()); - EXPECT_EQ(OK, request.Request(host_port_pair_, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); // Call run_loop so that QuicChromiumPacketReader::OnReadComplete() gets // called. @@ -9283,7 +9107,7 @@ TEST_P(QuicStreamFactoryTest, ServerPushSessionAffinity) { ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -9291,8 +9115,8 @@ TEST_P(QuicStreamFactoryTest, ServerPushSessionAffinity) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -9312,12 +9136,12 @@ TEST_P(QuicStreamFactoryTest, ServerPushSessionAffinity) { ->promised_by_url())[kDefaultUrl] = &promised; QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(host_port_pair_, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback_.callback())); + EXPECT_EQ(OK, + request2.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(1, QuicStreamFactoryPeer::GetNumPushStreamsCreated(factory_.get())); } @@ -9328,7 +9152,7 @@ TEST_P(QuicStreamFactoryTest, ServerPushPrivacyModeMismatch) { crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data1; + MockQuicData socket_data1(version_); socket_data1.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data1.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data1.AddWrite( @@ -9337,7 +9161,8 @@ TEST_P(QuicStreamFactoryTest, ServerPushPrivacyModeMismatch) { quic::QUIC_STREAM_CANCELLED)); socket_data1.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData socket_data2; + client_maker_.Reset(); + MockQuicData socket_data2(version_); socket_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -9345,8 +9170,8 @@ TEST_P(QuicStreamFactoryTest, ServerPushPrivacyModeMismatch) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -9373,8 +9198,8 @@ TEST_P(QuicStreamFactoryTest, ServerPushPrivacyModeMismatch) { QuicStreamRequest request2(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request2.Request( - host_port_pair_, version_.transport_version, - PRIVACY_MODE_ENABLED, DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, PRIVACY_MODE_ENABLED, + DEFAULT_PRIORITY, SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -9402,7 +9227,7 @@ TEST_P(QuicStreamFactoryTest, PoolByOrigin) { ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -9410,8 +9235,8 @@ TEST_P(QuicStreamFactoryTest, PoolByOrigin) { QuicStreamRequest request1(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request1.Request( - destination1, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + destination1, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -9422,12 +9247,12 @@ TEST_P(QuicStreamFactoryTest, PoolByOrigin) { // Second request returns synchronously because it pools to existing session. TestCompletionCallback callback2; QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(destination2, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url_, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback2.callback())); + EXPECT_EQ(OK, + request2.Request( + destination2, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback2.callback())); std::unique_ptr stream2 = CreateStream(&request2); EXPECT_TRUE(stream2.get()); @@ -9531,8 +9356,8 @@ TEST_P(QuicStreamFactoryWithDestinationTest, InvalidCertificate) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - destination, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + destination, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -9565,7 +9390,7 @@ TEST_P(QuicStreamFactoryWithDestinationTest, SharedCertificate) { MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); MockWrite writes[] = {MockWrite(SYNCHRONOUS, settings_packet->data(), settings_packet->length(), 1)}; std::unique_ptr sequenced_socket_data( @@ -9576,8 +9401,8 @@ TEST_P(QuicStreamFactoryWithDestinationTest, SharedCertificate) { QuicStreamRequest request1(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request1.Request( - destination, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + destination, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url1, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -9589,12 +9414,12 @@ TEST_P(QuicStreamFactoryWithDestinationTest, SharedCertificate) { // Second request returns synchronously because it pools to existing session. TestCompletionCallback callback2; QuicStreamRequest request2(factory_.get()); - EXPECT_EQ(OK, request2.Request(destination, version_.transport_version, - privacy_mode_, DEFAULT_PRIORITY, SocketTag(), - /*cert_verify_flags=*/0, url2, net_log_, - &net_error_details_, - failed_on_default_network_callback_, - callback2.callback())); + EXPECT_EQ(OK, + request2.Request( + destination, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url2, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback2.callback())); std::unique_ptr stream2 = CreateStream(&request2); EXPECT_TRUE(stream2.get()); @@ -9640,7 +9465,7 @@ TEST_P(QuicStreamFactoryWithDestinationTest, DifferentPrivacyMode) { MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); MockWrite writes[] = {MockWrite(SYNCHRONOUS, settings_packet->data(), settings_packet->length(), 1)}; std::unique_ptr sequenced_socket_data( @@ -9655,8 +9480,8 @@ TEST_P(QuicStreamFactoryWithDestinationTest, DifferentPrivacyMode) { QuicStreamRequest request1(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request1.Request( - destination, version_.transport_version, PRIVACY_MODE_DISABLED, - DEFAULT_PRIORITY, SocketTag(), + destination, version_, PRIVACY_MODE_DISABLED, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url1, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(OK, callback_.WaitForResult()); @@ -9668,8 +9493,8 @@ TEST_P(QuicStreamFactoryWithDestinationTest, DifferentPrivacyMode) { QuicStreamRequest request2(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request2.Request( - destination, version_.transport_version, PRIVACY_MODE_ENABLED, - DEFAULT_PRIORITY, SocketTag(), + destination, version_, PRIVACY_MODE_ENABLED, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url2, net_log_, &net_error_details_, failed_on_default_network_callback_, callback2.callback())); EXPECT_EQ(OK, callback2.WaitForResult()); @@ -9727,7 +9552,7 @@ TEST_P(QuicStreamFactoryWithDestinationTest, DisjointCertificate) { MockRead reads[] = {MockRead(SYNCHRONOUS, ERR_IO_PENDING, 0)}; std::unique_ptr settings_packet( - client_maker_.MakeInitialSettingsPacket(1, nullptr)); + client_maker_.MakeInitialSettingsPacket(1)); MockWrite writes[] = {MockWrite(SYNCHRONOUS, settings_packet->data(), settings_packet->length(), 1)}; std::unique_ptr sequenced_socket_data( @@ -9742,8 +9567,8 @@ TEST_P(QuicStreamFactoryWithDestinationTest, DisjointCertificate) { QuicStreamRequest request1(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request1.Request( - destination, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + destination, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url1, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_THAT(callback_.WaitForResult(), IsOk()); @@ -9755,8 +9580,8 @@ TEST_P(QuicStreamFactoryWithDestinationTest, DisjointCertificate) { QuicStreamRequest request2(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request2.Request( - destination, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + destination, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url2, net_log_, &net_error_details_, failed_on_default_network_callback_, callback2.callback())); EXPECT_THAT(callback2.WaitForResult(), IsOk()); @@ -9832,18 +9657,18 @@ TEST_P(QuicStreamFactoryTest, ClearCachedStatesInCryptoConfig) { // Passes connection options and client connection options to QuicStreamFactory, // then checks that its internal quic::QuicConfig is correct. TEST_P(QuicStreamFactoryTest, ConfigConnectionOptions) { - test_params_.quic_connection_options.push_back(quic::kTIME); - test_params_.quic_connection_options.push_back(quic::kTBBR); - test_params_.quic_connection_options.push_back(quic::kREJ); + test_params_.quic_params.connection_options.push_back(quic::kTIME); + test_params_.quic_params.connection_options.push_back(quic::kTBBR); + test_params_.quic_params.connection_options.push_back(quic::kREJ); - test_params_.quic_client_connection_options.push_back(quic::kTBBR); - test_params_.quic_client_connection_options.push_back(quic::k1RTT); + test_params_.quic_params.client_connection_options.push_back(quic::kTBBR); + test_params_.quic_params.client_connection_options.push_back(quic::k1RTT); Initialize(); const quic::QuicConfig* config = QuicStreamFactoryPeer::GetConfig(factory_.get()); - EXPECT_EQ(test_params_.quic_connection_options, + EXPECT_EQ(test_params_.quic_params.connection_options, config->SendConnectionOptions()); EXPECT_TRUE(config->HasClientRequestedIndependentOption( quic::kTBBR, quic::Perspective::IS_CLIENT)); @@ -9858,7 +9683,7 @@ TEST_P(QuicStreamFactoryTest, HostResolverUsesRequestPriority) { ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -9866,8 +9691,8 @@ TEST_P(QuicStreamFactoryTest, HostResolverUsesRequestPriority) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - MAXIMUM_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, MAXIMUM_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -9886,7 +9711,7 @@ TEST_P(QuicStreamFactoryTest, HostResolverRequestReprioritizedOnSetPriority) { ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -9894,8 +9719,8 @@ TEST_P(QuicStreamFactoryTest, HostResolverRequestReprioritizedOnSetPriority) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - MAXIMUM_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, MAXIMUM_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -9905,8 +9730,8 @@ TEST_P(QuicStreamFactoryTest, HostResolverRequestReprioritizedOnSetPriority) { QuicStreamRequest request2(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request2.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url2_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_EQ(DEFAULT_PRIORITY, host_resolver_->last_request_priority()); @@ -9917,12 +9742,14 @@ TEST_P(QuicStreamFactoryTest, HostResolverRequestReprioritizedOnSetPriority) { EXPECT_EQ(DEFAULT_PRIORITY, host_resolver_->request_priority(2)); } -// Passes |quic_max_time_before_crypto_handshake_seconds| and -// |quic_max_idle_time_before_crypto_handshake_seconds| to QuicStreamFactory, +// Passes |quic_max_time_before_crypto_handshake| and +// |quic_max_idle_time_before_crypto_handshake| to QuicStreamFactory, // checks that its internal quic::QuicConfig is correct. TEST_P(QuicStreamFactoryTest, ConfigMaxTimeBeforeCryptoHandshake) { - test_params_.quic_max_time_before_crypto_handshake_seconds = 11; - test_params_.quic_max_idle_time_before_crypto_handshake_seconds = 13; + test_params_.quic_params.max_time_before_crypto_handshake = + base::TimeDelta::FromSeconds(11); + test_params_.quic_params.max_idle_time_before_crypto_handshake = + base::TimeDelta::FromSeconds(13); Initialize(); const quic::QuicConfig* config = @@ -9942,7 +9769,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterHostResolutionCallbackAsyncSync) { host_resolver_->set_ondemand_mode(true); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_FAILED); socket_data.AddWrite(SYNCHRONOUS, ERR_FAILED); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -9950,8 +9777,8 @@ TEST_P(QuicStreamFactoryTest, ResultAfterHostResolutionCallbackAsyncSync) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -9995,7 +9822,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterHostResolutionCallbackAsyncAsync) { MockCryptoClientStream::ZERO_RTT); factory_->set_require_confirmation(true); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause socket_data.AddRead(ASYNC, ERR_FAILED); socket_data.AddWrite(ASYNC, ERR_FAILED); @@ -10004,8 +9831,8 @@ TEST_P(QuicStreamFactoryTest, ResultAfterHostResolutionCallbackAsyncAsync) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -10047,7 +9874,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterHostResolutionCallbackSyncSync) { host_resolver_->set_synchronous_mode(true); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_FAILED); socket_data.AddWrite(SYNCHRONOUS, ERR_FAILED); socket_data.AddSocketDataToFactory(socket_factory_.get()); @@ -10055,8 +9882,8 @@ TEST_P(QuicStreamFactoryTest, ResultAfterHostResolutionCallbackSyncSync) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_QUIC_PROTOCOL_ERROR, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -10084,7 +9911,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterHostResolutionCallbackSyncAsync) { MockCryptoClientStream::ZERO_RTT); factory_->set_require_confirmation(true); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(ASYNC, ERR_IO_PENDING); // Pause socket_data.AddRead(ASYNC, ERR_FAILED); socket_data.AddWrite(ASYNC, ERR_FAILED); @@ -10093,8 +9920,8 @@ TEST_P(QuicStreamFactoryTest, ResultAfterHostResolutionCallbackSyncAsync) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -10127,8 +9954,8 @@ TEST_P(QuicStreamFactoryTest, ResultAfterHostResolutionCallbackFailSync) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_NAME_NOT_RESOLVED, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -10153,8 +9980,8 @@ TEST_P(QuicStreamFactoryTest, ResultAfterHostResolutionCallbackFailAsync) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -10177,7 +10004,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterHostResolutionCallbackFailAsync) { // the final connection is established through the resolved DNS. No racing // connection. TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceAndHostResolutionSync) { - test_params_.quic_race_stale_dns_on_connection = true; + test_params_.quic_params.race_stale_dns_on_connection = true; host_resolver_ = std::make_unique(); Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -10199,15 +10026,15 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceAndHostResolutionSync) { // Expire the cache cache->Invalidate(); - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); quic_data.AddSocketDataToFactory(socket_factory_.get()); QuicStreamRequest request(factory_.get()); EXPECT_THAT(request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback()), IsOk()); @@ -10234,7 +10061,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceAndHostResolutionAsync) { host_resolver_->rules()->AddIPLiteralRule(host_port_pair_.host(), kNonCachedIPAddress, ""); - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); quic_data.AddSocketDataToFactory(socket_factory_.get()); @@ -10242,8 +10069,8 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceAndHostResolutionAsync) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); TestCompletionCallback host_resolution_callback; @@ -10270,7 +10097,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceAndHostResolutionAsync) { // With dns race experiment on, DNS resolve returns async, stale dns used, // connects synchrounously, and then the resolved DNS matches. TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceHostResolveAsyncStaleMatch) { - test_params_.quic_race_stale_dns_on_connection = true; + test_params_.quic_params.race_stale_dns_on_connection = true; host_resolver_ = std::make_unique(); Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -10292,7 +10119,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceHostResolveAsyncStaleMatch) { // Expire the cache cache->Invalidate(); - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); quic_data.AddSocketDataToFactory(socket_factory_.get()); @@ -10300,8 +10127,8 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceHostResolveAsyncStaleMatch) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -10328,7 +10155,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceHostResolveAsyncStaleMatch) { // async, and then the result matches. TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceHostResolveAsyncConnectAsyncStaleMatch) { - test_params_.quic_race_stale_dns_on_connection = true; + test_params_.quic_params.race_stale_dns_on_connection = true; host_resolver_ = std::make_unique(); Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -10353,7 +10180,7 @@ TEST_P(QuicStreamFactoryTest, // Expire the cache cache->Invalidate(); - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); quic_data.AddSocketDataToFactory(socket_factory_.get()); @@ -10361,8 +10188,8 @@ TEST_P(QuicStreamFactoryTest, QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -10395,7 +10222,7 @@ TEST_P(QuicStreamFactoryTest, // return, then connection finishes and matches with the result. TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceHostResolveAsyncStaleMatchConnectAsync) { - test_params_.quic_race_stale_dns_on_connection = true; + test_params_.quic_params.race_stale_dns_on_connection = true; host_resolver_ = std::make_unique(); Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -10420,7 +10247,7 @@ TEST_P(QuicStreamFactoryTest, // Expire the cache cache->Invalidate(); - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); quic_data.AddSocketDataToFactory(socket_factory_.get()); @@ -10428,8 +10255,8 @@ TEST_P(QuicStreamFactoryTest, QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -10458,7 +10285,7 @@ TEST_P(QuicStreamFactoryTest, // sync, but dns no match TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceHostResolveAsyncStaleSyncNoMatch) { - test_params_.quic_race_stale_dns_on_connection = true; + test_params_.quic_params.race_stale_dns_on_connection = true; host_resolver_ = std::make_unique(); Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -10481,7 +10308,7 @@ TEST_P(QuicStreamFactoryTest, cache->Invalidate(); // Socket for the stale connection which will invoke connection closure. - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); quic_data.AddWrite( @@ -10491,7 +10318,8 @@ TEST_P(QuicStreamFactoryTest, quic_data.AddSocketDataToFactory(socket_factory_.get()); // Socket for the new connection. - MockQuicData quic_data2; + client_maker_.Reset(); + MockQuicData quic_data2(version_); quic_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); quic_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); quic_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -10499,8 +10327,8 @@ TEST_P(QuicStreamFactoryTest, QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -10528,7 +10356,7 @@ TEST_P(QuicStreamFactoryTest, // With dns race experiment on, dns resolve async, stale used and connects // async, finishes before dns, but no match TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceStaleAsyncResolveAsyncNoMatch) { - test_params_.quic_race_stale_dns_on_connection = true; + test_params_.quic_params.race_stale_dns_on_connection = true; host_resolver_ = std::make_unique(); Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -10553,7 +10381,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceStaleAsyncResolveAsyncNoMatch) { // Expire the cache cache->Invalidate(); - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); quic_data.AddWrite( @@ -10562,15 +10390,16 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceStaleAsyncResolveAsyncNoMatch) { 2, true, quic::QUIC_STALE_CONNECTION_CANCELLED, "net error")); quic_data.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData quic_data2; + client_maker_.Reset(); + MockQuicData quic_data2(version_); quic_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); quic_data2.AddSocketDataToFactory(socket_factory_.get()); QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -10600,7 +10429,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceStaleAsyncResolveAsyncNoMatch) { // With dns race experiment on, dns resolve async, stale used and connects // async, dns finishes first, but no match TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceResolveAsyncStaleAsyncNoMatch) { - test_params_.quic_race_stale_dns_on_connection = true; + test_params_.quic_params.race_stale_dns_on_connection = true; host_resolver_ = std::make_unique(); Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -10625,7 +10454,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceResolveAsyncStaleAsyncNoMatch) { // Expire the cache cache->Invalidate(); - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); quic_data.AddWrite( @@ -10634,7 +10463,8 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceResolveAsyncStaleAsyncNoMatch) { 1, true, quic::QUIC_STALE_CONNECTION_CANCELLED, "net error")); quic_data.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData quic_data2; + client_maker_.Reset(); + MockQuicData quic_data2(version_); quic_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); quic_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); @@ -10643,8 +10473,8 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceResolveAsyncStaleAsyncNoMatch) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); // Finish dns resolution, but need to wait for stale connection. @@ -10669,7 +10499,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceResolveAsyncStaleAsyncNoMatch) { // With dns race experiment on, dns resolve returns error sync, same behavior // as experiment is not on TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceHostResolveError) { - test_params_.quic_race_stale_dns_on_connection = true; + test_params_.quic_params.race_stale_dns_on_connection = true; host_resolver_ = std::make_unique(); Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -10679,14 +10509,14 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceHostResolveError) { host_resolver_->set_synchronous_mode(true); host_resolver_->rules()->AddSimulatedFailure(host_port_pair_.host()); - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddSocketDataToFactory(socket_factory_.get()); QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_NAME_NOT_RESOLVED, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); } @@ -10694,7 +10524,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceHostResolveError) { // With dns race experiment on, no cache available, dns resolve returns error // async TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceHostResolveAsyncError) { - test_params_.quic_race_stale_dns_on_connection = true; + test_params_.quic_params.race_stale_dns_on_connection = true; host_resolver_ = std::make_unique(); Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -10704,14 +10534,14 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceHostResolveAsyncError) { host_resolver_->set_ondemand_mode(true); host_resolver_->rules()->AddSimulatedFailure(host_port_pair_.host()); - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddSocketDataToFactory(socket_factory_.get()); QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -10723,7 +10553,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceHostResolveAsyncError) { // With dns race experiment on, dns resolve async, staled used and connects // sync, dns returns error and no connection is established. TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceStaleSyncHostResolveError) { - test_params_.quic_race_stale_dns_on_connection = true; + test_params_.quic_params.race_stale_dns_on_connection = true; host_resolver_ = std::make_unique(); Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -10745,7 +10575,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceStaleSyncHostResolveError) { cache->Invalidate(); // Socket for the stale connection which is supposed to disconnect. - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); quic_data.AddWrite( @@ -10757,8 +10587,8 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceStaleSyncHostResolveError) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -10778,7 +10608,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceStaleSyncHostResolveError) { // return error, then dns matches. // This serves as a regression test for crbug.com/956374. TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceStaleErrorDNSMatches) { - test_params_.quic_race_stale_dns_on_connection = true; + test_params_.quic_params.race_stale_dns_on_connection = true; host_resolver_ = std::make_unique(); Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -10801,19 +10631,20 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceStaleErrorDNSMatches) { cache->Invalidate(); // Simulate synchronous connect failure. - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddConnect(SYNCHRONOUS, ERR_ADDRESS_IN_USE); quic_data.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData quic_data2; + client_maker_.Reset(); + MockQuicData quic_data2(version_); quic_data2.AddConnect(SYNCHRONOUS, ERR_ADDRESS_IN_USE); quic_data2.AddSocketDataToFactory(socket_factory_.get()); QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); EXPECT_FALSE(HasLiveSession(host_port_pair_)); @@ -10826,7 +10657,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceStaleErrorDNSMatches) { // With dns race experiment on, dns resolve async, stale used and connection // returns error, dns no match, new connection is established TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceStaleErrorDNSNoMatch) { - test_params_.quic_race_stale_dns_on_connection = true; + test_params_.quic_params.race_stale_dns_on_connection = true; host_resolver_ = std::make_unique(); Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -10849,11 +10680,12 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceStaleErrorDNSNoMatch) { cache->Invalidate(); // Add failure for the stale connection. - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddConnect(SYNCHRONOUS, ERR_ADDRESS_IN_USE); quic_data.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData quic_data2; + client_maker_.Reset(); + MockQuicData quic_data2(version_); quic_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); quic_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); quic_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -10861,8 +10693,8 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceStaleErrorDNSNoMatch) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -10888,7 +10720,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceStaleErrorDNSNoMatch) { // With dns race experiment on, dns resolve async, stale used and connection // returns error, dns no match, new connection error TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceStaleErrorDNSNoMatchError) { - test_params_.quic_race_stale_dns_on_connection = true; + test_params_.quic_params.race_stale_dns_on_connection = true; host_resolver_ = std::make_unique(); Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -10911,20 +10743,21 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceStaleErrorDNSNoMatchError) { cache->Invalidate(); // Add failure for stale connection. - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddConnect(SYNCHRONOUS, ERR_ADDRESS_IN_USE); quic_data.AddSocketDataToFactory(socket_factory_.get()); // Add failure for resolved dns connection. - MockQuicData quic_data2; + client_maker_.Reset(); + MockQuicData quic_data2(version_); quic_data2.AddConnect(SYNCHRONOUS, ERR_ADDRESS_IN_USE); quic_data2.AddSocketDataToFactory(socket_factory_.get()); QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -10940,7 +10773,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceStaleErrorDNSNoMatchError) { // With dns race experiment on, dns resolve async and stale connect async, dns // resolve returns error and then preconnect finishes TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceResolveAsyncErrorStaleAsync) { - test_params_.quic_race_stale_dns_on_connection = true; + test_params_.quic_params.race_stale_dns_on_connection = true; host_resolver_ = std::make_unique(); Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -10965,7 +10798,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceResolveAsyncErrorStaleAsync) { cache->Invalidate(); // Socket data for stale connection which is supposed to disconnect. - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); quic_data.AddWrite( @@ -10977,8 +10810,8 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceResolveAsyncErrorStaleAsync) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -10994,7 +10827,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceResolveAsyncErrorStaleAsync) { // resolve returns error and then preconnect fails. TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceResolveAsyncErrorStaleAsyncError) { - test_params_.quic_race_stale_dns_on_connection = true; + test_params_.quic_params.race_stale_dns_on_connection = true; host_resolver_ = std::make_unique(); Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -11018,7 +10851,7 @@ TEST_P(QuicStreamFactoryTest, // Expire the cache cache->Invalidate(); - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_ZERO_RTT); quic_data.AddWrite( @@ -11030,8 +10863,8 @@ TEST_P(QuicStreamFactoryTest, QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -11047,7 +10880,7 @@ TEST_P(QuicStreamFactoryTest, // With dns race experiment on, test that host resolution callback behaves // normal as experiment is not on TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceHostResolveAsync) { - test_params_.quic_race_stale_dns_on_connection = true; + test_params_.quic_params.race_stale_dns_on_connection = true; host_resolver_ = std::make_unique(); Initialize(); ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); @@ -11057,7 +10890,7 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceHostResolveAsync) { host_resolver_->rules()->AddIPLiteralRule(host_port_pair_.host(), kNonCachedIPAddress, ""); - MockQuicData quic_data; + MockQuicData quic_data(version_); quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); quic_data.AddSocketDataToFactory(socket_factory_.get()); @@ -11065,8 +10898,8 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceHostResolveAsync) { QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); @@ -11088,9 +10921,155 @@ TEST_P(QuicStreamFactoryTest, ResultAfterDNSRaceHostResolveAsync) { EXPECT_TRUE(quic_data.AllWriteDataConsumed()); } +// With stale dns and migration before handshake experiment on, migration failed +// after handshake confirmed, and then fresh resolve returns. +TEST_P(QuicStreamFactoryTest, StaleNetworkFailedAfterHandshake) { + test_params_.quic_params.race_stale_dns_on_connection = true; + host_resolver_ = std::make_unique(); + + InitializeConnectionMigrationV2Test( + {kDefaultNetworkForTests, kNewNetworkForTests}); + ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); + crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); + + // Set an address in resolver for asynchronous return. + host_resolver_->set_ondemand_mode(true); + host_resolver_->rules()->AddIPLiteralRule(host_port_pair_.host(), + kNonCachedIPAddress, ""); + + // Set up the same address in the stale resolver cache. + HostCache::Key key(host_port_pair_.host(), ADDRESS_FAMILY_UNSPECIFIED, 0); + HostCache::Entry entry(OK, + AddressList::CreateFromIPAddress(kCachedIPAddress, 0), + HostCache::Entry::SOURCE_DNS); + base::TimeDelta zero; + HostCache* cache = host_resolver_->GetHostCache(); + cache->Set(key, entry, base::TimeTicks::Now(), zero); + // Expire the cache + cache->Invalidate(); + + MockQuicData quic_data(version_); + quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); + quic_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); + quic_data.AddSocketDataToFactory(socket_factory_.get()); + + // Socket for the new connection. + client_maker_.Reset(); + MockQuicData quic_data2(version_); + quic_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); + quic_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); + quic_data2.AddSocketDataToFactory(socket_factory_.get()); + + QuicStreamRequest request(factory_.get()); + EXPECT_EQ(ERR_IO_PENDING, + request.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); + + // Check that the racing job is running. + EXPECT_TRUE(HasLiveSession(host_port_pair_)); + EXPECT_TRUE(HasActiveJob(host_port_pair_, privacy_mode_)); + + // By disconnecting the network, the stale session will be killed. + scoped_mock_network_change_notifier_->mock_network_change_notifier() + ->NotifyNetworkDisconnected(kDefaultNetworkForTests); + + host_resolver_->ResolveAllPending(); + EXPECT_THAT(callback_.WaitForResult(), IsOk()); + + std::unique_ptr stream = CreateStream(&request); + EXPECT_TRUE(stream.get()); + + QuicChromiumClientSession* session = GetActiveSession(host_port_pair_); + + EXPECT_EQ(session->peer_address().host().ToString(), kNonCachedIPAddress); + + EXPECT_TRUE(quic_data.AllReadDataConsumed()); + EXPECT_TRUE(quic_data.AllWriteDataConsumed()); + EXPECT_TRUE(quic_data2.AllReadDataConsumed()); + EXPECT_TRUE(quic_data2.AllWriteDataConsumed()); +} + +// With stale dns experiment on, the stale session is killed while waiting for +// handshake +TEST_P(QuicStreamFactoryTest, StaleNetworkFailedBeforeHandshake) { + test_params_.quic_params.race_stale_dns_on_connection = true; + host_resolver_ = std::make_unique(); + InitializeConnectionMigrationV2Test( + {kDefaultNetworkForTests, kNewNetworkForTests}); + ProofVerifyDetailsChromium verify_details = DefaultProofVerifyDetails(); + crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); + + // Set an address in resolver for asynchronous return. + host_resolver_->set_ondemand_mode(true); + factory_->set_require_confirmation(true); + crypto_client_stream_factory_.set_handshake_mode( + MockCryptoClientStream::ZERO_RTT); + host_resolver_->rules()->AddIPLiteralRule(host_port_pair_.host(), + kNonCachedIPAddress, ""); + + // Set up a different address in the stale resolvercache. + HostCache::Key key(host_port_pair_.host(), ADDRESS_FAMILY_UNSPECIFIED, 0); + HostCache::Entry entry(OK, + AddressList::CreateFromIPAddress(kCachedIPAddress, 0), + HostCache::Entry::SOURCE_DNS); + base::TimeDelta zero; + HostCache* cache = host_resolver_->GetHostCache(); + cache->Set(key, entry, base::TimeTicks::Now(), zero); + // Expire the cache + cache->Invalidate(); + + MockQuicData quic_data(version_); + quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); + quic_data.AddSocketDataToFactory(socket_factory_.get()); + + client_maker_.Reset(); + MockQuicData quic_data2(version_); + quic_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); + quic_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); + quic_data2.AddSocketDataToFactory(socket_factory_.get()); + + QuicStreamRequest request(factory_.get()); + EXPECT_EQ(ERR_IO_PENDING, + request.Request( + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), + /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, + failed_on_default_network_callback_, callback_.callback())); + + // Check that the racing job is running. + EXPECT_TRUE(HasLiveSession(host_port_pair_)); + EXPECT_TRUE(HasActiveJob(host_port_pair_, privacy_mode_)); + + // By disconnecting the network, the stale session will be killed. + scoped_mock_network_change_notifier_->mock_network_change_notifier() + ->NotifyNetworkDisconnected(kDefaultNetworkForTests); + + host_resolver_->ResolveAllPending(); + base::RunLoop().RunUntilIdle(); + // Make sure the fresh session is established. + crypto_client_stream_factory_.last_stream()->SendOnCryptoHandshakeEvent( + quic::QuicSession::HANDSHAKE_CONFIRMED); + EXPECT_THAT(callback_.WaitForResult(), IsOk()); + + std::unique_ptr stream = CreateStream(&request); + EXPECT_TRUE(stream.get()); + + QuicChromiumClientSession* session = GetActiveSession(host_port_pair_); + EXPECT_EQ(session->peer_address().host().ToString(), kNonCachedIPAddress); + + EXPECT_TRUE(quic_data.AllReadDataConsumed()); + EXPECT_TRUE(quic_data.AllWriteDataConsumed()); + EXPECT_TRUE(quic_data2.AllReadDataConsumed()); + EXPECT_TRUE(quic_data2.AllWriteDataConsumed()); +} + TEST_P(QuicStreamFactoryTest, ConfigInitialRttForHandshake) { - int kInitialRtt = 400; - test_params_.quic_initial_rtt_for_handshake_milliseconds = kInitialRtt; + constexpr base::TimeDelta kInitialRtt = + base::TimeDelta::FromMilliseconds(400); + test_params_.quic_params.initial_rtt_for_handshake = kInitialRtt; crypto_client_stream_factory_.set_handshake_mode( MockCryptoClientStream::COLD_START_WITH_CHLO_SENT); Initialize(); @@ -11106,19 +11085,20 @@ TEST_P(QuicStreamFactoryTest, ConfigInitialRttForHandshake) { factory_.get(), std::make_unique(task_runner.get(), &clock_)); - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(ASYNC, client_maker_.MakeDummyCHLOPacket(1)); socket_data.AddWrite(ASYNC, client_maker_.MakeDummyCHLOPacket(2)); client_maker_.SetEncryptionLevel(quic::ENCRYPTION_FORWARD_SECURE); - socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(3, 0)); + socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket(3)); + socket_data.AddSocketDataToFactory(socket_factory_.get()); QuicStreamRequest request(factory_.get()); EXPECT_EQ(ERR_IO_PENDING, request.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, SocketTag(), + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, + SocketTag(), NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback())); base::RunLoop().RunUntilIdle(); @@ -11127,19 +11107,18 @@ TEST_P(QuicStreamFactoryTest, ConfigInitialRttForHandshake) { EXPECT_TRUE(HasActiveJob(host_port_pair_, privacy_mode_)); // The pending task is scheduled for handshake timeout retransmission, - // which is 2 * 400ms for v99 and 1.5 * 400ms for others. - int handshake_timeout = version_.transport_version == quic::QUIC_VERSION_99 - ? 2 * kInitialRtt - : 1.5 * kInitialRtt; - EXPECT_EQ(base::TimeDelta::FromMilliseconds(handshake_timeout), - task_runner->NextPendingTaskDelay()); + // which is 2 * 400ms with crypto frames and 1.5 * 400ms otherwise. + base::TimeDelta handshake_timeout = + QuicVersionUsesCryptoFrames(version_.transport_version) + ? 2 * kInitialRtt + : 1.5 * kInitialRtt; + EXPECT_EQ(handshake_timeout, task_runner->NextPendingTaskDelay()); // The alarm factory dependes on |clock_|, so clock is advanced to trigger // retransmission alarm. - clock_.AdvanceTime( - quic::QuicTime::Delta::FromMilliseconds(handshake_timeout)); - task_runner->FastForwardBy( - base::TimeDelta::FromMilliseconds(handshake_timeout)); + clock_.AdvanceTime(quic::QuicTime::Delta::FromMilliseconds( + handshake_timeout.InMilliseconds())); + task_runner->FastForwardBy(handshake_timeout); crypto_client_stream_factory_.last_stream()->SendOnCryptoHandshakeEvent( quic::QuicSession::HANDSHAKE_CONFIRMED); @@ -11163,11 +11142,12 @@ TEST_P(QuicStreamFactoryTest, Tag) { crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details); // Prepare to establish two QUIC sessions. - MockQuicData socket_data; + MockQuicData socket_data(version_); socket_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data.AddSocketDataToFactory(socket_factory_.get()); - MockQuicData socket_data2; + client_maker_.Reset(); + MockQuicData socket_data2(version_); socket_data2.AddRead(SYNCHRONOUS, ERR_IO_PENDING); socket_data2.AddWrite(SYNCHRONOUS, ConstructInitialSettingsPacket()); socket_data2.AddSocketDataToFactory(socket_factory_.get()); @@ -11183,8 +11163,8 @@ TEST_P(QuicStreamFactoryTest, Tag) { // Request a stream with |tag1|. QuicStreamRequest request1(factory_.get()); int rv = request1.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, tag1, + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, tag1, + NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback()); EXPECT_THAT(callback_.GetResult(rv), IsOk()); @@ -11199,8 +11179,8 @@ TEST_P(QuicStreamFactoryTest, Tag) { // Request a stream with |tag1| and verify underlying session is reused. QuicStreamRequest request2(factory_.get()); rv = request2.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, tag1, + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, tag1, + NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback()); EXPECT_THAT(callback_.GetResult(rv), IsOk()); @@ -11213,8 +11193,8 @@ TEST_P(QuicStreamFactoryTest, Tag) { // Request a stream with |tag2| and verify a new session is created. QuicStreamRequest request3(factory_.get()); rv = request3.Request( - host_port_pair_, version_.transport_version, privacy_mode_, - DEFAULT_PRIORITY, tag2, + host_port_pair_, version_, privacy_mode_, DEFAULT_PRIORITY, tag2, + NetworkIsolationKey(), /*cert_verify_flags=*/0, url_, net_log_, &net_error_details_, failed_on_default_network_callback_, callback_.callback()); EXPECT_THAT(callback_.GetResult(rv), IsOk()); diff --git a/chromium/net/quic/quic_test_packet_maker.cc b/chromium/net/quic/quic_test_packet_maker.cc index 26dae2b6526..c2a246f0c43 100644 --- a/chromium/net/quic/quic_test_packet_maker.cc +++ b/chromium/net/quic/quic_test_packet_maker.cc @@ -8,7 +8,9 @@ #include #include "net/quic/mock_crypto_client_stream.h" +#include "net/quic/quic_chromium_client_session.h" #include "net/quic/quic_http_utils.h" +#include "net/third_party/quiche/src/quic/core/http/http_constants.h" #include "net/third_party/quiche/src/quic/core/quic_framer.h" #include "net/third_party/quiche/src/quic/core/quic_utils.h" #include "net/third_party/quiche/src/quic/test_tools/mock_random.h" @@ -25,8 +27,93 @@ quic::QuicAckFrame MakeAckFrame(uint64_t largest_observed) { return ack; } +quic::QuicFrames CloneFrames(const quic::QuicFrames& frames) { + quic::QuicFrames new_frames = frames; + for (auto& frame : new_frames) { + switch (frame.type) { + // Frames smaller than a pointer are inlined, so don't need to be cloned. + case quic::PADDING_FRAME: + case quic::MTU_DISCOVERY_FRAME: + case quic::PING_FRAME: + case quic::MAX_STREAMS_FRAME: + case quic::STOP_WAITING_FRAME: + case quic::STREAMS_BLOCKED_FRAME: + case quic::STREAM_FRAME: + break; + case quic::ACK_FRAME: + frame.ack_frame = new quic::QuicAckFrame(*frame.ack_frame); + break; + case quic::RST_STREAM_FRAME: + frame.rst_stream_frame = + new quic::QuicRstStreamFrame(*frame.rst_stream_frame); + break; + case quic::CONNECTION_CLOSE_FRAME: + frame.connection_close_frame = + new quic::QuicConnectionCloseFrame(*frame.connection_close_frame); + break; + case quic::GOAWAY_FRAME: + frame.goaway_frame = new quic::QuicGoAwayFrame(*frame.goaway_frame); + break; + case quic::BLOCKED_FRAME: + frame.blocked_frame = new quic::QuicBlockedFrame(*frame.blocked_frame); + break; + case quic::WINDOW_UPDATE_FRAME: + frame.window_update_frame = + new quic::QuicWindowUpdateFrame(*frame.window_update_frame); + break; + case quic::PATH_CHALLENGE_FRAME: + frame.path_challenge_frame = + new quic::QuicPathChallengeFrame(*frame.path_challenge_frame); + break; + case quic::STOP_SENDING_FRAME: + frame.stop_sending_frame = + new quic::QuicStopSendingFrame(*frame.stop_sending_frame); + break; + case quic::NEW_CONNECTION_ID_FRAME: + frame.new_connection_id_frame = + new quic::QuicNewConnectionIdFrame(*frame.new_connection_id_frame); + break; + case quic::RETIRE_CONNECTION_ID_FRAME: + frame.retire_connection_id_frame = + new quic::QuicRetireConnectionIdFrame( + *frame.retire_connection_id_frame); + break; + case quic::PATH_RESPONSE_FRAME: + frame.path_response_frame = + new quic::QuicPathResponseFrame(*frame.path_response_frame); + break; + case quic::MESSAGE_FRAME: + DCHECK(false) << "Message frame not supported"; + // frame.message_frame = new + // quic::QuicMessageFrame(*frame.message_frame); + break; + case quic::CRYPTO_FRAME: + frame.crypto_frame = new quic::QuicCryptoFrame(*frame.crypto_frame); + break; + case quic::NEW_TOKEN_FRAME: + frame.new_token_frame = + new quic::QuicNewTokenFrame(*frame.new_token_frame); + break; + + case quic::NUM_FRAME_TYPES: + DCHECK(false) << "Cannot clone frame type: " << frame.type; + } + } + return new_frames; +} + } // namespace +void QuicTestPacketMaker::DecoderStreamErrorDelegate::OnDecoderStreamError( + quic::QuicStringPiece error_message) { + LOG(FATAL) << error_message; +} + +void QuicTestPacketMaker::EncoderStreamSenderDelegate::WriteStreamData( + quic::QuicStringPiece data) { + LOG(FATAL) << "data.length: " << data.length(); +} + QuicTestPacketMaker::QuicTestPacketMaker( quic::ParsedQuicVersion version, quic::QuicConnectionId connection_id, @@ -40,17 +127,27 @@ QuicTestPacketMaker::QuicTestPacketMaker( host_(host), spdy_request_framer_(spdy::SpdyFramer::ENABLE_COMPRESSION), spdy_response_framer_(spdy::SpdyFramer::ENABLE_COMPRESSION), + coalesce_http_frames_(false), + save_packet_frames_(false), + qpack_encoder_(&decoder_stream_error_delegate_, + &encoder_stream_sender_delegate_), perspective_(perspective), encryption_level_(quic::ENCRYPTION_FORWARD_SECURE), long_header_type_(quic::INVALID_PACKET_TYPE), client_headers_include_h2_stream_dependency_( client_headers_include_h2_stream_dependency && version.transport_version >= quic::QUIC_VERSION_43) { + stream_offsets_[quic::QuicUtils::GetHeadersStreamId( + version_.transport_version)] = 0; DCHECK(!(perspective_ == quic::Perspective::IS_SERVER && client_headers_include_h2_stream_dependency_)); } -QuicTestPacketMaker::~QuicTestPacketMaker() {} +QuicTestPacketMaker::~QuicTestPacketMaker() { + for (auto& kv : saved_frames_) { + quic::DeleteFrames(&(kv.second)); + } +} void QuicTestPacketMaker::set_hostname(const std::string& host) { host_.assign(host); @@ -59,24 +156,7 @@ void QuicTestPacketMaker::set_hostname(const std::string& host) { std::unique_ptr QuicTestPacketMaker::MakeConnectivityProbingPacket(uint64_t num, bool include_version) { - quic::QuicPacketHeader header; - header.destination_connection_id = connection_id_; - header.destination_connection_id_included = HasDestinationConnectionId(); - header.source_connection_id = connection_id_; - header.source_connection_id_included = HasSourceConnectionId(); - header.reset_flag = false; - header.version_flag = ShouldIncludeVersion(include_version); - header.long_packet_type = long_header_type_; - header.packet_number_length = GetPacketNumberLength(); - header.packet_number = quic::QuicPacketNumber(num); - - if (quic::QuicVersionHasLongHeaderLengths(version_.transport_version) && - header.version_flag) { - if (long_header_type_ == quic::INITIAL) { - header.retry_token_length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_1; - } - header.length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_2; - } + InitializeHeader(num, include_version); quic::QuicFramer framer(quic::test::SupportedVersions(version_), clock_->Now(), perspective_, @@ -87,23 +167,24 @@ QuicTestPacketMaker::MakeConnectivityProbingPacket(uint64_t num, size_t length; if (version_.transport_version != quic::QUIC_VERSION_99) { length = framer.BuildConnectivityProbingPacket( - header, buffer, max_plaintext_size, encryption_level_); + header_, buffer, max_plaintext_size, encryption_level_); } else if (perspective_ == quic::Perspective::IS_CLIENT) { quic::test::MockRandom rand(0); quic::QuicPathFrameBuffer payload; - length = framer.BuildPaddedPathChallengePacket( - header, buffer, max_plaintext_size, &payload, &rand, encryption_level_); + length = framer.BuildPaddedPathChallengePacket(header_, buffer, + max_plaintext_size, &payload, + &rand, encryption_level_); } else { quic::test::MockRandom rand(0); quic::QuicPathFrameBuffer payload; rand.RandBytes(payload.data(), payload.size()); quic::QuicDeque payloads{payload}; - length = framer.BuildPathResponsePacket(header, buffer, max_plaintext_size, + length = framer.BuildPathResponsePacket(header_, buffer, max_plaintext_size, payloads, true, encryption_level_); } size_t encrypted_size = framer.EncryptInPlace( - quic::ENCRYPTION_INITIAL, header.packet_number, - GetStartOfEncryptedData(framer.transport_version(), header), length, + quic::ENCRYPTION_INITIAL, header_.packet_number, + GetStartOfEncryptedData(framer.transport_version(), header_), length, quic::kDefaultMaxPacketSize, buffer); EXPECT_EQ(quic::kDefaultMaxPacketSize, encrypted_size); quic::QuicReceivedPacket encrypted(buffer, encrypted_size, clock_->Now(), @@ -114,27 +195,10 @@ QuicTestPacketMaker::MakeConnectivityProbingPacket(uint64_t num, std::unique_ptr QuicTestPacketMaker::MakePingPacket( uint64_t num, bool include_version) { - quic::QuicPacketHeader header; - header.destination_connection_id = connection_id_; - header.destination_connection_id_included = HasDestinationConnectionId(); - header.source_connection_id = connection_id_; - header.source_connection_id_included = HasSourceConnectionId(); - header.reset_flag = false; - header.version_flag = ShouldIncludeVersion(include_version); - header.long_packet_type = long_header_type_; - header.packet_number_length = GetPacketNumberLength(); - header.packet_number = quic::QuicPacketNumber(num); - - if (quic::QuicVersionHasLongHeaderLengths(version_.transport_version) && - header.version_flag) { - if (long_header_type_ == quic::INITIAL) { - header.retry_token_length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_1; - } - header.length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_2; - } + InitializeHeader(num, include_version); quic::QuicPingFrame ping; - return MakePacket(header, quic::QuicFrame(ping)); + return MakePacket(header_, quic::QuicFrame(ping)); } std::unique_ptr @@ -178,24 +242,7 @@ QuicTestPacketMaker::MakeAckAndPingPacket(uint64_t num, uint64_t largest_received, uint64_t smallest_received, uint64_t least_unacked) { - quic::QuicPacketHeader header; - header.destination_connection_id = connection_id_; - header.destination_connection_id_included = HasDestinationConnectionId(); - header.source_connection_id = connection_id_; - header.source_connection_id_included = HasSourceConnectionId(); - header.reset_flag = false; - header.version_flag = ShouldIncludeVersion(include_version); - header.long_packet_type = long_header_type_; - header.packet_number_length = GetPacketNumberLength(); - header.packet_number = quic::QuicPacketNumber(num); - - if (quic::QuicVersionHasLongHeaderLengths(version_.transport_version) && - header.version_flag) { - if (long_header_type_ == quic::INITIAL) { - header.retry_token_length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_1; - } - header.length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_2; - } + InitializeHeader(num, include_version); quic::QuicAckFrame ack(MakeAckFrame(largest_received)); ack.ack_delay_time = quic::QuicTime::Delta::Zero(); @@ -214,7 +261,7 @@ QuicTestPacketMaker::MakeAckAndPingPacket(uint64_t num, frames.push_back(quic::QuicFrame(quic::QuicPingFrame())); DVLOG(1) << "Adding frame: " << frames.back(); - return MakeMultipleFramesPacket(header, frames, nullptr); + return MakeMultipleFramesPacket(header_, frames, nullptr); } std::unique_ptr QuicTestPacketMaker::MakeRstPacket( @@ -222,7 +269,7 @@ std::unique_ptr QuicTestPacketMaker::MakeRstPacket( bool include_version, quic::QuicStreamId stream_id, quic::QuicRstStreamErrorCode error_code) { - return MakeRstPacket(num, include_version, stream_id, error_code, 0, + return MakeRstPacket(num, include_version, stream_id, error_code, /*include_stop_sending_if_v99=*/true); } @@ -231,30 +278,13 @@ std::unique_ptr QuicTestPacketMaker::MakeRstPacket( bool include_version, quic::QuicStreamId stream_id, quic::QuicRstStreamErrorCode error_code, - size_t bytes_written, bool include_stop_sending_if_v99) { - quic::QuicPacketHeader header; - header.destination_connection_id = connection_id_; - header.destination_connection_id_included = HasDestinationConnectionId(); - header.source_connection_id = connection_id_; - header.source_connection_id_included = HasSourceConnectionId(); - header.reset_flag = false; - header.version_flag = ShouldIncludeVersion(include_version); - header.long_packet_type = long_header_type_; - header.packet_number_length = GetPacketNumberLength(); - header.packet_number = quic::QuicPacketNumber(num); - - if (quic::QuicVersionHasLongHeaderLengths(version_.transport_version) && - header.version_flag) { - if (long_header_type_ == quic::INITIAL) { - header.retry_token_length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_1; - } - header.length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_2; - } + InitializeHeader(num, include_version); quic::QuicFrames frames; - quic::QuicRstStreamFrame rst(1, stream_id, error_code, bytes_written); + quic::QuicRstStreamFrame rst(1, stream_id, error_code, + stream_offsets_[stream_id]); frames.push_back(quic::QuicFrame(&rst)); DVLOG(1) << "Adding frame: " << frames.back(); @@ -266,7 +296,7 @@ std::unique_ptr QuicTestPacketMaker::MakeRstPacket( frames.push_back(quic::QuicFrame(&stop)); DVLOG(1) << "Adding frame: " << frames.back(); } - return MakeMultipleFramesPacket(header, frames, nullptr); + return MakeMultipleFramesPacket(header_, frames, nullptr); } std::unique_ptr @@ -275,28 +305,11 @@ QuicTestPacketMaker::MakeStreamsBlockedPacket( bool include_version, quic::QuicStreamCount stream_count, bool unidirectional) { - quic::QuicPacketHeader header; - header.destination_connection_id = connection_id_; - header.destination_connection_id_included = HasDestinationConnectionId(); - header.source_connection_id = connection_id_; - header.source_connection_id_included = HasSourceConnectionId(); - header.reset_flag = false; - header.version_flag = ShouldIncludeVersion(include_version); - header.long_packet_type = long_header_type_; - header.packet_number_length = GetPacketNumberLength(); - header.packet_number = quic::QuicPacketNumber(num); - - if (quic::QuicVersionHasLongHeaderLengths(version_.transport_version) && - header.version_flag) { - if (long_header_type_ == quic::INITIAL) { - header.retry_token_length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_1; - } - header.length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_2; - } + InitializeHeader(num, include_version); quic::QuicStreamsBlockedFrame frame(1, stream_count, unidirectional); DVLOG(1) << "Adding frame: " << quic::QuicFrame(frame); - return MakePacket(header, quic::QuicFrame(frame)); + return MakePacket(header_, quic::QuicFrame(frame)); } std::unique_ptr @@ -304,28 +317,11 @@ QuicTestPacketMaker::MakeMaxStreamsPacket(uint64_t num, bool include_version, quic::QuicStreamCount stream_count, bool unidirectional) { - quic::QuicPacketHeader header; - header.destination_connection_id = connection_id_; - header.destination_connection_id_included = HasDestinationConnectionId(); - header.source_connection_id = connection_id_; - header.source_connection_id_included = HasSourceConnectionId(); - header.reset_flag = false; - header.version_flag = ShouldIncludeVersion(include_version); - header.long_packet_type = long_header_type_; - header.packet_number_length = GetPacketNumberLength(); - header.packet_number = quic::QuicPacketNumber(num); - - if (quic::QuicVersionHasLongHeaderLengths(version_.transport_version) && - header.version_flag) { - if (long_header_type_ == quic::INITIAL) { - header.retry_token_length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_1; - } - header.length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_2; - } + InitializeHeader(num, include_version); quic::QuicMaxStreamsFrame frame(1, stream_count, unidirectional); DVLOG(1) << "Adding frame: " << quic::QuicFrame(frame); - return MakePacket(header, quic::QuicFrame(frame)); + return MakePacket(header_, quic::QuicFrame(frame)); } std::unique_ptr @@ -339,25 +335,9 @@ QuicTestPacketMaker::MakeRstAndRequestHeadersPacket( spdy::SpdyPriority priority, spdy::SpdyHeaderBlock headers, quic::QuicStreamId parent_stream_id, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset) { + size_t* spdy_headers_frame_length) { + InitializeHeader(num, include_version); quic::QuicRstStreamFrame rst_frame(1, rst_stream_id, rst_error_code, 0); - - spdy::SpdySerializedFrame spdy_frame = MakeSpdyHeadersFrame( - stream_id, fin, priority, std::move(headers), parent_stream_id); - if (spdy_headers_frame_length) { - *spdy_headers_frame_length = spdy_frame.size(); - } - quic::QuicStreamOffset header_offset = 0; - if (offset != nullptr) { - header_offset = *offset; - *offset += spdy_frame.size(); - } - quic::QuicStreamFrame headers_frame( - quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, - header_offset, - quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); - quic::QuicFrames frames; frames.push_back(quic::QuicFrame(&rst_frame)); DVLOG(1) << "Adding frame: " << frames.back(); @@ -369,8 +349,66 @@ QuicTestPacketMaker::MakeRstAndRequestHeadersPacket( frames.push_back(quic::QuicFrame(&stop)); DVLOG(1) << "Adding frame: " << frames.back(); } + + if (quic::VersionUsesQpack(version_.transport_version)) { + // A stream frame containing stream type will be written on the control + // stream first. + std::string type(1, 0x00); + + quic::SettingsFrame settings; + settings.values[quic::kSettingsMaxHeaderListSize] = kQuicMaxHeaderListSize; + std::unique_ptr buffer1; + quic::QuicByteCount frame_length1 = + http_encoder_.SerializeSettingsFrame(settings, &buffer1); + std::string settings_data = std::string(buffer1.get(), frame_length1); + + quic::QuicStreamFrame type_frame; + quic::QuicStreamFrame settings_frame; + if (stream_offsets_[2] == 0) { + type_frame = GenerateNextStreamFrame(2, false, type); + frames.push_back(quic::QuicFrame(type_frame)); + settings_frame = GenerateNextStreamFrame(2, false, settings_data); + frames.push_back(quic::QuicFrame(settings_frame)); + } + + quic::PriorityFrame frame; + frame.weight = priority; + frame.dependency_type = quic::ROOT_OF_TREE; + frame.prioritized_type = quic::REQUEST_STREAM; + frame.prioritized_element_id = stream_id; + + std::unique_ptr buffer; + quic::QuicByteCount frame_length = + http_encoder_.SerializePriorityFrame(frame, &buffer); + std::string priority_data = std::string(buffer.get(), frame_length); + + quic::QuicStreamFrame priority_frame = + GenerateNextStreamFrame(2, false, priority_data); + + frames.push_back(quic::QuicFrame(priority_frame)); + + // STREAM frames for HEADERS. + std::vector data = QpackEncodeHeaders( + stream_id, std::move(headers), spdy_headers_frame_length); + std::vector stream_frames = + GenerateNextStreamFrames(stream_id, fin, data); + + for (const auto& frame : stream_frames) + frames.push_back(quic::QuicFrame(frame)); + + InitializeHeader(num, include_version); + return MakeMultipleFramesPacket(header_, frames, nullptr); + } + + spdy::SpdySerializedFrame spdy_frame = MakeSpdyHeadersFrame( + stream_id, fin, priority, std::move(headers), parent_stream_id); + if (spdy_headers_frame_length) { + *spdy_headers_frame_length = spdy_frame.size(); + } + quic::QuicStreamFrame headers_frame = GenerateNextStreamFrame( + quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, + quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); frames.push_back(quic::QuicFrame(headers_frame)); - DVLOG(1) << "Adding frame: " << frames.back(); InitializeHeader(num, include_version); return MakeMultipleFramesPacket(header_, frames, nullptr); @@ -388,7 +426,7 @@ QuicTestPacketMaker::MakeAckAndRstPacket( bool send_feedback) { return MakeAckAndRstPacket(num, include_version, stream_id, error_code, largest_received, smallest_received, least_unacked, - send_feedback, 0, + send_feedback, /*include_stop_sending_if_v99=*/true); } @@ -402,26 +440,8 @@ QuicTestPacketMaker::MakeAckAndRstPacket( uint64_t smallest_received, uint64_t least_unacked, bool send_feedback, - size_t bytes_written, bool include_stop_sending_if_v99) { - quic::QuicPacketHeader header; - header.destination_connection_id = connection_id_; - header.destination_connection_id_included = HasDestinationConnectionId(); - header.source_connection_id = connection_id_; - header.source_connection_id_included = HasSourceConnectionId(); - header.reset_flag = false; - header.version_flag = ShouldIncludeVersion(include_version); - header.long_packet_type = long_header_type_; - header.packet_number_length = GetPacketNumberLength(); - header.packet_number = quic::QuicPacketNumber(num); - - if (quic::QuicVersionHasLongHeaderLengths(version_.transport_version) && - header.version_flag) { - if (long_header_type_ == quic::INITIAL) { - header.retry_token_length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_1; - } - header.length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_2; - } + InitializeHeader(num, include_version); quic::QuicAckFrame ack(MakeAckFrame(largest_received)); ack.ack_delay_time = quic::QuicTime::Delta::Zero(); @@ -437,7 +457,8 @@ QuicTestPacketMaker::MakeAckAndRstPacket( frames.push_back(quic::QuicFrame(&ack)); DVLOG(1) << "Adding frame: " << frames.back(); - quic::QuicRstStreamFrame rst(1, stream_id, error_code, bytes_written); + quic::QuicRstStreamFrame rst(1, stream_id, error_code, + stream_offsets_[stream_id]); frames.push_back(quic::QuicFrame(&rst)); DVLOG(1) << "Adding frame: " << frames.back(); @@ -450,7 +471,7 @@ QuicTestPacketMaker::MakeAckAndRstPacket( DVLOG(1) << "Adding frame: " << frames.back(); } - return MakeMultipleFramesPacket(header, frames, nullptr); + return MakeMultipleFramesPacket(header_, frames, nullptr); } std::unique_ptr @@ -465,24 +486,7 @@ QuicTestPacketMaker::MakeRstAckAndConnectionClosePacket( uint64_t least_unacked, quic::QuicErrorCode quic_error, const std::string& quic_error_details) { - quic::QuicPacketHeader header; - header.destination_connection_id = connection_id_; - header.destination_connection_id_included = HasDestinationConnectionId(); - header.source_connection_id = connection_id_; - header.source_connection_id_included = HasSourceConnectionId(); - header.reset_flag = false; - header.version_flag = ShouldIncludeVersion(include_version); - header.long_packet_type = long_header_type_; - header.packet_number_length = GetPacketNumberLength(); - header.packet_number = quic::QuicPacketNumber(num); - - if (quic::QuicVersionHasLongHeaderLengths(version_.transport_version) && - header.version_flag) { - if (long_header_type_ == quic::INITIAL) { - header.retry_token_length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_1; - } - header.length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_2; - } + InitializeHeader(num, include_version); quic::QuicFrames frames; quic::QuicRstStreamFrame rst(1, stream_id, error_code, 0); @@ -521,7 +525,7 @@ QuicTestPacketMaker::MakeRstAckAndConnectionClosePacket( frames.push_back(quic::QuicFrame(&close)); DVLOG(1) << "Adding frame: " << frames.back(); - return MakeMultipleFramesPacket(header, frames, nullptr); + return MakeMultipleFramesPacket(header_, frames, nullptr); } std::unique_ptr @@ -534,24 +538,7 @@ QuicTestPacketMaker::MakeAckAndConnectionClosePacket( uint64_t least_unacked, quic::QuicErrorCode quic_error, const std::string& quic_error_details) { - quic::QuicPacketHeader header; - header.destination_connection_id = connection_id_; - header.destination_connection_id_included = HasDestinationConnectionId(); - header.source_connection_id = connection_id_; - header.source_connection_id_included = HasSourceConnectionId(); - header.reset_flag = false; - header.version_flag = ShouldIncludeVersion(include_version); - header.long_packet_type = long_header_type_; - header.packet_number_length = GetPacketNumberLength(); - header.packet_number = quic::QuicPacketNumber(num); - - if (quic::QuicVersionHasLongHeaderLengths(version_.transport_version) && - header.version_flag) { - if (long_header_type_ == quic::INITIAL) { - header.retry_token_length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_1; - } - header.length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_2; - } + InitializeHeader(num, include_version); quic::QuicAckFrame ack(MakeAckFrame(largest_received)); ack.ack_delay_time = ack_delay_time; @@ -577,7 +564,7 @@ QuicTestPacketMaker::MakeAckAndConnectionClosePacket( frames.push_back(quic::QuicFrame(&close)); DVLOG(1) << "Adding frame: " << frames.back(); - return MakeMultipleFramesPacket(header, frames, nullptr); + return MakeMultipleFramesPacket(header_, frames, nullptr); } std::unique_ptr @@ -586,24 +573,7 @@ QuicTestPacketMaker::MakeConnectionClosePacket( bool include_version, quic::QuicErrorCode quic_error, const std::string& quic_error_details) { - quic::QuicPacketHeader header; - header.destination_connection_id = connection_id_; - header.destination_connection_id_included = HasDestinationConnectionId(); - header.source_connection_id = connection_id_; - header.source_connection_id_included = HasSourceConnectionId(); - header.reset_flag = false; - header.version_flag = ShouldIncludeVersion(include_version); - header.long_packet_type = long_header_type_; - header.packet_number_length = GetPacketNumberLength(); - header.packet_number = quic::QuicPacketNumber(num); - - if (quic::QuicVersionHasLongHeaderLengths(version_.transport_version) && - header.version_flag) { - if (long_header_type_ == quic::INITIAL) { - header.retry_token_length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_1; - } - header.length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_2; - } + InitializeHeader(num, include_version); quic::QuicConnectionCloseFrame close; close.quic_error_code = quic_error; @@ -612,37 +582,20 @@ QuicTestPacketMaker::MakeConnectionClosePacket( close.close_type = quic::IETF_QUIC_TRANSPORT_CONNECTION_CLOSE; } - return MakePacket(header, quic::QuicFrame(&close)); + return MakePacket(header_, quic::QuicFrame(&close)); } std::unique_ptr QuicTestPacketMaker::MakeGoAwayPacket( uint64_t num, quic::QuicErrorCode error_code, std::string reason_phrase) { - quic::QuicPacketHeader header; - header.destination_connection_id = connection_id_; - header.destination_connection_id_included = HasDestinationConnectionId(); - header.source_connection_id = connection_id_; - header.source_connection_id_included = HasSourceConnectionId(); - header.reset_flag = false; - header.version_flag = ShouldIncludeVersion(false); - header.long_packet_type = long_header_type_; - header.packet_number_length = GetPacketNumberLength(); - header.packet_number = quic::QuicPacketNumber(num); - - if (quic::QuicVersionHasLongHeaderLengths(version_.transport_version) && - header.version_flag) { - if (long_header_type_ == quic::INITIAL) { - header.retry_token_length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_1; - } - header.length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_2; - } + InitializeHeader(num, /*include_version=*/false); quic::QuicGoAwayFrame goaway; goaway.error_code = error_code; goaway.last_good_stream_id = 0; goaway.reason_phrase = reason_phrase; - return MakePacket(header, quic::QuicFrame(&goaway)); + return MakePacket(header_, quic::QuicFrame(&goaway)); } std::unique_ptr QuicTestPacketMaker::MakeAckPacket( @@ -687,24 +640,7 @@ std::unique_ptr QuicTestPacketMaker::MakeAckPacket( uint64_t least_unacked, bool send_feedback, quic::QuicTime::Delta ack_delay_time) { - quic::QuicPacketHeader header; - header.destination_connection_id = connection_id_; - header.destination_connection_id_included = HasDestinationConnectionId(); - header.source_connection_id = connection_id_; - header.source_connection_id_included = HasSourceConnectionId(); - header.reset_flag = false; - header.version_flag = ShouldIncludeVersion(false); - header.long_packet_type = long_header_type_; - header.packet_number_length = GetPacketNumberLength(); - header.packet_number = quic::QuicPacketNumber(packet_number); - - if (quic::QuicVersionHasLongHeaderLengths(version_.transport_version) && - header.version_flag) { - if (long_header_type_ == quic::INITIAL) { - header.retry_token_length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_1; - } - header.length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_2; - } + InitializeHeader(packet_number, /*include_version=*/false); quic::QuicAckFrame ack(MakeAckFrame(largest_received)); ack.ack_delay_time = ack_delay_time; @@ -729,7 +665,7 @@ std::unique_ptr QuicTestPacketMaker::MakeAckPacket( framer.GetMaxPlaintextSize(quic::kDefaultMaxPacketSize); size_t ack_frame_length = framer.GetSerializedFrameLength( ack_frame, max_plaintext_size, /*first_frame*/ true, /*last_frame*/ false, - header.packet_number_length); + header_.packet_number_length); const size_t min_plaintext_size = 7; if (version_.HasHeaderProtection() && ack_frame_length < min_plaintext_size) { size_t padding_length = min_plaintext_size - ack_frame_length; @@ -737,10 +673,10 @@ std::unique_ptr QuicTestPacketMaker::MakeAckPacket( } std::unique_ptr packet( - quic::test::BuildUnsizedDataPacket(&framer, header, frames)); + quic::test::BuildUnsizedDataPacket(&framer, header_, frames)); char buffer[quic::kMaxOutgoingPacketSize]; size_t encrypted_size = - framer.EncryptPayload(quic::ENCRYPTION_INITIAL, header.packet_number, + framer.EncryptPayload(quic::ENCRYPTION_INITIAL, header_.packet_number, *packet, buffer, quic::kMaxOutgoingPacketSize); EXPECT_NE(0u, encrypted_size); quic::QuicReceivedPacket encrypted(buffer, encrypted_size, clock_->Now(), @@ -748,17 +684,25 @@ std::unique_ptr QuicTestPacketMaker::MakeAckPacket( return encrypted.Clone(); } -// Returns a newly created packet to send kData on stream 1. +std::unique_ptr +QuicTestPacketMaker::MakeHeadersDataPacket(uint64_t packet_number, + bool should_include_version, + bool fin, + quic::QuicStringPiece data) { + return MakeDataPacket( + packet_number, + quic::QuicUtils::GetHeadersStreamId(version_.transport_version), + should_include_version, fin, data); +} + std::unique_ptr QuicTestPacketMaker::MakeDataPacket( uint64_t packet_number, quic::QuicStreamId stream_id, bool should_include_version, bool fin, - quic::QuicStreamOffset offset, quic::QuicStringPiece data) { InitializeHeader(packet_number, should_include_version); - quic::QuicStreamFrame frame(stream_id, fin, offset, data); - DVLOG(1) << "Adding frame: " << frame; + quic::QuicStreamFrame frame = GenerateNextStreamFrame(stream_id, fin, data); return MakePacket(header_, quic::QuicFrame(frame)); } @@ -768,17 +712,14 @@ QuicTestPacketMaker::MakeMultipleDataFramesPacket( quic::QuicStreamId stream_id, bool should_include_version, bool fin, - quic::QuicStreamOffset offset, const std::vector& data_writes) { InitializeHeader(packet_number, should_include_version); quic::QuicFrames data_frames; for (size_t i = 0; i < data_writes.size(); ++i) { bool is_fin = fin && (i == data_writes.size() - 1); - quic::QuicFrame quic_frame(quic::QuicStreamFrame( - stream_id, is_fin, offset, quic::QuicStringPiece(data_writes[i]))); - DVLOG(1) << "Adding frame: " << quic_frame; + quic::QuicFrame quic_frame( + GenerateNextStreamFrame(stream_id, is_fin, data_writes[i])); data_frames.push_back(quic_frame); - offset += data_writes[i].length(); } return MakeMultipleFramesPacket(header_, data_frames, nullptr); } @@ -791,7 +732,6 @@ QuicTestPacketMaker::MakeAckAndDataPacket(uint64_t packet_number, uint64_t smallest_received, uint64_t least_unacked, bool fin, - quic::QuicStreamOffset offset, quic::QuicStringPiece data) { InitializeHeader(packet_number, include_version); @@ -810,8 +750,7 @@ QuicTestPacketMaker::MakeAckAndDataPacket(uint64_t packet_number, DVLOG(1) << "Adding frame: " << frames.back(); frames.push_back( - quic::QuicFrame(quic::QuicStreamFrame(stream_id, fin, offset, data))); - DVLOG(1) << "Adding frame: " << frames.back(); + quic::QuicFrame(GenerateNextStreamFrame(stream_id, fin, data))); return MakeMultipleFramesPacket(header_, frames, nullptr); } @@ -825,7 +764,6 @@ QuicTestPacketMaker::MakeAckAndMultipleDataFramesPacket( uint64_t smallest_received, uint64_t least_unacked, bool fin, - quic::QuicStreamOffset offset, const std::vector& data_writes) { InitializeHeader(packet_number, include_version); @@ -845,11 +783,9 @@ QuicTestPacketMaker::MakeAckAndMultipleDataFramesPacket( for (size_t i = 0; i < data_writes.size(); ++i) { bool is_fin = fin && (i == data_writes.size() - 1); - quic::QuicFrame quic_frame(quic::QuicStreamFrame( - stream_id, is_fin, offset, quic::QuicStringPiece(data_writes[i]))); - DVLOG(1) << "Adding frame: " << quic_frame; + quic::QuicFrame quic_frame(GenerateNextStreamFrame( + stream_id, is_fin, quic::QuicStringPiece(data_writes[i]))); frames.push_back(quic_frame); - offset += data_writes[i].length(); } return MakeMultipleFramesPacket(header_, frames, nullptr); } @@ -863,10 +799,66 @@ QuicTestPacketMaker::MakeRequestHeadersAndMultipleDataFramesPacket( spdy::SpdyPriority priority, spdy::SpdyHeaderBlock headers, quic::QuicStreamId parent_stream_id, - quic::QuicStreamOffset* header_stream_offset, size_t* spdy_headers_frame_length, const std::vector& data_writes) { InitializeHeader(packet_number, should_include_version); + if (quic::VersionUsesQpack(version_.transport_version)) { + // A stream frame containing stream type will be written on the control + // stream first. + std::string type(1, 0x00); + + quic::SettingsFrame settings; + settings.values[quic::kSettingsMaxHeaderListSize] = kQuicMaxHeaderListSize; + std::unique_ptr buffer1; + quic::QuicByteCount frame_length1 = + http_encoder_.SerializeSettingsFrame(settings, &buffer1); + std::string settings_data = std::string(buffer1.get(), frame_length1); + + quic::QuicStreamFrame type_frame; + quic::QuicStreamFrame settings_frame; + quic::QuicFrames frames; + if (stream_offsets_[2] == 0) { + type_frame = GenerateNextStreamFrame(2, false, type); + frames.push_back(quic::QuicFrame(type_frame)); + settings_frame = GenerateNextStreamFrame(2, false, settings_data); + frames.push_back(quic::QuicFrame(settings_frame)); + } + + quic::PriorityFrame frame; + frame.weight = priority; + frame.dependency_type = quic::ROOT_OF_TREE; + frame.prioritized_type = quic::REQUEST_STREAM; + frame.prioritized_element_id = stream_id; + + std::unique_ptr buffer; + quic::QuicByteCount frame_length = + http_encoder_.SerializePriorityFrame(frame, &buffer); + std::string priority_data = std::string(buffer.get(), frame_length); + + quic::QuicStreamFrame priority_frame = + GenerateNextStreamFrame(2, false, priority_data); + + // STREAM frames for HEADERS. + std::vector data = QpackEncodeHeaders( + stream_id, std::move(headers), spdy_headers_frame_length); + std::vector stream_frames = + GenerateNextStreamFrames(stream_id, false, data); + + // STREAM frames for DATA. + for (size_t i = 0; i < data_writes.size(); ++i) { + bool is_fin = fin && (i == data_writes.size() - 1); + stream_frames.push_back(GenerateNextStreamFrame( + stream_id, is_fin, quic::QuicStringPiece(data_writes[i]))); + } + + frames.push_back(quic::QuicFrame(priority_frame)); + + for (const auto& frame : stream_frames) + frames.push_back(quic::QuicFrame(frame)); + + return MakeMultipleFramesPacket(header_, frames, nullptr); + } + spdy::SpdySerializedFrame spdy_frame = MakeSpdyHeadersFrame(stream_id, fin && data_writes.empty(), priority, std::move(headers), parent_stream_id); @@ -874,30 +866,20 @@ QuicTestPacketMaker::MakeRequestHeadersAndMultipleDataFramesPacket( if (spdy_headers_frame_length) { *spdy_headers_frame_length = spdy_frame.size(); } - quic::QuicFrames frames; - quic::QuicStreamOffset header_offset = - header_stream_offset == nullptr ? 0 : *header_stream_offset; - quic::QuicStreamFrame frame( + quic::QuicStreamFrame frame = GenerateNextStreamFrame( quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, - header_offset, quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); + quic::QuicFrames frames; frames.push_back(quic::QuicFrame(frame)); - DVLOG(1) << "Adding frame: " << frames.back(); - if (header_stream_offset != nullptr) { - *header_stream_offset += spdy_frame.size(); - } - quic::QuicStreamOffset offset = 0; // quic::QuicFrame takes a raw pointer. Use a std::vector here so we keep // StreamFrames alive until MakeMultipleFramesPacket is done. std::vector> stream_frames; for (size_t i = 0; i < data_writes.size(); ++i) { bool is_fin = fin && (i == data_writes.size() - 1); - quic::QuicFrame quic_frame(quic::QuicStreamFrame( - stream_id, is_fin, offset, quic::QuicStringPiece(data_writes[i]))); - DVLOG(1) << "Adding frame: " << quic_frame; + quic::QuicFrame quic_frame(GenerateNextStreamFrame( + stream_id, is_fin, quic::QuicStringPiece(data_writes[i]))); frames.push_back(quic_frame); - offset += data_writes[i].length(); } return MakeMultipleFramesPacket(header_, frames, nullptr); } @@ -912,64 +894,66 @@ QuicTestPacketMaker::MakeRequestHeadersPacket( spdy::SpdyHeaderBlock headers, quic::QuicStreamId parent_stream_id, size_t* spdy_headers_frame_length) { - return MakeRequestHeadersPacket( - packet_number, stream_id, should_include_version, fin, priority, - std::move(headers), parent_stream_id, spdy_headers_frame_length, nullptr); -} + InitializeHeader(packet_number, should_include_version); -// If |offset| is provided, will use the value when creating the packet. -// Will also update the value after packet creation. -std::unique_ptr -QuicTestPacketMaker::MakeRequestHeadersPacket( - uint64_t packet_number, - quic::QuicStreamId stream_id, - bool should_include_version, - bool fin, - spdy::SpdyPriority priority, - spdy::SpdyHeaderBlock headers, - quic::QuicStreamId parent_stream_id, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset) { - std::string unused_stream_data; - return MakeRequestHeadersPacketAndSaveData( - packet_number, stream_id, should_include_version, fin, priority, - std::move(headers), parent_stream_id, spdy_headers_frame_length, offset, - &unused_stream_data); -} + if (quic::VersionUsesQpack(version_.transport_version)) { + // A stream frame containing stream type will be written on the control + // stream first. + std::string type(1, 0x00); + + quic::SettingsFrame settings; + settings.values[quic::kSettingsMaxHeaderListSize] = kQuicMaxHeaderListSize; + std::unique_ptr buffer1; + quic::QuicByteCount frame_length1 = + http_encoder_.SerializeSettingsFrame(settings, &buffer1); + std::string settings_data = std::string(buffer1.get(), frame_length1); + + quic::QuicStreamFrame type_frame; + quic::QuicStreamFrame settings_frame; + quic::QuicFrames frames; + if (stream_offsets_[2] == 0) { + type_frame = GenerateNextStreamFrame(2, false, type); + frames.push_back(quic::QuicFrame(type_frame)); + settings_frame = GenerateNextStreamFrame(2, false, settings_data); + frames.push_back(quic::QuicFrame(settings_frame)); + } + + quic::PriorityFrame frame; + frame.weight = priority; + frame.dependency_type = quic::ROOT_OF_TREE; + frame.prioritized_type = quic::REQUEST_STREAM; + frame.prioritized_element_id = stream_id; + + std::unique_ptr buffer; + quic::QuicByteCount frame_length = + http_encoder_.SerializePriorityFrame(frame, &buffer); + std::string priority_data = std::string(buffer.get(), frame_length); + + quic::QuicStreamFrame priority_frame = + GenerateNextStreamFrame(2, false, priority_data); + + std::vector data = QpackEncodeHeaders( + stream_id, std::move(headers), spdy_headers_frame_length); + std::vector stream_frames = + GenerateNextStreamFrames(stream_id, fin, data); + + frames.push_back(quic::QuicFrame(priority_frame)); + + for (const auto& frame : stream_frames) + frames.push_back(quic::QuicFrame(frame)); + return MakeMultipleFramesPacket(header_, frames, nullptr); + } -std::unique_ptr -QuicTestPacketMaker::MakeRequestHeadersPacketAndSaveData( - uint64_t packet_number, - quic::QuicStreamId stream_id, - bool should_include_version, - bool fin, - spdy::SpdyPriority priority, - spdy::SpdyHeaderBlock headers, - quic::QuicStreamId parent_stream_id, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset, - std::string* stream_data) { - InitializeHeader(packet_number, should_include_version); spdy::SpdySerializedFrame spdy_frame = MakeSpdyHeadersFrame( stream_id, fin, priority, std::move(headers), parent_stream_id); - *stream_data = std::string(spdy_frame.data(), spdy_frame.size()); if (spdy_headers_frame_length) *spdy_headers_frame_length = spdy_frame.size(); - if (offset != nullptr) { - quic::QuicStreamFrame frame( - quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, - *offset, quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); - *offset += spdy_frame.size(); - return MakePacket(header_, quic::QuicFrame(frame)); - } else { - quic::QuicStreamFrame frame( - quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, - 0, quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); - - return MakePacket(header_, quic::QuicFrame(frame)); - } + quic::QuicStreamFrame frame = GenerateNextStreamFrame( + quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, + quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); + return MakePacket(header_, quic::QuicFrame(frame)); } std::unique_ptr @@ -982,25 +966,76 @@ QuicTestPacketMaker::MakeRequestHeadersAndRstPacket( spdy::SpdyHeaderBlock headers, quic::QuicStreamId parent_stream_id, size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* header_stream_offset, - quic::QuicRstStreamErrorCode error_code, - size_t bytes_written) { + quic::QuicRstStreamErrorCode error_code) { + if (quic::VersionUsesQpack(version_.transport_version)) { + // A stream frame containing stream type will be written on the control + // stream first. + std::string type(1, 0x00); + + quic::SettingsFrame settings; + settings.values[quic::kSettingsMaxHeaderListSize] = kQuicMaxHeaderListSize; + std::unique_ptr buffer1; + quic::QuicByteCount frame_length1 = + http_encoder_.SerializeSettingsFrame(settings, &buffer1); + std::string settings_data = std::string(buffer1.get(), frame_length1); + + quic::QuicStreamFrame type_frame; + quic::QuicStreamFrame settings_frame; + quic::QuicFrames frames; + if (stream_offsets_[2] == 0) { + type_frame = GenerateNextStreamFrame(2, false, type); + frames.push_back(quic::QuicFrame(type_frame)); + settings_frame = GenerateNextStreamFrame(2, false, settings_data); + frames.push_back(quic::QuicFrame(settings_frame)); + } + + quic::PriorityFrame frame; + frame.weight = priority; + frame.dependency_type = quic::ROOT_OF_TREE; + frame.prioritized_type = quic::REQUEST_STREAM; + frame.prioritized_element_id = stream_id; + + std::unique_ptr buffer; + quic::QuicByteCount frame_length = + http_encoder_.SerializePriorityFrame(frame, &buffer); + std::string priority_data = std::string(buffer.get(), frame_length); + + quic::QuicStreamFrame priority_frame = + GenerateNextStreamFrame(2, false, priority_data); + + std::vector data = QpackEncodeHeaders( + stream_id, std::move(headers), spdy_headers_frame_length); + std::vector stream_frames = + GenerateNextStreamFrames(stream_id, fin, data); + + frames.push_back(quic::QuicFrame(priority_frame)); + + for (const auto& frame : stream_frames) + frames.push_back(quic::QuicFrame(frame)); + + quic::QuicRstStreamFrame rst_frame(1, stream_id, error_code, + stream_offsets_[stream_id]); + frames.push_back(quic::QuicFrame(&rst_frame)); + DVLOG(1) << "Adding frame: " << frames.back(); + + quic::QuicStopSendingFrame stop(1, stream_id, error_code); + frames.push_back(quic::QuicFrame(&stop)); + DVLOG(1) << "Adding frame: " << frames.back(); + InitializeHeader(packet_number, should_include_version); + return MakeMultipleFramesPacket(header_, frames, nullptr); + } + spdy::SpdySerializedFrame spdy_frame = MakeSpdyHeadersFrame( stream_id, fin, priority, std::move(headers), parent_stream_id); if (spdy_headers_frame_length) { *spdy_headers_frame_length = spdy_frame.size(); } - quic::QuicStreamOffset header_offset = 0; - if (header_stream_offset != nullptr) { - header_offset = *header_stream_offset; - *header_stream_offset += spdy_frame.size(); - } - quic::QuicStreamFrame headers_frame( + quic::QuicStreamFrame headers_frame = GenerateNextStreamFrame( quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, - header_offset, quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); - quic::QuicRstStreamFrame rst_frame(1, stream_id, error_code, bytes_written); + quic::QuicRstStreamFrame rst_frame(1, stream_id, error_code, + stream_offsets_[stream_id]); quic::QuicFrames frames; frames.push_back(quic::QuicFrame(headers_frame)); @@ -1042,25 +1077,6 @@ spdy::SpdySerializedFrame QuicTestPacketMaker::MakeSpdyHeadersFrame( return spdy_request_framer_.SerializeFrame(headers_frame); } -// Convenience method for calling MakeRequestHeadersPacket with nullptr for -// |spdy_headers_frame_length|. -std::unique_ptr -QuicTestPacketMaker::MakeRequestHeadersPacketWithOffsetTracking( - uint64_t packet_number, - quic::QuicStreamId stream_id, - bool should_include_version, - bool fin, - spdy::SpdyPriority priority, - spdy::SpdyHeaderBlock headers, - quic::QuicStreamId parent_stream_id, - quic::QuicStreamOffset* offset) { - return MakeRequestHeadersPacket( - packet_number, stream_id, should_include_version, fin, priority, - std::move(headers), parent_stream_id, nullptr, offset); -} - -// If |offset| is provided, will use the value when creating the packet. -// Will also update the value after packet creation. std::unique_ptr QuicTestPacketMaker::MakePushPromisePacket( uint64_t packet_number, @@ -1069,8 +1085,7 @@ QuicTestPacketMaker::MakePushPromisePacket( bool should_include_version, bool fin, spdy::SpdyHeaderBlock headers, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset) { + size_t* spdy_headers_frame_length) { InitializeHeader(packet_number, should_include_version); spdy::SpdySerializedFrame spdy_frame; spdy::SpdyPushPromiseIR promise_frame(stream_id, promised_stream_id, @@ -1080,18 +1095,10 @@ QuicTestPacketMaker::MakePushPromisePacket( if (spdy_headers_frame_length) { *spdy_headers_frame_length = spdy_frame.size(); } - if (offset != nullptr) { - quic::QuicStreamFrame frame( - quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, - *offset, quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); - *offset += spdy_frame.size(); - return MakePacket(header_, quic::QuicFrame(frame)); - } else { - quic::QuicStreamFrame frame( - quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, - 0, quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); - return MakePacket(header_, quic::QuicFrame(frame)); - } + quic::QuicStreamFrame frame = GenerateNextStreamFrame( + quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, + quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); + return MakePacket(header_, quic::QuicFrame(frame)); } std::unique_ptr @@ -1122,9 +1129,22 @@ QuicTestPacketMaker::MakeResponseHeadersPacket( bool should_include_version, bool fin, spdy::SpdyHeaderBlock headers, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset) { + size_t* spdy_headers_frame_length) { InitializeHeader(packet_number, should_include_version); + + if (quic::VersionUsesQpack(version_.transport_version)) { + // STREAM frames for HEADERS. + std::vector data = QpackEncodeHeaders( + stream_id, std::move(headers), spdy_headers_frame_length); + std::vector stream_frames = + GenerateNextStreamFrames(stream_id, fin, data); + + quic::QuicFrames frames; + for (const auto& frame : stream_frames) + frames.push_back(quic::QuicFrame(frame)); + return MakeMultipleFramesPacket(header_, frames, nullptr); + } + spdy::SpdySerializedFrame spdy_frame; spdy::SpdyHeadersIR headers_frame(stream_id, std::move(headers)); headers_frame.set_fin(fin); @@ -1133,46 +1153,10 @@ QuicTestPacketMaker::MakeResponseHeadersPacket( if (spdy_headers_frame_length) { *spdy_headers_frame_length = spdy_frame.size(); } - if (offset != nullptr) { - quic::QuicStreamFrame frame( - quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, - *offset, quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); - *offset += spdy_frame.size(); - return MakePacket(header_, quic::QuicFrame(frame)); - } else { - quic::QuicStreamFrame frame( - quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, - 0, quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); - return MakePacket(header_, quic::QuicFrame(frame)); - } -} - -std::unique_ptr -QuicTestPacketMaker::MakeResponseHeadersPacket( - uint64_t packet_number, - quic::QuicStreamId stream_id, - bool should_include_version, - bool fin, - spdy::SpdyHeaderBlock headers, - size_t* spdy_headers_frame_length) { - return MakeResponseHeadersPacket( - packet_number, stream_id, should_include_version, fin, std::move(headers), - spdy_headers_frame_length, nullptr); -} - -// Convenience method for calling MakeResponseHeadersPacket with nullptr for -// |spdy_headers_frame_length|. -std::unique_ptr -QuicTestPacketMaker::MakeResponseHeadersPacketWithOffsetTracking( - uint64_t packet_number, - quic::QuicStreamId stream_id, - bool should_include_version, - bool fin, - spdy::SpdyHeaderBlock headers, - quic::QuicStreamOffset* offset) { - return MakeResponseHeadersPacket(packet_number, stream_id, - should_include_version, fin, - std::move(headers), nullptr, offset); + quic::QuicStreamFrame frame = GenerateNextStreamFrame( + quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, + quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); + return MakePacket(header_, quic::QuicFrame(frame)); } spdy::SpdyHeaderBlock QuicTestPacketMaker::GetRequestHeaders( @@ -1232,7 +1216,7 @@ QuicTestPacketMaker::MakeMultipleFramesPacket( if (data_producer != nullptr) { framer.set_data_producer(data_producer); } - quic::QuicFrames frames_copy = frames; + quic::QuicFrames frames_copy = CloneFrames(frames); size_t max_plaintext_size = framer.GetMaxPlaintextSize(quic::kDefaultMaxPacketSize); if (version_.HasHeaderProtection()) { @@ -1265,14 +1249,19 @@ QuicTestPacketMaker::MakeMultipleFramesPacket( EXPECT_NE(0u, encrypted_size); quic::QuicReceivedPacket encrypted(buffer, encrypted_size, clock_->Now(), false); + if (save_packet_frames_) { + saved_frames_[header.packet_number] = frames_copy; + } else { + DeleteFrames(&frames_copy); + } return encrypted.Clone(); } void QuicTestPacketMaker::InitializeHeader(uint64_t packet_number, bool should_include_version) { - header_.destination_connection_id = connection_id_; + header_.destination_connection_id = DestinationConnectionId(); header_.destination_connection_id_included = HasDestinationConnectionId(); - header_.source_connection_id = connection_id_; + header_.source_connection_id = SourceConnectionId(); header_.source_connection_id_included = HasSourceConnectionId(); header_.reset_flag = false; header_.version_flag = ShouldIncludeVersion(should_include_version); @@ -1280,7 +1269,7 @@ void QuicTestPacketMaker::InitializeHeader(uint64_t packet_number, header_.packet_number_length = GetPacketNumberLength(); header_.packet_number = quic::QuicPacketNumber(packet_number); if (quic::QuicVersionHasLongHeaderLengths(version_.transport_version) && - should_include_version) { + header_.version_flag) { if (long_header_type_ == quic::INITIAL) { header_.retry_token_length_length = quic::VARIABLE_LENGTH_INTEGER_LENGTH_1; @@ -1290,36 +1279,94 @@ void QuicTestPacketMaker::InitializeHeader(uint64_t packet_number, } std::unique_ptr -QuicTestPacketMaker::MakeInitialSettingsPacket(uint64_t packet_number, - quic::QuicStreamOffset* offset) { - std::string unused_data; - return MakeInitialSettingsPacketAndSaveData(packet_number, offset, - &unused_data); +QuicTestPacketMaker::MakeSettingsPacket(uint64_t packet_number, + bool should_include_version) { + if (!quic::VersionHasStreamType(version_.transport_version)) { + spdy::SpdySettingsIR settings_frame; + settings_frame.AddSetting(spdy::SETTINGS_MAX_HEADER_LIST_SIZE, + kQuicMaxHeaderListSize); + spdy::SpdySerializedFrame spdy_frame( + spdy_request_framer_.SerializeFrame(settings_frame)); + InitializeHeader(packet_number, should_include_version); + quic::QuicStreamFrame quic_frame = GenerateNextStreamFrame( + quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, + quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); + return MakePacket(header_, quic::QuicFrame(quic_frame)); + } + quic::QuicFrames frames; + // A stream frame containing stream type will be written on the control stream + // first. + std::string type(1, 0x00); + quic::SettingsFrame settings; + settings.values[quic::kSettingsMaxHeaderListSize] = kQuicMaxHeaderListSize; + std::unique_ptr buffer; + quic::QuicByteCount frame_length = + http_encoder_.SerializeSettingsFrame(settings, &buffer); + std::string settings_data = std::string(buffer.get(), frame_length); + + std::vector data; + if (coalesce_http_frames_) { + data = {type + settings_data}; + } else { + data = {type, settings_data}; + } + + quic::QuicStreamId stream_id = + quic::QuicUtils::GetFirstUnidirectionalStreamId( + version_.transport_version, perspective_); + + std::vector stream_frames = + GenerateNextStreamFrames(stream_id, false, data); + for (const auto& frame : stream_frames) + frames.push_back(quic::QuicFrame(frame)); + + InitializeHeader(packet_number, /*should_include_version*/ true); + return MakeMultipleFramesPacket(header_, frames, nullptr); } std::unique_ptr -QuicTestPacketMaker::MakeInitialSettingsPacketAndSaveData( - uint64_t packet_number, - quic::QuicStreamOffset* offset, - std::string* stream_data) { - spdy::SpdySettingsIR settings_frame; - settings_frame.AddSetting(spdy::SETTINGS_MAX_HEADER_LIST_SIZE, - quic::kDefaultMaxUncompressedHeaderSize); - spdy::SpdySerializedFrame spdy_frame( - spdy_request_framer_.SerializeFrame(settings_frame)); - InitializeHeader(packet_number, /*should_include_version*/ true); - *stream_data = std::string(spdy_frame.data(), spdy_frame.size()); - if (offset != nullptr) { - quic::QuicStreamFrame quic_frame( +QuicTestPacketMaker::MakeInitialSettingsPacket(uint64_t packet_number) { + if (!quic::VersionHasStreamType(version_.transport_version)) { + spdy::SpdySettingsIR settings_frame; + settings_frame.AddSetting(spdy::SETTINGS_MAX_HEADER_LIST_SIZE, + kQuicMaxHeaderListSize); + spdy::SpdySerializedFrame spdy_frame( + spdy_request_framer_.SerializeFrame(settings_frame)); + InitializeHeader(packet_number, /*should_include_version*/ true); + quic::QuicStreamFrame quic_frame = GenerateNextStreamFrame( quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, - *offset, quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); - *offset += spdy_frame.size(); + quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); return MakePacket(header_, quic::QuicFrame(quic_frame)); } - quic::QuicStreamFrame quic_frame( - quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, 0, - quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); - return MakePacket(header_, quic::QuicFrame(quic_frame)); + quic::QuicFrames frames; + // A stream frame containing stream type will be written on the control stream + // first. + std::string type(1, 0x00); + quic::SettingsFrame settings; + settings.values[quic::kSettingsMaxHeaderListSize] = kQuicMaxHeaderListSize; + std::unique_ptr buffer; + quic::QuicByteCount frame_length = + http_encoder_.SerializeSettingsFrame(settings, &buffer); + std::string settings_data = std::string(buffer.get(), frame_length); + + std::vector data; + if (coalesce_http_frames_) { + data = {type + settings_data}; + } else { + data = {type, settings_data}; + } + + quic::QuicStreamId stream_id = + quic::QuicUtils::GetFirstUnidirectionalStreamId( + version_.transport_version, perspective_); + + std::vector stream_frames = + GenerateNextStreamFrames(stream_id, false, data); + for (const auto& frame : stream_frames) + frames.push_back(quic::QuicFrame(frame)); + + InitializeHeader(packet_number, /*should_include_version*/ true); + return MakeMultipleFramesPacket(header_, frames, nullptr); } std::unique_ptr @@ -1327,27 +1374,44 @@ QuicTestPacketMaker::MakePriorityPacket(uint64_t packet_number, bool should_include_version, quic::QuicStreamId id, quic::QuicStreamId parent_stream_id, - spdy::SpdyPriority priority, - quic::QuicStreamOffset* offset) { - if (!client_headers_include_h2_stream_dependency_) { + spdy::SpdyPriority priority) { + if (!client_headers_include_h2_stream_dependency_ || + quic::VersionUsesQpack(version_.transport_version)) { + // TODO(rch): both stream_dependencies and priority frames need to be + // supported in IETF QUIC. parent_stream_id = 0; } int weight = spdy::Spdy3PriorityToHttp2Weight(priority); bool exclusive = client_headers_include_h2_stream_dependency_; - spdy::SpdyPriorityIR priority_frame(id, parent_stream_id, weight, exclusive); - spdy::SpdySerializedFrame spdy_frame( - spdy_request_framer_.SerializeFrame(priority_frame)); + if (!VersionUsesQpack(version_.transport_version)) { + spdy::SpdyPriorityIR priority_frame(id, parent_stream_id, weight, + exclusive); + spdy::SpdySerializedFrame spdy_frame( + spdy_request_framer_.SerializeFrame(priority_frame)); - quic::QuicStreamOffset header_offset = 0; - if (offset != nullptr) { - header_offset = *offset; - *offset += spdy_frame.size(); + quic::QuicStreamFrame quic_frame = GenerateNextStreamFrame( + quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, + quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); + InitializeHeader(packet_number, should_include_version); + return MakePacket(header_, quic::QuicFrame(quic_frame)); } - quic::QuicStreamFrame quic_frame( - quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, - header_offset, - quic::QuicStringPiece(spdy_frame.data(), spdy_frame.size())); - DVLOG(1) << "Adding frame: " << quic::QuicFrame(quic_frame); + quic::PriorityFrame frame; + frame.weight = weight; + frame.exclusive = true; + frame.prioritized_element_id = id; + frame.element_dependency_id = parent_stream_id; + frame.dependency_type = quic::REQUEST_STREAM; + frame.prioritized_type = + quic::QuicUtils::IsServerInitiatedStreamId(version_.transport_version, id) + ? quic::PUSH_STREAM + : quic::REQUEST_STREAM; + std::unique_ptr buffer; + quic::QuicByteCount frame_length = + http_encoder_.SerializePriorityFrame(frame, &buffer); + std::string priority_data = std::string(buffer.get(), frame_length); + + quic::QuicStreamFrame quic_frame = + GenerateNextStreamFrame(2, false, priority_data); InitializeHeader(packet_number, should_include_version); return MakePacket(header_, quic::QuicFrame(quic_frame)); } @@ -1359,8 +1423,7 @@ QuicTestPacketMaker::MakeAckAndMultiplePriorityFramesPacket( uint64_t largest_received, uint64_t smallest_received, uint64_t least_unacked, - const std::vector& priority_frames, - quic::QuicStreamOffset* offset) { + const std::vector& priority_frames) { quic::QuicAckFrame ack(MakeAckFrame(largest_received)); ack.ack_delay_time = quic::QuicTime::Delta::Zero(); for (uint64_t i = smallest_received; i <= largest_received; ++i) { @@ -1376,10 +1439,6 @@ QuicTestPacketMaker::MakeAckAndMultiplePriorityFramesPacket( DVLOG(1) << "Adding frame: " << frames.back(); const bool exclusive = client_headers_include_h2_stream_dependency_; - quic::QuicStreamOffset header_offset = 0; - if (offset == nullptr) { - offset = &header_offset; - } // Keep SpdySerializedFrames alive until MakeMultipleFramesPacket is done. std::vector> spdy_frames; for (const Http2StreamDependency& info : priority_frames) { @@ -1391,19 +1450,43 @@ QuicTestPacketMaker::MakeAckAndMultiplePriorityFramesPacket( spdy_request_framer_.SerializeFrame(priority_frame))); spdy::SpdySerializedFrame* spdy_frame = spdy_frames.back().get(); - quic::QuicStreamFrame stream_frame( + quic::QuicStreamFrame stream_frame = GenerateNextStreamFrame( quic::QuicUtils::GetHeadersStreamId(version_.transport_version), false, - *offset, quic::QuicStringPiece(spdy_frame->data(), spdy_frame->size())); - *offset += spdy_frame->size(); + quic::QuicStringPiece(spdy_frame->data(), spdy_frame->size())); frames.push_back(quic::QuicFrame(stream_frame)); - DVLOG(1) << "Adding frame: " << frames.back(); } InitializeHeader(packet_number, should_include_version); return MakeMultipleFramesPacket(header_, frames, nullptr); } +std::unique_ptr +QuicTestPacketMaker::MakeRetransmissionPacket(uint64_t original_packet_number, + uint64_t new_packet_number, + bool should_include_version) { + DCHECK(save_packet_frames_); + InitializeHeader(new_packet_number, should_include_version); + return MakeMultipleFramesPacket( + header_, saved_frames_[quic::QuicPacketNumber(original_packet_number)], + nullptr); +} + +void QuicTestPacketMaker::RemoveSavedStreamFrames( + quic::QuicStreamId stream_id) { + for (auto& kv : saved_frames_) { + auto it = kv.second.begin(); + while (it != kv.second.end()) { + if (it->type == quic::STREAM_FRAME && + it->stream_frame.stream_id == stream_id) { + it = kv.second.erase(it); + } else { + ++it; + } + } + } +} + void QuicTestPacketMaker::SetEncryptionLevel(quic::EncryptionLevel level) { encryption_level_ = level; switch (level) { @@ -1429,20 +1512,113 @@ bool QuicTestPacketMaker::ShouldIncludeVersion(bool include_version) const { return include_version; } +quic::QuicStreamFrame QuicTestPacketMaker::GenerateNextStreamFrame( + quic::QuicStreamId stream_id, + bool fin, + quic::QuicStringPiece data) { + if (save_packet_frames_) { + saved_stream_data_.push_back(std::make_unique(data)); + data = *saved_stream_data_.back(); + } + quic::QuicStreamFrame frame(stream_id, fin, stream_offsets_[stream_id], data); + stream_offsets_[stream_id] += data.length(); + DVLOG(1) << "Adding frame: " << frame; + return frame; +} + +std::vector QuicTestPacketMaker::QpackEncodeHeaders( + quic::QuicStreamId stream_id, + spdy::SpdyHeaderBlock headers, + size_t* encoded_data_length) { + DCHECK(quic::VersionUsesQpack(version_.transport_version)); + std::vector data; + + std::string encoded_headers = + qpack_encoder_.EncodeHeaderList(stream_id, &headers); + + // Generate HEADERS frame header. + std::unique_ptr headers_frame_header; + const size_t headers_frame_header_length = + http_encoder_.SerializeHeadersFrameHeader(encoded_headers.size(), + &headers_frame_header); + + // Possible add a PUSH stream type. + if (!quic::QuicUtils::IsBidirectionalStreamId(stream_id) && + stream_offsets_[stream_id] == 0) { + // Push stream type header + data.push_back("\x01"); + } + + // Add the HEADERS frame header. + data.push_back( + std::string(headers_frame_header.get(), headers_frame_header_length)); + // Add the HEADERS frame payload. + data.push_back(encoded_headers); + + if (coalesce_http_frames_) { + std::string coalesced; + for (const auto& d : data) { + coalesced += d; + } + data = {coalesced}; + } + + // Compute the total data length. + if (encoded_data_length) { + *encoded_data_length = 0; + for (const auto& d : data) + *encoded_data_length += d.length(); + } + return data; +} + +std::vector +QuicTestPacketMaker::GenerateNextStreamFrames( + quic::QuicStreamId stream_id, + bool fin, + const std::vector& data) { + std::vector frames; + for (size_t i = 0; i < data.size(); ++i) { + const bool frame_fin = i == data.size() - 1 && fin; + quic::QuicStreamFrame frame = + GenerateNextStreamFrame(stream_id, frame_fin, data[i]); + frames.push_back(frame); + } + return frames; +} + quic::QuicPacketNumberLength QuicTestPacketMaker::GetPacketNumberLength() const { if (version_.transport_version > quic::QUIC_VERSION_43 && encryption_level_ < quic::ENCRYPTION_FORWARD_SECURE && - version_.transport_version != quic::QUIC_VERSION_99) { + !version_.SendsVariableLengthPacketNumberInLongHeader()) { return quic::PACKET_4BYTE_PACKET_NUMBER; } return quic::PACKET_1BYTE_PACKET_NUMBER; } +quic::QuicConnectionId QuicTestPacketMaker::DestinationConnectionId() const { + if (perspective_ == quic::Perspective::IS_SERVER && + GetQuicRestartFlag(quic_do_not_override_connection_id)) { + return quic::EmptyQuicConnectionId(); + } + return connection_id_; +} + +quic::QuicConnectionId QuicTestPacketMaker::SourceConnectionId() const { + if (perspective_ == quic::Perspective::IS_CLIENT && + GetQuicRestartFlag(quic_do_not_override_connection_id)) { + return quic::EmptyQuicConnectionId(); + } + return connection_id_; +} + quic::QuicConnectionIdIncluded QuicTestPacketMaker::HasDestinationConnectionId() const { - if (perspective_ == quic::Perspective::IS_SERVER && - version_.transport_version > quic::QUIC_VERSION_43) { + if (!version_.SupportsClientConnectionIds() && + perspective_ == quic::Perspective::IS_SERVER && + (VersionHasIetfInvariantHeader(version_.transport_version) || + GetQuicRestartFlag(quic_do_not_override_connection_id))) { return quic::CONNECTION_ID_ABSENT; } return quic::CONNECTION_ID_PRESENT; @@ -1450,13 +1626,20 @@ quic::QuicConnectionIdIncluded QuicTestPacketMaker::HasDestinationConnectionId() quic::QuicConnectionIdIncluded QuicTestPacketMaker::HasSourceConnectionId() const { - if (perspective_ == quic::Perspective::IS_SERVER && - version_.transport_version > quic::QUIC_VERSION_43 && - encryption_level_ < quic::ENCRYPTION_FORWARD_SECURE) { + if (version_.SupportsClientConnectionIds() || + (perspective_ == quic::Perspective::IS_SERVER && + encryption_level_ < quic::ENCRYPTION_FORWARD_SECURE && + (VersionHasIetfInvariantHeader(version_.transport_version) || + GetQuicRestartFlag(quic_do_not_override_connection_id)))) { return quic::CONNECTION_ID_PRESENT; } return quic::CONNECTION_ID_ABSENT; } +void QuicTestPacketMaker::Reset() { + for (const auto& kv : stream_offsets_) + stream_offsets_[kv.first] = 0; +} + } // namespace test } // namespace net diff --git a/chromium/net/quic/quic_test_packet_maker.h b/chromium/net/quic/quic_test_packet_maker.h index 9569b53a1db..7b18e4ef839 100644 --- a/chromium/net/quic/quic_test_packet_maker.h +++ b/chromium/net/quic/quic_test_packet_maker.h @@ -15,8 +15,11 @@ #include "base/macros.h" #include "net/base/request_priority.h" +#include "net/third_party/quiche/src/quic/core/http/http_encoder.h" +#include "net/third_party/quiche/src/quic/core/qpack/qpack_encoder.h" #include "net/third_party/quiche/src/quic/core/quic_packets.h" #include "net/third_party/quiche/src/quic/core/quic_stream_frame_data_producer.h" +#include "net/third_party/quiche/src/quic/core/quic_utils.h" #include "net/third_party/quiche/src/quic/platform/api/quic_string_piece.h" #include "net/third_party/quiche/src/quic/test_tools/mock_clock.h" #include "net/third_party/quiche/src/quic/test_tools/mock_random.h" @@ -87,7 +90,6 @@ class QuicTestPacketMaker { bool include_version, quic::QuicStreamId stream_id, quic::QuicRstStreamErrorCode error_code, - size_t bytes_written, bool include_stop_sending_if_v99); std::unique_ptr MakeRstAndRequestHeadersPacket( @@ -100,8 +102,7 @@ class QuicTestPacketMaker { spdy::SpdyPriority priority, spdy::SpdyHeaderBlock headers, quic::QuicStreamId parent_stream_id, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset); + size_t* spdy_headers_frame_length); std::unique_ptr MakeAckAndRstPacket( uint64_t num, @@ -121,7 +122,6 @@ class QuicTestPacketMaker { uint64_t smallest_received, uint64_t least_unacked, bool send_feedback, - size_t bytes_written, bool include_stop_sending_if_v99); std::unique_ptr MakeRstAckAndConnectionClosePacket( uint64_t num, @@ -185,7 +185,11 @@ class QuicTestPacketMaker { quic::QuicStreamId stream_id, bool should_include_version, bool fin, - quic::QuicStreamOffset offset, + quic::QuicStringPiece data); + std::unique_ptr MakeHeadersDataPacket( + uint64_t packet_number, + bool should_include_version, + bool fin, quic::QuicStringPiece data); std::unique_ptr MakeForceHolDataPacket( uint64_t packet_number, @@ -199,7 +203,6 @@ class QuicTestPacketMaker { quic::QuicStreamId stream_id, bool should_include_version, bool fin, - quic::QuicStreamOffset offset, const std::vector& data_writes); std::unique_ptr MakeAckAndDataPacket( uint64_t packet_number, @@ -209,7 +212,6 @@ class QuicTestPacketMaker { uint64_t smallest_received, uint64_t least_unacked, bool fin, - quic::QuicStreamOffset offset, quic::QuicStringPiece data); std::unique_ptr MakeAckAndMultipleDataFramesPacket( uint64_t packet_number, @@ -219,7 +221,6 @@ class QuicTestPacketMaker { uint64_t smallest_received, uint64_t least_unacked, bool fin, - quic::QuicStreamOffset offset, const std::vector& data); std::unique_ptr @@ -231,7 +232,6 @@ class QuicTestPacketMaker { spdy::SpdyPriority priority, spdy::SpdyHeaderBlock headers, quic::QuicStreamId parent_stream_id, - quic::QuicStreamOffset* header_stream_offset, size_t* spdy_headers_frame_length, const std::vector& data_writes); @@ -247,30 +247,6 @@ class QuicTestPacketMaker { quic::QuicStreamId parent_stream_id, size_t* spdy_headers_frame_length); - std::unique_ptr MakeRequestHeadersPacket( - uint64_t packet_number, - quic::QuicStreamId stream_id, - bool should_include_version, - bool fin, - spdy::SpdyPriority priority, - spdy::SpdyHeaderBlock headers, - quic::QuicStreamId parent_stream_id, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset); - - // Saves the serialized QUIC stream data in |stream_data|. - std::unique_ptr MakeRequestHeadersPacketAndSaveData( - uint64_t packet_number, - quic::QuicStreamId stream_id, - bool should_include_version, - bool fin, - spdy::SpdyPriority priority, - spdy::SpdyHeaderBlock headers, - quic::QuicStreamId parent_stream_id, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset, - std::string* stream_data); - std::unique_ptr MakeRequestHeadersAndRstPacket( uint64_t packet_number, quic::QuicStreamId stream_id, @@ -280,22 +256,7 @@ class QuicTestPacketMaker { spdy::SpdyHeaderBlock headers, quic::QuicStreamId parent_stream_id, size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* header_stream_offset, - quic::QuicRstStreamErrorCode error_code, - size_t bytes_written); - - // Convenience method for calling MakeRequestHeadersPacket with nullptr for - // |spdy_headers_frame_length|. - std::unique_ptr - MakeRequestHeadersPacketWithOffsetTracking( - uint64_t packet_number, - quic::QuicStreamId stream_id, - bool should_include_version, - bool fin, - spdy::SpdyPriority priority, - spdy::SpdyHeaderBlock headers, - quic::QuicStreamId parent_stream_id, - quic::QuicStreamOffset* offset); + quic::QuicRstStreamErrorCode error_code); // If |spdy_headers_frame_length| is non-null, it will be set to the size of // the SPDY headers frame created for this packet. @@ -306,20 +267,10 @@ class QuicTestPacketMaker { bool should_include_version, bool fin, spdy::SpdyHeaderBlock headers, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset); + size_t* spdy_headers_frame_length); // If |spdy_headers_frame_length| is non-null, it will be set to the size of // the SPDY headers frame created for this packet. - std::unique_ptr MakeResponseHeadersPacket( - uint64_t packet_number, - quic::QuicStreamId stream_id, - bool should_include_version, - bool fin, - spdy::SpdyHeaderBlock headers, - size_t* spdy_headers_frame_length, - quic::QuicStreamOffset* offset); - std::unique_ptr MakeResponseHeadersPacket( uint64_t packet_number, quic::QuicStreamId stream_id, @@ -328,36 +279,21 @@ class QuicTestPacketMaker { spdy::SpdyHeaderBlock headers, size_t* spdy_headers_frame_length); - // Convenience method for calling MakeResponseHeadersPacket with nullptr for - // |spdy_headers_frame_length|. - std::unique_ptr - MakeResponseHeadersPacketWithOffsetTracking(uint64_t packet_number, - quic::QuicStreamId stream_id, - bool should_include_version, - bool fin, - spdy::SpdyHeaderBlock headers, - quic::QuicStreamOffset* offset); - // Creates a packet containing the initial SETTINGS frame, and saves the // headers stream offset into |offset|. std::unique_ptr MakeInitialSettingsPacket( - uint64_t packet_number, - quic::QuicStreamOffset* offset); + uint64_t packet_number); - // Same as above, but also saves the serialized QUIC stream data in - // |stream_data|. - std::unique_ptr - MakeInitialSettingsPacketAndSaveData(uint64_t packet_number, - quic::QuicStreamOffset* offset, - std::string* stream_data); + std::unique_ptr MakeSettingsPacket( + uint64_t packet_number, + bool should_include_version); std::unique_ptr MakePriorityPacket( uint64_t packet_number, bool should_include_version, quic::QuicStreamId id, quic::QuicStreamId parent_stream_id, - spdy::SpdyPriority priority, - quic::QuicStreamOffset* offset); + spdy::SpdyPriority priority); std::unique_ptr MakeAckAndMultiplePriorityFramesPacket( @@ -366,8 +302,15 @@ class QuicTestPacketMaker { uint64_t largest_received, uint64_t smallest_received, uint64_t least_unacked, - const std::vector& priority_frames, - quic::QuicStreamOffset* offset); + const std::vector& priority_frames); + + std::unique_ptr MakeRetransmissionPacket( + uint64_t original_packet_number, + uint64_t new_packet_number, + bool should_include_version); + + // Removes all stream frames associated with |stream_id|. + void RemoveSavedStreamFrames(quic::QuicStreamId stream_id); void SetEncryptionLevel(quic::EncryptionLevel level); @@ -385,7 +328,42 @@ class QuicTestPacketMaker { spdy::SpdyFramer* spdy_request_framer() { return &spdy_request_framer_; } spdy::SpdyFramer* spdy_response_framer() { return &spdy_response_framer_; } + void Reset(); + + quic::QuicStreamOffset stream_offset(quic::QuicStreamId stream_id) { + return stream_offsets_[stream_id]; + } + + void set_coalesce_http_frames(bool coalesce_http_frames) { + coalesce_http_frames_ = coalesce_http_frames; + } + + void set_save_packet_frames(bool save_packet_frames) { + save_packet_frames_ = save_packet_frames; + } + + std::vector QpackEncodeHeaders(quic::QuicStreamId stream_id, + spdy::SpdyHeaderBlock headers, + size_t* encoded_data_length); + private: + // QpackEncoder::DecoderStreamErrorDelegate implementation that does nothing + class DecoderStreamErrorDelegate + : public quic::QpackEncoder::DecoderStreamErrorDelegate { + public: + ~DecoderStreamErrorDelegate() override = default; + + void OnDecoderStreamError(quic::QuicStringPiece error_message) override; + }; + + // QpackEncoderStreamSender::Delegate implementation that does nothing. + class EncoderStreamSenderDelegate : public quic::QpackStreamSenderDelegate { + public: + ~EncoderStreamSenderDelegate() override = default; + + void WriteStreamData(quic::QuicStringPiece data) override; + }; + std::unique_ptr MakePacket( const quic::QuicPacketHeader& header, const quic::QuicFrame& frame); @@ -405,8 +383,20 @@ class QuicTestPacketMaker { bool ShouldIncludeVersion(bool include_version) const; + quic::QuicStreamFrame GenerateNextStreamFrame(quic::QuicStreamId stream_id, + bool fin, + quic::QuicStringPiece data); + + std::vector GenerateNextStreamFrames( + quic::QuicStreamId stream_id, + bool fin, + const std::vector& data); + quic::QuicPacketNumberLength GetPacketNumberLength() const; + quic::QuicConnectionId DestinationConnectionId() const; + quic::QuicConnectionId SourceConnectionId() const; + quic::QuicConnectionIdIncluded HasDestinationConnectionId() const; quic::QuicConnectionIdIncluded HasSourceConnectionId() const; @@ -416,11 +406,20 @@ class QuicTestPacketMaker { std::string host_; spdy::SpdyFramer spdy_request_framer_; spdy::SpdyFramer spdy_response_framer_; + quic::HttpEncoder http_encoder_; + bool coalesce_http_frames_; + bool save_packet_frames_; + DecoderStreamErrorDelegate decoder_stream_error_delegate_; + EncoderStreamSenderDelegate encoder_stream_sender_delegate_; + quic::QpackEncoder qpack_encoder_; quic::test::MockRandom random_generator_; + std::map stream_offsets_; quic::QuicPacketHeader header_; quic::Perspective perspective_; quic::EncryptionLevel encryption_level_; quic::QuicLongHeaderType long_header_type_; + std::vector> saved_stream_data_; + std::map saved_frames_; // If true, generated request headers will include non-default HTTP2 stream // dependency info. diff --git a/chromium/net/quic/quic_test_packet_printer.cc b/chromium/net/quic/quic_test_packet_printer.cc new file mode 100644 index 00000000000..bc76d7d3ba9 --- /dev/null +++ b/chromium/net/quic/quic_test_packet_printer.cc @@ -0,0 +1,215 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/quic/quic_test_packet_printer.h" + +#include + +#include "net/third_party/quiche/src/quic/core/crypto/null_decrypter.h" +#include "net/third_party/quiche/src/quic/core/quic_framer.h" +#include "net/third_party/quiche/src/quic/core/quic_utils.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_flags.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_text_utils.h" + +namespace quic { + +class QuicPacketPrinter : public QuicFramerVisitorInterface { + public: + explicit QuicPacketPrinter(QuicFramer* framer, std::ostream* output) + : framer_(framer), output_(output) {} + + // QuicFramerVisitorInterface implementation. + void OnError(QuicFramer* framer) override { + *output_ << "OnError: " << QuicErrorCodeToString(framer->error()) + << " detail: " << framer->detailed_error() << "\n"; + } + bool OnProtocolVersionMismatch(ParsedQuicVersion received_version) override { + framer_->set_version(received_version); + *output_ << "OnProtocolVersionMismatch: " + << ParsedQuicVersionToString(received_version) << "\n"; + return true; + } + void OnPacket() override { *output_ << "OnPacket\n"; } + void OnPublicResetPacket(const QuicPublicResetPacket& packet) override { + *output_ << "OnPublicResetPacket\n"; + } + void OnVersionNegotiationPacket( + const QuicVersionNegotiationPacket& packet) override { + *output_ << "OnVersionNegotiationPacket\n"; + } + void OnRetryPacket(QuicConnectionId original_connection_id, + QuicConnectionId new_connection_id, + QuicStringPiece retry_token) override { + *output_ << "OnRetryPacket\n"; + } + bool OnUnauthenticatedPublicHeader(const QuicPacketHeader& header) override { + *output_ << "OnUnauthenticatedPublicHeader: " << header << "\n"; + return true; + } + bool OnUnauthenticatedHeader(const QuicPacketHeader& header) override { + *output_ << "OnUnauthenticatedHeader: " << header; + return true; + } + void OnDecryptedPacket(EncryptionLevel level) override { + *output_ << "OnDecryptedPacket\n"; + } + bool OnPacketHeader(const QuicPacketHeader& header) override { + *output_ << "OnPacketHeader\n"; + return true; + } + void OnCoalescedPacket(const QuicEncryptedPacket& packet) override { + *output_ << "OnCoalescedPacket\n"; + } + bool OnStreamFrame(const QuicStreamFrame& frame) override { + *output_ << "OnStreamFrame: " << frame; + *output_ << " data: { " + << QuicTextUtils::HexEncode(frame.data_buffer, frame.data_length) + << " }\n"; + return true; + } + bool OnCryptoFrame(const QuicCryptoFrame& frame) override { + *output_ << "OnCryptoFrame: " << frame; + *output_ << " data: { " + << QuicTextUtils::HexEncode(frame.data_buffer, frame.data_length) + << " }\n"; + return true; + } + bool OnAckFrameStart(QuicPacketNumber largest_acked, + QuicTime::Delta /*ack_delay_time*/) override { + *output_ << "OnAckFrameStart, largest_acked: " << largest_acked << "\n"; + return true; + } + bool OnAckRange(QuicPacketNumber start, QuicPacketNumber end) override { + *output_ << "OnAckRange: [" << start << ", " << end << ")\n"; + return true; + } + bool OnAckTimestamp(QuicPacketNumber packet_number, + QuicTime timestamp) override { + *output_ << "OnAckTimestamp: [" << packet_number << ", " + << timestamp.ToDebuggingValue() << ")\n"; + return true; + } + bool OnAckFrameEnd(QuicPacketNumber start) override { + *output_ << "OnAckFrameEnd, start: " << start << "\n"; + return true; + } + bool OnStopWaitingFrame(const QuicStopWaitingFrame& frame) override { + *output_ << "OnStopWaitingFrame: " << frame; + return true; + } + bool OnPaddingFrame(const QuicPaddingFrame& frame) override { + *output_ << "OnPaddingFrame: " << frame; + return true; + } + bool OnPingFrame(const QuicPingFrame& frame) override { + *output_ << "OnPingFrame\n"; + return true; + } + bool OnRstStreamFrame(const QuicRstStreamFrame& frame) override { + *output_ << "OnRstStreamFrame: " << frame; + return true; + } + bool OnConnectionCloseFrame(const QuicConnectionCloseFrame& frame) override { + // The frame printout will indicate whether it's a Google QUIC + // CONNECTION_CLOSE, IETF QUIC CONNECTION_CLOSE/Transport, or IETF QUIC + // CONNECTION_CLOSE/Application frame. + *output_ << "OnConnectionCloseFrame: " << frame; + return true; + } + bool OnNewConnectionIdFrame(const QuicNewConnectionIdFrame& frame) override { + *output_ << "OnNewConnectionIdFrame: " << frame; + return true; + } + bool OnRetireConnectionIdFrame( + const QuicRetireConnectionIdFrame& frame) override { + *output_ << "OnRetireConnectionIdFrame: " << frame; + return true; + } + bool OnNewTokenFrame(const QuicNewTokenFrame& frame) override { + *output_ << "OnNewTokenFrame: " << frame; + return true; + } + bool OnStopSendingFrame(const QuicStopSendingFrame& frame) override { + *output_ << "OnStopSendingFrame: " << frame; + return true; + } + bool OnPathChallengeFrame(const QuicPathChallengeFrame& frame) override { + *output_ << "OnPathChallengeFrame: " << frame; + return true; + } + bool OnPathResponseFrame(const QuicPathResponseFrame& frame) override { + *output_ << "OnPathResponseFrame: " << frame; + return true; + } + bool OnGoAwayFrame(const QuicGoAwayFrame& frame) override { + *output_ << "OnGoAwayFrame: " << frame; + return true; + } + bool OnMaxStreamsFrame(const QuicMaxStreamsFrame& frame) override { + *output_ << "OnMaxStreamsFrame: " << frame; + return true; + } + bool OnStreamsBlockedFrame(const QuicStreamsBlockedFrame& frame) override { + *output_ << "OnStreamsBlockedFrame: " << frame; + return true; + } + bool OnWindowUpdateFrame(const QuicWindowUpdateFrame& frame) override { + *output_ << "OnWindowUpdateFrame: " << frame; + return true; + } + bool OnBlockedFrame(const QuicBlockedFrame& frame) override { + *output_ << "OnBlockedFrame: " << frame; + return true; + } + bool OnMessageFrame(const QuicMessageFrame& frame) override { + *output_ << "OnMessageFrame: " << frame; + return true; + } + void OnPacketComplete() override { *output_ << "OnPacketComplete\n"; } + bool IsValidStatelessResetToken(QuicUint128 token) const override { + *output_ << "IsValidStatelessResetToken\n"; + return false; + } + void OnAuthenticatedIetfStatelessResetPacket( + const QuicIetfStatelessResetPacket& packet) override { + *output_ << "OnAuthenticatedIetfStatelessResetPacket\n"; + } + + private: + QuicFramer* framer_; // Unowned. + mutable std::ostream* output_; +}; + +} // namespace quic + +namespace net { + +std::string QuicPacketPrinter::PrintWrite(const std::string& data) { + quic::ParsedQuicVersionVector versions = {version_}; + // Fake a time since we're not actually generating acks. + quic::QuicTime start(quic::QuicTime::Zero()); + // Construct a server framer as this will be processing packets from + // the client. + quic::QuicFramer framer(versions, start, quic::Perspective::IS_SERVER, + quic::kQuicDefaultConnectionIdLength); + std::ostringstream stream; + quic::QuicPacketPrinter visitor(&framer, &stream); + framer.set_visitor(&visitor); + + if (version_.KnowsWhichDecrypterToUse()) { + framer.InstallDecrypter( + quic::ENCRYPTION_FORWARD_SECURE, + std::make_unique(quic::Perspective::IS_SERVER)); + } else { + framer.SetDecrypter( + quic::ENCRYPTION_FORWARD_SECURE, + std::make_unique(quic::Perspective::IS_SERVER)); + } + + quic::QuicEncryptedPacket encrypted(data.c_str(), data.length()); + framer.ProcessPacket(encrypted); + return stream.str() + "\n\n"; +} + +} // namespace net diff --git a/chromium/net/quic/quic_test_packet_printer.h b/chromium/net/quic/quic_test_packet_printer.h new file mode 100644 index 00000000000..d1d1bd5e948 --- /dev/null +++ b/chromium/net/quic/quic_test_packet_printer.h @@ -0,0 +1,31 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_QUIC_QUIC_TEST_PACKET_PRINTER_H_ +#define NET_QUIC_QUIC_TEST_PACKET_PRINTER_H_ + +#include + +#include "net/socket/socket_test_util.h" + +namespace net { + +class QuicPacketPrinter : public SocketDataPrinter { + public: + explicit QuicPacketPrinter(quic::ParsedQuicVersion version) + : version_(version) {} + QuicPacketPrinter(const QuicPacketPrinter&) = delete; + QuicPacketPrinter& operator=(const QuicPacketPrinter&) = delete; + + ~QuicPacketPrinter() = default; + + std::string PrintWrite(const std::string& data) override; + + private: + quic::ParsedQuicVersion version_; +}; + +} // namespace net + +#endif // NET_QUIC_QUIC_TEST_PACKET_PRINTER_H_ diff --git a/chromium/net/quic/quic_transport_parameters_fuzzer.cc b/chromium/net/quic/quic_transport_parameters_fuzzer.cc index 91d95fca9ab..3fe7a56b108 100644 --- a/chromium/net/quic/quic_transport_parameters_fuzzer.cc +++ b/chromium/net/quic/quic_transport_parameters_fuzzer.cc @@ -7,16 +7,17 @@ #include -#include "base/test/fuzzed_data_provider.h" #include "net/third_party/quiche/src/quic/core/crypto/transport_parameters.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" // Entry point for LibFuzzer. extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - base::FuzzedDataProvider data_provider(data, size); + FuzzedDataProvider data_provider(data, size); auto perspective = data_provider.ConsumeBool() ? quic::Perspective::IS_CLIENT : quic::Perspective::IS_SERVER; quic::TransportParameters transport_parameters; - std::vector remaining_bytes = data_provider.ConsumeRemainingBytes(); + std::vector remaining_bytes = + data_provider.ConsumeRemainingBytes(); quic::ParseTransportParameters(remaining_bytes.data(), remaining_bytes.size(), perspective, &transport_parameters); return 0; diff --git a/chromium/net/reporting/OWNERS b/chromium/net/reporting/OWNERS new file mode 100644 index 00000000000..7117a80a72b --- /dev/null +++ b/chromium/net/reporting/OWNERS @@ -0,0 +1 @@ +chlily@chromium.org diff --git a/chromium/net/reporting/mock_persistent_reporting_store.cc b/chromium/net/reporting/mock_persistent_reporting_store.cc index df95febe9af..b56c80f0a02 100644 --- a/chromium/net/reporting/mock_persistent_reporting_store.cc +++ b/chromium/net/reporting/mock_persistent_reporting_store.cc @@ -4,6 +4,8 @@ #include "net/reporting/mock_persistent_reporting_store.h" +#include + namespace net { MockPersistentReportingStore::Command::Command( @@ -187,6 +189,15 @@ bool MockPersistentReportingStore::VerifyCommands( return command_list_ == expected_commands; } +int MockPersistentReportingStore::CountCommands(Command::Type t) { + int c = 0; + for (const auto& cmd : command_list_) { + if (cmd.type == t) + ++c; + } + return c; +} + MockPersistentReportingStore::CommandList MockPersistentReportingStore::GetAllCommands() const { return command_list_; diff --git a/chromium/net/reporting/mock_persistent_reporting_store.h b/chromium/net/reporting/mock_persistent_reporting_store.h index ea05f8e3a3f..cbfe43763c2 100644 --- a/chromium/net/reporting/mock_persistent_reporting_store.h +++ b/chromium/net/reporting/mock_persistent_reporting_store.h @@ -20,6 +20,8 @@ namespace net { // received commands in order in a vector, to be checked by tests. Simulates // loading pre-existing stored endpoints and endpoint groups, which can be // provided using SetPrestoredClients(). +// +// TODO(sburnett): Replace this with a fake store to reduce awkwardness. class MockPersistentReportingStore : public ReportingCache::PersistentReportingStore { public: @@ -103,8 +105,12 @@ class MockPersistentReportingStore void FinishLoading(bool load_success); // Verify that |command_list_| matches |expected_commands|. + // TODO(sburnett): Replace this with a set of gmock matchers. bool VerifyCommands(const CommandList& expected_commands) const; + // Count the number of commands with type |t|. + int CountCommands(Command::Type t); + CommandList GetAllCommands() const; // Gets the number of stored endpoints/groups, simulating the actual number diff --git a/chromium/net/reporting/mock_persistent_reporting_store_unittest.cc b/chromium/net/reporting/mock_persistent_reporting_store_unittest.cc index b2006ae6e25..0c4c6660c9e 100644 --- a/chromium/net/reporting/mock_persistent_reporting_store_unittest.cc +++ b/chromium/net/reporting/mock_persistent_reporting_store_unittest.cc @@ -2,12 +2,13 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include "net/reporting/mock_persistent_reporting_store.h" + #include #include "base/location.h" #include "base/test/bind_test_util.h" #include "base/time/time.h" -#include "net/reporting/mock_persistent_reporting_store.h" #include "net/reporting/reporting_endpoint.h" #include "testing/gtest/include/gtest/gtest.h" #include "url/gurl.h" @@ -17,6 +18,8 @@ namespace net { namespace { +using CommandType = MockPersistentReportingStore::Command::Type; + const url::Origin kOrigin = url::Origin::Create(GURL("https://example.test/")); const char kGroupName[] = "groupname"; const GURL kUrl = GURL("https://endpoint.test/reports"); @@ -59,8 +62,7 @@ TEST(MockPersistentReportingStoreTest, FinishLoading) { store.LoadReportingClients(MakeExpectedRunReportingClientsLoadedCallback( &loaded_endpoints, &loaded_groups)); - expected_commands.emplace_back( - MockPersistentReportingStore::Command::Type::LOAD_REPORTING_CLIENTS); + expected_commands.emplace_back(CommandType::LOAD_REPORTING_CLIENTS); store.FinishLoading(true /* load_success */); EXPECT_EQ(0u, loaded_endpoints.size()); @@ -82,8 +84,7 @@ TEST(MockPersistentReportingStoreTest, PreStoredClients) { store.LoadReportingClients(MakeExpectedRunReportingClientsLoadedCallback( &loaded_endpoints, &loaded_groups)); - expected_commands.emplace_back( - MockPersistentReportingStore::Command::Type::LOAD_REPORTING_CLIENTS); + expected_commands.emplace_back(CommandType::LOAD_REPORTING_CLIENTS); store.FinishLoading(true /* load_success */); EXPECT_EQ(1u, loaded_endpoints.size()); @@ -105,8 +106,7 @@ TEST(MockPersistentReportingStoreTest, FailedLoad) { store.LoadReportingClients(MakeExpectedRunReportingClientsLoadedCallback( &loaded_endpoints, &loaded_groups)); - expected_commands.emplace_back( - MockPersistentReportingStore::Command::Type::LOAD_REPORTING_CLIENTS); + expected_commands.emplace_back(CommandType::LOAD_REPORTING_CLIENTS); store.FinishLoading(false /* load_success */); EXPECT_EQ(0u, loaded_endpoints.size()); @@ -123,8 +123,7 @@ TEST(MockPersistentReportingStoreTest, AddFlushDeleteFlush) { store.LoadReportingClients(MakeExpectedRunReportingClientsLoadedCallback( &loaded_endpoints, &loaded_groups)); - expected_commands.emplace_back( - MockPersistentReportingStore::Command::Type::LOAD_REPORTING_CLIENTS); + expected_commands.emplace_back(CommandType::LOAD_REPORTING_CLIENTS); EXPECT_EQ(1u, store.GetAllCommands().size()); store.FinishLoading(true /* load_success */); @@ -134,44 +133,74 @@ TEST(MockPersistentReportingStoreTest, AddFlushDeleteFlush) { EXPECT_EQ(0, store.StoredEndpointGroupsCount()); store.AddReportingEndpoint(kEndpoint); - expected_commands.emplace_back( - MockPersistentReportingStore::Command::Type::ADD_REPORTING_ENDPOINT, - kEndpoint); + expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT, + kEndpoint); EXPECT_EQ(2u, store.GetAllCommands().size()); store.AddReportingEndpointGroup(kGroup); - expected_commands.emplace_back( - MockPersistentReportingStore::Command::Type::ADD_REPORTING_ENDPOINT_GROUP, - kGroup); + expected_commands.emplace_back(CommandType::ADD_REPORTING_ENDPOINT_GROUP, + kGroup); EXPECT_EQ(3u, store.GetAllCommands().size()); store.Flush(); - expected_commands.emplace_back( - MockPersistentReportingStore::Command::Type::FLUSH); + expected_commands.emplace_back(CommandType::FLUSH); EXPECT_EQ(4u, store.GetAllCommands().size()); EXPECT_EQ(1, store.StoredEndpointsCount()); EXPECT_EQ(1, store.StoredEndpointGroupsCount()); store.DeleteReportingEndpoint(kEndpoint); - expected_commands.emplace_back( - MockPersistentReportingStore::Command::Type::DELETE_REPORTING_ENDPOINT, - kEndpoint); + expected_commands.emplace_back(CommandType::DELETE_REPORTING_ENDPOINT, + kEndpoint); EXPECT_EQ(5u, store.GetAllCommands().size()); store.DeleteReportingEndpointGroup(kGroup); - expected_commands.emplace_back(MockPersistentReportingStore::Command::Type:: - DELETE_REPORTING_ENDPOINT_GROUP, + expected_commands.emplace_back(CommandType::DELETE_REPORTING_ENDPOINT_GROUP, kGroup); EXPECT_EQ(6u, store.GetAllCommands().size()); store.Flush(); - expected_commands.emplace_back( - MockPersistentReportingStore::Command::Type::FLUSH); + expected_commands.emplace_back(CommandType::FLUSH); EXPECT_EQ(7u, store.GetAllCommands().size()); EXPECT_EQ(0, store.StoredEndpointsCount()); EXPECT_EQ(0, store.StoredEndpointGroupsCount()); EXPECT_TRUE(store.VerifyCommands(expected_commands)); + + EXPECT_EQ(1, store.CountCommands(CommandType::LOAD_REPORTING_CLIENTS)); + EXPECT_EQ( + 0, store.CountCommands(CommandType::UPDATE_REPORTING_ENDPOINT_DETAILS)); +} + +TEST(MockPersistentReportingStoreTest, CountCommands) { + MockPersistentReportingStore store; + + std::vector loaded_endpoints; + std::vector loaded_groups; + store.LoadReportingClients(MakeExpectedRunReportingClientsLoadedCallback( + &loaded_endpoints, &loaded_groups)); + store.FinishLoading(true /* load_success */); + + store.AddReportingEndpoint(kEndpoint); + store.AddReportingEndpointGroup(kGroup); + store.Flush(); + + store.DeleteReportingEndpoint(kEndpoint); + store.DeleteReportingEndpointGroup(kGroup); + store.Flush(); + + EXPECT_EQ(1, store.CountCommands(CommandType::LOAD_REPORTING_CLIENTS)); + EXPECT_EQ(1, store.CountCommands(CommandType::ADD_REPORTING_ENDPOINT)); + EXPECT_EQ(1, store.CountCommands(CommandType::ADD_REPORTING_ENDPOINT_GROUP)); + EXPECT_EQ(0, store.CountCommands( + CommandType::UPDATE_REPORTING_ENDPOINT_GROUP_ACCESS_TIME)); + EXPECT_EQ( + 0, store.CountCommands(CommandType::UPDATE_REPORTING_ENDPOINT_DETAILS)); + EXPECT_EQ(0, store.CountCommands( + CommandType::UPDATE_REPORTING_ENDPOINT_GROUP_DETAILS)); + EXPECT_EQ(1, store.CountCommands(CommandType::DELETE_REPORTING_ENDPOINT)); + EXPECT_EQ(1, + store.CountCommands(CommandType::DELETE_REPORTING_ENDPOINT_GROUP)); + EXPECT_EQ(2, store.CountCommands(CommandType::FLUSH)); } } // namespace diff --git a/chromium/net/reporting/reporting_cache.cc b/chromium/net/reporting/reporting_cache.cc index ec5ef10150d..8773122dab3 100644 --- a/chromium/net/reporting/reporting_cache.cc +++ b/chromium/net/reporting/reporting_cache.cc @@ -11,9 +11,8 @@ namespace net { // static std::unique_ptr ReportingCache::Create( - ReportingContext* context, - PersistentReportingStore* store) { - return std::make_unique(context, store); + ReportingContext* context) { + return std::make_unique(context); } ReportingCache::~ReportingCache() = default; diff --git a/chromium/net/reporting/reporting_cache.h b/chromium/net/reporting/reporting_cache.h index 6b441fa8268..a9f6ad76b50 100644 --- a/chromium/net/reporting/reporting_cache.h +++ b/chromium/net/reporting/reporting_cache.h @@ -48,10 +48,7 @@ class NET_EXPORT ReportingCache { public: class PersistentReportingStore; - // |store| should outlive the ReportingCache. - static std::unique_ptr Create( - ReportingContext* context, - PersistentReportingStore* store); + static std::unique_ptr Create(ReportingContext* context); virtual ~ReportingCache(); @@ -162,6 +159,15 @@ class NET_EXPORT ReportingCache { // they become empty. virtual void RemoveEndpointsForUrl(const GURL& url) = 0; + // Insert endpoints and endpoint groups that have been loaded from the store. + // + // You must only call this method if context.store() was non-null when you + // constructed the cache and persist_clients_across_restarts in your + // ReportingPolicy is true. + virtual void AddClientsLoadedFromStore( + std::vector loaded_endpoints, + std::vector loaded_endpoint_groups) = 0; + // Gets endpoints that apply to a delivery for |origin| and |group|. // // First checks for |group| in a client exactly matching |origin|. diff --git a/chromium/net/reporting/reporting_cache_impl.cc b/chromium/net/reporting/reporting_cache_impl.cc index 01f343d1fdd..52cf80e9305 100644 --- a/chromium/net/reporting/reporting_cache_impl.cc +++ b/chromium/net/reporting/reporting_cache_impl.cc @@ -40,20 +40,19 @@ std::string GetSuperdomain(const std::string& domain) { } // namespace -ReportingCacheImpl::ReportingCacheImpl(ReportingContext* context, - PersistentReportingStore* store) - : context_(context), store_(store) { +ReportingCacheImpl::ReportingCacheImpl(ReportingContext* context) + : context_(context) { DCHECK(context_); } ReportingCacheImpl::~ReportingCacheImpl() { - base::TimeTicks now = tick_clock()->NowTicks(); + base::TimeTicks now = tick_clock().NowTicks(); // Mark all undoomed reports as erased at shutdown, and record outcomes of // all remaining reports (doomed or not). for (auto it = reports_.begin(); it != reports_.end(); ++it) { ReportingReport* report = it->second.get(); - if (!base::ContainsKey(doomed_reports_, report)) + if (!base::Contains(doomed_reports_, report)) report->outcome = ReportingReport::Outcome::ERASED_REPORTING_SHUT_DOWN; report->RecordOutcome(now); } @@ -84,7 +83,7 @@ void ReportingCacheImpl::AddReport(const GURL& url, DCHECK_NE(nullptr, to_evict); // The newly-added report isn't pending, so even if all other reports are // pending, the cache should have a report to evict. - DCHECK(!base::ContainsKey(pending_reports_, to_evict)); + DCHECK(!base::Contains(pending_reports_, to_evict)); reports_[to_evict]->outcome = ReportingReport::Outcome::ERASED_EVICTED; RemoveReportInternal(to_evict); } @@ -96,7 +95,7 @@ void ReportingCacheImpl::GetReports( std::vector* reports_out) const { reports_out->clear(); for (const auto& it : reports_) { - if (!base::ContainsKey(doomed_reports_, it.first)) + if (!base::Contains(doomed_reports_, it.first)) reports_out->push_back(it.second.get()); } } @@ -131,9 +130,9 @@ base::Value ReportingCacheImpl::GetReportsAsValue() const { if (report->body) { report_dict.SetKey("body", report->body->Clone()); } - if (base::ContainsKey(doomed_reports_, report)) { + if (base::Contains(doomed_reports_, report)) { report_dict.SetKey("status", base::Value("doomed")); - } else if (base::ContainsKey(pending_reports_, report)) { + } else if (base::Contains(pending_reports_, report)) { report_dict.SetKey("status", base::Value("pending")); } else { report_dict.SetKey("status", base::Value("queued")); @@ -147,8 +146,8 @@ void ReportingCacheImpl::GetNonpendingReports( std::vector* reports_out) const { reports_out->clear(); for (const auto& it : reports_) { - if (!base::ContainsKey(pending_reports_, it.first) && - !base::ContainsKey(doomed_reports_, it.first)) { + if (!base::Contains(pending_reports_, it.first) && + !base::Contains(doomed_reports_, it.first)) { reports_out->push_back(it.second.get()); } } @@ -169,7 +168,7 @@ void ReportingCacheImpl::ClearReportsPending( for (const ReportingReport* report : reports) { size_t erased = pending_reports_.erase(report); DCHECK_EQ(1u, erased); - if (base::ContainsKey(doomed_reports_, report)) { + if (base::Contains(doomed_reports_, report)) { reports_to_remove.push_back(report); doomed_reports_.erase(report); } @@ -182,7 +181,7 @@ void ReportingCacheImpl::ClearReportsPending( void ReportingCacheImpl::IncrementReportsAttempts( const std::vector& reports) { for (const ReportingReport* report : reports) { - DCHECK(base::ContainsKey(reports_, report)); + DCHECK(base::Contains(reports_, report)); reports_[report]->attempts++; } @@ -216,10 +215,10 @@ void ReportingCacheImpl::RemoveReports( ReportingReport::Outcome outcome) { for (const ReportingReport* report : reports) { reports_[report]->outcome = outcome; - if (base::ContainsKey(pending_reports_, report)) { + if (base::Contains(pending_reports_, report)) { doomed_reports_.insert(report); } else { - DCHECK(!base::ContainsKey(doomed_reports_, report)); + DCHECK(!base::Contains(doomed_reports_, report)); RemoveReportInternal(report); } } @@ -232,7 +231,7 @@ void ReportingCacheImpl::RemoveAllReports(ReportingReport::Outcome outcome) { for (auto it = reports_.begin(); it != reports_.end(); ++it) { ReportingReport* report = it->second.get(); report->outcome = outcome; - if (!base::ContainsKey(pending_reports_, report)) + if (!base::Contains(pending_reports_, report)) reports_to_remove.push_back(report); else doomed_reports_.insert(report); @@ -250,12 +249,12 @@ size_t ReportingCacheImpl::GetFullReportCountForTesting() const { bool ReportingCacheImpl::IsReportPendingForTesting( const ReportingReport* report) const { - return base::ContainsKey(pending_reports_, report); + return base::Contains(pending_reports_, report); } bool ReportingCacheImpl::IsReportDoomedForTesting( const ReportingReport* report) const { - return base::ContainsKey(doomed_reports_, report); + return base::Contains(doomed_reports_, report); } void ReportingCacheImpl::OnParsedHeader( @@ -264,12 +263,13 @@ void ReportingCacheImpl::OnParsedHeader( SanityCheckClients(); OriginClient new_client(origin); - base::Time now = clock()->Now(); + base::Time now = clock().Now(); new_client.last_used = now; + std::map> endpoints_per_group; + for (const auto& parsed_endpoint_group : parsed_header) { new_client.endpoint_group_names.insert(parsed_endpoint_group.name); - new_client.endpoint_count += parsed_endpoint_group.endpoints.size(); // Creates an endpoint group and sets its |last_used| to |now|. CachedReportingEndpointGroup new_group(new_client.origin, @@ -278,6 +278,7 @@ void ReportingCacheImpl::OnParsedHeader( std::set new_endpoints; for (const auto& parsed_endpoint_info : parsed_endpoint_group.endpoints) { new_endpoints.insert(parsed_endpoint_info.url); + endpoints_per_group[new_group.group_key].insert(parsed_endpoint_info.url); ReportingEndpoint new_endpoint(origin, parsed_endpoint_group.name, std::move(parsed_endpoint_info)); AddOrUpdateEndpoint(std::move(new_endpoint)); @@ -290,6 +291,14 @@ void ReportingCacheImpl::OnParsedHeader( AddOrUpdateEndpointGroup(std::move(new_group)); } + // Compute the total endpoint count for this origin. We can't just count the + // number of endpoints per group because there may be duplicate endpoint URLs, + // which we ignore. See http://crbug.com/983000 for discussion. + // TODO(crbug.com/983000): Allow duplicate endpoint URLs. + for (const auto& group_key_and_endpoint_set : endpoints_per_group) { + new_client.endpoint_count += group_key_and_endpoint_set.second.size(); + } + // Remove endpoint groups that may have been configured for an existing client // for |origin|, but which are not specified in the current header. RemoveEndpointGroupsForOriginOtherThan(origin, @@ -324,10 +333,17 @@ void ReportingCacheImpl::RemoveClient(const url::Origin& origin) { void ReportingCacheImpl::RemoveAllClients() { SanityCheckClients(); - origin_clients_.clear(); - endpoint_groups_.clear(); - endpoints_.clear(); - endpoint_its_by_url_.clear(); + + auto remove_it = origin_clients_.begin(); + while (remove_it != origin_clients_.end()) { + remove_it = RemoveClientInternal(remove_it); + } + + DCHECK(origin_clients_.empty()); + DCHECK(endpoint_groups_.empty()); + DCHECK(endpoints_.empty()); + DCHECK(endpoint_its_by_url_.empty()); + SanityCheckClients(); context_->NotifyCachedClientsUpdated(); } @@ -382,11 +398,103 @@ void ReportingCacheImpl::RemoveEndpointsForUrl(const GURL& url) { context_->NotifyCachedClientsUpdated(); } +// Reconstruct an OriginClient from the loaded endpoint groups, and add the +// loaded endpoints and endpoint groups into the cache. +void ReportingCacheImpl::AddClientsLoadedFromStore( + std::vector loaded_endpoints, + std::vector loaded_endpoint_groups) { + DCHECK(context_->IsClientDataPersisted()); + + std::sort(loaded_endpoints.begin(), loaded_endpoints.end(), + [](const ReportingEndpoint& a, const ReportingEndpoint& b) -> bool { + return a.group_key < b.group_key; + }); + std::sort(loaded_endpoint_groups.begin(), loaded_endpoint_groups.end(), + [](const CachedReportingEndpointGroup& a, + const CachedReportingEndpointGroup& b) -> bool { + return a.group_key < b.group_key; + }); + + // If using a persistent store, cache should be empty before loading finishes. + DCHECK(origin_clients_.empty()); + DCHECK(endpoint_groups_.empty()); + DCHECK(endpoints_.empty()); + DCHECK(endpoint_its_by_url_.empty()); + + // |loaded_endpoints| and |loaded_endpoint_groups| should both be sorted by + // origin and group name. + auto endpoints_it = loaded_endpoints.begin(); + auto endpoint_groups_it = loaded_endpoint_groups.begin(); + + base::Optional origin_client; + + while (endpoint_groups_it != loaded_endpoint_groups.end() && + endpoints_it != loaded_endpoints.end()) { + const CachedReportingEndpointGroup& group = *endpoint_groups_it; + const ReportingEndpointGroupKey& group_key = group.group_key; + + if (group_key < endpoints_it->group_key) { + // This endpoint group has no associated endpoints, so move on to the next + // endpoint group. + ++endpoint_groups_it; + continue; + } else if (group_key > endpoints_it->group_key) { + // This endpoint has no associated endpoint group, so move on to the next + // endpoint. + ++endpoints_it; + continue; + } + + DCHECK(group_key == endpoints_it->group_key); + + size_t cur_group_endpoints_count = 0; + + // Insert the endpoints corresponding to this group. + while (endpoints_it != loaded_endpoints.end() && + endpoints_it->group_key == group_key) { + EndpointMap::iterator inserted = endpoints_.insert( + std::make_pair(group_key, std::move(*endpoints_it))); + endpoint_its_by_url_.insert( + std::make_pair(inserted->second.info.url, inserted)); + ++cur_group_endpoints_count; + ++endpoints_it; + } + + if (!origin_client || origin_client->origin != group_key.origin) { + // Store the old origin_client and start a new one. + if (origin_client) { + OriginClientMap::iterator client_it = + origin_clients_.insert(std::make_pair(origin_client->origin.host(), + std::move(*origin_client))); + EnforcePerOriginAndGlobalEndpointLimits(client_it->second.origin); + } + origin_client.emplace(group_key.origin); + } + DCHECK(origin_client.has_value()); + origin_client->endpoint_group_names.insert(group_key.group_name); + origin_client->endpoint_count += cur_group_endpoints_count; + origin_client->last_used = + std::max(origin_client->last_used, group.last_used); + + endpoint_groups_.insert(std::make_pair(group_key, std::move(group))); + + ++endpoint_groups_it; + } + + if (origin_client) { + OriginClientMap::iterator client_it = origin_clients_.insert(std::make_pair( + origin_client->origin.host(), std::move(*origin_client))); + EnforcePerOriginAndGlobalEndpointLimits(client_it->second.origin); + } + + SanityCheckClients(); +} + std::vector ReportingCacheImpl::GetCandidateEndpointsForDelivery( const url::Origin& origin, const std::string& group_name) { - base::Time now = clock()->Now(); + base::Time now = clock().Now(); SanityCheckClients(); // Look for an exact origin match for |origin| and |group|. @@ -411,7 +519,7 @@ ReportingCacheImpl::GetCandidateEndpointsForDelivery( // Client for a superdomain of |origin| const OriginClient& client = client_it->second; // Check if |client| has a group with the requested name. - if (!base::ContainsKey(client.endpoint_group_names, group_name)) + if (!base::Contains(client.endpoint_group_names, group_name)) continue; ReportingEndpointGroupKey group_key(client.origin, group_name); @@ -503,7 +611,7 @@ void ReportingCacheImpl::SetEndpointForTesting( origin_clients_.insert(std::make_pair(domain, std::move(new_client))); } - base::Time now = clock()->Now(); + base::Time now = clock().Now(); ReportingEndpointGroupKey group_key(origin, group_name); EndpointGroupMap::iterator group_it = FindEndpointGroupIt(group_key); @@ -557,16 +665,8 @@ ReportingCacheImpl::OriginClient::OriginClient(OriginClient&& other) = default; ReportingCacheImpl::OriginClient::~OriginClient() = default; -bool ReportingCacheImpl::IsReportDataPersisted() const { - return store_ && context_->policy().persist_reports_across_restarts; -} - -bool ReportingCacheImpl::IsClientDataPersisted() const { - return store_ && context_->policy().persist_clients_across_restarts; -} - void ReportingCacheImpl::RemoveReportInternal(const ReportingReport* report) { - reports_[report]->RecordOutcome(tick_clock()->NowTicks()); + reports_[report]->RecordOutcome(tick_clock().NowTicks()); size_t erased = reports_.erase(report); DCHECK_EQ(1u, erased); } @@ -576,7 +676,7 @@ const ReportingReport* ReportingCacheImpl::FindReportToEvict() const { for (const auto& it : reports_) { const ReportingReport* report = it.first; - if (base::ContainsKey(pending_reports_, report)) + if (base::Contains(pending_reports_, report)) continue; if (!earliest_queued || report->queued < earliest_queued->queued) { earliest_queued = report; @@ -601,7 +701,7 @@ void ReportingCacheImpl::SanityCheckClients() const { total_endpoint_group_count += SanityCheckOriginClient(domain, client); // We have not seen a duplicate client with the same origin. - DCHECK(!base::ContainsKey(origins_in_cache, client.origin)); + DCHECK(!base::Contains(origins_in_cache, client.origin)); origins_in_cache.insert(client.origin); } @@ -634,6 +734,7 @@ size_t ReportingCacheImpl::SanityCheckOriginClient( for (const std::string& group_name : client.endpoint_group_names) { ++endpoint_group_count_in_client; ReportingEndpointGroupKey group_key(client.origin, group_name); + DCHECK(endpoint_groups_.find(group_key) != endpoint_groups_.end()); const CachedReportingEndpointGroup& group = endpoint_groups_.at(group_key); endpoint_count_in_client += SanityCheckEndpointGroup(group_key, group); } @@ -672,7 +773,7 @@ size_t ReportingCacheImpl::SanityCheckEndpointGroup( // We have not seen a duplicate endpoint with the same URL in this // group. - DCHECK(!base::ContainsKey(endpoint_urls_in_group, endpoint.info.url)); + DCHECK(!base::Contains(endpoint_urls_in_group, endpoint.info.url)); endpoint_urls_in_group.insert(endpoint.info.url); ++endpoint_count_in_group; @@ -693,14 +794,14 @@ void ReportingCacheImpl::SanityCheckEndpoint( DCHECK_LE(0, endpoint.info.weight); // The endpoint is in the |endpoint_its_by_url_| index. - DCHECK(base::ContainsKey(endpoint_its_by_url_, endpoint.info.url)); + DCHECK(base::Contains(endpoint_its_by_url_, endpoint.info.url)); auto url_range = endpoint_its_by_url_.equal_range(endpoint.info.url); std::vector endpoint_its_for_url; for (auto index_it = url_range.first; index_it != url_range.second; ++index_it) { endpoint_its_for_url.push_back(index_it->second); } - DCHECK(base::ContainsValue(endpoint_its_for_url, endpoint_it)); + DCHECK(base::Contains(endpoint_its_for_url, endpoint_it)); #endif // DCHECK_IS_ON() } @@ -762,6 +863,9 @@ void ReportingCacheImpl::AddOrUpdateEndpointGroup( // Add a new endpoint group for this origin and group name. if (group_it == endpoint_groups_.end()) { + if (context_->IsClientDataPersisted()) + store()->AddReportingEndpointGroup(new_group); + endpoint_groups_.insert( std::make_pair(new_group.group_key, std::move(new_group))); return; @@ -773,6 +877,9 @@ void ReportingCacheImpl::AddOrUpdateEndpointGroup( old_group.expires = new_group.expires; old_group.last_used = new_group.last_used; + if (context_->IsClientDataPersisted()) + store()->UpdateReportingEndpointGroupDetails(new_group); + // Note: SanityCheckClients() may fail here because we have not yet // added/updated the OriginClient for |origin| yet. } @@ -783,6 +890,9 @@ void ReportingCacheImpl::AddOrUpdateEndpoint(ReportingEndpoint new_endpoint) { // Add a new endpoint for this origin, group, and url. if (endpoint_it == endpoints_.end()) { + if (context_->IsClientDataPersisted()) + store()->AddReportingEndpoint(new_endpoint); + url::Origin origin = new_endpoint.group_key.origin; EndpointMap::iterator endpoint_it = endpoints_.insert( std::make_pair(new_endpoint.group_key, std::move(new_endpoint))); @@ -801,6 +911,9 @@ void ReportingCacheImpl::AddOrUpdateEndpoint(ReportingEndpoint new_endpoint) { old_endpoint.info.weight = new_endpoint.info.weight; // |old_endpoint.stats| stays the same. + if (context_->IsClientDataPersisted()) + store()->UpdateReportingEndpointDetails(new_endpoint); + // Note: SanityCheckClients() may fail here because we have not yet // added/updated the OriginClient for |origin| yet. } @@ -822,7 +935,7 @@ void ReportingCacheImpl::RemoveEndpointsInGroupOtherThan( const auto group_range = endpoints_.equal_range(group_key); for (auto it = group_range.first; it != group_range.second;) { - if (base::ContainsKey(endpoints_to_keep_urls, it->second.info.url)) { + if (base::Contains(endpoints_to_keep_urls, it->second.info.url)) { ++it; continue; } @@ -878,6 +991,8 @@ void ReportingCacheImpl::MarkEndpointGroupAndClientUsed( base::Time now) { group_it->second.last_used = now; client_it->second.last_used = now; + if (context_->IsClientDataPersisted()) + store()->UpdateReportingEndpointGroupAccessTime(group_it->second); } base::Optional @@ -902,6 +1017,8 @@ ReportingCacheImpl::RemoveEndpointInternal(OriginClientMap::iterator client_it, DCHECK_GT(client_it->second.endpoint_count, 1u); RemoveEndpointItFromIndex(endpoint_it); --client_it->second.endpoint_count; + if (context_->IsClientDataPersisted()) + store()->DeleteReportingEndpoint(endpoint_it->second); return endpoints_.erase(endpoint_it); } @@ -922,6 +1039,9 @@ ReportingCacheImpl::RemoveEndpointGroupInternal( if (num_endpoints_removed) *num_endpoints_removed += endpoints_removed; for (auto it = group_range.first; it != group_range.second; ++it) { + if (context_->IsClientDataPersisted()) + store()->DeleteReportingEndpoint(it->second); + RemoveEndpointItFromIndex(it); } endpoints_.erase(group_range.first, group_range.second); @@ -935,6 +1055,9 @@ ReportingCacheImpl::RemoveEndpointGroupInternal( client.endpoint_group_names.erase(group_key.group_name); DCHECK_EQ(1u, erased_from_client); + if (context_->IsClientDataPersisted()) + store()->DeleteReportingEndpointGroup(group_it->second); + base::Optional rv = endpoint_groups_.erase(group_it); @@ -955,10 +1078,16 @@ ReportingCacheImpl::RemoveClientInternal(OriginClientMap::iterator client_it) { // Erase all groups in this client, and all endpoints in those groups. for (const std::string& group_name : client.endpoint_group_names) { ReportingEndpointGroupKey group_key(client.origin, group_name); - endpoint_groups_.erase(group_key); + EndpointGroupMap::iterator group_it = FindEndpointGroupIt(group_key); + if (context_->IsClientDataPersisted()) + store()->DeleteReportingEndpointGroup(group_it->second); + endpoint_groups_.erase(group_it); const auto group_range = endpoints_.equal_range(group_key); for (auto it = group_range.first; it != group_range.second; ++it) { + if (context_->IsClientDataPersisted()) + store()->DeleteReportingEndpoint(it->second); + RemoveEndpointItFromIndex(it); } endpoints_.erase(group_range.first, group_range.second); @@ -1078,7 +1207,7 @@ void ReportingCacheImpl::EvictEndpointFromGroup( bool ReportingCacheImpl::RemoveExpiredOrStaleGroups( OriginClientMap::iterator client_it, size_t* num_endpoints_removed) { - base::Time now = clock()->Now(); + base::Time now = clock().Now(); // Make a copy of this because |client_it| may be invalidated. std::set groups_in_client_names( client_it->second.endpoint_group_names); diff --git a/chromium/net/reporting/reporting_cache_impl.h b/chromium/net/reporting/reporting_cache_impl.h index 908a14b7ec3..bccd0b168d9 100644 --- a/chromium/net/reporting/reporting_cache_impl.h +++ b/chromium/net/reporting/reporting_cache_impl.h @@ -31,8 +31,7 @@ namespace net { class ReportingCacheImpl : public ReportingCache { public: - ReportingCacheImpl(ReportingContext* context, - PersistentReportingStore* store); + ReportingCacheImpl(ReportingContext* context); ~ReportingCacheImpl() override; @@ -76,6 +75,10 @@ class ReportingCacheImpl : public ReportingCache { void RemoveEndpointGroup(const url::Origin& origin, const std::string& name) override; void RemoveEndpointsForUrl(const GURL& url) override; + void AddClientsLoadedFromStore( + std::vector loaded_endpoints, + std::vector loaded_endpoint_groups) + override; std::vector GetCandidateEndpointsForDelivery( const url::Origin& origin, const std::string& group_name) override; @@ -129,11 +132,6 @@ class ReportingCacheImpl : public ReportingCache { using EndpointMap = std::multimap; - // Returns whether the cached data is persisted across restarts in the - // PersistentReportingStore. - bool IsReportDataPersisted() const; - bool IsClientDataPersisted() const; - void RemoveReportInternal(const ReportingReport* report); const ReportingReport* FindReportToEvict() const; @@ -286,17 +284,13 @@ class ReportingCacheImpl : public ReportingCache { const CachedReportingEndpointGroup& group) const; base::Value GetEndpointAsValue(const ReportingEndpoint& endpoint) const; - base::Clock* clock() const { return context_->clock(); } - - const base::TickClock* tick_clock() const { return context_->tick_clock(); } + // Convenience methods for fetching things from the context_. + const base::Clock& clock() const { return context_->clock(); } + const base::TickClock& tick_clock() const { return context_->tick_clock(); } + PersistentReportingStore* store() { return context_->store(); } ReportingContext* context_; - // Stores cached data persistently, if not null. If |store_| is null, then the - // ReportingCache will store data in memory only. - // TODO(chlily): Implement. - PersistentReportingStore* const store_; - // Owns all reports, keyed by const raw pointer for easier lookup. std::unordered_map> reports_; diff --git a/chromium/net/reporting/reporting_cache_unittest.cc b/chromium/net/reporting/reporting_cache_unittest.cc index 163ca17bc0b..11c8716e5e3 100644 --- a/chromium/net/reporting/reporting_cache_unittest.cc +++ b/chromium/net/reporting/reporting_cache_unittest.cc @@ -8,6 +8,7 @@ #include #include +#include "base/bind.h" #include "base/strings/string_number_conversions.h" #include "base/test/simple_test_tick_clock.h" #include "base/test/values_test_util.h" @@ -19,6 +20,7 @@ #include "net/reporting/reporting_endpoint.h" #include "net/reporting/reporting_report.h" #include "net/reporting/reporting_test_util.h" +#include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" #include "url/gurl.h" #include "url/origin.h" @@ -26,6 +28,8 @@ namespace net { namespace { +using CommandType = MockPersistentReportingStore::Command::Type; + class TestReportingCacheObserver : public ReportingCacheObserver { public: TestReportingCacheObserver() @@ -71,6 +75,16 @@ class ReportingCacheTest : public ReportingTestBase, ~ReportingCacheTest() override { context()->RemoveCacheObserver(&observer_); } + void LoadReportingClients() { + // All ReportingCache methods assume that the store has been initialized. + if (store()) { + store()->LoadReportingClients( + base::BindOnce(&ReportingCache::AddClientsLoadedFromStore, + base::Unretained(cache()))); + store()->FinishLoading(true); + } + } + TestReportingCacheObserver* observer() { return &observer_; } size_t report_count() { @@ -132,6 +146,8 @@ class ReportingCacheTest : public ReportingTestBase, const url::Origin kOrigin2_ = url::Origin::Create(GURL("https://origin2/")); const GURL kEndpoint1_ = GURL("https://endpoint1/"); const GURL kEndpoint2_ = GURL("https://endpoint2/"); + const GURL kEndpoint3_ = GURL("https://endpoint3/"); + const GURL kEndpoint4_ = GURL("https://endpoint4/"); const std::string kUserAgent_ = "Mozilla/1.0"; const std::string kGroup1_ = "group1"; const std::string kGroup2_ = "group2"; @@ -152,6 +168,8 @@ class ReportingCacheTest : public ReportingTestBase, // header parser. TEST_P(ReportingCacheTest, Reports) { + LoadReportingClients(); + std::vector reports; cache()->GetReports(&reports); EXPECT_TRUE(reports.empty()); @@ -192,6 +210,8 @@ TEST_P(ReportingCacheTest, Reports) { } TEST_P(ReportingCacheTest, RemoveAllReports) { + LoadReportingClients(); + cache()->AddReport(kUrl1_, kUserAgent_, kGroup1_, kType_, std::make_unique(), 0, kNowTicks_, 0); @@ -212,6 +232,8 @@ TEST_P(ReportingCacheTest, RemoveAllReports) { } TEST_P(ReportingCacheTest, RemovePendingReports) { + LoadReportingClients(); + cache()->AddReport(kUrl1_, kUserAgent_, kGroup1_, kType_, std::make_unique(), 0, kNowTicks_, 0); @@ -244,6 +266,8 @@ TEST_P(ReportingCacheTest, RemovePendingReports) { } TEST_P(ReportingCacheTest, RemoveAllPendingReports) { + LoadReportingClients(); + cache()->AddReport(kUrl1_, kUserAgent_, kGroup1_, kType_, std::make_unique(), 0, kNowTicks_, 0); @@ -276,6 +300,8 @@ TEST_P(ReportingCacheTest, RemoveAllPendingReports) { } TEST_P(ReportingCacheTest, GetReportsAsValue) { + LoadReportingClients(); + // We need a reproducible expiry timestamp for this test case. const base::TimeTicks now = base::TimeTicks(); const ReportingReport* report1 = @@ -346,6 +372,8 @@ TEST_P(ReportingCacheTest, GetReportsAsValue) { } TEST_P(ReportingCacheTest, Endpoints) { + LoadReportingClients(); + EXPECT_EQ(0u, cache()->GetEndpointCount()); ASSERT_TRUE(SetEndpointInCache(kOrigin1_, kGroup1_, kEndpoint1_, kExpires1_)); EXPECT_EQ(1u, cache()->GetEndpointCount()); @@ -402,6 +430,8 @@ TEST_P(ReportingCacheTest, Endpoints) { } TEST_P(ReportingCacheTest, RemoveClient) { + LoadReportingClients(); + ASSERT_TRUE(SetEndpointInCache(kOrigin1_, kGroup1_, kEndpoint1_, kExpires1_)); ASSERT_TRUE(SetEndpointInCache(kOrigin1_, kGroup1_, kEndpoint2_, kExpires1_)); ASSERT_TRUE(SetEndpointInCache(kOrigin2_, kGroup1_, kEndpoint1_, kExpires1_)); @@ -415,9 +445,41 @@ TEST_P(ReportingCacheTest, RemoveClient) { EXPECT_EQ(2u, cache()->GetEndpointCount()); EXPECT_FALSE(OriginClientExistsInCache(kOrigin1_)); EXPECT_TRUE(OriginClientExistsInCache(kOrigin2_)); + + if (store()) { + store()->Flush(); + // SetEndpointInCache doesn't update store counts, which is why they go + // negative here. + // TODO(crbug.com/895821): Populate the cache via the store so we don't need + // negative counts. + EXPECT_EQ(-2, store()->StoredEndpointsCount()); + EXPECT_EQ(-1, store()->StoredEndpointGroupsCount()); + MockPersistentReportingStore::CommandList expected_commands; + EXPECT_EQ(2, + store()->CountCommands(CommandType::DELETE_REPORTING_ENDPOINT)); + EXPECT_EQ(1, store()->CountCommands( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP)); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin1_, kGroup1_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin1_, kGroup1_, + ReportingEndpoint::EndpointInfo{kEndpoint2_})); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin1_, kGroup1_, + ReportingEndpoint::EndpointInfo{kEndpoint1_})); + EXPECT_THAT(store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } } TEST_P(ReportingCacheTest, RemoveAllClients) { + LoadReportingClients(); + ASSERT_TRUE(SetEndpointInCache(kOrigin1_, kGroup1_, kEndpoint1_, kExpires1_)); ASSERT_TRUE(SetEndpointInCache(kOrigin1_, kGroup1_, kEndpoint2_, kExpires1_)); ASSERT_TRUE(SetEndpointInCache(kOrigin2_, kGroup1_, kEndpoint1_, kExpires1_)); @@ -431,9 +493,59 @@ TEST_P(ReportingCacheTest, RemoveAllClients) { EXPECT_EQ(0u, cache()->GetEndpointCount()); EXPECT_FALSE(OriginClientExistsInCache(kOrigin1_)); EXPECT_FALSE(OriginClientExistsInCache(kOrigin2_)); + + if (store()) { + store()->Flush(); + // SetEndpointInCache doesn't update store counts, which is why they go + // negative here. + // TODO(crbug.com/895821): Populate the cache via the store so we don't need + // negative counts. + EXPECT_EQ(-4, store()->StoredEndpointsCount()); + EXPECT_EQ(-3, store()->StoredEndpointGroupsCount()); + MockPersistentReportingStore::CommandList expected_commands; + EXPECT_EQ(4, + store()->CountCommands(CommandType::DELETE_REPORTING_ENDPOINT)); + EXPECT_EQ(3, store()->CountCommands( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP)); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin1_, kGroup1_, + ReportingEndpoint::EndpointInfo{kEndpoint1_})); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin1_, kGroup1_, + ReportingEndpoint::EndpointInfo{kEndpoint2_})); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin2_, kGroup1_, + ReportingEndpoint::EndpointInfo{kEndpoint1_})); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin2_, kGroup2_, + ReportingEndpoint::EndpointInfo{kEndpoint2_})); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin1_, kGroup1_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin2_, kGroup1_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin2_, kGroup2_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } } TEST_P(ReportingCacheTest, RemoveEndpointGroup) { + LoadReportingClients(); + ASSERT_TRUE(SetEndpointInCache(kOrigin1_, kGroup1_, kEndpoint1_, kExpires1_)); ASSERT_TRUE(SetEndpointInCache(kOrigin1_, kGroup1_, kEndpoint2_, kExpires1_)); ASSERT_TRUE(SetEndpointInCache(kOrigin2_, kGroup1_, kEndpoint1_, kExpires1_)); @@ -465,9 +577,46 @@ TEST_P(ReportingCacheTest, RemoveEndpointGroup) { EXPECT_TRUE(OriginClientExistsInCache(kOrigin1_)); EXPECT_TRUE(EndpointGroupExistsInCache( kOrigin1_, kGroup1_, OriginSubdomains::DEFAULT, kExpires1_)); + + if (store()) { + store()->Flush(); + // SetEndpointInCache doesn't update store counts, which is why they go + // negative here. + // TODO(crbug.com/895821): Populate the cache via the store so we don't need + // negative counts. + EXPECT_EQ(-2, store()->StoredEndpointsCount()); + EXPECT_EQ(-2, store()->StoredEndpointGroupsCount()); + EXPECT_EQ(2, + store()->CountCommands(CommandType::DELETE_REPORTING_ENDPOINT)); + EXPECT_EQ(2, store()->CountCommands( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP)); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin2_, kGroup1_, + ReportingEndpoint::EndpointInfo{kEndpoint1_})); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin2_, kGroup2_, + ReportingEndpoint::EndpointInfo{kEndpoint2_})); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin2_, kGroup1_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin2_, kGroup2_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } } TEST_P(ReportingCacheTest, RemoveEndpointsForUrl) { + LoadReportingClients(); + ASSERT_TRUE(SetEndpointInCache(kOrigin1_, kGroup1_, kEndpoint1_, kExpires1_)); ASSERT_TRUE(SetEndpointInCache(kOrigin1_, kGroup1_, kEndpoint2_, kExpires1_)); ASSERT_TRUE(SetEndpointInCache(kOrigin2_, kGroup1_, kEndpoint1_, kExpires1_)); @@ -497,9 +646,41 @@ TEST_P(ReportingCacheTest, RemoveEndpointsForUrl) { EXPECT_TRUE(FindEndpointInCache(kOrigin1_, kGroup1_, kEndpoint2_)); EXPECT_FALSE(FindEndpointInCache(kOrigin2_, kGroup1_, kEndpoint1_)); EXPECT_TRUE(FindEndpointInCache(kOrigin2_, kGroup2_, kEndpoint2_)); + + if (store()) { + store()->Flush(); + // SetEndpointInCache doesn't update store counts, which is why they go + // negative here. + // TODO(crbug.com/895821): Populate the cache via the store so we don't need + // negative counts. + EXPECT_EQ(-2, store()->StoredEndpointsCount()); + EXPECT_EQ(-1, store()->StoredEndpointGroupsCount()); + EXPECT_EQ(2, + store()->CountCommands(CommandType::DELETE_REPORTING_ENDPOINT)); + EXPECT_EQ(1, store()->CountCommands( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP)); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin1_, kGroup1_, + ReportingEndpoint::EndpointInfo{kEndpoint1_})); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin2_, kGroup1_, + ReportingEndpoint::EndpointInfo{kEndpoint1_})); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin2_, kGroup1_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } } TEST_P(ReportingCacheTest, GetClientsAsValue) { + LoadReportingClients(); + // These times are bogus but we need a reproducible expiry timestamp for this // test case. const base::TimeTicks expires_ticks = @@ -562,6 +743,8 @@ TEST_P(ReportingCacheTest, GetClientsAsValue) { } TEST_P(ReportingCacheTest, GetCandidateEndpointsForDelivery) { + LoadReportingClients(); + ASSERT_TRUE(SetEndpointInCache(kOrigin1_, kGroup1_, kEndpoint1_, kExpires1_)); ASSERT_TRUE(SetEndpointInCache(kOrigin1_, kGroup1_, kEndpoint2_, kExpires1_)); ASSERT_TRUE(SetEndpointInCache(kOrigin2_, kGroup1_, kEndpoint1_, kExpires1_)); @@ -582,6 +765,8 @@ TEST_P(ReportingCacheTest, GetCandidateEndpointsForDelivery) { } TEST_P(ReportingCacheTest, GetCandidateEndpointsExcludesExpired) { + LoadReportingClients(); + ASSERT_TRUE(SetEndpointInCache(kOrigin1_, kGroup1_, kEndpoint1_, kExpires1_)); ASSERT_TRUE(SetEndpointInCache(kOrigin1_, kGroup1_, kEndpoint2_, kExpires1_)); ASSERT_TRUE(SetEndpointInCache(kOrigin2_, kGroup1_, kEndpoint1_, kExpires1_)); @@ -606,6 +791,8 @@ TEST_P(ReportingCacheTest, GetCandidateEndpointsExcludesExpired) { } TEST_P(ReportingCacheTest, ExcludeSubdomainsDifferentPort) { + LoadReportingClients(); + const url::Origin kOrigin = url::Origin::Create(GURL("https://example/")); const url::Origin kDifferentPortOrigin = url::Origin::Create(GURL("https://example:444/")); @@ -619,6 +806,8 @@ TEST_P(ReportingCacheTest, ExcludeSubdomainsDifferentPort) { } TEST_P(ReportingCacheTest, ExcludeSubdomainsSuperdomain) { + LoadReportingClients(); + const url::Origin kOrigin = url::Origin::Create(GURL("https://foo.example/")); const url::Origin kSuperOrigin = url::Origin::Create(GURL("https://example/")); @@ -632,6 +821,8 @@ TEST_P(ReportingCacheTest, ExcludeSubdomainsSuperdomain) { } TEST_P(ReportingCacheTest, IncludeSubdomainsDifferentPort) { + LoadReportingClients(); + const url::Origin kOrigin = url::Origin::Create(GURL("https://example/")); const url::Origin kDifferentPortOrigin = url::Origin::Create(GURL("https://example:444/")); @@ -646,6 +837,8 @@ TEST_P(ReportingCacheTest, IncludeSubdomainsDifferentPort) { } TEST_P(ReportingCacheTest, IncludeSubdomainsSuperdomain) { + LoadReportingClients(); + const url::Origin kOrigin = url::Origin::Create(GURL("https://foo.example/")); const url::Origin kSuperOrigin = url::Origin::Create(GURL("https://example/")); @@ -660,6 +853,8 @@ TEST_P(ReportingCacheTest, IncludeSubdomainsSuperdomain) { } TEST_P(ReportingCacheTest, IncludeSubdomainsPreferOriginToDifferentPort) { + LoadReportingClients(); + const url::Origin kOrigin = url::Origin::Create(GURL("https://foo.example/")); const url::Origin kDifferentPortOrigin = url::Origin::Create(GURL("https://example:444/")); @@ -676,6 +871,8 @@ TEST_P(ReportingCacheTest, IncludeSubdomainsPreferOriginToDifferentPort) { } TEST_P(ReportingCacheTest, IncludeSubdomainsPreferOriginToSuperdomain) { + LoadReportingClients(); + const url::Origin kOrigin = url::Origin::Create(GURL("https://foo.example/")); const url::Origin kSuperOrigin = url::Origin::Create(GURL("https://example/")); @@ -692,6 +889,8 @@ TEST_P(ReportingCacheTest, IncludeSubdomainsPreferOriginToSuperdomain) { } TEST_P(ReportingCacheTest, IncludeSubdomainsPreferMoreSpecificSuperdomain) { + LoadReportingClients(); + const url::Origin kOrigin = url::Origin::Create(GURL("https://foo.bar.example/")); const url::Origin kSuperOrigin = @@ -711,6 +910,8 @@ TEST_P(ReportingCacheTest, IncludeSubdomainsPreferMoreSpecificSuperdomain) { } TEST_P(ReportingCacheTest, EvictOldestReport) { + LoadReportingClients(); + size_t max_report_count = policy().max_report_count; ASSERT_LT(0u, max_report_count); @@ -742,6 +943,8 @@ TEST_P(ReportingCacheTest, EvictOldestReport) { } TEST_P(ReportingCacheTest, DontEvictPendingReports) { + LoadReportingClients(); + size_t max_report_count = policy().max_report_count; ASSERT_LT(0u, max_report_count); @@ -777,6 +980,8 @@ TEST_P(ReportingCacheTest, DontEvictPendingReports) { } TEST_P(ReportingCacheTest, EvictEndpointsOverPerOriginLimit) { + LoadReportingClients(); + for (size_t i = 0; i < policy().max_endpoints_per_origin; ++i) { ASSERT_TRUE( SetEndpointInCache(kOrigin1_, kGroup1_, MakeURL(i), kExpires1_)); @@ -789,6 +994,8 @@ TEST_P(ReportingCacheTest, EvictEndpointsOverPerOriginLimit) { } TEST_P(ReportingCacheTest, EvictExpiredGroups) { + LoadReportingClients(); + for (size_t i = 0; i < policy().max_endpoints_per_origin; ++i) { ASSERT_TRUE( SetEndpointInCache(kOrigin1_, kGroup1_, MakeURL(i), kExpires1_)); @@ -813,6 +1020,8 @@ TEST_P(ReportingCacheTest, EvictExpiredGroups) { } TEST_P(ReportingCacheTest, EvictStaleGroups) { + LoadReportingClients(); + for (size_t i = 0; i < policy().max_endpoints_per_origin; ++i) { ASSERT_TRUE( SetEndpointInCache(kOrigin1_, kGroup1_, MakeURL(i), kExpires1_)); @@ -836,6 +1045,8 @@ TEST_P(ReportingCacheTest, EvictStaleGroups) { } TEST_P(ReportingCacheTest, EvictFromStalestGroup) { + LoadReportingClients(); + for (size_t i = 0; i < policy().max_endpoints_per_origin; ++i) { ASSERT_TRUE(SetEndpointInCache(kOrigin1_, base::NumberToString(i), MakeURL(i), kExpires1_)); @@ -866,6 +1077,8 @@ TEST_P(ReportingCacheTest, EvictFromStalestGroup) { } TEST_P(ReportingCacheTest, EvictFromLargestGroup) { + LoadReportingClients(); + ASSERT_TRUE(SetEndpointInCache(kOrigin1_, kGroup1_, MakeURL(0), kExpires1_)); // This group should be evicted from because it has 2 endpoints. ASSERT_TRUE(SetEndpointInCache(kOrigin1_, kGroup2_, MakeURL(1), kExpires1_)); @@ -890,6 +1103,8 @@ TEST_P(ReportingCacheTest, EvictFromLargestGroup) { } TEST_P(ReportingCacheTest, EvictLeastImportantEndpoint) { + LoadReportingClients(); + ASSERT_TRUE(SetEndpointInCache(kOrigin1_, kGroup1_, MakeURL(0), kExpires1_, OriginSubdomains::DEFAULT, 1 /* priority*/, 1 /* weight */)); @@ -917,6 +1132,8 @@ TEST_P(ReportingCacheTest, EvictLeastImportantEndpoint) { } TEST_P(ReportingCacheTest, EvictEndpointsOverGlobalLimitFromStalestClient) { + LoadReportingClients(); + // Set enough endpoints to reach the global endpoint limit. for (size_t i = 0; i < policy().max_endpoint_count; ++i) { ASSERT_TRUE(SetEndpointInCache(url::Origin::Create(MakeURL(i)), kGroup1_, @@ -938,6 +1155,180 @@ TEST_P(ReportingCacheTest, EvictEndpointsOverGlobalLimitFromStalestClient) { EXPECT_TRUE(OriginClientExistsInCache(kOrigin1_)); } +TEST_P(ReportingCacheTest, AddClientsLoadedFromStore) { + if (!store()) + return; + + base::Time now = clock()->Now(); + + std::vector endpoints; + endpoints.emplace_back(kOrigin1_, kGroup1_, + ReportingEndpoint::EndpointInfo{kEndpoint1_}); + endpoints.emplace_back(kOrigin2_, kGroup2_, + ReportingEndpoint::EndpointInfo{kEndpoint2_}); + endpoints.emplace_back(kOrigin1_, kGroup1_, + ReportingEndpoint::EndpointInfo{kEndpoint2_}); + endpoints.emplace_back(kOrigin2_, kGroup1_, + ReportingEndpoint::EndpointInfo{kEndpoint1_}); + std::vector groups; + groups.emplace_back(kOrigin2_, kGroup1_, OriginSubdomains::DEFAULT, + now + base::TimeDelta::FromMinutes(2) /* expires */, + now /* last_used */); + groups.emplace_back(kOrigin1_, kGroup1_, OriginSubdomains::DEFAULT, + now + base::TimeDelta::FromMinutes(1) /* expires */, + now /* last_used */); + groups.emplace_back(kOrigin2_, kGroup2_, OriginSubdomains::DEFAULT, + now + base::TimeDelta::FromMinutes(3) /* expires */, + now /* last_used */); + store()->SetPrestoredClients(endpoints, groups); + + LoadReportingClients(); + + EXPECT_EQ(4u, cache()->GetEndpointCount()); + EXPECT_EQ(3u, cache()->GetEndpointGroupCountForTesting()); + EXPECT_TRUE(EndpointExistsInCache(kOrigin1_, kGroup1_, kEndpoint1_)); + EXPECT_TRUE(EndpointExistsInCache(kOrigin1_, kGroup1_, kEndpoint2_)); + EXPECT_TRUE(EndpointExistsInCache(kOrigin2_, kGroup1_, kEndpoint1_)); + EXPECT_TRUE(EndpointExistsInCache(kOrigin2_, kGroup2_, kEndpoint2_)); + EXPECT_TRUE( + EndpointGroupExistsInCache(kOrigin1_, kGroup1_, OriginSubdomains::DEFAULT, + now + base::TimeDelta::FromMinutes(1))); + EXPECT_TRUE( + EndpointGroupExistsInCache(kOrigin2_, kGroup1_, OriginSubdomains::DEFAULT, + now + base::TimeDelta::FromMinutes(2))); + EXPECT_TRUE( + EndpointGroupExistsInCache(kOrigin2_, kGroup2_, OriginSubdomains::DEFAULT, + now + base::TimeDelta::FromMinutes(3))); + EXPECT_TRUE(OriginClientExistsInCache(kOrigin1_)); + EXPECT_TRUE(OriginClientExistsInCache(kOrigin2_)); +} + +TEST_P(ReportingCacheTest, DoNotStoreMoreThanLimits) { + if (!store()) + return; + + base::Time now = clock()->Now(); + + // We hardcode the number of endpoints in this test, so we need to manually + // update the test when |max_endpoint_count| changes. You'll need to + // add/remove elements to |endpoints| when that happens. + EXPECT_EQ(5u, policy().max_endpoint_count) << "You need to update this test " + << "to reflect a change in " + << "max_endpoint_count"; + + std::vector endpoints; + endpoints.emplace_back(kOrigin1_, kGroup1_, + ReportingEndpoint::EndpointInfo{kEndpoint1_}); + endpoints.emplace_back(kOrigin1_, kGroup1_, + ReportingEndpoint::EndpointInfo{kEndpoint2_}); + endpoints.emplace_back(kOrigin1_, kGroup1_, + ReportingEndpoint::EndpointInfo{kEndpoint3_}); + endpoints.emplace_back(kOrigin1_, kGroup1_, + ReportingEndpoint::EndpointInfo{kEndpoint4_}); + endpoints.emplace_back(kOrigin2_, kGroup2_, + ReportingEndpoint::EndpointInfo{kEndpoint1_}); + endpoints.emplace_back(kOrigin2_, kGroup2_, + ReportingEndpoint::EndpointInfo{kEndpoint2_}); + endpoints.emplace_back(kOrigin2_, kGroup2_, + ReportingEndpoint::EndpointInfo{kEndpoint3_}); + endpoints.emplace_back(kOrigin2_, kGroup2_, + ReportingEndpoint::EndpointInfo{kEndpoint4_}); + std::vector groups; + groups.emplace_back(kOrigin1_, kGroup1_, OriginSubdomains::DEFAULT, + now /* expires */, now /* last_used */); + groups.emplace_back(kOrigin2_, kGroup2_, OriginSubdomains::DEFAULT, + now /* expires */, now /* last_used */); + store()->SetPrestoredClients(endpoints, groups); + + LoadReportingClients(); + + EXPECT_GE(5u, cache()->GetEndpointCount()); + EXPECT_GE(2u, cache()->GetEndpointGroupCountForTesting()); +} + +TEST_P(ReportingCacheTest, DoNotLoadMismatchedGroupsAndEndpoints) { + if (!store()) + return; + + base::Time now = clock()->Now(); + + std::vector endpoints; + // This endpoint has no corresponding endpoint group + endpoints.emplace_back(kOrigin1_, kGroup1_, + ReportingEndpoint::EndpointInfo{kEndpoint1_}); + endpoints.emplace_back(kOrigin2_, kGroup1_, + ReportingEndpoint::EndpointInfo{kEndpoint1_}); + // This endpoint has no corresponding endpoint group + endpoints.emplace_back(kOrigin2_, kGroup2_, + ReportingEndpoint::EndpointInfo{kEndpoint1_}); + std::vector groups; + // This endpoint group has no corresponding endpoint + groups.emplace_back(kOrigin1_, kGroup2_, OriginSubdomains::DEFAULT, + now /* expires */, now /* last_used */); + groups.emplace_back(kOrigin2_, kGroup1_, OriginSubdomains::DEFAULT, + now /* expires */, now /* last_used */); + // This endpoint group has no corresponding endpoint + groups.emplace_back(kOrigin2_, "last_group", OriginSubdomains::DEFAULT, + now /* expires */, now /* last_used */); + store()->SetPrestoredClients(endpoints, groups); + + LoadReportingClients(); + + EXPECT_GE(1u, cache()->GetEndpointCount()); + EXPECT_GE(1u, cache()->GetEndpointGroupCountForTesting()); + EXPECT_TRUE(EndpointExistsInCache(kOrigin2_, kGroup1_, kEndpoint1_)); +} + +// This test verifies that we preserve the last_used field when storing clients +// loaded from disk. We don't have direct access into individual cache elements, +// so we test this indirectly by triggering a cache eviction and verifying that +// a stale element (i.e., one older than a week, by default) is selected for +// eviction. If last_used weren't populated then presumably that element +// wouldn't be evicted. (Or rather, it would only have a 25% chance of being +// evicted and this test would then be flaky.) +TEST_P(ReportingCacheTest, StoreLastUsedProperly) { + if (!store()) + return; + + base::Time now = clock()->Now(); + + // We hardcode the number of endpoints in this test, so we need to manually + // update the test when |max_endpoints_per_origin| changes. You'll need to + // add/remove elements to |endpoints| and |grups| when that happens. + EXPECT_EQ(3u, policy().max_endpoints_per_origin) + << "You need to update this test to reflect a change in " + "max_endpoints_per_origin"; + + // We need more than three endpoints to trigger eviction. + std::vector endpoints; + endpoints.emplace_back(kOrigin1_, "1", + ReportingEndpoint::EndpointInfo{kEndpoint1_}); + endpoints.emplace_back(kOrigin1_, "2", + ReportingEndpoint::EndpointInfo{kEndpoint1_}); + endpoints.emplace_back(kOrigin1_, "3", + ReportingEndpoint::EndpointInfo{kEndpoint1_}); + endpoints.emplace_back(kOrigin1_, "4", + ReportingEndpoint::EndpointInfo{kEndpoint1_}); + std::vector groups; + groups.emplace_back(kOrigin1_, "1", OriginSubdomains::DEFAULT, + now /* expires */, now /* last_used */); + groups.emplace_back(kOrigin1_, "2", OriginSubdomains::DEFAULT, + now /* expires */, now /* last_used */); + // Stale last_used on group "3" should cause us to select it for eviction + groups.emplace_back(kOrigin1_, "3", OriginSubdomains::DEFAULT, + now /* expires */, base::Time() /* last_used */); + groups.emplace_back(kOrigin1_, "4", OriginSubdomains::DEFAULT, + now /* expires */, now /* last_used */); + store()->SetPrestoredClients(endpoints, groups); + + LoadReportingClients(); + + EXPECT_TRUE(EndpointExistsInCache(kOrigin1_, "1", kEndpoint1_)); + EXPECT_TRUE(EndpointExistsInCache(kOrigin1_, "2", kEndpoint1_)); + EXPECT_FALSE(EndpointExistsInCache(kOrigin1_, "3", kEndpoint1_)); + EXPECT_TRUE(EndpointExistsInCache(kOrigin1_, "4", kEndpoint1_)); +} + INSTANTIATE_TEST_SUITE_P(ReportingCacheStoreTest, ReportingCacheTest, testing::Bool()); diff --git a/chromium/net/reporting/reporting_context.cc b/chromium/net/reporting/reporting_context.cc index 64cbb887f6d..1c38d6f8b2c 100644 --- a/chromium/net/reporting/reporting_context.cc +++ b/chromium/net/reporting/reporting_context.cc @@ -77,8 +77,18 @@ void ReportingContext::NotifyCachedClientsUpdated() { observer.OnClientsUpdated(); } +bool ReportingContext::IsReportDataPersisted() const { + return store_ && policy_.persist_reports_across_restarts; +} + +bool ReportingContext::IsClientDataPersisted() const { + return store_ && policy_.persist_clients_across_restarts; +} + void ReportingContext::OnShutdown() { uploader_->OnShutdown(); + if (store_) + store_->Flush(); } ReportingContext::ReportingContext( @@ -94,7 +104,8 @@ ReportingContext::ReportingContext( tick_clock_(tick_clock), uploader_(std::move(uploader)), delegate_(std::move(delegate)), - cache_(ReportingCache::Create(this, store)), + cache_(ReportingCache::Create(this)), + store_(store), endpoint_manager_(ReportingEndpointManager::Create(this, rand_callback)), delivery_agent_(ReportingDeliveryAgent::Create(this)), garbage_collector_(ReportingGarbageCollector::Create(this)), diff --git a/chromium/net/reporting/reporting_context.h b/chromium/net/reporting/reporting_context.h index 233dbc73938..b418868f7e3 100644 --- a/chromium/net/reporting/reporting_context.h +++ b/chromium/net/reporting/reporting_context.h @@ -43,14 +43,14 @@ class NET_EXPORT ReportingContext { ~ReportingContext(); - const ReportingPolicy& policy() { return policy_; } + const ReportingPolicy& policy() const { return policy_; } - base::Clock* clock() { return clock_; } - const base::TickClock* tick_clock() { return tick_clock_; } + const base::Clock& clock() const { return *clock_; } + const base::TickClock& tick_clock() const { return *tick_clock_; } ReportingUploader* uploader() { return uploader_.get(); } - ReportingDelegate* delegate() { return delegate_.get(); } ReportingCache* cache() { return cache_.get(); } + ReportingCache::PersistentReportingStore* store() { return store_; } ReportingEndpointManager* endpoint_manager() { return endpoint_manager_.get(); } @@ -65,6 +65,11 @@ class NET_EXPORT ReportingContext { void NotifyCachedReportsUpdated(); void NotifyCachedClientsUpdated(); + // Returns whether the data in the cache is persisted across restarts in the + // PersistentReportingStore. + bool IsReportDataPersisted() const; + bool IsClientDataPersisted() const; + void OnShutdown(); protected: @@ -90,6 +95,8 @@ class NET_EXPORT ReportingContext { std::unique_ptr cache_; + ReportingCache::PersistentReportingStore* const store_; + // |endpoint_manager_| must come after |tick_clock_| and |cache_|. std::unique_ptr endpoint_manager_; diff --git a/chromium/net/reporting/reporting_delivery_agent.cc b/chromium/net/reporting/reporting_delivery_agent.cc index 2745cafffc4..7d143363a23 100644 --- a/chromium/net/reporting/reporting_delivery_agent.cc +++ b/chromium/net/reporting/reporting_delivery_agent.cc @@ -55,9 +55,7 @@ class ReportingDeliveryAgentImpl : public ReportingDeliveryAgent, public ReportingCacheObserver { public: ReportingDeliveryAgentImpl(ReportingContext* context) - : context_(context), - timer_(std::make_unique()), - weak_factory_(this) { + : context_(context), timer_(std::make_unique()) { context_->AddCacheObserver(this); } @@ -170,7 +168,7 @@ class ReportingDeliveryAgentImpl : public ReportingDeliveryAgent, const url::Origin& report_origin = origin_group.first; const std::string& group = origin_group.second; - if (base::ContainsKey(pending_origin_groups_, origin_group)) + if (base::Contains(pending_origin_groups_, origin_group)) continue; const ReportingEndpoint endpoint = @@ -209,7 +207,7 @@ class ReportingDeliveryAgentImpl : public ReportingDeliveryAgent, std::unique_ptr& delivery = it.second; std::string json; - SerializeReports(delivery->reports, tick_clock()->NowTicks(), &json); + SerializeReports(delivery->reports, tick_clock().NowTicks(), &json); int max_depth = 0; for (const ReportingReport* report : delivery->reports) { @@ -261,8 +259,8 @@ class ReportingDeliveryAgentImpl : public ReportingDeliveryAgent, cache()->ClearReportsPending(delivery->reports); } - const ReportingPolicy& policy() { return context_->policy(); } - const base::TickClock* tick_clock() { return context_->tick_clock(); } + const ReportingPolicy& policy() const { return context_->policy(); } + const base::TickClock& tick_clock() const { return context_->tick_clock(); } ReportingDelegate* delegate() { return context_->delegate(); } ReportingCache* cache() { return context_->cache(); } ReportingUploader* uploader() { return context_->uploader(); } @@ -278,7 +276,7 @@ class ReportingDeliveryAgentImpl : public ReportingDeliveryAgent, // (Would be an unordered_set, but there's no hash on pair.) std::set pending_origin_groups_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(ReportingDeliveryAgentImpl); }; diff --git a/chromium/net/reporting/reporting_endpoint.cc b/chromium/net/reporting/reporting_endpoint.cc index 506a860fc35..3b5b790842d 100644 --- a/chromium/net/reporting/reporting_endpoint.cc +++ b/chromium/net/reporting/reporting_endpoint.cc @@ -32,6 +32,11 @@ bool operator<(const ReportingEndpointGroupKey& lhs, return std::tie(lhs.origin, lhs.group_name) < std::tie(rhs.origin, rhs.group_name); } +bool operator>(const ReportingEndpointGroupKey& lhs, + const ReportingEndpointGroupKey& rhs) { + return std::tie(lhs.origin, lhs.group_name) > + std::tie(rhs.origin, rhs.group_name); +} const int ReportingEndpoint::EndpointInfo::kDefaultPriority = 1; const int ReportingEndpoint::EndpointInfo::kDefaultWeight = 1; @@ -51,6 +56,10 @@ ReportingEndpoint::ReportingEndpoint(url::Origin origin, ReportingEndpoint::ReportingEndpoint(const ReportingEndpoint& other) = default; ReportingEndpoint::ReportingEndpoint(ReportingEndpoint&& other) = default; +ReportingEndpoint& ReportingEndpoint::operator=(const ReportingEndpoint&) = + default; +ReportingEndpoint& ReportingEndpoint::operator=(ReportingEndpoint&&) = default; + ReportingEndpoint::~ReportingEndpoint() = default; bool ReportingEndpoint::is_valid() const { diff --git a/chromium/net/reporting/reporting_endpoint.h b/chromium/net/reporting/reporting_endpoint.h index 9447fb0e8c6..a6801e2ea2a 100644 --- a/chromium/net/reporting/reporting_endpoint.h +++ b/chromium/net/reporting/reporting_endpoint.h @@ -21,10 +21,10 @@ struct NET_EXPORT ReportingEndpointGroupKey { ReportingEndpointGroupKey(url::Origin origin, std::string group_name); // Origin that configured this endpoint group. - const url::Origin origin; + url::Origin origin; // Name of the endpoint group (defaults to "default" during header parsing). - const std::string group_name; + std::string group_name; }; NET_EXPORT bool operator==(const ReportingEndpointGroupKey& lhs, @@ -33,6 +33,8 @@ NET_EXPORT bool operator!=(const ReportingEndpointGroupKey& lhs, const ReportingEndpointGroupKey& rhs); NET_EXPORT bool operator<(const ReportingEndpointGroupKey& lhs, const ReportingEndpointGroupKey& rhs); +NET_EXPORT bool operator>(const ReportingEndpointGroupKey& lhs, + const ReportingEndpointGroupKey& rhs); // The configuration by an origin to use an endpoint for report delivery. // TODO(crbug.com/921049): Rename to ReportingEndpoint because that's what it @@ -81,13 +83,16 @@ struct NET_EXPORT ReportingEndpoint { ReportingEndpoint(const ReportingEndpoint& other); ReportingEndpoint(ReportingEndpoint&& other); + ReportingEndpoint& operator=(const ReportingEndpoint&); + ReportingEndpoint& operator=(ReportingEndpoint&&); + ~ReportingEndpoint(); bool is_valid() const; explicit operator bool() const { return is_valid(); } // Identifies the endpoint group to which this endpoint belongs. - const ReportingEndpointGroupKey group_key; + ReportingEndpointGroupKey group_key; // URL, priority, and weight of the endpoint. EndpointInfo info; @@ -138,7 +143,7 @@ struct NET_EXPORT CachedReportingEndpointGroup { base::Time now); // Origin and group name. - const ReportingEndpointGroupKey group_key; + ReportingEndpointGroupKey group_key; // Whether this group applies to subdomains of |group_key.origin|. OriginSubdomains include_subdomains = OriginSubdomains::DEFAULT; diff --git a/chromium/net/reporting/reporting_endpoint_manager.cc b/chromium/net/reporting/reporting_endpoint_manager.cc index ec6f3863e09..8ed18fa9b8c 100644 --- a/chromium/net/reporting/reporting_endpoint_manager.cc +++ b/chromium/net/reporting/reporting_endpoint_manager.cc @@ -50,7 +50,7 @@ class ReportingEndpointManagerImpl : public ReportingEndpointManager { int total_weight = 0; for (const ReportingEndpoint endpoint : endpoints) { - if (base::ContainsKey(endpoint_backoff_, endpoint.info.url) && + if (base::Contains(endpoint_backoff_, endpoint.info.url) && endpoint_backoff_[endpoint.info.url]->ShouldRejectRequest()) { continue; } @@ -102,16 +102,16 @@ class ReportingEndpointManagerImpl : public ReportingEndpointManager { } void InformOfEndpointRequest(const GURL& endpoint, bool succeeded) override { - if (!base::ContainsKey(endpoint_backoff_, endpoint)) { + if (!base::Contains(endpoint_backoff_, endpoint)) { endpoint_backoff_[endpoint] = std::make_unique( - &policy().endpoint_backoff_policy, tick_clock()); + &policy().endpoint_backoff_policy, &tick_clock()); } endpoint_backoff_[endpoint]->InformOfRequest(succeeded); } private: - const ReportingPolicy& policy() { return context_->policy(); } - const base::TickClock* tick_clock() { return context_->tick_clock(); } + const ReportingPolicy& policy() const { return context_->policy(); } + const base::TickClock& tick_clock() const { return context_->tick_clock(); } ReportingDelegate* delegate() { return context_->delegate(); } ReportingCache* cache() { return context_->cache(); } diff --git a/chromium/net/reporting/reporting_garbage_collector.cc b/chromium/net/reporting/reporting_garbage_collector.cc index 451f762e749..f524bfd0639 100644 --- a/chromium/net/reporting/reporting_garbage_collector.cc +++ b/chromium/net/reporting/reporting_garbage_collector.cc @@ -54,7 +54,7 @@ class ReportingGarbageCollectorImpl : public ReportingGarbageCollector, // TODO(crbug.com/912622): Garbage collect clients, reports with no matching // endpoints. void CollectGarbage() { - base::TimeTicks now = context_->tick_clock()->NowTicks(); + base::TimeTicks now = context_->tick_clock().NowTicks(); const ReportingPolicy& policy = context_->policy(); std::vector all_reports; diff --git a/chromium/net/reporting/reporting_header_parser.cc b/chromium/net/reporting/reporting_header_parser.cc index 222a92e7288..19a407ac41a 100644 --- a/chromium/net/reporting/reporting_header_parser.cc +++ b/chromium/net/reporting/reporting_header_parser.cc @@ -14,6 +14,7 @@ #include "base/metrics/histogram_macros.h" #include "base/time/time.h" #include "base/values.h" +#include "net/base/registry_controlled_domains/registry_controlled_domain.h" #include "net/reporting/reporting_cache.h" #include "net/reporting/reporting_context.h" #include "net/reporting/reporting_delegate.h" @@ -143,6 +144,15 @@ HeaderEndpointGroupOutcome ProcessEndpointGroup( if (dict->HasKey(kIncludeSubdomainsKey) && dict->GetBoolean(kIncludeSubdomainsKey, &subdomains_bool) && subdomains_bool == true) { + // Disallow eTLDs from setting include_subdomains endpoint groups. + if (registry_controlled_domains::GetRegistryLength( + origin.GetURL(), + registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES, + registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES) == 0) { + return HeaderEndpointGroupOutcome:: + DISCARDED_INCLUDE_SUBDOMAINS_NOT_ALLOWED; + } + parsed_endpoint_group_out->include_subdomains = OriginSubdomains::INCLUDE; } diff --git a/chromium/net/reporting/reporting_header_parser.h b/chromium/net/reporting/reporting_header_parser.h index 8de7d2fa644..5888426547c 100644 --- a/chromium/net/reporting/reporting_header_parser.h +++ b/chromium/net/reporting/reporting_header_parser.h @@ -51,6 +51,7 @@ class NET_EXPORT ReportingHeaderParser { PARSED = 7, REMOVED_TTL_ZERO = 8, REMOVED_EMPTY = 9, + DISCARDED_INCLUDE_SUBDOMAINS_NOT_ALLOWED = 10, MAX }; diff --git a/chromium/net/reporting/reporting_header_parser_unittest.cc b/chromium/net/reporting/reporting_header_parser_unittest.cc index 08f24e489bb..48bda761e22 100644 --- a/chromium/net/reporting/reporting_header_parser_unittest.cc +++ b/chromium/net/reporting/reporting_header_parser_unittest.cc @@ -8,12 +8,14 @@ #include #include +#include "base/bind.h" #include "base/json/json_reader.h" #include "base/stl_util.h" #include "base/strings/string_number_conversions.h" #include "base/test/simple_test_tick_clock.h" #include "base/time/time.h" #include "base/values.h" +#include "net/reporting/mock_persistent_reporting_store.h" #include "net/reporting/reporting_cache.h" #include "net/reporting/reporting_endpoint.h" #include "net/reporting/reporting_test_util.h" @@ -24,17 +26,40 @@ namespace net { namespace { -class ReportingHeaderParserTest : public ReportingTestBase { +using CommandType = MockPersistentReportingStore::Command::Type; + +// This test is parametrized on a boolean that represents whether to use a +// MockPersistentReportingStore. +class ReportingHeaderParserTest : public ReportingTestBase, + public ::testing::WithParamInterface { protected: ReportingHeaderParserTest() : ReportingTestBase() { ReportingPolicy policy; policy.max_endpoints_per_origin = 10; policy.max_endpoint_count = 20; UsePolicy(policy); + + if (GetParam()) + store_ = std::make_unique(); + else + store_ = nullptr; + UseStore(store_.get()); } ~ReportingHeaderParserTest() override = default; + void SetUp() override { + // All ReportingCache methods assume that the store has been initialized. + if (mock_store()) { + mock_store()->LoadReportingClients( + base::BindOnce(&ReportingCache::AddClientsLoadedFromStore, + base::Unretained(cache()))); + mock_store()->FinishLoading(true); + } + } + + MockPersistentReportingStore* mock_store() { return store_.get(); } + ReportingEndpointGroup MakeEndpointGroup( std::string name, std::vector endpoints, @@ -112,18 +137,24 @@ class ReportingHeaderParserTest : public ReportingTestBase { const GURL kUrl2_ = GURL("https://origin2.test/path"); const url::Origin kOrigin2_ = url::Origin::Create(GURL("https://origin2.test/")); + const GURL kUrlEtld_ = GURL("https://co.uk/foo.html/"); + const url::Origin kOriginEtld_ = url::Origin::Create(kUrlEtld_); const GURL kEndpoint_ = GURL("https://endpoint.test/"); const GURL kEndpoint2_ = GURL("https://endpoint2.test/"); + const GURL kEndpoint3_ = GURL("https://endpoint3.test/"); const std::string kGroup_ = "group"; const std::string kGroup2_ = "group2"; const std::string kType_ = "type"; + + private: + std::unique_ptr store_; }; // TODO(juliatuttle): Ideally these tests should be expecting that JSON parsing // (and therefore header parsing) may happen asynchronously, but the entire // pipeline is also tested by NetworkErrorLoggingEndToEndTest. -TEST_F(ReportingHeaderParserTest, Invalid) { +TEST_P(ReportingHeaderParserTest, Invalid) { static const struct { const char* header_value; const char* description; @@ -172,10 +203,16 @@ TEST_F(ReportingHeaderParserTest, Invalid) { EXPECT_EQ(0u, cache()->GetEndpointCount()) << "Invalid Report-To header (" << test_case.description << ": \"" << test_case.header_value << "\") parsed as valid."; + + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(0, mock_store()->StoredEndpointsCount()); + EXPECT_EQ(0, mock_store()->StoredEndpointGroupsCount()); + } } } -TEST_F(ReportingHeaderParserTest, Basic) { +TEST_P(ReportingHeaderParserTest, Basic) { std::vector endpoints = {{kEndpoint_}}; std::string header = @@ -197,9 +234,27 @@ TEST_F(ReportingHeaderParserTest, Basic) { endpoint.info.priority); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultWeight, endpoint.info.weight); + + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(1, mock_store()->StoredEndpointsCount()); + EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, kGroup_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } } -TEST_F(ReportingHeaderParserTest, OmittedGroupName) { +TEST_P(ReportingHeaderParserTest, OmittedGroupName) { std::vector endpoints = {{kEndpoint_}}; std::string header = ConstructHeaderGroupString(MakeEndpointGroup(std::string(), endpoints)); @@ -220,9 +275,27 @@ TEST_F(ReportingHeaderParserTest, OmittedGroupName) { endpoint.info.priority); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultWeight, endpoint.info.weight); + + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(1, mock_store()->StoredEndpointsCount()); + EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "default", + ReportingEndpoint::EndpointInfo{kEndpoint_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, "default", OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } } -TEST_F(ReportingHeaderParserTest, IncludeSubdomainsTrue) { +TEST_P(ReportingHeaderParserTest, IncludeSubdomainsTrue) { std::vector endpoints = {{kEndpoint_}}; std::string header = ConstructHeaderGroupString( @@ -234,9 +307,27 @@ TEST_F(ReportingHeaderParserTest, IncludeSubdomainsTrue) { EndpointGroupExistsInCache(kOrigin_, kGroup_, OriginSubdomains::INCLUDE)); EXPECT_EQ(1u, cache()->GetEndpointCount()); EXPECT_TRUE(EndpointExistsInCache(kOrigin_, kGroup_, kEndpoint_)); + + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(1, mock_store()->StoredEndpointsCount()); + EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, kGroup_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } } -TEST_F(ReportingHeaderParserTest, IncludeSubdomainsFalse) { +TEST_P(ReportingHeaderParserTest, IncludeSubdomainsFalse) { std::vector endpoints = {{kEndpoint_}}; std::string header = ConstructHeaderGroupString( @@ -249,9 +340,55 @@ TEST_F(ReportingHeaderParserTest, IncludeSubdomainsFalse) { EndpointGroupExistsInCache(kOrigin_, kGroup_, OriginSubdomains::EXCLUDE)); EXPECT_EQ(1u, cache()->GetEndpointCount()); EXPECT_TRUE(EndpointExistsInCache(kOrigin_, kGroup_, kEndpoint_)); + + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(1, mock_store()->StoredEndpointsCount()); + EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, kGroup_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } +} + +TEST_P(ReportingHeaderParserTest, IncludeSubdomainsEtldRejected) { + std::vector endpoints = {{kEndpoint_}}; + + std::string header = ConstructHeaderGroupString( + MakeEndpointGroup(kGroup_, endpoints, OriginSubdomains::INCLUDE)); + ParseHeader(kUrlEtld_, header); + + EXPECT_EQ(0u, cache()->GetEndpointGroupCountForTesting()); + EXPECT_FALSE(EndpointGroupExistsInCache(kOriginEtld_, kGroup_, + OriginSubdomains::INCLUDE)); + EXPECT_EQ(0u, cache()->GetEndpointCount()); + EXPECT_FALSE(EndpointExistsInCache(kOriginEtld_, kGroup_, kEndpoint_)); } -TEST_F(ReportingHeaderParserTest, IncludeSubdomainsNotBoolean) { +TEST_P(ReportingHeaderParserTest, NonIncludeSubdomainsEtldAccepted) { + std::vector endpoints = {{kEndpoint_}}; + + std::string header = ConstructHeaderGroupString( + MakeEndpointGroup(kGroup_, endpoints, OriginSubdomains::EXCLUDE)); + ParseHeader(kUrlEtld_, header); + + EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); + EXPECT_TRUE(EndpointGroupExistsInCache(kOriginEtld_, kGroup_, + OriginSubdomains::EXCLUDE)); + EXPECT_EQ(1u, cache()->GetEndpointCount()); + EXPECT_TRUE(EndpointExistsInCache(kOriginEtld_, kGroup_, kEndpoint_)); +} + +TEST_P(ReportingHeaderParserTest, IncludeSubdomainsNotBoolean) { std::string header = "{\"group\": \"" + kGroup_ + "\", " @@ -265,9 +402,27 @@ TEST_F(ReportingHeaderParserTest, IncludeSubdomainsNotBoolean) { EndpointGroupExistsInCache(kOrigin_, kGroup_, OriginSubdomains::DEFAULT)); EXPECT_EQ(1u, cache()->GetEndpointCount()); EXPECT_TRUE(EndpointExistsInCache(kOrigin_, kGroup_, kEndpoint_)); + + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(1, mock_store()->StoredEndpointsCount()); + EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, kGroup_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } } -TEST_F(ReportingHeaderParserTest, NonDefaultPriority) { +TEST_P(ReportingHeaderParserTest, NonDefaultPriority) { const int kNonDefaultPriority = 10; std::vector endpoints = { {kEndpoint_, kNonDefaultPriority}}; @@ -286,9 +441,27 @@ TEST_F(ReportingHeaderParserTest, NonDefaultPriority) { EXPECT_EQ(kNonDefaultPriority, endpoint.info.priority); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultWeight, endpoint.info.weight); + + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(1, mock_store()->StoredEndpointsCount()); + EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, kGroup_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } } -TEST_F(ReportingHeaderParserTest, NonDefaultWeight) { +TEST_P(ReportingHeaderParserTest, NonDefaultWeight) { const int kNonDefaultWeight = 10; std::vector endpoints = { {kEndpoint_, ReportingEndpoint::EndpointInfo::kDefaultPriority, @@ -308,9 +481,27 @@ TEST_F(ReportingHeaderParserTest, NonDefaultWeight) { EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultPriority, endpoint.info.priority); EXPECT_EQ(kNonDefaultWeight, endpoint.info.weight); + + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(1, mock_store()->StoredEndpointsCount()); + EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, kGroup_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } } -TEST_F(ReportingHeaderParserTest, MaxAge) { +TEST_P(ReportingHeaderParserTest, MaxAge) { const int kMaxAgeSecs = 100; base::TimeDelta ttl = base::TimeDelta::FromSeconds(kMaxAgeSecs); base::Time expires = clock()->Now() + ttl; @@ -324,9 +515,27 @@ TEST_F(ReportingHeaderParserTest, MaxAge) { EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); EXPECT_TRUE(EndpointGroupExistsInCache(kOrigin_, kGroup_, OriginSubdomains::DEFAULT, expires)); + + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(1, mock_store()->StoredEndpointsCount()); + EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, kGroup_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } } -TEST_F(ReportingHeaderParserTest, MultipleEndpointsSameGroup) { +TEST_P(ReportingHeaderParserTest, MultipleEndpointsSameGroup) { std::vector endpoints = {{kEndpoint_}, {kEndpoint2_}}; std::string header = @@ -359,9 +568,31 @@ TEST_F(ReportingHeaderParserTest, MultipleEndpointsSameGroup) { endpoint2.info.priority); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultWeight, endpoint2.info.weight); + + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(2, mock_store()->StoredEndpointsCount()); + EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint2_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, kGroup_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } } -TEST_F(ReportingHeaderParserTest, MultipleEndpointsDifferentGroups) { +TEST_P(ReportingHeaderParserTest, MultipleEndpointsDifferentGroups) { std::vector endpoints1 = {{kEndpoint_}}; std::vector endpoints2 = {{kEndpoint_}}; std::string header = @@ -397,9 +628,36 @@ TEST_F(ReportingHeaderParserTest, MultipleEndpointsDifferentGroups) { endpoint2.info.priority); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultWeight, endpoint2.info.weight); + + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(2, mock_store()->StoredEndpointsCount()); + EXPECT_EQ(2, mock_store()->StoredEndpointGroupsCount()); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup2_, + ReportingEndpoint::EndpointInfo{kEndpoint_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, kGroup_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, kGroup2_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } } -TEST_F(ReportingHeaderParserTest, MultipleHeadersFromDifferentOrigins) { +TEST_P(ReportingHeaderParserTest, MultipleHeadersFromDifferentOrigins) { // First origin sets a header with two endpoints in the same group. std::vector endpoints1 = {{kEndpoint_}, {kEndpoint2_}}; @@ -432,9 +690,49 @@ TEST_F(ReportingHeaderParserTest, MultipleHeadersFromDifferentOrigins) { EXPECT_TRUE(FindEndpointInCache(kOrigin_, kGroup_, kEndpoint2_)); EXPECT_TRUE(FindEndpointInCache(kOrigin2_, kGroup_, kEndpoint_)); EXPECT_TRUE(FindEndpointInCache(kOrigin2_, kGroup2_, kEndpoint2_)); + + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(4, mock_store()->StoredEndpointsCount()); + EXPECT_EQ(3, mock_store()->StoredEndpointGroupsCount()); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint2_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin2_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin2_, kGroup2_, + ReportingEndpoint::EndpointInfo{kEndpoint2_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, kGroup_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin2_, kGroup_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin2_, kGroup2_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } } -TEST_F(ReportingHeaderParserTest, +TEST_P(ReportingHeaderParserTest, HeaderErroneouslyContainsMultipleGroupsOfSameName) { std::vector endpoints1 = {{kEndpoint_}}; std::vector endpoints2 = {{kEndpoint2_}}; @@ -470,9 +768,95 @@ TEST_F(ReportingHeaderParserTest, endpoint2.info.priority); EXPECT_EQ(ReportingEndpoint::EndpointInfo::kDefaultWeight, endpoint2.info.weight); + + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(2, mock_store()->StoredEndpointsCount()); + EXPECT_EQ(1, mock_store()->StoredEndpointGroupsCount()); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint2_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, kGroup_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } +} + +TEST_P(ReportingHeaderParserTest, + HeaderErroneouslyContainsGroupsWithRedundantEndpoints) { + std::vector endpoints = {{kEndpoint_}, + {kEndpoint_}}; + std::string header = + ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints)); + ParseHeader(kUrl_, header); + + // We should dedupe the identical endpoint URLs. + EXPECT_EQ(1u, cache()->GetEndpointCount()); + ASSERT_TRUE(FindEndpointInCache(kOrigin_, kGroup_, kEndpoint_)); + + EXPECT_TRUE( + EndpointGroupExistsInCache(kOrigin_, kGroup_, OriginSubdomains::DEFAULT)); + EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); + + EXPECT_TRUE(OriginClientExistsInCache(kOrigin_)); +} + +TEST_P(ReportingHeaderParserTest, + HeaderErroneouslyContainsMultipleGroupsOfSameNameAndEndpoints) { + std::vector endpoints = {{kEndpoint_}}; + std::string header = + ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints)) + ", " + + ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints)); + ParseHeader(kUrl_, header); + + // We should dedupe the identical endpoint URLs, even when they're in + // different headers. + EXPECT_EQ(1u, cache()->GetEndpointCount()); + ASSERT_TRUE(FindEndpointInCache(kOrigin_, kGroup_, kEndpoint_)); + + EXPECT_TRUE( + EndpointGroupExistsInCache(kOrigin_, kGroup_, OriginSubdomains::DEFAULT)); + EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); + + EXPECT_TRUE(OriginClientExistsInCache(kOrigin_)); } -TEST_F(ReportingHeaderParserTest, OverwriteOldHeader) { +TEST_P(ReportingHeaderParserTest, + HeaderErroneouslyContainsGroupsOfSameNameAndOverlappingEndpoints) { + std::vector endpoints1 = {{kEndpoint_}, + {kEndpoint2_}}; + std::vector endpoints2 = {{kEndpoint_}, + {kEndpoint3_}}; + std::string header = + ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints1)) + + ", " + ConstructHeaderGroupString(MakeEndpointGroup(kGroup_, endpoints2)); + ParseHeader(kUrl_, header); + + // We should dedupe the identical endpoint URLs, even when they're in + // different headers. + EXPECT_EQ(3u, cache()->GetEndpointCount()); + ASSERT_TRUE(FindEndpointInCache(kOrigin_, kGroup_, kEndpoint_)); + ASSERT_TRUE(FindEndpointInCache(kOrigin_, kGroup_, kEndpoint2_)); + ASSERT_TRUE(FindEndpointInCache(kOrigin_, kGroup_, kEndpoint3_)); + + EXPECT_TRUE( + EndpointGroupExistsInCache(kOrigin_, kGroup_, OriginSubdomains::DEFAULT)); + EXPECT_EQ(1u, cache()->GetEndpointGroupCountForTesting()); + + EXPECT_TRUE(OriginClientExistsInCache(kOrigin_)); +} + +TEST_P(ReportingHeaderParserTest, OverwriteOldHeader) { // First, the origin sets a header with two endpoints in the same group. std::vector endpoints1 = { {kEndpoint_, 10 /* priority */}, {kEndpoint2_}}; @@ -487,6 +871,29 @@ TEST_F(ReportingHeaderParserTest, OverwriteOldHeader) { EXPECT_EQ(2u, cache()->GetEndpointCount()); EXPECT_TRUE(FindEndpointInCache(kOrigin_, kGroup_, kEndpoint_)); EXPECT_TRUE(FindEndpointInCache(kOrigin_, kGroup_, kEndpoint2_)); + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(2, + mock_store()->CountCommands(CommandType::ADD_REPORTING_ENDPOINT)); + EXPECT_EQ(1, mock_store()->CountCommands( + CommandType::ADD_REPORTING_ENDPOINT_GROUP)); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint2_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, kGroup_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } // Second header from the same origin should overwrite the previous one. std::vector endpoints2 = { @@ -514,9 +921,34 @@ TEST_F(ReportingHeaderParserTest, OverwriteOldHeader) { FindEndpointInCache(kOrigin_, kGroup_, kEndpoint_).info.priority); EXPECT_FALSE(FindEndpointInCache(kOrigin_, kGroup_, kEndpoint2_)); EXPECT_TRUE(FindEndpointInCache(kOrigin_, kGroup2_, kEndpoint2_)); + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(2 + 1, + mock_store()->CountCommands(CommandType::ADD_REPORTING_ENDPOINT)); + EXPECT_EQ(1 + 1, mock_store()->CountCommands( + CommandType::ADD_REPORTING_ENDPOINT_GROUP)); + EXPECT_EQ( + 1, mock_store()->CountCommands(CommandType::DELETE_REPORTING_ENDPOINT)); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup2_, + ReportingEndpoint::EndpointInfo{kEndpoint2_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, kGroup2_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint2_})); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } } -TEST_F(ReportingHeaderParserTest, OverwriteOldHeaderWithCompletelyNew) { +TEST_P(ReportingHeaderParserTest, OverwriteOldHeaderWithCompletelyNew) { std::vector endpoints1_1 = {{MakeURL(10)}, {MakeURL(11)}}; std::vector endpoints2_1 = {{MakeURL(20)}, @@ -537,6 +969,49 @@ TEST_F(ReportingHeaderParserTest, OverwriteOldHeaderWithCompletelyNew) { EXPECT_TRUE( EndpointGroupExistsInCache(kOrigin_, "3", OriginSubdomains::DEFAULT)); EXPECT_EQ(6u, cache()->GetEndpointCount()); + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(6, + mock_store()->CountCommands(CommandType::ADD_REPORTING_ENDPOINT)); + EXPECT_EQ(3, mock_store()->CountCommands( + CommandType::ADD_REPORTING_ENDPOINT_GROUP)); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "1", endpoints1_1[0])); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "1", endpoints1_1[1])); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "2", endpoints2_1[0])); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "2", endpoints2_1[1])); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "3", endpoints3_1[0])); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "3", endpoints3_1[1])); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, "1", OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, "2", OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, "3", OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } // Replace endpoints in each group with completely new endpoints. std::vector endpoints1_2 = {{MakeURL(12)}}; @@ -565,6 +1040,47 @@ TEST_F(ReportingHeaderParserTest, OverwriteOldHeaderWithCompletelyNew) { EXPECT_TRUE(FindEndpointInCache(kOrigin_, "3", MakeURL(32))); EXPECT_FALSE(FindEndpointInCache(kOrigin_, "3", MakeURL(30))); EXPECT_FALSE(FindEndpointInCache(kOrigin_, "3", MakeURL(31))); + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(6 + 3, + mock_store()->CountCommands(CommandType::ADD_REPORTING_ENDPOINT)); + EXPECT_EQ(3, mock_store()->CountCommands( + CommandType::ADD_REPORTING_ENDPOINT_GROUP)); + EXPECT_EQ( + 6, mock_store()->CountCommands(CommandType::DELETE_REPORTING_ENDPOINT)); + EXPECT_EQ(0, mock_store()->CountCommands( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP)); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "1", endpoints1_2[0])); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "2", endpoints2_2[0])); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "3", endpoints3_2[0])); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "1", endpoints1_1[0])); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "1", endpoints1_1[1])); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "2", endpoints2_1[0])); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "2", endpoints2_1[1])); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "3", endpoints3_1[0])); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "3", endpoints3_1[1])); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } // Replace all the groups with completely new groups. std::vector endpoints4_3 = {{MakeURL(40)}}; @@ -586,14 +1102,75 @@ TEST_F(ReportingHeaderParserTest, OverwriteOldHeaderWithCompletelyNew) { EXPECT_FALSE( EndpointGroupExistsInCache(kOrigin_, "3", OriginSubdomains::DEFAULT)); EXPECT_EQ(2u, cache()->GetEndpointCount()); + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(6 + 3 + 2, + mock_store()->CountCommands(CommandType::ADD_REPORTING_ENDPOINT)); + EXPECT_EQ(3 + 2, mock_store()->CountCommands( + CommandType::ADD_REPORTING_ENDPOINT_GROUP)); + EXPECT_EQ(6 + 3, mock_store()->CountCommands( + CommandType::DELETE_REPORTING_ENDPOINT)); + EXPECT_EQ(3, mock_store()->CountCommands( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP)); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "4", endpoints4_3[0])); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "5", endpoints5_3[0])); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, "4", OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, "5", OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "1", endpoints1_2[0])); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "2", endpoints2_2[0])); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, "3", endpoints3_2[0])); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, "1", OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, "2", OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, "3", OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } } -TEST_F(ReportingHeaderParserTest, ZeroMaxAgeRemovesEndpointGroup) { +TEST_P(ReportingHeaderParserTest, ZeroMaxAgeRemovesEndpointGroup) { // Without a pre-existing client, max_age: 0 should do nothing. ASSERT_EQ(0u, cache()->GetEndpointCount()); ParseHeader(kUrl_, "{\"endpoints\":[{\"url\":\"" + kEndpoint_.spec() + "\"}],\"max_age\":0}"); EXPECT_EQ(0u, cache()->GetEndpointCount()); + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(0, + mock_store()->CountCommands(CommandType::ADD_REPORTING_ENDPOINT)); + EXPECT_EQ(0, mock_store()->CountCommands( + CommandType::ADD_REPORTING_ENDPOINT_GROUP)); + } // Set a header with two endpoint groups. std::vector endpoints1 = {{kEndpoint_}}; @@ -611,6 +1188,34 @@ TEST_F(ReportingHeaderParserTest, ZeroMaxAgeRemovesEndpointGroup) { EXPECT_TRUE(EndpointGroupExistsInCache(kOrigin_, kGroup2_, OriginSubdomains::DEFAULT)); EXPECT_EQ(2u, cache()->GetEndpointCount()); + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(2, + mock_store()->CountCommands(CommandType::ADD_REPORTING_ENDPOINT)); + EXPECT_EQ(2, mock_store()->CountCommands( + CommandType::ADD_REPORTING_ENDPOINT_GROUP)); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup2_, + ReportingEndpoint::EndpointInfo{kEndpoint2_})); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, kGroup_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + expected_commands.emplace_back( + CommandType::ADD_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, kGroup2_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } // Set another header with max_age: 0 to delete one of the groups. std::string header2 = ConstructHeaderGroupString(MakeEndpointGroup( @@ -631,6 +1236,29 @@ TEST_F(ReportingHeaderParserTest, ZeroMaxAgeRemovesEndpointGroup) { EXPECT_TRUE(EndpointGroupExistsInCache(kOrigin_, kGroup2_, OriginSubdomains::DEFAULT)); EXPECT_EQ(1u, cache()->GetEndpointCount()); + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(2, + mock_store()->CountCommands(CommandType::ADD_REPORTING_ENDPOINT)); + EXPECT_EQ(2, mock_store()->CountCommands( + CommandType::ADD_REPORTING_ENDPOINT_GROUP)); + EXPECT_EQ( + 1, mock_store()->CountCommands(CommandType::DELETE_REPORTING_ENDPOINT)); + EXPECT_EQ(1, mock_store()->CountCommands( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP)); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup_, + ReportingEndpoint::EndpointInfo{kEndpoint_})); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, kGroup_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } // Set another header with max_age: 0 to delete the other group. (Should work // even if the endpoints field is an empty list.) @@ -644,9 +1272,32 @@ TEST_F(ReportingHeaderParserTest, ZeroMaxAgeRemovesEndpointGroup) { EXPECT_FALSE(OriginClientExistsInCache(kOrigin_)); EXPECT_EQ(0u, cache()->GetEndpointGroupCountForTesting()); EXPECT_EQ(0u, cache()->GetEndpointCount()); + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(2, + mock_store()->CountCommands(CommandType::ADD_REPORTING_ENDPOINT)); + EXPECT_EQ(2, mock_store()->CountCommands( + CommandType::ADD_REPORTING_ENDPOINT_GROUP)); + EXPECT_EQ(1 + 1, mock_store()->CountCommands( + CommandType::DELETE_REPORTING_ENDPOINT)); + EXPECT_EQ(1 + 1, mock_store()->CountCommands( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP)); + MockPersistentReportingStore::CommandList expected_commands; + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT, + ReportingEndpoint(kOrigin_, kGroup2_, + ReportingEndpoint::EndpointInfo{kEndpoint2_})); + expected_commands.emplace_back( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP, + CachedReportingEndpointGroup( + kOrigin_, kGroup2_, OriginSubdomains::DEFAULT /* irrelevant */, + base::Time() /* irrelevant */, base::Time() /* irrelevant */)); + EXPECT_THAT(mock_store()->GetAllCommands(), + testing::IsSupersetOf(expected_commands)); + } } -TEST_F(ReportingHeaderParserTest, EvictEndpointsOverPerOriginLimit1) { +TEST_P(ReportingHeaderParserTest, EvictEndpointsOverPerOriginLimit1) { // Set a header with too many endpoints, all in the same group. std::vector endpoints; for (size_t i = 0; i < policy().max_endpoints_per_origin + 1; ++i) { @@ -658,9 +1309,20 @@ TEST_F(ReportingHeaderParserTest, EvictEndpointsOverPerOriginLimit1) { // Endpoint count should be at most the limit. EXPECT_GE(policy().max_endpoints_per_origin, cache()->GetEndpointCount()); + + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(policy().max_endpoints_per_origin + 1, + static_cast(mock_store()->CountCommands( + CommandType::ADD_REPORTING_ENDPOINT))); + EXPECT_EQ(1, mock_store()->CountCommands( + CommandType::ADD_REPORTING_ENDPOINT_GROUP)); + EXPECT_EQ( + 1, mock_store()->CountCommands(CommandType::DELETE_REPORTING_ENDPOINT)); + } } -TEST_F(ReportingHeaderParserTest, EvictEndpointsOverPerOriginLimit2) { +TEST_P(ReportingHeaderParserTest, EvictEndpointsOverPerOriginLimit2) { // Set a header with too many endpoints, in different groups. std::string header; for (size_t i = 0; i < policy().max_endpoints_per_origin + 1; ++i) { @@ -674,9 +1336,23 @@ TEST_F(ReportingHeaderParserTest, EvictEndpointsOverPerOriginLimit2) { // Endpoint count should be at most the limit. EXPECT_GE(policy().max_endpoints_per_origin, cache()->GetEndpointCount()); + + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(policy().max_endpoints_per_origin + 1, + static_cast(mock_store()->CountCommands( + CommandType::ADD_REPORTING_ENDPOINT))); + EXPECT_EQ(policy().max_endpoints_per_origin + 1, + static_cast(mock_store()->CountCommands( + CommandType::ADD_REPORTING_ENDPOINT_GROUP))); + EXPECT_EQ( + 1, mock_store()->CountCommands(CommandType::DELETE_REPORTING_ENDPOINT)); + EXPECT_EQ(1, mock_store()->CountCommands( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP)); + } } -TEST_F(ReportingHeaderParserTest, EvictEndpointsOverGlobalLimit) { +TEST_P(ReportingHeaderParserTest, EvictEndpointsOverGlobalLimit) { // Set headers from different origins up to the global limit. for (size_t i = 0; i < policy().max_endpoint_count; ++i) { std::vector endpoints = {{MakeURL(i)}}; @@ -692,7 +1368,25 @@ TEST_F(ReportingHeaderParserTest, EvictEndpointsOverGlobalLimit) { // Endpoint count should be at most the limit. EXPECT_GE(policy().max_endpoint_count, cache()->GetEndpointCount()); + + if (mock_store()) { + mock_store()->Flush(); + EXPECT_EQ(policy().max_endpoint_count + 1, + static_cast(mock_store()->CountCommands( + CommandType::ADD_REPORTING_ENDPOINT))); + EXPECT_EQ(policy().max_endpoint_count + 1, + static_cast(mock_store()->CountCommands( + CommandType::ADD_REPORTING_ENDPOINT_GROUP))); + EXPECT_EQ( + 1, mock_store()->CountCommands(CommandType::DELETE_REPORTING_ENDPOINT)); + EXPECT_EQ(1, mock_store()->CountCommands( + CommandType::DELETE_REPORTING_ENDPOINT_GROUP)); + } } +INSTANTIATE_TEST_SUITE_P(ReportingHeaderParserStoreTest, + ReportingHeaderParserTest, + testing::Bool()); + } // namespace } // namespace net diff --git a/chromium/net/reporting/reporting_service.cc b/chromium/net/reporting/reporting_service.cc index 9fe09f261e3..313a825d111 100644 --- a/chromium/net/reporting/reporting_service.cc +++ b/chromium/net/reporting/reporting_service.cc @@ -59,7 +59,7 @@ class ReportingServiceImpl : public ReportingService { context_->cache()->AddReport(sanitized_url, user_agent, group, type, std::move(body), depth, - context_->tick_clock()->NowTicks(), 0); + context_->tick_clock().NowTicks(), 0); } void ProcessHeader(const GURL& url, diff --git a/chromium/net/server/http_server.cc b/chromium/net/server/http_server.cc index 9b9116d9afd..678d6f493c3 100644 --- a/chromium/net/server/http_server.cc +++ b/chromium/net/server/http_server.cc @@ -56,8 +56,7 @@ HttpServer::HttpServer(std::unique_ptr server_socket, HttpServer::Delegate* delegate) : server_socket_(std::move(server_socket)), delegate_(delegate), - last_id_(0), - weak_ptr_factory_(this) { + last_id_(0) { DCHECK(server_socket_); // Start accepting connections in next run loop in case when delegate is not // ready to get callbacks. diff --git a/chromium/net/server/http_server.h b/chromium/net/server/http_server.h index c6e2554c6ee..cb70b575731 100644 --- a/chromium/net/server/http_server.h +++ b/chromium/net/server/http_server.h @@ -131,7 +131,7 @@ class HttpServer { int last_id_; std::map> id_to_connection_; - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(HttpServer); }; diff --git a/chromium/net/server/http_server_fuzzer.cc b/chromium/net/server/http_server_fuzzer.cc index 53e0899f8ef..e8c57affbb7 100644 --- a/chromium/net/server/http_server_fuzzer.cc +++ b/chromium/net/server/http_server_fuzzer.cc @@ -5,18 +5,18 @@ #include "base/logging.h" #include "base/macros.h" #include "base/run_loop.h" -#include "base/test/fuzzed_data_provider.h" #include "net/base/net_errors.h" #include "net/log/test_net_log.h" #include "net/server/http_server.h" #include "net/socket/fuzzed_server_socket.h" #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" namespace { class WaitTillHttpCloseDelegate : public net::HttpServer::Delegate { public: - WaitTillHttpCloseDelegate(base::FuzzedDataProvider* data_provider, + WaitTillHttpCloseDelegate(FuzzedDataProvider* data_provider, const base::Closure& done_closure) : server_(nullptr), data_provider_(data_provider), @@ -81,7 +81,7 @@ class WaitTillHttpCloseDelegate : public net::HttpServer::Delegate { }; net::HttpServer* server_; - base::FuzzedDataProvider* const data_provider_; + FuzzedDataProvider* const data_provider_; base::Closure done_closure_; const uint8_t action_flags_; @@ -95,7 +95,7 @@ class WaitTillHttpCloseDelegate : public net::HttpServer::Delegate { // |data| is used to create a FuzzedServerSocket. extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { net::TestNetLog test_net_log; - base::FuzzedDataProvider data_provider(data, size); + FuzzedDataProvider data_provider(data, size); std::unique_ptr server_socket( std::make_unique(&data_provider, &test_net_log)); diff --git a/chromium/net/socket/client_socket_factory.cc b/chromium/net/socket/client_socket_factory.cc index 313bc16b1f2..1a165c8d4c0 100644 --- a/chromium/net/socket/client_socket_factory.cc +++ b/chromium/net/socket/client_socket_factory.cc @@ -9,7 +9,7 @@ #include "base/lazy_instance.h" #include "build/build_config.h" #include "net/http/http_proxy_client_socket.h" -#include "net/socket/ssl_client_socket_impl.h" +#include "net/socket/ssl_client_socket.h" #include "net/socket/tcp_client_socket.h" #include "net/socket/udp_client_socket.h" @@ -44,12 +44,12 @@ class DefaultClientSocketFactory : public ClientSocketFactory { } std::unique_ptr CreateSSLClientSocket( + SSLClientContext* context, std::unique_ptr stream_socket, const HostPortPair& host_and_port, - const SSLConfig& ssl_config, - const SSLClientSocketContext& context) override { - return std::make_unique( - std::move(stream_socket), host_and_port, ssl_config, context); + const SSLConfig& ssl_config) override { + return context->CreateSSLClientSocket(std::move(stream_socket), + host_and_port, ssl_config); } std::unique_ptr CreateProxyClientSocket( diff --git a/chromium/net/socket/client_socket_factory.h b/chromium/net/socket/client_socket_factory.h index db61cc42a65..4d70620a0bf 100644 --- a/chromium/net/socket/client_socket_factory.h +++ b/chromium/net/socket/client_socket_factory.h @@ -22,8 +22,8 @@ class DatagramClientSocket; class HostPortPair; class NetLog; struct NetLogSource; +class SSLClientContext; class SSLClientSocket; -struct SSLClientSocketContext; struct SSLConfig; class ProxyClientSocket; class ProxyDelegate; @@ -52,10 +52,10 @@ class NET_EXPORT ClientSocketFactory { // It is allowed to pass in a StreamSocket that is not obtained from a // socket pool. The caller could create a StreamSocket directly. virtual std::unique_ptr CreateSSLClientSocket( + SSLClientContext* context, std::unique_ptr stream_socket, const HostPortPair& host_and_port, - const SSLConfig& ssl_config, - const SSLClientSocketContext& context) = 0; + const SSLConfig& ssl_config) = 0; virtual std::unique_ptr CreateProxyClientSocket( std::unique_ptr stream_socket, diff --git a/chromium/net/socket/client_socket_handle.cc b/chromium/net/socket/client_socket_handle.cc index 2e52f8ceb8e..0fd702e8e55 100644 --- a/chromium/net/socket/client_socket_handle.cc +++ b/chromium/net/socket/client_socket_handle.cc @@ -199,8 +199,8 @@ void ClientSocketHandle::HandleInitCompletion(int result) { // release() socket. It ends up working though, since those methods are being // used to layer sockets (and the destination sources are the same). DCHECK(socket_.get()); - socket_->NetLog().BeginEvent(NetLogEventType::SOCKET_IN_USE, - requesting_source_.ToEventParametersCallback()); + socket_->NetLog().BeginEventReferencingSource(NetLogEventType::SOCKET_IN_USE, + requesting_source_); } void ClientSocketHandle::ResetInternal(bool cancel, bool cancel_connect_job) { diff --git a/chromium/net/socket/client_socket_pool.cc b/chromium/net/socket/client_socket_pool.cc index 62eb8f4bc76..7709ce977d6 100644 --- a/chromium/net/socket/client_socket_pool.cc +++ b/chromium/net/socket/client_socket_pool.cc @@ -135,16 +135,13 @@ void ClientSocketPool::NetLogTcpClientSocketPoolRequestedSocket( if (net_log.IsCapturing()) { // TODO(eroman): Split out the host and port parameters. net_log.AddEvent(NetLogEventType::TCP_CLIENT_SOCKET_POOL_REQUESTED_SOCKET, - base::BindRepeating(&NetLogGroupIdCallback, - base::Unretained(&group_id))); + [&] { return NetLogGroupIdParams(group_id); }); } } -base::Value ClientSocketPool::NetLogGroupIdCallback( - const GroupId* group_id, - NetLogCaptureMode /* capture_mode */) { +base::Value ClientSocketPool::NetLogGroupIdParams(const GroupId& group_id) { base::DictionaryValue event_params; - event_params.SetString("group_id", group_id->ToString()); + event_params.SetString("group_id", group_id.ToString()); return std::move(event_params); } diff --git a/chromium/net/socket/client_socket_pool.h b/chromium/net/socket/client_socket_pool.h index 17a787eea3d..8933f91dc1d 100644 --- a/chromium/net/socket/client_socket_pool.h +++ b/chromium/net/socket/client_socket_pool.h @@ -129,7 +129,7 @@ class NET_EXPORT ClientSocketPool : public LowerLayeredPool { PrivacyMode privacy_mode() const { return privacy_mode_; } - const NetworkIsolationKey& network_isolation_key() { + const NetworkIsolationKey& network_isolation_key() const { return network_isolation_key_; } @@ -352,8 +352,7 @@ class NET_EXPORT ClientSocketPool : public LowerLayeredPool { const GroupId& group_id); // Utility method to log a GroupId with a NetLog event. - static base::Value NetLogGroupIdCallback(const GroupId* group_id, - NetLogCaptureMode capture_mode); + static base::Value NetLogGroupIdParams(const GroupId& group_id); static std::unique_ptr CreateConnectJob( GroupId group_id, diff --git a/chromium/net/socket/client_socket_pool_base_unittest.cc b/chromium/net/socket/client_socket_pool_base_unittest.cc index faa495115b4..0f8df878608 100644 --- a/chromium/net/socket/client_socket_pool_base_unittest.cc +++ b/chromium/net/socket/client_socket_pool_base_unittest.cc @@ -42,7 +42,6 @@ #include "net/log/net_log_source.h" #include "net/log/net_log_source_type.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/socket/client_socket_factory.h" #include "net/socket/client_socket_handle.h" @@ -232,7 +231,7 @@ class MockClientSocketFactory : public ClientSocketFactory { NetLog* net_log, const NetLogSource& source) override { NOTREACHED(); - return std::unique_ptr(); + return nullptr; } std::unique_ptr CreateTransportClientSocket( @@ -246,12 +245,12 @@ class MockClientSocketFactory : public ClientSocketFactory { } std::unique_ptr CreateSSLClientSocket( + SSLClientContext* context, std::unique_ptr stream_socket, const HostPortPair& host_and_port, - const SSLConfig& ssl_config, - const SSLClientSocketContext& context) override { + const SSLConfig& ssl_config) override { NOTIMPLEMENTED(); - return std::unique_ptr(); + return nullptr; } std::unique_ptr CreateProxyClientSocket( @@ -334,8 +333,7 @@ class TestConnectJob : public ConnectJob { client_socket_factory_(client_socket_factory), load_state_(LOAD_STATE_IDLE), has_established_connection_(false), - store_additional_error_state_(false), - weak_factory_(this) {} + store_additional_error_state_(false) {} void Signal() { DoConnect(waiting_success_, true /* async */, false /* recoverable */); @@ -524,7 +522,7 @@ class TestConnectJob : public ConnectJob { bool has_established_connection_; bool store_additional_error_state_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(TestConnectJob); }; @@ -544,8 +542,7 @@ class TestConnectJobFactory nullptr /* quic_stream_factory */, nullptr /* proxy_delegate */, nullptr /* http_user_agent_settings */, - SSLClientSocketContext(), - SSLClientSocketContext(), + nullptr /* ssl_client_context */, nullptr /* socket_performance_watcher_factory */, nullptr /* network_quality_estimator */, net_log, @@ -629,7 +626,7 @@ class ClientSocketPoolBaseTest : public TestWithScopedTaskEnvironment { protected: ClientSocketPoolBaseTest() : TestWithScopedTaskEnvironment( - base::test::ScopedTaskEnvironment::MainThreadType::MOCK_TIME), + base::test::ScopedTaskEnvironment::TimeSource::MOCK_TIME), params_(ClientSocketPool::SocketParams::CreateForHttpForTesting()) { connect_backup_jobs_enabled_ = TransportClientSocketPool::connect_backup_jobs_enabled(); @@ -711,6 +708,9 @@ class ClientSocketPoolBaseTest : public TestWithScopedTaskEnvironment { ClientSocketPoolTest test_base_; }; +// TODO(950069): Add testing for frame_origin in NetworkIsolationKey +// using kAppendInitiatingFrameOriginToNetworkIsolationKey. + TEST_F(ClientSocketPoolBaseTest, BasicSynchronous) { CreatePool(kDefaultMaxSockets, kDefaultMaxSocketsPerGroup); @@ -731,8 +731,7 @@ TEST_F(ClientSocketPoolBaseTest, BasicSynchronous) { handle.Reset(); TestLoadTimingInfoNotConnected(handle); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_EQ(5u, entries.size()); EXPECT_TRUE(LogContainsEvent( @@ -770,8 +769,7 @@ TEST_F(ClientSocketPoolBaseTest, InitConnectionFailure) { EXPECT_FALSE(handle.ssl_cert_request_info()); TestLoadTimingInfoNotConnected(handle); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_EQ(4u, entries.size()); EXPECT_TRUE(LogContainsEvent( @@ -806,9 +804,11 @@ TEST_F(ClientSocketPoolBaseTest, GroupSeparation) { const PrivacyMode kPrivacyModes[] = {PrivacyMode::PRIVACY_MODE_DISABLED, PrivacyMode::PRIVACY_MODE_ENABLED}; + const auto kOriginA = url::Origin::Create(GURL("http://a.test/")); + const auto kOriginB = url::Origin::Create(GURL("http://b.test/")); const NetworkIsolationKey kNetworkIsolationKeys[] = { - NetworkIsolationKey(url::Origin::Create(GURL("http://a.test/"))), - NetworkIsolationKey(url::Origin::Create(GURL("http://b.test/"))), + NetworkIsolationKey(kOriginA, kOriginA), + NetworkIsolationKey(kOriginB, kOriginB), }; int total_idle_sockets = 0; @@ -2016,8 +2016,7 @@ TEST_F(ClientSocketPoolBaseTest, BasicAsynchronous) { handle.Reset(); TestLoadTimingInfoNotConnected(handle); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_EQ(5u, entries.size()); EXPECT_TRUE(LogContainsEvent( @@ -2056,8 +2055,7 @@ TEST_F(ClientSocketPoolBaseTest, EXPECT_FALSE(handle.is_ssl_error()); EXPECT_FALSE(handle.ssl_cert_request_info()); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_EQ(4u, entries.size()); EXPECT_TRUE(LogContainsEvent( @@ -2540,8 +2538,7 @@ TEST_F(ClientSocketPoolBaseTest, CleanupTimedOutIdleSocketsReuse) { EXPECT_EQ(0u, pool_->IdleSocketCountInGroup(TestGroupId("a"))); EXPECT_EQ(1, pool_->NumActiveSocketsInGroupForTesting(TestGroupId("a"))); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_TRUE(LogContainsEvent( entries, 0, NetLogEventType::TCP_CLIENT_SOCKET_POOL_REQUESTED_SOCKET, NetLogEventPhase::NONE)); @@ -2619,8 +2616,7 @@ TEST_F(ClientSocketPoolBaseTest, CleanupTimedOutIdleSocketsNoReuse) { EXPECT_EQ(0u, pool_->IdleSocketCountInGroup(TestGroupId("a"))); EXPECT_EQ(1, pool_->NumActiveSocketsInGroupForTesting(TestGroupId("a"))); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_FALSE(LogContainsEntryWithType( entries, 1, NetLogEventType::SOCKET_POOL_REUSED_AN_EXISTING_SOCKET)); } diff --git a/chromium/net/socket/client_socket_pool_manager.cc b/chromium/net/socket/client_socket_pool_manager.cc index 3e1f92b374a..1dcb89eff54 100644 --- a/chromium/net/socket/client_socket_pool_manager.cc +++ b/chromium/net/socket/client_socket_pool_manager.cc @@ -296,14 +296,12 @@ int PreconnectSocketsForHttpRequest( const SSLConfig& ssl_config_for_origin, const SSLConfig& ssl_config_for_proxy, PrivacyMode privacy_mode, + const NetworkIsolationKey& network_isolation_key, const NetLogWithSource& net_log, int num_preconnect_streams) { // QUIC proxies are currently not supported through this method. DCHECK(!proxy_info.is_quic()); - // TODO(https://crbug.com/966896): Get this field from the caller. - NetworkIsolationKey network_isolation_key; - return InitSocketPoolHelper( group_type, endpoint, request_load_flags, request_priority, session, proxy_info, ssl_config_for_origin, ssl_config_for_proxy, diff --git a/chromium/net/socket/client_socket_pool_manager.h b/chromium/net/socket/client_socket_pool_manager.h index b10a75622c8..3d92536f62c 100644 --- a/chromium/net/socket/client_socket_pool_manager.h +++ b/chromium/net/socket/client_socket_pool_manager.h @@ -150,6 +150,7 @@ int PreconnectSocketsForHttpRequest( const SSLConfig& ssl_config_for_origin, const SSLConfig& ssl_config_for_proxy, PrivacyMode privacy_mode, + const NetworkIsolationKey& network_isolation_key, const NetLogWithSource& net_log, int num_preconnect_streams); diff --git a/chromium/net/socket/client_socket_pool_unittest.cc b/chromium/net/socket/client_socket_pool_unittest.cc index c543feb7e34..1ec12ff7b7f 100644 --- a/chromium/net/socket/client_socket_pool_unittest.cc +++ b/chromium/net/socket/client_socket_pool_unittest.cc @@ -20,6 +20,9 @@ namespace net { namespace { +// TODO(950069): Add testing for frame_origin in NetworkIsolationKey +// using kAppendInitiatingFrameOriginToNetworkIsolationKey. + TEST(ClientSocketPool, GroupIdOperators) { base::test::ScopedFeatureList feature_list; feature_list.InitAndEnableFeature( @@ -43,9 +46,11 @@ TEST(ClientSocketPool, GroupIdOperators) { PrivacyMode::PRIVACY_MODE_ENABLED, }; + const auto kOriginA = url::Origin::Create(GURL("http://a.test/")); + const auto kOriginB = url::Origin::Create(GURL("http://b.test/")); const NetworkIsolationKey kNetworkIsolationKeys[] = { - NetworkIsolationKey(url::Origin::Create(GURL("http://a.test/"))), - NetworkIsolationKey(url::Origin::Create(GURL("http://b.test/"))), + NetworkIsolationKey(kOriginA, kOriginA), + NetworkIsolationKey(kOriginB, kOriginB), }; // All previously created |group_ids|. They should all be less than the @@ -127,13 +132,16 @@ TEST(ClientSocketPool, GroupIdToString) { ClientSocketPool::GroupId( HostPortPair("foo", 443), ClientSocketPool::SocketType::kSsl, PrivacyMode::PRIVACY_MODE_DISABLED, - NetworkIsolationKey(url::Origin::Create(GURL("https://foo.com")))) + NetworkIsolationKey(url::Origin::Create(GURL("https://foo.com")), + url::Origin::Create(GURL("https://foo.com")))) .ToString()); } TEST(ClientSocketPool, PartitionConnectionsByNetworkIsolationKeyDisabled) { // Partitioning connections by NetworkIsolationKey is disabled by default, so // test both the explicitly and implicitly disabled cases. + const auto kOriginFoo = url::Origin::Create(GURL("https://foo.com")); + const auto kOriginBar = url::Origin::Create(GURL("https://bar.com")); for (bool explicitly_disabled : {false, true}) { base::test::ScopedFeatureList feature_list; if (explicitly_disabled) { @@ -144,12 +152,12 @@ TEST(ClientSocketPool, PartitionConnectionsByNetworkIsolationKeyDisabled) { ClientSocketPool::GroupId group_id1( HostPortPair("foo", 443), ClientSocketPool::SocketType::kSsl, PrivacyMode::PRIVACY_MODE_DISABLED, - NetworkIsolationKey(url::Origin::Create(GURL("https://foo.com")))); + NetworkIsolationKey(kOriginFoo, kOriginFoo)); ClientSocketPool::GroupId group_id2( HostPortPair("foo", 443), ClientSocketPool::SocketType::kSsl, PrivacyMode::PRIVACY_MODE_DISABLED, - NetworkIsolationKey(url::Origin::Create(GURL("http://bar.com")))); + NetworkIsolationKey(kOriginBar, kOriginBar)); EXPECT_FALSE(group_id1.network_isolation_key().IsFullyPopulated()); EXPECT_FALSE(group_id2.network_isolation_key().IsFullyPopulated()); diff --git a/chromium/net/socket/connect_job.cc b/chromium/net/socket/connect_job.cc index 871d0f5bcbd..daea92c36a4 100644 --- a/chromium/net/socket/connect_job.cc +++ b/chromium/net/socket/connect_job.cc @@ -34,8 +34,7 @@ CommonConnectJobParams::CommonConnectJobParams( QuicStreamFactory* quic_stream_factory, ProxyDelegate* proxy_delegate, const HttpUserAgentSettings* http_user_agent_settings, - const SSLClientSocketContext& ssl_client_socket_context, - const SSLClientSocketContext& ssl_client_socket_context_privacy_mode, + SSLClientContext* ssl_client_context, SocketPerformanceWatcherFactory* socket_performance_watcher_factory, NetworkQualityEstimator* network_quality_estimator, NetLog* net_log, @@ -49,9 +48,7 @@ CommonConnectJobParams::CommonConnectJobParams( quic_stream_factory(quic_stream_factory), proxy_delegate(proxy_delegate), http_user_agent_settings(http_user_agent_settings), - ssl_client_socket_context(ssl_client_socket_context), - ssl_client_socket_context_privacy_mode( - ssl_client_socket_context_privacy_mode), + ssl_client_context(ssl_client_context), socket_performance_watcher_factory(socket_performance_watcher_factory), network_quality_estimator(network_quality_estimator), net_log(net_log), @@ -129,7 +126,7 @@ std::unique_ptr ConnectJob::CreateConnectJob( ssl_params = base::MakeRefCounted( std::move(proxy_tcp_params), nullptr, nullptr, proxy_server.host_port_pair(), *ssl_config_for_proxy, - PRIVACY_MODE_DISABLED); + PRIVACY_MODE_DISABLED, network_isolation_key); proxy_tcp_params = nullptr; } @@ -158,7 +155,7 @@ std::unique_ptr ConnectJob::CreateConnectJob( auto ssl_params = base::MakeRefCounted( std::move(ssl_tcp_params), std::move(socks_params), std::move(http_proxy_params), endpoint, *ssl_config_for_origin, - privacy_mode); + privacy_mode, network_isolation_key); return std::make_unique( request_priority, socket_tag, common_connect_job_params, std::move(ssl_params), delegate, nullptr /* net_log */); diff --git a/chromium/net/socket/connect_job.h b/chromium/net/socket/connect_job.h index 6a267fad4fa..69274c11bab 100644 --- a/chromium/net/socket/connect_job.h +++ b/chromium/net/socket/connect_job.h @@ -68,8 +68,7 @@ struct NET_EXPORT_PRIVATE CommonConnectJobParams { QuicStreamFactory* quic_stream_factory, ProxyDelegate* proxy_delegate, const HttpUserAgentSettings* http_user_agent_settings, - const SSLClientSocketContext& ssl_client_socket_context, - const SSLClientSocketContext& ssl_client_socket_context_privacy_mode, + SSLClientContext* ssl_client_context, SocketPerformanceWatcherFactory* socket_performance_watcher_factory, NetworkQualityEstimator* network_quality_estimator, NetLog* net_log, @@ -88,8 +87,7 @@ struct NET_EXPORT_PRIVATE CommonConnectJobParams { QuicStreamFactory* quic_stream_factory; ProxyDelegate* proxy_delegate; const HttpUserAgentSettings* http_user_agent_settings; - SSLClientSocketContext ssl_client_socket_context; - SSLClientSocketContext ssl_client_socket_context_privacy_mode; + SSLClientContext* ssl_client_context; SocketPerformanceWatcherFactory* socket_performance_watcher_factory; NetworkQualityEstimator* network_quality_estimator; NetLog* net_log; @@ -265,11 +263,8 @@ class NET_EXPORT_PRIVATE ConnectJob { const HttpUserAgentSettings* http_user_agent_settings() const { return common_connect_job_params_->http_user_agent_settings; } - const SSLClientSocketContext& ssl_client_socket_context() { - return common_connect_job_params_->ssl_client_socket_context; - } - const SSLClientSocketContext& ssl_client_socket_context_privacy_mode() { - return common_connect_job_params_->ssl_client_socket_context_privacy_mode; + SSLClientContext* ssl_client_context() { + return common_connect_job_params_->ssl_client_context; } SocketPerformanceWatcherFactory* socket_performance_watcher_factory() { return common_connect_job_params_->socket_performance_watcher_factory; diff --git a/chromium/net/socket/connect_job_unittest.cc b/chromium/net/socket/connect_job_unittest.cc index 2c97a0ea928..ec058c41d23 100644 --- a/chromium/net/socket/connect_job_unittest.cc +++ b/chromium/net/socket/connect_job_unittest.cc @@ -90,7 +90,7 @@ class ConnectJobTest : public testing::Test { public: ConnectJobTest() : scoped_task_environment_( - base::test::ScopedTaskEnvironment::MainThreadType::MOCK_TIME), + base::test::ScopedTaskEnvironment::TimeSource::MOCK_TIME), common_connect_job_params_( nullptr /* client_socket_factory */, nullptr /* host_resolver */, @@ -101,8 +101,7 @@ class ConnectJobTest : public testing::Test { nullptr /* quic_stream_factory */, nullptr /* proxy_delegate */, nullptr /* http_user_agent_settings */, - SSLClientSocketContext(), - SSLClientSocketContext(), + nullptr /* ssl_client_context */, nullptr /* socket_performance_watcher_factory */, nullptr /* network_quality_estimator */, &net_log_, @@ -184,8 +183,7 @@ TEST_F(ConnectJobTest, TimedOut) { // Have to delete the job for it to log the end event. job.reset(); - TestNetLogEntry::List entries; - net_log_.GetEntries(&entries); + auto entries = net_log_.GetEntries(); EXPECT_EQ(6u, entries.size()); EXPECT_TRUE(LogContainsBeginEvent(entries, 0, NetLogEventType::CONNECT_JOB)); diff --git a/chromium/net/socket/fuzzed_datagram_client_socket.cc b/chromium/net/socket/fuzzed_datagram_client_socket.cc index 6b011f843ac..db03e578df8 100644 --- a/chromium/net/socket/fuzzed_datagram_client_socket.cc +++ b/chromium/net/socket/fuzzed_datagram_client_socket.cc @@ -11,12 +11,12 @@ #include "base/location.h" #include "base/logging.h" #include "base/strings/string_piece.h" -#include "base/test/fuzzed_data_provider.h" #include "base/threading/thread_task_runner_handle.h" #include "net/base/io_buffer.h" #include "net/base/ip_address.h" #include "net/base/net_errors.h" #include "net/traffic_annotation/network_traffic_annotation.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" namespace net { @@ -29,8 +29,8 @@ const Error kWriteErrors[] = {ERR_FAILED, ERR_ADDRESS_UNREACHABLE, ERR_MSG_TOO_BIG}; FuzzedDatagramClientSocket::FuzzedDatagramClientSocket( - base::FuzzedDataProvider* data_provider) - : data_provider_(data_provider), weak_factory_(this) {} + FuzzedDataProvider* data_provider) + : data_provider_(data_provider) {} FuzzedDatagramClientSocket::~FuzzedDatagramClientSocket() = default; diff --git a/chromium/net/socket/fuzzed_datagram_client_socket.h b/chromium/net/socket/fuzzed_datagram_client_socket.h index 62c68db2c4e..f53eaecf430 100644 --- a/chromium/net/socket/fuzzed_datagram_client_socket.h +++ b/chromium/net/socket/fuzzed_datagram_client_socket.h @@ -16,9 +16,7 @@ #include "net/log/net_log_with_source.h" #include "net/traffic_annotation/network_traffic_annotation.h" -namespace base { class FuzzedDataProvider; -} namespace net { @@ -30,7 +28,7 @@ class IOBuffer; class FuzzedDatagramClientSocket : public DatagramClientSocket { public: // |data_provider| must outlive the created socket. - explicit FuzzedDatagramClientSocket(base::FuzzedDataProvider* data_provider); + explicit FuzzedDatagramClientSocket(FuzzedDataProvider* data_provider); ~FuzzedDatagramClientSocket() override; // DatagramClientSocket implementation: @@ -83,7 +81,7 @@ class FuzzedDatagramClientSocket : public DatagramClientSocket { void OnReadComplete(net::CompletionOnceCallback callback, int result); void OnWriteComplete(net::CompletionOnceCallback callback, int result); - base::FuzzedDataProvider* data_provider_; + FuzzedDataProvider* data_provider_; bool connected_ = false; bool read_pending_ = false; @@ -93,7 +91,7 @@ class FuzzedDatagramClientSocket : public DatagramClientSocket { IPEndPoint remote_address_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(FuzzedDatagramClientSocket); }; diff --git a/chromium/net/socket/fuzzed_server_socket.cc b/chromium/net/socket/fuzzed_server_socket.cc index cffa433de48..a5fc9dbe31a 100644 --- a/chromium/net/socket/fuzzed_server_socket.cc +++ b/chromium/net/socket/fuzzed_server_socket.cc @@ -13,13 +13,12 @@ namespace net { -FuzzedServerSocket::FuzzedServerSocket(base::FuzzedDataProvider* data_provider, +FuzzedServerSocket::FuzzedServerSocket(FuzzedDataProvider* data_provider, net::NetLog* net_log) : data_provider_(data_provider), net_log_(net_log), first_accept_(true), - listen_called_(false), - weak_factory_(this) {} + listen_called_(false) {} FuzzedServerSocket::~FuzzedServerSocket() = default; diff --git a/chromium/net/socket/fuzzed_server_socket.h b/chromium/net/socket/fuzzed_server_socket.h index 0d9cd16f89a..03c6467246b 100644 --- a/chromium/net/socket/fuzzed_server_socket.h +++ b/chromium/net/socket/fuzzed_server_socket.h @@ -16,9 +16,7 @@ #include "net/base/ip_endpoint.h" #include "net/socket/server_socket.h" -namespace base { class FuzzedDataProvider; -} namespace net { @@ -34,8 +32,7 @@ class FuzzedServerSocket : public ServerSocket { // |data_provider| is used as to determine behavior of the socket. It // must remain valid until after both this object and the StreamSocket // produced by Accept are destroyed. - FuzzedServerSocket(base::FuzzedDataProvider* data_provider, - net::NetLog* net_log); + FuzzedServerSocket(FuzzedDataProvider* data_provider, net::NetLog* net_log); ~FuzzedServerSocket() override; int Listen(const IPEndPoint& address, int backlog) override; @@ -48,14 +45,14 @@ class FuzzedServerSocket : public ServerSocket { void DispatchAccept(std::unique_ptr* socket, CompletionOnceCallback callback); - base::FuzzedDataProvider* data_provider_; + FuzzedDataProvider* data_provider_; net::NetLog* net_log_; IPEndPoint listening_on_; bool first_accept_; bool listen_called_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(FuzzedServerSocket); }; diff --git a/chromium/net/socket/fuzzed_socket.cc b/chromium/net/socket/fuzzed_socket.cc index b974d9c4d03..9952f2d826f 100644 --- a/chromium/net/socket/fuzzed_socket.cc +++ b/chromium/net/socket/fuzzed_socket.cc @@ -9,11 +9,11 @@ #include "base/bind.h" #include "base/location.h" #include "base/logging.h" -#include "base/test/fuzzed_data_provider.h" #include "base/threading/thread_task_runner_handle.h" #include "net/base/io_buffer.h" #include "net/log/net_log_source_type.h" #include "net/traffic_annotation/network_traffic_annotation.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" namespace net { @@ -36,12 +36,11 @@ const Error kReadWriteErrors[] = {ERR_CONNECTION_CLOSED, ERR_FAILED, } // namespace -FuzzedSocket::FuzzedSocket(base::FuzzedDataProvider* data_provider, +FuzzedSocket::FuzzedSocket(FuzzedDataProvider* data_provider, net::NetLog* net_log) : data_provider_(data_provider), net_log_(NetLogWithSource::Make(net_log, NetLogSourceType::SOCKET)), - remote_address_(IPEndPoint(IPAddress::IPv4Localhost(), 80)), - weak_factory_(this) {} + remote_address_(IPEndPoint(IPAddress::IPv4Localhost(), 80)) {} FuzzedSocket::~FuzzedSocket() = default; diff --git a/chromium/net/socket/fuzzed_socket.h b/chromium/net/socket/fuzzed_socket.h index abe59615c35..8e420c10dac 100644 --- a/chromium/net/socket/fuzzed_socket.h +++ b/chromium/net/socket/fuzzed_socket.h @@ -17,9 +17,7 @@ #include "net/socket/transport_client_socket.h" #include "net/traffic_annotation/network_traffic_annotation.h" -namespace base { class FuzzedDataProvider; -} namespace net { @@ -43,7 +41,7 @@ class FuzzedSocket : public TransportClientSocket { public: // |data_provider| is used as to determine behavior of the FuzzedSocket. It // must remain valid until after the FuzzedSocket is destroyed. - FuzzedSocket(base::FuzzedDataProvider* data_provider, net::NetLog* net_log); + FuzzedSocket(FuzzedDataProvider* data_provider, net::NetLog* net_log); ~FuzzedSocket() override; // If set to true, the socket will fuzz the result of the Connect() call. @@ -104,7 +102,7 @@ class FuzzedSocket : public TransportClientSocket { // See https://crbug.com/823012 bool ForceSync() const; - base::FuzzedDataProvider* data_provider_; + FuzzedDataProvider* data_provider_; // If true, the result of the Connect() call is fuzzed - it can succeed or // fail with a variety of connection errors, and it can complete synchronously @@ -133,7 +131,7 @@ class FuzzedSocket : public TransportClientSocket { IPEndPoint remote_address_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(FuzzedSocket); }; diff --git a/chromium/net/socket/fuzzed_socket_factory.cc b/chromium/net/socket/fuzzed_socket_factory.cc index 7736fa429e3..83e796bd6a9 100644 --- a/chromium/net/socket/fuzzed_socket_factory.cc +++ b/chromium/net/socket/fuzzed_socket_factory.cc @@ -5,7 +5,6 @@ #include "net/socket/fuzzed_socket_factory.h" #include "base/logging.h" -#include "base/test/fuzzed_data_provider.h" #include "net/base/address_list.h" #include "net/base/ip_endpoint.h" #include "net/base/net_errors.h" @@ -16,6 +15,7 @@ #include "net/socket/fuzzed_socket.h" #include "net/socket/ssl_client_socket.h" #include "net/traffic_annotation/network_traffic_annotation.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" namespace net { @@ -105,8 +105,7 @@ class FailingSSLClientSocket : public SSLClientSocket { } // namespace -FuzzedSocketFactory::FuzzedSocketFactory( - base::FuzzedDataProvider* data_provider) +FuzzedSocketFactory::FuzzedSocketFactory(FuzzedDataProvider* data_provider) : data_provider_(data_provider), fuzz_connect_result_(true) {} FuzzedSocketFactory::~FuzzedSocketFactory() = default; @@ -134,10 +133,10 @@ FuzzedSocketFactory::CreateTransportClientSocket( } std::unique_ptr FuzzedSocketFactory::CreateSSLClientSocket( + SSLClientContext* context, std::unique_ptr stream_socket, const HostPortPair& host_and_port, - const SSLConfig& ssl_config, - const SSLClientSocketContext& context) { + const SSLConfig& ssl_config) { return std::make_unique(); } diff --git a/chromium/net/socket/fuzzed_socket_factory.h b/chromium/net/socket/fuzzed_socket_factory.h index 4002d0060c9..c0dd972d275 100644 --- a/chromium/net/socket/fuzzed_socket_factory.h +++ b/chromium/net/socket/fuzzed_socket_factory.h @@ -11,9 +11,7 @@ #include "base/macros.h" #include "net/socket/client_socket_factory.h" -namespace base { class FuzzedDataProvider; -} namespace net { @@ -33,7 +31,7 @@ class FuzzedSocketFactory : public ClientSocketFactory { // creates. Other objects can also continue to consume |data_provider|, as // long as their calls into it are made on the CLientSocketFactory's thread // and the calls are deterministic. - explicit FuzzedSocketFactory(base::FuzzedDataProvider* data_provider); + explicit FuzzedSocketFactory(FuzzedDataProvider* data_provider); ~FuzzedSocketFactory() override; std::unique_ptr CreateDatagramClientSocket( @@ -48,10 +46,10 @@ class FuzzedSocketFactory : public ClientSocketFactory { const NetLogSource& source) override; std::unique_ptr CreateSSLClientSocket( + SSLClientContext* context, std::unique_ptr stream_socket, const HostPortPair& host_and_port, - const SSLConfig& ssl_config, - const SSLClientSocketContext& context) override; + const SSLConfig& ssl_config) override; std::unique_ptr CreateProxyClientSocket( std::unique_ptr stream_socket, @@ -70,7 +68,7 @@ class FuzzedSocketFactory : public ClientSocketFactory { void set_fuzz_connect_result(bool v) { fuzz_connect_result_ = v; } private: - base::FuzzedDataProvider* data_provider_; + FuzzedDataProvider* data_provider_; bool fuzz_connect_result_; DISALLOW_COPY_AND_ASSIGN(FuzzedSocketFactory); diff --git a/chromium/net/socket/socket_bio_adapter.cc b/chromium/net/socket/socket_bio_adapter.cc index 6e2496972e3..6f134af6634 100644 --- a/chromium/net/socket/socket_bio_adapter.cc +++ b/chromium/net/socket/socket_bio_adapter.cc @@ -66,8 +66,7 @@ SocketBIOAdapter::SocketBIOAdapter(StreamSocket* socket, write_buffer_capacity_(write_buffer_capacity), write_buffer_used_(0), write_error_(OK), - delegate_(delegate), - weak_factory_(this) { + delegate_(delegate) { bio_.reset(BIO_new(&kBIOMethod)); bio_->ptr = this; bio_->init = 1; diff --git a/chromium/net/socket/socket_bio_adapter.h b/chromium/net/socket/socket_bio_adapter.h index 95475350b3c..98421c701e4 100644 --- a/chromium/net/socket/socket_bio_adapter.h +++ b/chromium/net/socket/socket_bio_adapter.h @@ -136,7 +136,7 @@ class NET_EXPORT_PRIVATE SocketBIOAdapter { Delegate* delegate_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(SocketBIOAdapter); }; diff --git a/chromium/net/socket/socket_net_log_params.cc b/chromium/net/socket/socket_net_log_params.cc index bde45306a4c..eb8d372c576 100644 --- a/chromium/net/socket/socket_net_log_params.cc +++ b/chromium/net/socket/socket_net_log_params.cc @@ -12,37 +12,39 @@ #include "net/base/host_port_pair.h" #include "net/base/ip_endpoint.h" #include "net/log/net_log_capture_mode.h" +#include "net/log/net_log_with_source.h" namespace net { -namespace { - -base::Value NetLogSocketErrorCallback(int net_error, - int os_error, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogSocketErrorParams(int net_error, int os_error) { base::DictionaryValue dict; dict.SetInteger("net_error", net_error); dict.SetInteger("os_error", os_error); return std::move(dict); } -base::Value NetLogHostPortPairCallback(const HostPortPair* host_and_port, - NetLogCaptureMode /* capture_mode */) { +void NetLogSocketError(const NetLogWithSource& net_log, + NetLogEventType type, + int net_error, + int os_error) { + net_log.AddEvent( + type, [&] { return NetLogSocketErrorParams(net_error, os_error); }); +} + +base::Value CreateNetLogHostPortPairParams(const HostPortPair* host_and_port) { base::DictionaryValue dict; dict.SetString("host_and_port", host_and_port->ToString()); return std::move(dict); } -base::Value NetLogIPEndPointCallback(const IPEndPoint* address, - NetLogCaptureMode /* capture_mode */) { +base::Value CreateNetLogIPEndPointParams(const IPEndPoint* address) { base::DictionaryValue dict; dict.SetString("address", address->ToString()); return std::move(dict); } -base::Value NetLogSourceAddressCallback(const struct sockaddr* net_address, - socklen_t address_len, - NetLogCaptureMode /* capture_mode */) { +base::Value CreateNetLogSourceAddressParams(const struct sockaddr* net_address, + socklen_t address_len) { base::DictionaryValue dict; IPEndPoint ipe; bool result = ipe.FromSockAddr(net_address, address_len); @@ -51,27 +53,4 @@ base::Value NetLogSourceAddressCallback(const struct sockaddr* net_address, return std::move(dict); } -} // namespace - -NetLogParametersCallback CreateNetLogSocketErrorCallback(int net_error, - int os_error) { - return base::Bind(&NetLogSocketErrorCallback, net_error, os_error); -} - -NetLogParametersCallback CreateNetLogHostPortPairCallback( - const HostPortPair* host_and_port) { - return base::Bind(&NetLogHostPortPairCallback, host_and_port); -} - -NetLogParametersCallback CreateNetLogIPEndPointCallback( - const IPEndPoint* address) { - return base::Bind(&NetLogIPEndPointCallback, address); -} - -NetLogParametersCallback CreateNetLogSourceAddressCallback( - const struct sockaddr* net_address, - socklen_t address_len) { - return base::Bind(&NetLogSourceAddressCallback, net_address, address_len); -} - } // namespace net diff --git a/chromium/net/socket/socket_net_log_params.h b/chromium/net/socket/socket_net_log_params.h index c1c2c4347cd..37dfacbac90 100644 --- a/chromium/net/socket/socket_net_log_params.h +++ b/chromium/net/socket/socket_net_log_params.h @@ -6,32 +6,33 @@ #define NET_SOCKET_SOCKET_NET_LOG_PARAMS_H_ #include "net/base/sys_addrinfo.h" -#include "net/log/net_log_parameters_callback.h" +#include "net/log/net_log_event_type.h" + +namespace base { +class Value; +} namespace net { +class NetLogWithSource; class HostPortPair; class IPEndPoint; -// Creates a NetLog callback for socket error events. -NetLogParametersCallback CreateNetLogSocketErrorCallback(int net_error, - int os_error); - -// Creates a NetLog callback for a HostPortPair. -// |host_and_port| must remain valid for the lifetime of the returned callback. -NetLogParametersCallback CreateNetLogHostPortPairCallback( - const HostPortPair* host_and_port); - -// Creates a NetLog callback for an IPEndPoint. -// |address| must remain valid for the lifetime of the returned callback. -NetLogParametersCallback CreateNetLogIPEndPointCallback( - const IPEndPoint* address); - -// Creates a NetLog callback for the source sockaddr on connect events. -// |net_address| must remain valid for the lifetime of the returned callback. -NetLogParametersCallback CreateNetLogSourceAddressCallback( - const struct sockaddr* net_address, - socklen_t address_len); +// Emits an event to NetLog with socket error parameters. +void NetLogSocketError(const NetLogWithSource& net_log, + NetLogEventType type, + int net_error, + int os_error); + +// Creates a NetLog parameters for a HostPortPair. +base::Value CreateNetLogHostPortPairParams(const HostPortPair* host_and_port); + +// Creates a NetLog parameters for an IPEndPoint. +base::Value CreateNetLogIPEndPointParams(const IPEndPoint* address); + +// Creates a NetLog parameters for the source sockaddr on connect events. +base::Value CreateNetLogSourceAddressParams(const struct sockaddr* net_address, + socklen_t address_len); } // namespace net diff --git a/chromium/net/socket/socket_test_util.cc b/chromium/net/socket/socket_test_util.cc index bb05c92bba5..65f78408ebd 100644 --- a/chromium/net/socket/socket_test_util.cc +++ b/chromium/net/socket/socket_test_util.cc @@ -220,7 +220,8 @@ void StaticSocketDataHelper::Reset() { write_index_ = 0; } -bool StaticSocketDataHelper::VerifyWriteData(const std::string& data) { +bool StaticSocketDataHelper::VerifyWriteData(const std::string& data, + SocketDataPrinter* printer) { CHECK(!AllWriteDataConsumed()); // Check that the actual data matches the expectations, skipping over any // pause events. @@ -240,6 +241,12 @@ bool StaticSocketDataHelper::VerifyWriteData(const std::string& data) { EXPECT_TRUE(actual_data == expected_data) << "Actual write data:\n" << HexDump(data) << "Expected write data:\n" << HexDump(expected_data); + if (printer) { + EXPECT_TRUE(actual_data == expected_data) + << "Actual write data:\n" + << printer->PrintWrite(data) << "Expected write data:\n" + << printer->PrintWrite(expected_data); + } return expected_data == actual_data; } @@ -295,7 +302,7 @@ MockWriteResult StaticSocketDataProvider::OnWrite(const std::string& data) { // Check that what we are writing matches the expectation. // Then give the mocked return value. - if (!helper_.VerifyWriteData(data)) + if (!helper_.VerifyWriteData(data, printer_)) return MockWriteResult(SYNCHRONOUS, ERR_UNEXPECTED); const MockWrite& next_write = helper_.AdvanceWrite(); @@ -354,8 +361,7 @@ SequencedSocketData::SequencedSocketData(base::span reads, sequence_number_(0), read_state_(IDLE), write_state_(IDLE), - busy_before_sync_reads_(false), - weak_factory_(this) { + busy_before_sync_reads_(false) { // Check that reads and writes have a contiguous set of sequence numbers // starting from 0 and working their way up, with no repeats and skipping // no values. @@ -435,7 +441,8 @@ SequencedSocketData::SequencedSocketData(const MockConnect& connect, MockRead SequencedSocketData::OnRead() { CHECK_EQ(IDLE, read_state_); - CHECK(!helper_.AllReadDataConsumed()); + CHECK(!helper_.AllReadDataConsumed()) + << "Application tried to read but there is no read data left"; NET_TRACE(1, " *** ") << "sequence_number: " << sequence_number_; const MockRead& next_read = helper_.PeekRead(); @@ -487,7 +494,7 @@ MockWriteResult SequencedSocketData::OnWrite(const std::string& data) { NET_TRACE(1, " *** ") << "next_write: " << next_write.sequence_number; CHECK_GE(next_write.sequence_number, sequence_number_); - if (!helper_.VerifyWriteData(data)) + if (!helper_.VerifyWriteData(data, printer_)) return MockWriteResult(SYNCHRONOUS, ERR_UNEXPECTED); if (next_write.sequence_number <= sequence_number_) { @@ -785,10 +792,10 @@ MockClientSocketFactory::CreateTransportClientSocket( } std::unique_ptr MockClientSocketFactory::CreateSSLClientSocket( + SSLClientContext* context, std::unique_ptr stream_socket, const HostPortPair& host_and_port, - const SSLConfig& ssl_config, - const SSLClientSocketContext& context) { + const SSLConfig& ssl_config) { SSLSocketDataProvider* next_ssl_data = mock_ssl_data_.GetNext(); if (next_ssl_data->next_protos_expected_in_ssl_config.has_value()) { EXPECT_EQ(next_ssl_data->next_protos_expected_in_ssl_config.value().size(), @@ -812,9 +819,12 @@ std::unique_ptr MockClientSocketFactory::CreateSSLClientSocket( EXPECT_FALSE(ssl_config.client_cert); } } - if (next_ssl_data->expected_false_start_enabled) { - EXPECT_EQ(*next_ssl_data->expected_false_start_enabled, - ssl_config.false_start_enabled); + if (next_ssl_data->expected_host_and_port) { + EXPECT_EQ(*next_ssl_data->expected_host_and_port, host_and_port); + } + if (next_ssl_data->expected_network_isolation_key) { + EXPECT_EQ(*next_ssl_data->expected_network_isolation_key, + ssl_config.network_isolation_key); } return std::unique_ptr(new MockSSLClientSocket( std::move(stream_socket), host_and_port, ssl_config, next_ssl_data)); @@ -845,7 +855,7 @@ MockClientSocketFactory::CreateProxyClientSocket( } MockClientSocket::MockClientSocket(const NetLogWithSource& net_log) - : connected_(false), net_log_(net_log), weak_factory_(this) { + : connected_(false), net_log_(net_log) { local_addr_ = IPEndPoint(IPAddress(192, 0, 2, 33), 123); peer_addr_ = IPEndPoint(IPAddress(192, 0, 2, 33), 0); } @@ -1290,8 +1300,7 @@ MockProxyClientSocket::MockProxyClientSocket( : net_log_(socket->NetLog()), socket_(std::move(socket)), data_(data), - auth_controller_(auth_controller), - weak_factory_(this) { + auth_controller_(auth_controller) { DCHECK(data_); } @@ -1457,8 +1466,7 @@ MockSSLClientSocket::MockSSLClientSocket( SSLSocketDataProvider* data) : net_log_(stream_socket->NetLog()), stream_socket_(std::move(stream_socket)), - data_(data), - weak_factory_(this) { + data_(data) { DCHECK(data_); peer_addr_ = data->connect.peer_addr; } @@ -1659,8 +1667,7 @@ MockUDPClientSocket::MockUDPClientSocket(SocketDataProvider* data, network_(NetworkChangeNotifier::kInvalidNetworkHandle), pending_read_buf_(nullptr), pending_read_buf_len_(0), - net_log_(NetLogWithSource::Make(net_log, NetLogSourceType::NONE)), - weak_factory_(this) { + net_log_(NetLogWithSource::Make(net_log, NetLogSourceType::NONE)) { DCHECK(data_); data_->Initialize(this); peer_addr_ = data->connect_data().peer_addr; diff --git a/chromium/net/socket/socket_test_util.h b/chromium/net/socket/socket_test_util.h index 05d4c51e62d..94f9905af13 100644 --- a/chromium/net/socket/socket_test_util.h +++ b/chromium/net/socket/socket_test_util.h @@ -355,6 +355,15 @@ class AsyncSocket { virtual void OnDataProviderDestroyed() = 0; }; +class SocketDataPrinter { + public: + ~SocketDataPrinter() = default; + + // Prints the write in |data| using some sort of protocol-specific + // format. + virtual std::string PrintWrite(const std::string& data) = 0; +}; + // StaticSocketDataHelper manages a list of reads and writes. class StaticSocketDataHelper { public: @@ -377,7 +386,7 @@ class StaticSocketDataHelper { // Returns true if |data| is valid data for the next write. In order // to support short writes, the next write may be longer than |data| // in which case this method will still return true. - bool VerifyWriteData(const std::string& data); + bool VerifyWriteData(const std::string& data, SocketDataPrinter* printer); size_t read_index() const { return read_index_; } size_t write_index() const { return write_index_; } @@ -424,11 +433,14 @@ class StaticSocketDataProvider : public SocketDataProvider { size_t read_count() const { return helper_.read_count(); } size_t write_count() const { return helper_.write_count(); } + void set_printer(SocketDataPrinter* printer) { printer_ = printer; } + private: // From SocketDataProvider: void Reset() override; StaticSocketDataHelper helper_; + SocketDataPrinter* printer_ = nullptr; bool paused_ = false; DISALLOW_COPY_AND_ASSIGN(StaticSocketDataProvider); @@ -482,7 +494,8 @@ struct SSLSocketDataProvider { uint16_t expected_ssl_version_max; base::Optional expected_send_client_cert; scoped_refptr expected_client_cert; - base::Optional expected_false_start_enabled; + base::Optional expected_host_and_port; + base::Optional expected_network_isolation_key; bool is_connect_data_consumed = false; bool is_confirm_data_consumed = false; @@ -542,6 +555,8 @@ class SequencedSocketData : public SocketDataProvider { busy_before_sync_reads_ = busy_before_sync_reads; } + void set_printer(SocketDataPrinter* printer) { printer_ = printer; } + private: // Defines the state for the read or write path. enum IoState { @@ -562,6 +577,7 @@ class SequencedSocketData : public SocketDataProvider { void MaybePostWriteCompleteTask(); StaticSocketDataHelper helper_; + SocketDataPrinter* printer_ = nullptr; int sequence_number_; IoState read_state_; IoState write_state_; @@ -571,7 +587,7 @@ class SequencedSocketData : public SocketDataProvider { // Used by RunUntilPaused. NULL at all other times. std::unique_ptr run_until_paused_run_loop_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(SequencedSocketData); }; @@ -649,10 +665,10 @@ class MockClientSocketFactory : public ClientSocketFactory { NetLog* net_log, const NetLogSource& source) override; std::unique_ptr CreateSSLClientSocket( + SSLClientContext* context, std::unique_ptr stream_socket, const HostPortPair& host_and_port, - const SSLConfig& ssl_config, - const SSLClientSocketContext& context) override; + const SSLConfig& ssl_config) override; std::unique_ptr CreateProxyClientSocket( std::unique_ptr stream_socket, const std::string& user_agent, @@ -735,7 +751,7 @@ class MockClientSocket : public TransportClientSocket { NetLogWithSource net_log_; private: - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(MockClientSocket); }; @@ -896,7 +912,7 @@ class MockProxyClientSocket : public AsyncSocket, public ProxyClientSocket { ProxyClientSocketDataProvider* data_; scoped_refptr auth_controller_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(MockProxyClientSocket); }; @@ -978,7 +994,7 @@ class MockSSLClientSocket : public AsyncSocket, public SSLClientSocket { // Address of the "remote" peer we're connected to. IPEndPoint peer_addr_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(MockSSLClientSocket); }; @@ -1085,7 +1101,7 @@ class MockUDPClientSocket : public DatagramClientSocket, public AsyncSocket { bool data_transferred_ = false; bool tagged_before_data_transferred_ = true; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(MockUDPClientSocket); }; diff --git a/chromium/net/socket/socks5_client_socket.cc b/chromium/net/socket/socks5_client_socket.cc index 832afa61c78..e22ddb2630b 100644 --- a/chromium/net/socket/socks5_client_socket.cc +++ b/chromium/net/socket/socks5_client_socket.cc @@ -334,13 +334,13 @@ int SOCKS5ClientSocket::DoGreetReadComplete(int result) { // Got the greet data. if (buffer_[0] != kSOCKS5Version) { - net_log_.AddEvent(NetLogEventType::SOCKS_UNEXPECTED_VERSION, - NetLog::IntCallback("version", buffer_[0])); + net_log_.AddEventWithIntParams(NetLogEventType::SOCKS_UNEXPECTED_VERSION, + "version", buffer_[0]); return ERR_SOCKS_CONNECTION_FAILED; } if (buffer_[1] != 0x00) { - net_log_.AddEvent(NetLogEventType::SOCKS_UNEXPECTED_AUTH, - NetLog::IntCallback("method", buffer_[1])); + net_log_.AddEventWithIntParams(NetLogEventType::SOCKS_UNEXPECTED_AUTH, + "method", buffer_[1]); return ERR_SOCKS_CONNECTION_FAILED; } @@ -442,13 +442,13 @@ int SOCKS5ClientSocket::DoHandshakeReadComplete(int result) { // and accordingly increase them if (bytes_received_ == kReadHeaderSize) { if (buffer_[0] != kSOCKS5Version || buffer_[2] != kNullByte) { - net_log_.AddEvent(NetLogEventType::SOCKS_UNEXPECTED_VERSION, - NetLog::IntCallback("version", buffer_[0])); + net_log_.AddEventWithIntParams(NetLogEventType::SOCKS_UNEXPECTED_VERSION, + "version", buffer_[0]); return ERR_SOCKS_CONNECTION_FAILED; } if (buffer_[1] != 0x00) { - net_log_.AddEvent(NetLogEventType::SOCKS_SERVER_ERROR, - NetLog::IntCallback("error_code", buffer_[1])); + net_log_.AddEventWithIntParams(NetLogEventType::SOCKS_SERVER_ERROR, + "error_code", buffer_[1]); return ERR_SOCKS_CONNECTION_FAILED; } @@ -466,8 +466,9 @@ int SOCKS5ClientSocket::DoHandshakeReadComplete(int result) { } else if (address_type == kEndPointResolvedIPv6) { read_header_size += sizeof(struct in6_addr) - 1; } else { - net_log_.AddEvent(NetLogEventType::SOCKS_UNKNOWN_ADDRESS_TYPE, - NetLog::IntCallback("address_type", buffer_[3])); + net_log_.AddEventWithIntParams( + NetLogEventType::SOCKS_UNKNOWN_ADDRESS_TYPE, "address_type", + buffer_[3]); return ERR_SOCKS_CONNECTION_FAILED; } diff --git a/chromium/net/socket/socks5_client_socket_fuzzer.cc b/chromium/net/socket/socks5_client_socket_fuzzer.cc index ad2a9a9282d..a2fb1cc51ee 100644 --- a/chromium/net/socket/socks5_client_socket_fuzzer.cc +++ b/chromium/net/socket/socks5_client_socket_fuzzer.cc @@ -8,7 +8,7 @@ #include #include "base/logging.h" -#include "base/test/fuzzed_data_provider.h" + #include "net/base/address_list.h" #include "net/base/net_errors.h" #include "net/base/test_completion_callback.h" @@ -16,6 +16,7 @@ #include "net/socket/fuzzed_socket.h" #include "net/socket/socks5_client_socket.h" #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" // Fuzzer for Socks5ClientSocket. Only covers the SOCKS5 greeet and // handshake. @@ -26,7 +27,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { // Use a test NetLog, to exercise logging code. net::TestNetLog test_net_log; - base::FuzzedDataProvider data_provider(data, size); + FuzzedDataProvider data_provider(data, size); net::TestCompletionCallback callback; std::unique_ptr fuzzed_socket( diff --git a/chromium/net/socket/socks5_client_socket_unittest.cc b/chromium/net/socket/socks5_client_socket_unittest.cc index 4d76dd3c358..a25befe078c 100644 --- a/chromium/net/socket/socks5_client_socket_unittest.cc +++ b/chromium/net/socket/socks5_client_socket_unittest.cc @@ -19,7 +19,6 @@ #include "net/base/winsock_init.h" #include "net/log/net_log_event_type.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/socket/client_socket_factory.h" #include "net/socket/socket_test_util.h" @@ -143,8 +142,7 @@ TEST_F(SOCKS5ClientSocketTest, CompleteHandshake) { EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); EXPECT_FALSE(user_sock_->IsConnected()); - TestNetLogEntry::List net_log_entries; - net_log_.GetEntries(&net_log_entries); + auto net_log_entries = net_log_.GetEntries(); EXPECT_TRUE(LogContainsBeginEvent(net_log_entries, 0, NetLogEventType::SOCKS5_CONNECT)); @@ -153,7 +151,7 @@ TEST_F(SOCKS5ClientSocketTest, CompleteHandshake) { EXPECT_THAT(rv, IsOk()); EXPECT_TRUE(user_sock_->IsConnected()); - net_log_.GetEntries(&net_log_entries); + net_log_entries = net_log_.GetEntries(); EXPECT_TRUE(LogContainsEndEvent(net_log_entries, -1, NetLogEventType::SOCKS5_CONNECT)); @@ -265,8 +263,7 @@ TEST_F(SOCKS5ClientSocketTest, PartialReadWrites) { int rv = user_sock_->Connect(callback_.callback()); EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - TestNetLogEntry::List net_log_entries; - net_log_.GetEntries(&net_log_entries); + auto net_log_entries = net_log_.GetEntries(); EXPECT_TRUE(LogContainsBeginEvent(net_log_entries, 0, NetLogEventType::SOCKS5_CONNECT)); @@ -274,7 +271,7 @@ TEST_F(SOCKS5ClientSocketTest, PartialReadWrites) { EXPECT_THAT(rv, IsOk()); EXPECT_TRUE(user_sock_->IsConnected()); - net_log_.GetEntries(&net_log_entries); + net_log_entries = net_log_.GetEntries(); EXPECT_TRUE(LogContainsEndEvent(net_log_entries, -1, NetLogEventType::SOCKS5_CONNECT)); } @@ -295,14 +292,13 @@ TEST_F(SOCKS5ClientSocketTest, PartialReadWrites) { int rv = user_sock_->Connect(callback_.callback()); EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - TestNetLogEntry::List net_log_entries; - net_log_.GetEntries(&net_log_entries); + auto net_log_entries = net_log_.GetEntries(); EXPECT_TRUE(LogContainsBeginEvent(net_log_entries, 0, NetLogEventType::SOCKS5_CONNECT)); rv = callback_.WaitForResult(); EXPECT_THAT(rv, IsOk()); EXPECT_TRUE(user_sock_->IsConnected()); - net_log_.GetEntries(&net_log_entries); + net_log_entries = net_log_.GetEntries(); EXPECT_TRUE(LogContainsEndEvent(net_log_entries, -1, NetLogEventType::SOCKS5_CONNECT)); } @@ -322,14 +318,13 @@ TEST_F(SOCKS5ClientSocketTest, PartialReadWrites) { BuildMockSocket(data_reads, data_writes, hostname, 80, &net_log_); int rv = user_sock_->Connect(callback_.callback()); EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - TestNetLogEntry::List net_log_entries; - net_log_.GetEntries(&net_log_entries); + auto net_log_entries = net_log_.GetEntries(); EXPECT_TRUE(LogContainsBeginEvent(net_log_entries, 0, NetLogEventType::SOCKS5_CONNECT)); rv = callback_.WaitForResult(); EXPECT_THAT(rv, IsOk()); EXPECT_TRUE(user_sock_->IsConnected()); - net_log_.GetEntries(&net_log_entries); + net_log_entries = net_log_.GetEntries(); EXPECT_TRUE(LogContainsEndEvent(net_log_entries, -1, NetLogEventType::SOCKS5_CONNECT)); } @@ -351,14 +346,13 @@ TEST_F(SOCKS5ClientSocketTest, PartialReadWrites) { BuildMockSocket(data_reads, data_writes, hostname, 80, &net_log_); int rv = user_sock_->Connect(callback_.callback()); EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - TestNetLogEntry::List net_log_entries; - net_log_.GetEntries(&net_log_entries); + auto net_log_entries = net_log_.GetEntries(); EXPECT_TRUE(LogContainsBeginEvent(net_log_entries, 0, NetLogEventType::SOCKS5_CONNECT)); rv = callback_.WaitForResult(); EXPECT_THAT(rv, IsOk()); EXPECT_TRUE(user_sock_->IsConnected()); - net_log_.GetEntries(&net_log_entries); + net_log_entries = net_log_.GetEntries(); EXPECT_TRUE(LogContainsEndEvent(net_log_entries, -1, NetLogEventType::SOCKS5_CONNECT)); } diff --git a/chromium/net/socket/socks_client_socket_fuzzer.cc b/chromium/net/socket/socks_client_socket_fuzzer.cc index 6f300f98339..be5764cca0f 100644 --- a/chromium/net/socket/socks_client_socket_fuzzer.cc +++ b/chromium/net/socket/socks_client_socket_fuzzer.cc @@ -8,7 +8,6 @@ #include #include "base/logging.h" -#include "base/test/fuzzed_data_provider.h" #include "net/base/address_list.h" #include "net/base/net_errors.h" #include "net/base/test_completion_callback.h" @@ -18,6 +17,7 @@ #include "net/socket/fuzzed_socket.h" #include "net/socket/socks_client_socket.h" #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" // Fuzzer for SocksClientSocket. Only covers the SOCKS4 handshake. // @@ -27,7 +27,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { // Use a test NetLog, to exercise logging code. net::TestNetLog test_net_log; - base::FuzzedDataProvider data_provider(data, size); + FuzzedDataProvider data_provider(data, size); // Determine if the DNS lookup returns synchronously or asynchronously, // succeeds or fails, and returns an IPv4 or IPv6 address. diff --git a/chromium/net/socket/socks_client_socket_unittest.cc b/chromium/net/socket/socks_client_socket_unittest.cc index 099e9b688c0..a946f2e1eac 100644 --- a/chromium/net/socket/socks_client_socket_unittest.cc +++ b/chromium/net/socket/socks_client_socket_unittest.cc @@ -18,7 +18,6 @@ #include "net/dns/mock_host_resolver.h" #include "net/log/net_log_event_type.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/socket/client_socket_factory.h" #include "net/socket/socket_test_util.h" @@ -127,8 +126,7 @@ TEST_F(SOCKSClientSocketTest, CompleteHandshake) { int rv = user_sock_->Connect(callback_.callback()); EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_TRUE( LogContainsBeginEvent(entries, 0, NetLogEventType::SOCKS_CONNECT)); EXPECT_FALSE(user_sock_->IsConnected()); @@ -136,7 +134,7 @@ TEST_F(SOCKSClientSocketTest, CompleteHandshake) { rv = callback_.WaitForResult(); EXPECT_THAT(rv, IsOk()); EXPECT_TRUE(user_sock_->IsConnected()); - log.GetEntries(&entries); + entries = log.GetEntries(); EXPECT_TRUE( LogContainsEndEvent(entries, -1, NetLogEventType::SOCKS_CONNECT)); @@ -242,8 +240,7 @@ TEST_F(SOCKSClientSocketTest, HandshakeFailures) { int rv = user_sock_->Connect(callback_.callback()); EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_TRUE( LogContainsBeginEvent(entries, 0, NetLogEventType::SOCKS_CONNECT)); @@ -251,7 +248,7 @@ TEST_F(SOCKSClientSocketTest, HandshakeFailures) { EXPECT_EQ(test.fail_code, rv); EXPECT_FALSE(user_sock_->IsConnected()); EXPECT_TRUE(tcp_sock_->IsConnected()); - log.GetEntries(&entries); + entries = log.GetEntries(); EXPECT_TRUE( LogContainsEndEvent(entries, -1, NetLogEventType::SOCKS_CONNECT)); } @@ -275,15 +272,14 @@ TEST_F(SOCKSClientSocketTest, PartialServerReads) { int rv = user_sock_->Connect(callback_.callback()); EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_TRUE( LogContainsBeginEvent(entries, 0, NetLogEventType::SOCKS_CONNECT)); rv = callback_.WaitForResult(); EXPECT_THAT(rv, IsOk()); EXPECT_TRUE(user_sock_->IsConnected()); - log.GetEntries(&entries); + entries = log.GetEntries(); EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SOCKS_CONNECT)); } @@ -310,15 +306,14 @@ TEST_F(SOCKSClientSocketTest, PartialClientWrites) { int rv = user_sock_->Connect(callback_.callback()); EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_TRUE( LogContainsBeginEvent(entries, 0, NetLogEventType::SOCKS_CONNECT)); rv = callback_.WaitForResult(); EXPECT_THAT(rv, IsOk()); EXPECT_TRUE(user_sock_->IsConnected()); - log.GetEntries(&entries); + entries = log.GetEntries(); EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SOCKS_CONNECT)); } @@ -338,15 +333,14 @@ TEST_F(SOCKSClientSocketTest, FailedSocketRead) { int rv = user_sock_->Connect(callback_.callback()); EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_TRUE( LogContainsBeginEvent(entries, 0, NetLogEventType::SOCKS_CONNECT)); rv = callback_.WaitForResult(); EXPECT_THAT(rv, IsError(ERR_CONNECTION_CLOSED)); EXPECT_FALSE(user_sock_->IsConnected()); - log.GetEntries(&entries); + entries = log.GetEntries(); EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SOCKS_CONNECT)); } @@ -364,15 +358,14 @@ TEST_F(SOCKSClientSocketTest, FailedDNS) { int rv = user_sock_->Connect(callback_.callback()); EXPECT_THAT(rv, IsError(ERR_IO_PENDING)); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_TRUE( LogContainsBeginEvent(entries, 0, NetLogEventType::SOCKS_CONNECT)); rv = callback_.WaitForResult(); EXPECT_THAT(rv, IsError(ERR_NAME_NOT_RESOLVED)); EXPECT_FALSE(user_sock_->IsConnected()); - log.GetEntries(&entries); + entries = log.GetEntries(); EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SOCKS_CONNECT)); } diff --git a/chromium/net/socket/socks_connect_job_unittest.cc b/chromium/net/socket/socks_connect_job_unittest.cc index 9469220f1da..a9bfede63f0 100644 --- a/chromium/net/socket/socks_connect_job_unittest.cc +++ b/chromium/net/socket/socks_connect_job_unittest.cc @@ -47,9 +47,7 @@ class SOCKSConnectJobTest : public testing::Test, SOCKSConnectJobTest() : WithScopedTaskEnvironment( - base::test::ScopedTaskEnvironment::MainThreadType::MOCK_TIME, - base::test::ScopedTaskEnvironment::NowSource:: - MAIN_THREAD_MOCK_TIME), + base::test::ScopedTaskEnvironment::TimeSource::MOCK_TIME_AND_NOW), common_connect_job_params_( &client_socket_factory_, &host_resolver_, @@ -60,16 +58,11 @@ class SOCKSConnectJobTest : public testing::Test, nullptr /* quic_stream_factory */, nullptr /* proxy_delegate */, nullptr /* http_user_agent_settings */, - SSLClientSocketContext(), - SSLClientSocketContext(), + nullptr /* ssl_client_context */, nullptr /* socket_performance_watcher_factory */, nullptr /* network_quality_estimator */, &net_log_, - nullptr /* websocket_endpoint_lock_manager */) { - // Set an initial delay to ensure that the first call to TimeTicks::Now() - // before incrementing the counter does not return a null value. - FastForwardBy(base::TimeDelta::FromSeconds(1)); - } + nullptr /* websocket_endpoint_lock_manager */) {} ~SOCKSConnectJobTest() override {} diff --git a/chromium/net/socket/ssl_client_socket.cc b/chromium/net/socket/ssl_client_socket.cc index d5eebe53801..52ae9bed3c9 100644 --- a/chromium/net/socket/ssl_client_socket.cc +++ b/chromium/net/socket/ssl_client_socket.cc @@ -4,13 +4,11 @@ #include "net/socket/ssl_client_socket.h" -#include "base/metrics/histogram_macros.h" -#include "base/metrics/sparse_histogram.h" -#include "base/strings/string_util.h" -#include "crypto/ec_private_key.h" -#include "net/base/net_errors.h" +#include + +#include "base/logging.h" #include "net/socket/ssl_client_socket_impl.h" -#include "net/ssl/ssl_config_service.h" +#include "net/socket/stream_socket.h" #include "net/ssl/ssl_key_logger.h" namespace net { @@ -47,4 +45,31 @@ std::vector SSLClientSocket::SerializeNextProtos( return wire_protos; } +SSLClientContext::SSLClientContext( + CertVerifier* cert_verifier, + TransportSecurityState* transport_security_state, + CTVerifier* cert_transparency_verifier, + CTPolicyEnforcer* ct_policy_enforcer, + SSLClientSessionCache* ssl_client_session_cache) + : cert_verifier_(cert_verifier), + transport_security_state_(transport_security_state), + cert_transparency_verifier_(cert_transparency_verifier), + ct_policy_enforcer_(ct_policy_enforcer), + ssl_client_session_cache_(ssl_client_session_cache) { + CHECK(cert_verifier_); + CHECK(transport_security_state_); + CHECK(cert_transparency_verifier_); + CHECK(ct_policy_enforcer_); +} + +SSLClientContext::~SSLClientContext() = default; + +std::unique_ptr SSLClientContext::CreateSSLClientSocket( + std::unique_ptr stream_socket, + const HostPortPair& host_and_port, + const SSLConfig& ssl_config) { + return std::make_unique(this, std::move(stream_socket), + host_and_port, ssl_config); +} + } // namespace net diff --git a/chromium/net/socket/ssl_client_socket.h b/chromium/net/socket/ssl_client_socket.h index 90a7f96ad16..8b7d08ae1f2 100644 --- a/chromium/net/socket/ssl_client_socket.h +++ b/chromium/net/socket/ssl_client_socket.h @@ -7,48 +7,26 @@ #include -#include +#include #include #include "base/gtest_prod_util.h" -#include "base/strings/string_piece.h" -#include "net/base/load_flags.h" -#include "net/base/net_errors.h" +#include "base/macros.h" #include "net/base/net_export.h" #include "net/socket/ssl_socket.h" -#include "net/socket/stream_socket.h" namespace net { class CTPolicyEnforcer; class CertVerifier; class CTVerifier; +class HostPortPair; class SSLClientSessionCache; +struct SSLConfig; class SSLKeyLogger; +class StreamSocket; class TransportSecurityState; -// This struct groups together several fields which are used by various -// classes related to SSLClientSocket. -struct SSLClientSocketContext { - SSLClientSocketContext() = default; - SSLClientSocketContext(CertVerifier* cert_verifier_arg, - TransportSecurityState* transport_security_state_arg, - CTVerifier* cert_transparency_verifier_arg, - CTPolicyEnforcer* ct_policy_enforcer_arg, - SSLClientSessionCache* ssl_client_session_cache_arg) - : cert_verifier(cert_verifier_arg), - transport_security_state(transport_security_state_arg), - cert_transparency_verifier(cert_transparency_verifier_arg), - ct_policy_enforcer(ct_policy_enforcer_arg), - ssl_client_session_cache(ssl_client_session_cache_arg) {} - - CertVerifier* cert_verifier = nullptr; - TransportSecurityState* transport_security_state = nullptr; - CTVerifier* cert_transparency_verifier = nullptr; - CTPolicyEnforcer* ct_policy_enforcer = nullptr; - SSLClientSessionCache* ssl_client_session_cache = nullptr; -}; - // A client socket that uses SSL as the transport layer. // // NOTE: The SSL handshake occurs within the Connect method after a TCP @@ -99,6 +77,49 @@ class NET_EXPORT SSLClientSocket : public SSLSocket { bool stapled_ocsp_response_received_; }; +// Shared state and configuration across multiple SSLClientSockets. +class NET_EXPORT SSLClientContext { + public: + // Creates a new SSLClientContext with the specified parameters. The + // SSLClientContext may not outlive the input parameters. + // + // |ssl_client_session_cache| may be null to disable session caching. + SSLClientContext(CertVerifier* cert_verifier, + TransportSecurityState* transport_security_state, + CTVerifier* cert_transparency_verifier, + CTPolicyEnforcer* ct_policy_enforcer, + SSLClientSessionCache* ssl_client_session_cache); + ~SSLClientContext(); + + CertVerifier* cert_verifier() { return cert_verifier_; } + TransportSecurityState* transport_security_state() { + return transport_security_state_; + } + CTVerifier* cert_transparency_verifier() { + return cert_transparency_verifier_; + } + CTPolicyEnforcer* ct_policy_enforcer() { return ct_policy_enforcer_; } + SSLClientSessionCache* ssl_client_session_cache() { + return ssl_client_session_cache_; + } + + // Creates a new SSLClientSocket which can then be used to establish an SSL + // connection to |host_and_port| over the already-connected |stream_socket|. + std::unique_ptr CreateSSLClientSocket( + std::unique_ptr stream_socket, + const HostPortPair& host_and_port, + const SSLConfig& ssl_config); + + private: + CertVerifier* cert_verifier_; + TransportSecurityState* transport_security_state_; + CTVerifier* cert_transparency_verifier_; + CTPolicyEnforcer* ct_policy_enforcer_; + SSLClientSessionCache* ssl_client_session_cache_; + + DISALLOW_COPY_AND_ASSIGN(SSLClientContext); +}; + } // namespace net #endif // NET_SOCKET_SSL_CLIENT_SOCKET_H_ diff --git a/chromium/net/socket/ssl_client_socket_impl.cc b/chromium/net/socket/ssl_client_socket_impl.cc index 857dc8a00a8..1af7e165fb9 100644 --- a/chromium/net/socket/ssl_client_socket_impl.cc +++ b/chromium/net/socket/ssl_client_socket_impl.cc @@ -14,6 +14,7 @@ #include "base/bind.h" #include "base/callback_helpers.h" #include "base/containers/span.h" +#include "base/feature_list.h" #include "base/lazy_instance.h" #include "base/macros.h" #include "base/memory/singleton.h" @@ -42,13 +43,13 @@ #include "net/cert/x509_util.h" #include "net/der/parse_values.h" #include "net/http/transport_security_state.h" -#include "net/log/net_log.h" #include "net/log/net_log_event_type.h" -#include "net/log/net_log_parameters_callback.h" +#include "net/log/net_log_values.h" #include "net/ssl/ssl_cert_request_info.h" #include "net/ssl/ssl_cipher_suite_names.h" #include "net/ssl/ssl_client_session_cache.h" #include "net/ssl/ssl_connection_status_flags.h" +#include "net/ssl/ssl_handshake_details.h" #include "net/ssl/ssl_info.h" #include "net/ssl/ssl_key_logger.h" #include "net/ssl/ssl_private_key.h" @@ -78,9 +79,8 @@ const int kCertVerifyPending = 1; // Default size of the internal BoringSSL buffers. const int kDefaultOpenSSLBufferSize = 17 * 1024; -base::Value NetLogPrivateKeyOperationCallback(uint16_t algorithm, - SSLPrivateKey* key, - NetLogCaptureMode mode) { +base::Value NetLogPrivateKeyOperationParams(uint16_t algorithm, + SSLPrivateKey* key) { base::DictionaryValue value; value.SetString("algorithm", SSL_get_signature_algorithm_name( algorithm, 0 /* exclude curve */)); @@ -88,8 +88,7 @@ base::Value NetLogPrivateKeyOperationCallback(uint16_t algorithm, return std::move(value); } -base::Value NetLogSSLInfoCallback(SSLClientSocketImpl* socket, - NetLogCaptureMode capture_mode) { +base::Value NetLogSSLInfoParams(SSLClientSocketImpl* socket) { SSLInfo ssl_info; if (!socket->GetSSLInfo(&ssl_info)) return base::Value(); @@ -110,18 +109,16 @@ base::Value NetLogSSLInfoCallback(SSLClientSocketImpl* socket, return std::move(dict); } -base::Value NetLogSSLAlertCallback(const void* bytes, - size_t len, - NetLogCaptureMode capture_mode) { +base::Value NetLogSSLAlertParams(const void* bytes, size_t len) { base::DictionaryValue dict; dict.SetKey("bytes", NetLogBinaryValue(bytes, len)); return std::move(dict); } -base::Value NetLogSSLMessageCallback(bool is_write, - const void* bytes, - size_t len, - NetLogCaptureMode capture_mode) { +base::Value NetLogSSLMessageParams(bool is_write, + const void* bytes, + size_t len, + NetLogCaptureMode capture_mode) { base::DictionaryValue dict; if (len == 0) { NOTREACHED(); @@ -138,7 +135,7 @@ base::Value NetLogSSLMessageCallback(bool is_write, // (that's the private key which isn't sent over the wire), but it may contain // information on the user's identity. if (!is_write || type != SSL3_MT_CERTIFICATE || - capture_mode.include_socket_bytes()) { + NetLogCaptureIncludesSocketBytes(capture_mode)) { dict.SetKey("bytes", NetLogBinaryValue(bytes, len)); } @@ -400,37 +397,29 @@ const SSL_PRIVATE_KEY_METHOD }; SSLClientSocketImpl::SSLClientSocketImpl( + SSLClientContext* context, std::unique_ptr stream_socket, const HostPortPair& host_and_port, - const SSLConfig& ssl_config, - const SSLClientSocketContext& context) + const SSLConfig& ssl_config) : pending_read_error_(kSSLClientSocketNoPendingResult), pending_read_ssl_error_(SSL_ERROR_NONE), completed_connect_(false), was_ever_used_(false), - cert_verifier_(context.cert_verifier), + context_(context), cert_verification_result_(kCertVerifyPending), - cert_transparency_verifier_(context.cert_transparency_verifier), stream_socket_(std::move(stream_socket)), host_and_port_(host_and_port), ssl_config_(ssl_config), - ssl_client_session_cache_(context.ssl_client_session_cache), next_handshake_state_(STATE_NONE), in_confirm_handshake_(false), disconnected_(false), negotiated_protocol_(kProtoUnknown), certificate_requested_(false), signature_result_(kSSLClientSocketNoPendingResult), - transport_security_state_(context.transport_security_state), - policy_enforcer_(context.ct_policy_enforcer), pkp_bypassed_(false), is_fatal_cert_error_(false), - net_log_(stream_socket_->NetLog()), - weak_factory_(this) { - CHECK(cert_verifier_); - CHECK(transport_security_state_); - CHECK(cert_transparency_verifier_); - CHECK(policy_enforcer_); + net_log_(stream_socket_->NetLog()) { + CHECK(context_); } SSLClientSocketImpl::~SSLClientSocketImpl() { @@ -794,7 +783,18 @@ int SSLClientSocketImpl::Init() { if (IsCachingEnabled()) { bssl::UniquePtr session = - ssl_client_session_cache_->Lookup(GetSessionCacheKey()); + context_->ssl_client_session_cache()->Lookup( + GetSessionCacheKey(/*dest_ip_addr=*/base::nullopt)); + if (!session) { + // If a previous session negotiated an RSA cipher suite then it may have + // been inserted into the cache keyed by both hostname and resolved IP + // address. See https://crbug.com/969684. + IPEndPoint peer_address; + if (stream_socket_->GetPeerAddress(&peer_address) == OK) { + session = context_->ssl_client_session_cache()->Lookup( + GetSessionCacheKey(peer_address.address())); + } + } if (session) SSL_set_session(ssl_.get(), session.get()); } @@ -871,9 +871,7 @@ int SSLClientSocketImpl::Init() { if (!ssl_config_.alpn_protos.empty()) { std::vector wire_protos = SerializeNextProtos(ssl_config_.alpn_protos); - SSL_set_alpn_protos(ssl_.get(), - wire_protos.empty() ? nullptr : &wire_protos[0], - wire_protos.size()); + SSL_set_alpn_protos(ssl_.get(), wire_protos.data(), wire_protos.size()); } SSL_enable_signed_cert_timestamps(ssl_.get()); @@ -942,9 +940,8 @@ int SSLClientSocketImpl::DoHandshake() { LOG(ERROR) << "handshake failed; returned " << rv << ", SSL error code " << ssl_error << ", net_error " << net_error; - net_log_.AddEvent( - NetLogEventType::SSL_HANDSHAKE_ERROR, - CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); + NetLogOpenSSLError(net_log_, NetLogEventType::SSL_HANDSHAKE_ERROR, + net_error, ssl_error, error_info); } next_handshake_state_ = STATE_HANDSHAKE_COMPLETE; @@ -960,10 +957,6 @@ int SSLClientSocketImpl::DoHandshakeComplete(int result) { return OK; } - if (IsCachingEnabled()) { - ssl_client_session_cache_->ResetLookupCount(GetSessionCacheKey()); - } - const uint8_t* alpn_proto = nullptr; unsigned alpn_len = 0; SSL_get0_alpn_selected(ssl_.get(), &alpn_proto, &alpn_len); @@ -1074,6 +1067,26 @@ int SSLClientSocketImpl::DoHandshakeComplete(int result) { } } + SSLHandshakeDetails details; + if (SSL_version(ssl_.get()) < TLS1_3_VERSION) { + if (SSL_session_reused(ssl_.get())) { + details = SSLHandshakeDetails::kTLS12Resume; + } else if (SSL_in_false_start(ssl_.get())) { + details = SSLHandshakeDetails::kTLS12FalseStart; + } else { + details = SSLHandshakeDetails::kTLS12Full; + } + } else { + if (SSL_in_early_data(ssl_.get())) { + details = SSLHandshakeDetails::kTLS13Early; + } else if (SSL_session_reused(ssl_.get())) { + details = SSLHandshakeDetails::kTLS13Resume; + } else { + details = SSLHandshakeDetails::kTLS13Full; + } + } + UMA_HISTOGRAM_ENUMERATION("Net.SSLHandshakeDetails", details); + completed_connect_ = true; next_handshake_state_ = STATE_NONE; return OK; @@ -1115,9 +1128,9 @@ ssl_verify_result_t SSLClientSocketImpl::VerifyCert() { return ssl_verify_invalid; } - net_log_.AddEvent(NetLogEventType::SSL_CERTIFICATES_RECEIVED, - base::Bind(&NetLogX509CertificateCallback, - base::Unretained(server_cert_.get()))); + net_log_.AddEvent(NetLogEventType::SSL_CERTIFICATES_RECEIVED, [&] { + return NetLogX509CertificateParams(server_cert_.get()); + }); // If the certificate is bad and has been previously accepted, use // the previous status and bypass the error. @@ -1144,7 +1157,7 @@ ssl_verify_result_t SSLClientSocketImpl::VerifyCert() { base::StringPiece sct_list(reinterpret_cast(sct_list_raw), sct_list_len); - cert_verification_result_ = cert_verifier_->Verify( + cert_verification_result_ = context_->cert_verifier()->Verify( CertVerifier::RequestParams( server_cert_, host_and_port_.host(), ssl_config_.GetCertVerifyFlags(), ocsp_response.as_string(), sct_list.as_string()), @@ -1204,7 +1217,7 @@ ssl_verify_result_t SSLClientSocketImpl::HandleVerifyResult() { IsCertStatusMinorError(server_cert_verify_result_.cert_status)))) { int ct_result = VerifyCT(); TransportSecurityState::PKPStatus pin_validity = - transport_security_state_->CheckPublicKeyPins( + context_->transport_security_state()->CheckPublicKeyPins( host_and_port_, server_cert_verify_result_.is_issued_by_known_root, server_cert_verify_result_.public_key_hashes, server_cert_.get(), server_cert_verify_result_.verified_cert.get(), @@ -1229,7 +1242,8 @@ ssl_verify_result_t SSLClientSocketImpl::HandleVerifyResult() { is_fatal_cert_error_ = IsCertStatusError(server_cert_verify_result_.cert_status) && !IsCertStatusMinorError(server_cert_verify_result_.cert_status) && - transport_security_state_->ShouldSSLErrorsBeFatal(host_and_port_.host()); + context_->transport_security_state()->ShouldSSLErrorsBeFatal( + host_and_port_.host()); if (IsCertificateError(result) && ssl_config_.ignore_certificate_errors) { result = OK; @@ -1304,10 +1318,8 @@ int SSLClientSocketImpl::DoPayloadRead(IOBuffer* buf, int buf_len) { net_log_.AddByteTransferEvent(NetLogEventType::SSL_SOCKET_BYTES_RECEIVED, rv, buf->data()); } else { - net_log_.AddEvent( - NetLogEventType::SSL_READ_ERROR, - CreateNetLogOpenSSLErrorCallback(rv, pending_read_ssl_error_, - pending_read_error_info_)); + NetLogOpenSSLError(net_log_, NetLogEventType::SSL_READ_ERROR, rv, + pending_read_ssl_error_, pending_read_error_info_); } pending_read_ssl_error_ = SSL_ERROR_NONE; pending_read_error_info_ = OpenSSLErrorInfo(); @@ -1375,10 +1387,8 @@ int SSLClientSocketImpl::DoPayloadRead(IOBuffer* buf, int buf_len) { net_log_.AddByteTransferEvent(NetLogEventType::SSL_SOCKET_BYTES_RECEIVED, rv, buf->data()); } else if (rv != ERR_IO_PENDING) { - net_log_.AddEvent( - NetLogEventType::SSL_READ_ERROR, - CreateNetLogOpenSSLErrorCallback(rv, pending_read_ssl_error_, - pending_read_error_info_)); + NetLogOpenSSLError(net_log_, NetLogEventType::SSL_READ_ERROR, rv, + pending_read_ssl_error_, pending_read_error_info_); pending_read_ssl_error_ = SSL_ERROR_NONE; pending_read_error_info_ = OpenSSLErrorInfo(); } @@ -1410,9 +1420,8 @@ int SSLClientSocketImpl::DoPayloadWrite() { int net_error = MapLastOpenSSLError(ssl_error, err_tracer, &error_info); if (net_error != ERR_IO_PENDING) { - net_log_.AddEvent( - NetLogEventType::SSL_WRITE_ERROR, - CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); + NetLogOpenSSLError(net_log_, NetLogEventType::SSL_WRITE_ERROR, net_error, + ssl_error, error_info); } return net_error; } @@ -1473,15 +1482,17 @@ int SSLClientSocketImpl::VerifyCT() { // Note that this is a completely synchronous operation: The CT Log Verifier // gets all the data it needs for SCT verification and does not do any // external communication. - cert_transparency_verifier_->Verify( + context_->cert_transparency_verifier()->Verify( host_and_port().host(), server_cert_verify_result_.verified_cert.get(), ocsp_response, sct_list, &ct_verify_result_.scts, net_log_); ct::SCTList verified_scts = ct::SCTsMatchingStatus(ct_verify_result_.scts, ct::SCT_STATUS_OK); - ct_verify_result_.policy_compliance = policy_enforcer_->CheckCompliance( - server_cert_verify_result_.verified_cert.get(), verified_scts, net_log_); + ct_verify_result_.policy_compliance = + context_->ct_policy_enforcer()->CheckCompliance( + server_cert_verify_result_.verified_cert.get(), verified_scts, + net_log_); if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV) { if (ct_verify_result_.policy_compliance != ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS && @@ -1512,7 +1523,7 @@ int SSLClientSocketImpl::VerifyCT() { } TransportSecurityState::CTRequirementsStatus ct_requirement_status = - transport_security_state_->CheckCTRequirements( + context_->transport_security_state()->CheckCTRequirements( host_and_port_, server_cert_verify_result_.is_issued_by_known_root, server_cert_verify_result_.public_key_hashes, server_cert_verify_result_.verified_cert.get(), server_cert_.get(), @@ -1590,19 +1601,17 @@ int SSLClientSocketImpl::ClientCertRequestCallback(SSL* ssl) { SSL_set_signing_algorithm_prefs(ssl_.get(), preferences.data(), preferences.size()); - net_log_.AddEvent( - NetLogEventType::SSL_CLIENT_CERT_PROVIDED, - NetLog::IntCallback( - "cert_count", - base::checked_cast( - 1 + ssl_config_.client_cert->intermediate_buffers().size()))); + net_log_.AddEventWithIntParams( + NetLogEventType::SSL_CLIENT_CERT_PROVIDED, "cert_count", + base::checked_cast( + 1 + ssl_config_.client_cert->intermediate_buffers().size())); return 1; } #endif // defined(OS_IOS) // Send no client certificate. - net_log_.AddEvent(NetLogEventType::SSL_CLIENT_CERT_PROVIDED, - NetLog::IntCallback("cert_count", 0)); + net_log_.AddEventWithIntParams(NetLogEventType::SSL_CLIENT_CERT_PROVIDED, + "cert_count", 0); return 1; } @@ -1610,10 +1619,23 @@ int SSLClientSocketImpl::NewSessionCallback(SSL_SESSION* session) { if (!IsCachingEnabled()) return 0; + base::Optional ip_addr; + if (SSL_CIPHER_get_kx_nid(SSL_SESSION_get0_cipher(session)) == NID_kx_rsa) { + // If RSA key exchange was used, additionally key the cache with the + // destination IP address. Of course, if a proxy is being used, the + // semantics of this are a little complex, but we're doing our best. See + // https://crbug.com/969684 + IPEndPoint ip_endpoint; + if (stream_socket_->GetPeerAddress(&ip_endpoint) != OK) { + return 0; + } + ip_addr = ip_endpoint.address(); + } + // OpenSSL optionally passes ownership of |session|. Returning one signals // that this function has claimed it. - ssl_client_session_cache_->Insert(GetSessionCacheKey(), - bssl::UniquePtr(session)); + context_->ssl_client_session_cache()->Insert( + GetSessionCacheKey(ip_addr), bssl::UniquePtr(session)); return 1; } @@ -1621,8 +1643,25 @@ void SSLClientSocketImpl::AddCTInfoToSSLInfo(SSLInfo* ssl_info) const { ssl_info->UpdateCertificateTransparencyInfo(ct_verify_result_); } -std::string SSLClientSocketImpl::GetSessionCacheKey() const { - return host_and_port_.ToString(); +std::string SSLClientSocketImpl::GetSessionCacheKey( + base::Optional dest_ip_addr) const { + std::string ret; + if (dest_ip_addr) { + ret += dest_ip_addr->ToString(); + } + ret.push_back('/'); + ret += host_and_port_.ToString(); + ret.push_back('/'); + if (ssl_config_.privacy_mode == PRIVACY_MODE_ENABLED) { + ret.push_back('1'); + } else { + ret.push_back('0'); + } + if (base::FeatureList::IsEnabled( + features::kPartitionSSLSessionsByNetworkIsolationKey)) { + ret += '/' + ssl_config_.network_isolation_key.ToString(); + } + return ret; } bool SSLClientSocketImpl::IsRenegotiationAllowed() const { @@ -1637,7 +1676,7 @@ bool SSLClientSocketImpl::IsRenegotiationAllowed() const { } bool SSLClientSocketImpl::IsCachingEnabled() const { - return ssl_client_session_cache_ != nullptr; + return context_->ssl_client_session_cache() != nullptr; } ssl_private_key_result_t SSLClientSocketImpl::PrivateKeySignCallback( @@ -1651,13 +1690,13 @@ ssl_private_key_result_t SSLClientSocketImpl::PrivateKeySignCallback( DCHECK(signature_.empty()); DCHECK(ssl_config_.client_private_key); - net_log_.BeginEvent( - NetLogEventType::SSL_PRIVATE_KEY_OP, - base::BindRepeating( - &NetLogPrivateKeyOperationCallback, algorithm, - // Pass the SSLPrivateKey pointer to avoid making copies of the - // provider name in the common case with logging disabled. - base::Unretained(ssl_config_.client_private_key.get()))); + net_log_.BeginEvent(NetLogEventType::SSL_PRIVATE_KEY_OP, [&] { + return NetLogPrivateKeyOperationParams( + algorithm, + // Pass the SSLPrivateKey pointer to avoid making copies of the + // provider name in the common case with logging disabled. + ssl_config_.client_private_key.get()); + }); signature_result_ = ERR_IO_PENDING; ssl_config_.client_private_key->Sign( @@ -1723,13 +1762,15 @@ void SSLClientSocketImpl::MessageCallback(int is_write, case SSL3_RT_ALERT: net_log_.AddEvent(is_write ? NetLogEventType::SSL_ALERT_SENT : NetLogEventType::SSL_ALERT_RECEIVED, - base::Bind(&NetLogSSLAlertCallback, buf, len)); + [&] { return NetLogSSLAlertParams(buf, len); }); break; case SSL3_RT_HANDSHAKE: net_log_.AddEvent( is_write ? NetLogEventType::SSL_HANDSHAKE_MESSAGE_SENT : NetLogEventType::SSL_HANDSHAKE_MESSAGE_RECEIVED, - base::Bind(&NetLogSSLMessageCallback, !!is_write, buf, len)); + [&](NetLogCaptureMode capture_mode) { + return NetLogSSLMessageParams(!!is_write, buf, len, capture_mode); + }); break; default: return; @@ -1743,7 +1784,7 @@ void SSLClientSocketImpl::LogConnectEndEvent(int rv) { } net_log_.EndEvent(NetLogEventType::SSL_CONNECT, - base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); + [&] { return NetLogSSLInfoParams(this); }); } void SSLClientSocketImpl::RecordNegotiatedProtocol() const { diff --git a/chromium/net/socket/ssl_client_socket_impl.h b/chromium/net/socket/ssl_client_socket_impl.h index fef393adee6..a360025e686 100644 --- a/chromium/net/socket/ssl_client_socket_impl.h +++ b/chromium/net/socket/ssl_client_socket_impl.h @@ -41,8 +41,6 @@ class OpenSSLErrStackTracer; namespace net { -class CertVerifier; -class CTVerifier; class SSLCertRequestInfo; class SSLInfo; class SSLKeyLogger; @@ -53,11 +51,11 @@ class SSLClientSocketImpl : public SSLClientSocket, // Takes ownership of |stream_socket|, which may already be connected. // The given hostname will be compared with the name(s) in the server's // certificate during the SSL handshake. |ssl_config| specifies the SSL - // settings. - SSLClientSocketImpl(std::unique_ptr stream_socket, + // settings. The resulting socket may not outlive |context|. + SSLClientSocketImpl(SSLClientContext* context, + std::unique_ptr stream_socket, const HostPortPair& host_and_port, - const SSLConfig& ssl_config, - const SSLClientSocketContext& context); + const SSLConfig& ssl_config); ~SSLClientSocketImpl() override; const HostPortPair& host_and_port() const { return host_and_port_; } @@ -165,7 +163,7 @@ class SSLClientSocketImpl : public SSLClientSocket, void AddCTInfoToSSLInfo(SSLInfo* ssl_info) const; // Returns a unique key string for the SSL session cache for this socket. - std::string GetSessionCacheKey() const; + std::string GetSessionCacheKey(base::Optional dest_ip_addr) const; // Returns true if renegotiations are allowed. bool IsRenegotiationAllowed() const; @@ -244,7 +242,8 @@ class SSLClientSocketImpl : public SSLClientSocket, // network. bool was_ever_used_; - CertVerifier* const cert_verifier_; + SSLClientContext* const context_; + std::unique_ptr cert_verifier_request_; base::TimeTicks start_cert_verification_time_; @@ -253,7 +252,6 @@ class SSLClientSocketImpl : public SSLClientSocket, // Certificate Transparency: Verifier and result holder. ct::CTVerifyResult ct_verify_result_; - CTVerifier* cert_transparency_verifier_; // OpenSSL stuff bssl::UniquePtr ssl_; @@ -262,8 +260,6 @@ class SSLClientSocketImpl : public SSLClientSocket, std::unique_ptr transport_adapter_; const HostPortPair host_and_port_; SSLConfig ssl_config_; - // ssl_client_session_cache_ is a non-owning pointer to session cache - SSLClientSessionCache* ssl_client_session_cache_; enum State { STATE_NONE, @@ -285,10 +281,6 @@ class SSLClientSocketImpl : public SSLClientSocket, int signature_result_; std::vector signature_; - TransportSecurityState* transport_security_state_; - - CTPolicyEnforcer* const policy_enforcer_; - // pinning_failure_log contains a message produced by // TransportSecurityState::CheckPublicKeyPins in the event of a // pinning failure. It is a (somewhat) human-readable string. @@ -302,7 +294,7 @@ class SSLClientSocketImpl : public SSLClientSocket, bool is_fatal_cert_error_; NetLogWithSource net_log_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(SSLClientSocketImpl); }; diff --git a/chromium/net/socket/ssl_client_socket_unittest.cc b/chromium/net/socket/ssl_client_socket_unittest.cc index f07bdcd6a37..917d43b40f9 100644 --- a/chromium/net/socket/ssl_client_socket_unittest.cc +++ b/chromium/net/socket/ssl_client_socket_unittest.cc @@ -34,6 +34,7 @@ #include "net/base/ip_address.h" #include "net/base/ip_endpoint.h" #include "net/base/net_errors.h" +#include "net/base/network_isolation_key.h" #include "net/base/test_completion_callback.h" #include "net/cert/asn1_util.h" #include "net/cert/ct_policy_enforcer.h" @@ -53,7 +54,6 @@ #include "net/log/net_log_event_type.h" #include "net/log/net_log_source.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/socket/client_socket_factory.h" #include "net/socket/client_socket_handle.h" @@ -66,6 +66,7 @@ #include "net/ssl/ssl_client_session_cache.h" #include "net/ssl/ssl_config_service.h" #include "net/ssl/ssl_connection_status_flags.h" +#include "net/ssl/ssl_handshake_details.h" #include "net/ssl/ssl_info.h" #include "net/ssl/ssl_server_config.h" #include "net/ssl/test_ssl_private_key.h" @@ -85,6 +86,8 @@ #include "third_party/boringssl/src/include/openssl/bio.h" #include "third_party/boringssl/src/include/openssl/evp.h" #include "third_party/boringssl/src/include/openssl/pem.h" +#include "url/gurl.h" +#include "url/origin.h" using net::test::IsError; using net::test::IsOk; @@ -790,17 +793,18 @@ class SSLClientSocketTest : public PlatformTest, public: SSLClientSocketTest() : socket_factory_(ClientSocketFactory::GetDefaultFactory()), - cert_verifier_(new MockCertVerifier), - transport_security_state_(new TransportSecurityState), - ct_verifier_(new DoNothingCTVerifier), - ct_policy_enforcer_(new MockCTPolicyEnforcer), - ssl_client_session_cache_( - new SSLClientSessionCache(SSLClientSessionCache::Config())), - context_(cert_verifier_.get(), - transport_security_state_.get(), - ct_verifier_.get(), - ct_policy_enforcer_.get(), - ssl_client_session_cache_.get()) { + cert_verifier_(std::make_unique()), + transport_security_state_(std::make_unique()), + ct_verifier_(std::make_unique()), + ct_policy_enforcer_(std::make_unique()), + ssl_client_session_cache_(std::make_unique( + SSLClientSessionCache::Config())), + context_(std::make_unique( + cert_verifier_.get(), + transport_security_state_.get(), + ct_verifier_.get(), + ct_policy_enforcer_.get(), + ssl_client_session_cache_.get())) { cert_verifier_->set_default_result(OK); EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(_, _, _)) @@ -827,18 +831,6 @@ class SSLClientSocketTest : public PlatformTest, return spawned_test_server_.get(); } - void SetCertVerifier(CertVerifier* cert_verifier) { - context_.cert_verifier = cert_verifier; - } - - void SetCTVerifier(CTVerifier* ct_verifier) { - context_.cert_transparency_verifier = ct_verifier; - } - - void SetCTPolicyEnforcer(CTPolicyEnforcer* policy_enforcer) { - context_.ct_policy_enforcer = policy_enforcer; - } - // Starts the embedded test server with the specified parameters. Returns true // on success. bool StartEmbeddedTestServer(EmbeddedTestServer::ServerCertificate cert, @@ -890,7 +882,7 @@ class SSLClientSocketTest : public PlatformTest, const HostPortPair& host_and_port, const SSLConfig& ssl_config) { return socket_factory_->CreateSSLClientSocket( - std::move(transport_socket), host_and_port, ssl_config, context_); + context_.get(), std::move(transport_socket), host_and_port, ssl_config); } // Create an SSLClientSocket object and use it to connect to a test server, @@ -946,15 +938,15 @@ class SSLClientSocketTest : public PlatformTest, cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK); } + TestNetLog log_; ClientSocketFactory* socket_factory_; std::unique_ptr cert_verifier_; std::unique_ptr transport_security_state_; std::unique_ptr ct_verifier_; std::unique_ptr ct_policy_enforcer_; std::unique_ptr ssl_client_session_cache_; - SSLClientSocketContext context_; + std::unique_ptr context_; std::unique_ptr sock_; - TestNetLog log_; private: std::unique_ptr spawned_test_server_; @@ -1015,14 +1007,14 @@ class ClientSocketFactoryWithoutReadIfReady : public ClientSocketFactory { } std::unique_ptr CreateSSLClientSocket( + SSLClientContext* context, std::unique_ptr stream_socket, const HostPortPair& host_and_port, - const SSLConfig& ssl_config, - const SSLClientSocketContext& context) override { + const SSLConfig& ssl_config) override { stream_socket = std::make_unique( std::move(stream_socket)); - return factory_->CreateSSLClientSocket(std::move(stream_socket), - host_and_port, ssl_config, context); + return factory_->CreateSSLClientSocket(context, std::move(stream_socket), + host_and_port, ssl_config); } std::unique_ptr CreateProxyClientSocket( @@ -1148,7 +1140,7 @@ class SSLClientSocketCertRequestInfoTest : public SSLClientSocketTest { rv = callback.GetResult(sock->Connect(callback.callback())); EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED)); - scoped_refptr request_info = new SSLCertRequestInfo(); + auto request_info = base::MakeRefCounted(); sock->GetSSLCertRequestInfo(request_info.get()); sock->Disconnect(); EXPECT_FALSE(sock->IsConnected()); @@ -1467,6 +1459,9 @@ class HangingCertVerifier : public CertVerifier { } // namespace +// TODO(950069): Add testing for frame_origin in NetworkIsolationKey +// using kAppendInitiatingFrameOriginToNetworkIsolationKey. + TEST_F(SSLClientSocketTest, Connect) { ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); @@ -1485,14 +1480,13 @@ TEST_F(SSLClientSocketTest, Connect) { rv = sock->Connect(callback.callback()); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_TRUE(LogContainsBeginEvent(entries, 5, NetLogEventType::SSL_CONNECT)); if (rv == ERR_IO_PENDING) rv = callback.WaitForResult(); EXPECT_THAT(rv, IsOk()); EXPECT_TRUE(sock->IsConnected()); - log.GetEntries(&entries); + entries = log.GetEntries(); EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT)); sock->Disconnect(); @@ -1523,8 +1517,7 @@ TEST_F(SSLClientSocketTest, ConnectExpired) { // test that the handshake has finished. This is because it may be // desirable to disconnect the socket before showing a user prompt, since // the user may take indefinitely long to respond. - TestNetLogEntry::List entries; - log_.GetEntries(&entries); + auto entries = log_.GetEntries(); EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT)); } @@ -1547,7 +1540,9 @@ TEST_F(SSLClientSocketTest, SocketDestroyedDuringVerify) { ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); HangingCertVerifier verifier; - SetCertVerifier(&verifier); + context_ = std::make_unique( + &verifier, transport_security_state_.get(), ct_verifier_.get(), + ct_policy_enforcer_.get(), ssl_client_session_cache_.get()); TestCompletionCallback callback; auto transport = @@ -1568,6 +1563,8 @@ TEST_F(SSLClientSocketTest, SocketDestroyedDuringVerify) { // Destroying the socket should cancel it. sock = nullptr; EXPECT_EQ(0, verifier.num_active_requests()); + + context_ = nullptr; } TEST_F(SSLClientSocketTest, ConnectMismatched) { @@ -1585,8 +1582,7 @@ TEST_F(SSLClientSocketTest, ConnectMismatched) { // test that the handshake has finished. This is because it may be // desirable to disconnect the socket before showing a user prompt, since // the user may take indefinitely long to respond. - TestNetLogEntry::List entries; - log_.GetEntries(&entries); + auto entries = log_.GetEntries(); EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT)); } @@ -1632,8 +1628,7 @@ TEST_F(SSLClientSocketTest, ConnectClientAuthCertRequested) { ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); EXPECT_THAT(rv, IsError(ERR_SSL_CLIENT_AUTH_CERT_NEEDED)); - TestNetLogEntry::List entries; - log_.GetEntries(&entries); + auto entries = log_.GetEntries(); EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT)); EXPECT_FALSE(sock_->IsConnected()); } @@ -2383,7 +2378,7 @@ TEST_P(SSLClientSocketReadTest, Read_FullLogging) { TestCompletionCallback callback; TestNetLog log; - log.SetCaptureMode(NetLogCaptureMode::IncludeSocketBytes()); + log.SetObserverCaptureMode(NetLogCaptureMode::kEverything); std::unique_ptr transport( new TCPClientSocket(addr(), nullptr, &log, NetLogSource())); int rv = callback.GetResult(transport->Connect(callback.callback())); @@ -2407,8 +2402,7 @@ TEST_P(SSLClientSocketReadTest, Read_FullLogging) { callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS)); EXPECT_EQ(static_cast(base::size(request_text) - 1), rv); - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); size_t last_index = ExpectLogContainsSomewhereAfter( entries, 5, NetLogEventType::SSL_SOCKET_BYTES_SENT, NetLogEventPhase::NONE); @@ -2420,7 +2414,7 @@ TEST_P(SSLClientSocketReadTest, Read_FullLogging) { if (rv <= 0) break; - log.GetEntries(&entries); + entries = log.GetEntries(); last_index = ExpectLogContainsSomewhereAfter( entries, last_index + 1, NetLogEventType::SSL_SOCKET_BYTES_RECEIVED, NetLogEventPhase::NONE); @@ -2504,8 +2498,8 @@ TEST_F(SSLClientSocketTest, ClientSocketHandleNotFromPool) { EXPECT_THAT(rv, IsOk()); std::unique_ptr sock(socket_factory_->CreateSSLClientSocket( - std::move(transport), spawned_test_server()->host_port_pair(), - SSLConfig(), context_)); + context_.get(), std::move(transport), + spawned_test_server()->host_port_pair(), SSLConfig())); EXPECT_FALSE(sock->IsConnected()); rv = callback.GetResult(sock->Connect(callback.callback())); @@ -2688,8 +2682,7 @@ TEST_F(SSLClientSocketTest, VerifyReturnChainProperlyOrdered) { EXPECT_THAT(rv, IsOk()); EXPECT_TRUE(sock_->IsConnected()); - TestNetLogEntry::List entries; - log_.GetEntries(&entries); + auto entries = log_.GetEntries(); EXPECT_TRUE(LogContainsEndEvent(entries, -1, NetLogEventType::SSL_CONNECT)); SSLInfo ssl_info; @@ -2811,10 +2804,10 @@ TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsTLSExtension) { ssl_options.signed_cert_timestamps_tls_ext = sct_ext.as_string(); ASSERT_TRUE(StartTestServer(ssl_options)); - SSLConfig ssl_config; - MockCTVerifier ct_verifier; - SetCTVerifier(&ct_verifier); + context_ = std::make_unique( + cert_verifier_.get(), transport_security_state_.get(), &ct_verifier, + ct_policy_enforcer_.get(), ssl_client_session_cache_.get()); // Check that the SCT list is extracted from the TLS extension as expected, // while also simulating that it was an unparsable response. @@ -2823,10 +2816,13 @@ TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsTLSExtension) { .WillOnce(testing::SetArgPointee<4>(sct_list)); int rv; - ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); + ASSERT_TRUE(CreateAndConnectSSLClientSocket(SSLConfig(), &rv)); EXPECT_THAT(rv, IsOk()); EXPECT_TRUE(sock_->signed_cert_timestamps_received_); + + sock_ = nullptr; + context_ = nullptr; } // Test that when a CT verifier and a CTPolicyEnforcer are defined, and @@ -2840,9 +2836,7 @@ TEST_F(SSLClientSocketTest, EVCertStatusMaintainedForCompliantCert) { AddServerCertStatusToSSLConfig(CERT_STATUS_IS_EV, &ssl_config); // Emulate compliance of the certificate to the policy. - MockCTPolicyEnforcer policy_enforcer; - SetCTPolicyEnforcer(&policy_enforcer); - EXPECT_CALL(policy_enforcer, CheckCompliance(_, _, _)) + EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(_, _, _)) .WillRepeatedly( Return(ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS)); @@ -2867,9 +2861,7 @@ TEST_F(SSLClientSocketTest, EVCertStatusRemovedForNonCompliantCert) { AddServerCertStatusToSSLConfig(CERT_STATUS_IS_EV, &ssl_config); // Emulate non-compliance of the certificate to the policy. - MockCTPolicyEnforcer policy_enforcer; - SetCTPolicyEnforcer(&policy_enforcer); - EXPECT_CALL(policy_enforcer, CheckCompliance(_, _, _)) + EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(_, _, _)) .WillRepeatedly( Return(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS)); @@ -2903,9 +2895,7 @@ TEST_F(SSLClientSocketTest, NonCTCompliantEVHistogram) { cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK); // Emulate non-compliance of the certificate to the policy. - MockCTPolicyEnforcer policy_enforcer; - SetCTPolicyEnforcer(&policy_enforcer); - EXPECT_CALL(policy_enforcer, CheckCompliance(_, _, _)) + EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(_, _, _)) .WillRepeatedly( Return(ct::CTPolicyCompliance::CT_POLICY_NOT_ENOUGH_SCTS)); @@ -2943,9 +2933,7 @@ TEST_F(SSLClientSocketTest, CTCompliantEVHistogram) { cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK); // Emulate non-compliance of the certificate to the policy. - MockCTPolicyEnforcer policy_enforcer; - SetCTPolicyEnforcer(&policy_enforcer); - EXPECT_CALL(policy_enforcer, CheckCompliance(_, _, _)) + EXPECT_CALL(*ct_policy_enforcer_, CheckCompliance(_, _, _)) .WillRepeatedly( Return(ct::CTPolicyCompliance::CT_POLICY_COMPLIES_VIA_SCTS)); @@ -3045,7 +3033,7 @@ TEST_F(SSLClientSocketTest, IsFatalErrorSetOnFatalError) { int rv; const base::Time expiry = base::Time::Now() + base::TimeDelta::FromSeconds(1000); - context_.transport_security_state->AddHSTS( + transport_security_state_->AddHSTS( spawned_test_server()->host_port_pair().host(), expiry, true); ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); SSLInfo ssl_info; @@ -3131,7 +3119,7 @@ TEST_F(SSLClientSocketTest, SessionResumption) { EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); sock.reset(); - context_.ssl_client_session_cache->Flush(); + ssl_client_session_cache_->Flush(); // After clearing the session cache, the next handshake doesn't resume. ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); @@ -3140,6 +3128,83 @@ TEST_F(SSLClientSocketTest, SessionResumption) { EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); } +namespace { + +// FakePeerAddressSocket wraps a |StreamSocket|, forwarding all calls except +// that it provides a given answer for |GetPeerAddress|. +class FakePeerAddressSocket : public WrappedStreamSocket { + public: + FakePeerAddressSocket(std::unique_ptr socket, + const IPEndPoint& address) + : WrappedStreamSocket(std::move(socket)), address_(address) {} + ~FakePeerAddressSocket() override {} + + int GetPeerAddress(IPEndPoint* address) const override { + *address = address_; + return OK; + } + + private: + const IPEndPoint address_; +}; + +} // namespace + +TEST_F(SSLClientSocketTest, SessionResumption_RSA) { + for (bool use_rsa : {false, true}) { + SCOPED_TRACE(use_rsa); + + SpawnedTestServer::SSLOptions ssl_options; + ssl_options.key_exchanges = + use_rsa ? SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA + : SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; + ASSERT_TRUE(StartTestServer(ssl_options)); + SSLConfig ssl_config; + ssl_client_session_cache_->Flush(); + + for (int i = 0; i < 3; i++) { + SCOPED_TRACE(i); + + std::unique_ptr transport( + new TCPClientSocket(addr(), nullptr, &log_, NetLogSource())); + TestCompletionCallback callback; + ASSERT_THAT(callback.GetResult(transport->Connect(callback.callback())), + IsOk()); + // The third handshake sees a different destination IP address. + IPEndPoint fake_peer_address(IPAddress(1, 1, 1, i == 2 ? 2 : 1), 443); + auto socket = std::make_unique( + std::move(transport), fake_peer_address); + std::unique_ptr sock = CreateSSLClientSocket( + std::move(socket), HostPortPair("example.com", 443), ssl_config); + ASSERT_THAT(callback.GetResult(sock->Connect(callback.callback())), + IsOk()); + SSLInfo ssl_info; + ASSERT_TRUE(sock->GetSSLInfo(&ssl_info)); + sock.reset(); + + switch (i) { + case 0: + // Initial handshake should be a full handshake. + EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); + break; + case 1: + // Second handshake should resume. + EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); + break; + case 2: + // Third handshake gets a different IP address and, if the + // session used RSA key exchange, it should not resume. + EXPECT_EQ( + use_rsa ? SSLInfo::HANDSHAKE_FULL : SSLInfo::HANDSHAKE_RESUME, + ssl_info.handshake_type); + break; + default: + NOTREACHED(); + } + } + } +} + // Tests that ALPN works with session resumption. TEST_F(SSLClientSocketTest, SessionResumptionAlpn) { SpawnedTestServer::SSLOptions ssl_options; @@ -3170,6 +3235,120 @@ TEST_F(SSLClientSocketTest, SessionResumptionAlpn) { EXPECT_EQ(kProtoHTTP11, sock_->GetNegotiatedProtocol()); } +// Tests that the session cache is not sharded by NetworkIsolationKey if the +// feature is disabled. +TEST_F(SSLClientSocketTest, SessionResumptionNetworkIsolationKeyDisabled) { + base::test::ScopedFeatureList feature_list; + feature_list.InitAndDisableFeature( + features::kPartitionSSLSessionsByNetworkIsolationKey); + + SpawnedTestServer::SSLOptions ssl_options; + ASSERT_TRUE(StartTestServer(ssl_options)); + + // First, perform a full handshake. + SSLConfig ssl_config; + int rv; + ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); + ASSERT_THAT(rv, IsOk()); + SSLInfo ssl_info; + ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); + EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); + + // The next connection should resume. + ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); + ASSERT_THAT(rv, IsOk()); + ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); + EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); + sock_.reset(); + + // Using a different NetworkIsolationKey shares session cache key because + // sharding is disabled. + const auto kOriginA = url::Origin::Create(GURL("https://a.test")); + ssl_config.network_isolation_key = NetworkIsolationKey(kOriginA, kOriginA); + ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); + ASSERT_THAT(rv, IsOk()); + ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); + EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); + sock_.reset(); + + const auto kOriginB = url::Origin::Create(GURL("https://a.test")); + ssl_config.network_isolation_key = NetworkIsolationKey(kOriginB, kOriginB); + ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); + ASSERT_THAT(rv, IsOk()); + ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); + EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); + sock_.reset(); +} + +// Tests that the session cache is sharded by NetworkIsolationKey if the +// feature is enabled. +TEST_F(SSLClientSocketTest, SessionResumptionNetworkIsolationKeyEnabled) { + base::test::ScopedFeatureList feature_list; + feature_list.InitAndEnableFeature( + features::kPartitionSSLSessionsByNetworkIsolationKey); + + const auto kOriginA = url::Origin::Create(GURL("https://a.test")); + const auto kOriginB = url::Origin::Create(GURL("https://b.test")); + const NetworkIsolationKey kNetworkIsolationKeyA(kOriginA, kOriginA); + const NetworkIsolationKey kNetworkIsolationKeyB(kOriginB, kOriginB); + + SpawnedTestServer::SSLOptions ssl_options; + ASSERT_TRUE(StartTestServer(ssl_options)); + + // First, perform a full handshake. + SSLConfig ssl_config; + int rv; + ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); + ASSERT_THAT(rv, IsOk()); + SSLInfo ssl_info; + ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); + EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); + + // The next connection should resume. + ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); + ASSERT_THAT(rv, IsOk()); + ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); + EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); + sock_.reset(); + + // Using a different NetworkIsolationKey uses a different session cache key. + ssl_config.network_isolation_key = kNetworkIsolationKeyA; + ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); + ASSERT_THAT(rv, IsOk()); + ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); + EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); + sock_.reset(); + + // We, however, can resume under that newly-established session. + ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); + ASSERT_THAT(rv, IsOk()); + ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); + EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); + sock_.reset(); + + // Repeat with another non-null key. + ssl_config.network_isolation_key = kNetworkIsolationKeyB; + ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); + ASSERT_THAT(rv, IsOk()); + ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); + EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); + sock_.reset(); + + ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); + ASSERT_THAT(rv, IsOk()); + ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); + EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); + sock_.reset(); + + // b.test does not evict a.test's session. + ssl_config.network_isolation_key = kNetworkIsolationKeyA; + ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); + ASSERT_THAT(rv, IsOk()); + ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); + EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); + sock_.reset(); +} + // Tests that connections with certificate errors do not add entries to the // session cache. TEST_F(SSLClientSocketTest, CertificateErrorNoResume) { @@ -3545,7 +3724,7 @@ TEST_F(SSLClientSocketTest, PKPBypassedSet) { MakeHashValueVector(kBadHashValueVectorInput); cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK); - context_.transport_security_state->EnableStaticPinsForTesting(); + transport_security_state_->EnableStaticPinsForTesting(); ScopedTransportSecurityStateSource scoped_security_state_source; SSLConfig ssl_config; @@ -3579,7 +3758,7 @@ TEST_F(SSLClientSocketTest, PKPEnforced) { MakeHashValueVector(kBadHashValueVectorInput); cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK); - context_.transport_security_state->EnableStaticPinsForTesting(); + transport_security_state_->EnableStaticPinsForTesting(); ScopedTransportSecurityStateSource scoped_security_state_source; SSLConfig ssl_config; @@ -4187,7 +4366,7 @@ TEST_F(SSLClientSocketTest, PKPMoreImportantThanCT) { MakeHashValueVector(kBadHashValueVectorInput); cert_verifier_->AddResultForCert(server_cert.get(), verify_result, OK); - context_.transport_security_state->EnableStaticPinsForTesting(); + transport_security_state_->EnableStaticPinsForTesting(); ScopedTransportSecurityStateSource scoped_security_state_source; const char kCTHost[] = "pkp-expect-ct.preloaded.test"; @@ -5395,4 +5574,134 @@ TEST_P(TLS13DowngradeMetricsTest, Metrics) { } } +struct SSLHandshakeDetailsParams { + bool alpn; + bool early_data; + uint16_t version; + SSLHandshakeDetails expected_initial; + SSLHandshakeDetails expected_resume; +}; + +const SSLHandshakeDetailsParams kSSLHandshakeDetailsParams[] = { + // TLS 1.0 and 1.1 never do False Start. + {false /* no ALPN */, false /* no early data */, SSL_PROTOCOL_VERSION_TLS1, + SSLHandshakeDetails::kTLS12Full, SSLHandshakeDetails::kTLS12Resume}, + {false /* no ALPN */, false /* no early data */, + SSL_PROTOCOL_VERSION_TLS1_1, SSLHandshakeDetails::kTLS12Full, + SSLHandshakeDetails::kTLS12Resume}, + + // TLS 1.2 does False Start if ALPN is enabled. + {false /* no ALPN */, false /* no early data */, + SSL_PROTOCOL_VERSION_TLS1_2, SSLHandshakeDetails::kTLS12Full, + SSLHandshakeDetails::kTLS12Resume}, + {true /* ALPN */, false /* no early data */, SSL_PROTOCOL_VERSION_TLS1_2, + SSLHandshakeDetails::kTLS12FalseStart, SSLHandshakeDetails::kTLS12Resume}, + + // TLS 1.3 supports full handshakes, resumption, and 0-RTT. + {false /* no ALPN */, false /* no early data */, + SSL_PROTOCOL_VERSION_TLS1_3, SSLHandshakeDetails::kTLS13Full, + SSLHandshakeDetails::kTLS13Resume}, + {false /* no ALPN */, true /* early data */, SSL_PROTOCOL_VERSION_TLS1_3, + SSLHandshakeDetails::kTLS13Full, SSLHandshakeDetails::kTLS13Early}, +}; + +class SSLHandshakeDetailsTest + : public SSLClientSocketTest, + public ::testing::WithParamInterface {}; + +INSTANTIATE_TEST_SUITE_P(/* no prefix */, + SSLHandshakeDetailsTest, + ::testing::ValuesIn(kSSLHandshakeDetailsParams)); + +TEST_P(SSLHandshakeDetailsTest, Metrics) { + // Enable all test features in the server. + SSLServerConfig server_config; + server_config.version_min = SSL_PROTOCOL_VERSION_TLS1; + server_config.version_max = SSL_PROTOCOL_VERSION_TLS1_3; + server_config.early_data_enabled = true; + server_config.alpn_protos = {kProtoHTTP11}; + ASSERT_TRUE( + StartEmbeddedTestServer(EmbeddedTestServer::CERT_OK, server_config)); + + SSLConfig client_config; + client_config.version_min = GetParam().version; + client_config.version_max = GetParam().version; + client_config.early_data_enabled = GetParam().early_data; + if (GetParam().alpn) { + client_config.alpn_protos = {kProtoHTTP11}; + } + + SSLVersion version; + switch (GetParam().version) { + case SSL_PROTOCOL_VERSION_TLS1: + version = SSL_CONNECTION_VERSION_TLS1; + break; + case SSL_PROTOCOL_VERSION_TLS1_1: + version = SSL_CONNECTION_VERSION_TLS1_1; + break; + case SSL_PROTOCOL_VERSION_TLS1_2: + version = SSL_CONNECTION_VERSION_TLS1_2; + break; + case SSL_PROTOCOL_VERSION_TLS1_3: + version = SSL_CONNECTION_VERSION_TLS1_3; + break; + default: + FAIL() << GetParam().version; + } + + // Make the initial connection. + { + base::HistogramTester histograms; + int rv; + ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); + EXPECT_THAT(rv, IsOk()); + + // Sanity-check the socket matches the test parameters. + SSLInfo info; + ASSERT_TRUE(sock_->GetSSLInfo(&info)); + EXPECT_EQ(version, SSLConnectionStatusToVersion(info.connection_status)); + EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, info.handshake_type); + EXPECT_EQ(GetParam().alpn, sock_->WasAlpnNegotiated()); + + histograms.ExpectUniqueSample("Net.SSLHandshakeDetails", + GetParam().expected_initial, 1); + + // Use the socket to ensure the session ticket has been picked up. + base::StringPiece request = "GET / HTTP/1.0\r\n\r\n"; + TestCompletionCallback callback; + while (!request.empty()) { + auto request_buffer = + base::MakeRefCounted(request.as_string()); + rv = callback.GetResult( + sock_->Write(request_buffer.get(), request_buffer->size(), + callback.callback(), TRAFFIC_ANNOTATION_FOR_TESTS)); + ASSERT_GT(rv, 0); + request = request.substr(rv); + } + + auto response_buffer = base::MakeRefCounted(1024); + rv = callback.GetResult( + sock_->Read(response_buffer.get(), 1024, callback.callback())); + ASSERT_GT(rv, 0); + } + + // Make a resumption connection. + { + base::HistogramTester histograms; + int rv; + ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); + EXPECT_THAT(rv, IsOk()); + + // Sanity-check the socket matches the test parameters. + SSLInfo info; + ASSERT_TRUE(sock_->GetSSLInfo(&info)); + EXPECT_EQ(version, SSLConnectionStatusToVersion(info.connection_status)); + EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, info.handshake_type); + EXPECT_EQ(GetParam().alpn, sock_->WasAlpnNegotiated()); + + histograms.ExpectUniqueSample("Net.SSLHandshakeDetails", + GetParam().expected_resume, 1); + } +} + } // namespace net diff --git a/chromium/net/socket/ssl_connect_job.cc b/chromium/net/socket/ssl_connect_job.cc index 3c512cd60f1..a10c57d6102 100644 --- a/chromium/net/socket/ssl_connect_job.cc +++ b/chromium/net/socket/ssl_connect_job.cc @@ -46,13 +46,15 @@ SSLSocketParams::SSLSocketParams( scoped_refptr http_proxy_params, const HostPortPair& host_and_port, const SSLConfig& ssl_config, - PrivacyMode privacy_mode) + PrivacyMode privacy_mode, + NetworkIsolationKey network_isolation_key) : direct_params_(std::move(direct_params)), socks_proxy_params_(std::move(socks_proxy_params)), http_proxy_params_(std::move(http_proxy_params)), host_and_port_(host_and_port), ssl_config_(ssl_config), - privacy_mode_(privacy_mode) { + privacy_mode_(privacy_mode), + network_isolation_key_(network_isolation_key) { // Only one set of lower level ConnectJob params should be non-NULL. DCHECK((direct_params_ && !socks_proxy_params_ && !http_proxy_params_) || (!direct_params_ && socks_proxy_params_ && !http_proxy_params_) || @@ -332,32 +334,26 @@ int SSLConnectJob::DoSSLConnect() { // Set the timeout to just the time allowed for the SSL handshake. ResetTimer(kSSLHandshakeTimeout); - // If the handle has a fresh socket, get its connect start and DNS times. - const LoadTimingInfo::ConnectTiming* socket_connect_timing = nullptr; - socket_connect_timing = &nested_connect_job_->connect_timing(); - - if (socket_connect_timing) { - // Overwriting |connect_start| serves two purposes - it adjusts timing so - // |connect_start| doesn't include dns times, and it adjusts the time so - // as not to include time spent waiting for an idle socket. - connect_timing_.connect_start = socket_connect_timing->connect_start; - connect_timing_.dns_start = socket_connect_timing->dns_start; - connect_timing_.dns_end = socket_connect_timing->dns_end; - } + // Get the transport's connect start and DNS times. + const LoadTimingInfo::ConnectTiming& socket_connect_timing = + nested_connect_job_->connect_timing(); + + // Overwriting |connect_start| serves two purposes - it adjusts timing so + // |connect_start| doesn't include dns times, and it adjusts the time so + // as not to include time spent waiting for an idle socket. + connect_timing_.connect_start = socket_connect_timing.connect_start; + connect_timing_.dns_start = socket_connect_timing.dns_start; + connect_timing_.dns_end = socket_connect_timing.dns_end; ssl_negotiation_started_ = true; connect_timing_.ssl_start = base::TimeTicks::Now(); - // TODO(mmenke): Consider moving this up to the socket pool layer, after - // giving socket pools knowledge of privacy mode. - const SSLClientSocketContext& context = - params_->privacy_mode() == PRIVACY_MODE_ENABLED - ? ssl_client_socket_context_privacy_mode() - : ssl_client_socket_context(); - + SSLConfig ssl_config = params_->ssl_config(); + ssl_config.network_isolation_key = params_->network_isolation_key(); + ssl_config.privacy_mode = params_->privacy_mode(); ssl_socket_ = client_socket_factory()->CreateSSLClientSocket( - std::move(nested_socket_), params_->host_and_port(), - params_->ssl_config(), context); + ssl_client_context(), std::move(nested_socket_), params_->host_and_port(), + ssl_config); nested_connect_job_.reset(); return ssl_socket_->Connect(callback_); } diff --git a/chromium/net/socket/ssl_connect_job.h b/chromium/net/socket/ssl_connect_job.h index bc198867b4f..575f429335a 100644 --- a/chromium/net/socket/ssl_connect_job.h +++ b/chromium/net/socket/ssl_connect_job.h @@ -14,6 +14,7 @@ #include "net/base/completion_once_callback.h" #include "net/base/completion_repeating_callback.h" #include "net/base/net_export.h" +#include "net/base/network_isolation_key.h" #include "net/base/privacy_mode.h" #include "net/socket/connect_job.h" #include "net/socket/connection_attempts.h" @@ -41,7 +42,8 @@ class NET_EXPORT_PRIVATE SSLSocketParams scoped_refptr http_proxy_params, const HostPortPair& host_and_port, const SSLConfig& ssl_config, - PrivacyMode privacy_mode); + PrivacyMode privacy_mode, + NetworkIsolationKey network_isolation_key); // Returns the type of the underlying connection. ConnectionType GetConnectionType() const; @@ -59,6 +61,9 @@ class NET_EXPORT_PRIVATE SSLSocketParams const HostPortPair& host_and_port() const { return host_and_port_; } const SSLConfig& ssl_config() const { return ssl_config_; } PrivacyMode privacy_mode() const { return privacy_mode_; } + const NetworkIsolationKey& network_isolation_key() const { + return network_isolation_key_; + } private: friend class base::RefCounted; @@ -70,6 +75,7 @@ class NET_EXPORT_PRIVATE SSLSocketParams const HostPortPair host_and_port_; const SSLConfig ssl_config_; const PrivacyMode privacy_mode_; + const NetworkIsolationKey network_isolation_key_; DISALLOW_COPY_AND_ASSIGN(SSLSocketParams); }; diff --git a/chromium/net/socket/ssl_connect_job_unittest.cc b/chromium/net/socket/ssl_connect_job_unittest.cc index 799d2325c70..3ffef96f83e 100644 --- a/chromium/net/socket/ssl_connect_job_unittest.cc +++ b/chromium/net/socket/ssl_connect_job_unittest.cc @@ -78,18 +78,11 @@ class SSLConnectJobTest : public WithScopedTaskEnvironment, public: SSLConnectJobTest() : WithScopedTaskEnvironment( - base::test::ScopedTaskEnvironment::MainThreadType::MOCK_TIME, - base::test::ScopedTaskEnvironment::NowSource:: - MAIN_THREAD_MOCK_TIME), + base::test::ScopedTaskEnvironment::TimeSource::MOCK_TIME_AND_NOW), proxy_resolution_service_(ProxyResolutionService::CreateDirect()), ssl_config_service_(new SSLConfigServiceDefaults), http_auth_handler_factory_(HttpAuthHandlerFactory::CreateDefault()), session_(CreateNetworkSession()), - ssl_client_socket_context_(&cert_verifier_, - &transport_security_state_, - &ct_verifier_, - &ct_policy_enforcer_, - nullptr /* ssl_client_session_cache */), direct_transport_socket_params_( new TransportSocketParams(HostPortPair("host", 443), OnHostResolutionCallback())), @@ -112,10 +105,6 @@ class SSLConnectJobTest : public WithScopedTaskEnvironment, NetworkIsolationKey())), common_connect_job_params_(session_->CreateCommonConnectJobParams()) { ssl_config_service_->GetSSLConfig(&ssl_config_); - - // Set an initial delay to ensure that the first call to TimeTicks::Now() - // before incrementing the counter does not return a null value. - FastForwardBy(base::TimeDelta::FromSeconds(1)); } ~SSLConnectJobTest() override = default; @@ -135,7 +124,8 @@ class SSLConnectJobTest : public WithScopedTaskEnvironment, : nullptr, proxy == ProxyServer::SCHEME_SOCKS5 ? socks_socket_params_ : nullptr, proxy == ProxyServer::SCHEME_HTTP ? http_proxy_socket_params_ : nullptr, - HostPortPair("host", 443), ssl_config_, PRIVACY_MODE_DISABLED); + HostPortPair("host", 443), ssl_config_, PRIVACY_MODE_DISABLED, + NetworkIsolationKey()); } void AddAuthToCache() { @@ -175,7 +165,6 @@ class SSLConnectJobTest : public WithScopedTaskEnvironment, const std::unique_ptr http_auth_handler_factory_; HttpServerPropertiesImpl http_server_properties_; const std::unique_ptr session_; - SSLClientSocketContext ssl_client_socket_context_; scoped_refptr direct_transport_socket_params_; diff --git a/chromium/net/socket/ssl_server_socket_impl.cc b/chromium/net/socket/ssl_server_socket_impl.cc index bb3e4fc8df1..8e9e8a2750a 100644 --- a/chromium/net/socket/ssl_server_socket_impl.cc +++ b/chromium/net/socket/ssl_server_socket_impl.cc @@ -26,6 +26,7 @@ #include "net/ssl/ssl_connection_status_flags.h" #include "net/ssl/ssl_info.h" #include "net/traffic_annotation/network_traffic_annotation.h" +#include "third_party/boringssl/src/include/openssl/bytestring.h" #include "third_party/boringssl/src/include/openssl/err.h" #include "third_party/boringssl/src/include/openssl/pool.h" #include "third_party/boringssl/src/include/openssl/ssl.h" @@ -142,6 +143,13 @@ class SSLServerContextImpl::SocketImpl : public SSLServerSocket, size_t max_out); void OnPrivateKeyComplete(Error error, const std::vector& signature); + static int ALPNSelectCallback(SSL* ssl, + const uint8_t** out, + uint8_t* out_len, + const uint8_t* in, + unsigned in_len, + void* arg); + // SocketBIOAdapter::Delegate implementation. void OnReadReady() override; void OnWriteReady() override; @@ -202,7 +210,9 @@ class SSLServerContextImpl::SocketImpl : public SSLServerSocket, State next_handshake_state_; bool completed_handshake_; - base::WeakPtrFactory weak_factory_; + NextProto negotiated_protocol_; + + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(SocketImpl); }; @@ -218,7 +228,7 @@ SSLServerContextImpl::SocketImpl::SocketImpl( transport_socket_(std::move(transport_socket)), next_handshake_state_(STATE_NONE), completed_handshake_(false), - weak_factory_(this) { + negotiated_protocol_(kProtoUnknown) { ssl_.reset(SSL_new(context_->ssl_ctx_.get())); SSL_set_app_data(ssl_.get(), this); SSL_set_shed_handshake_config(ssl_.get(), 1); @@ -335,6 +345,41 @@ void SSLServerContextImpl::SocketImpl::OnPrivateKeyComplete( DoHandshakeLoop(ERR_IO_PENDING); } +int SSLServerContextImpl::SocketImpl::ALPNSelectCallback(SSL* ssl, + const uint8_t** out, + uint8_t* out_len, + const uint8_t* in, + unsigned in_len, + void* arg) { + SSLServerContextImpl::SocketImpl* socket = + static_cast(SSL_get_ex_data( + ssl, SocketDataIndex::GetInstance()->ssl_socket_data_index_)); + + // Iterate over the server protocols in preference order. + for (NextProto server_proto : + socket->context_->ssl_server_config_.alpn_protos) { + const char* server_proto_str = NextProtoToString(server_proto); + + // See if the client advertised the corresponding protocol. + CBS cbs; + CBS_init(&cbs, in, in_len); + while (CBS_len(&cbs) != 0) { + CBS client_proto; + if (!CBS_get_u8_length_prefixed(&cbs, &client_proto)) { + return SSL_TLSEXT_ERR_NOACK; + } + if (base::StringPiece( + reinterpret_cast(CBS_data(&client_proto)), + CBS_len(&client_proto)) == server_proto_str) { + *out = CBS_data(&client_proto); + *out_len = CBS_len(&client_proto); + return SSL_TLSEXT_ERR_OK; + } + } + } + return SSL_TLSEXT_ERR_NOACK; +} + int SSLServerContextImpl::SocketImpl::Handshake( CompletionOnceCallback callback) { net_log_.BeginEvent(NetLogEventType::SSL_SERVER_HANDSHAKE); @@ -486,13 +531,11 @@ bool SSLServerContextImpl::SocketImpl::WasEverUsed() const { } bool SSLServerContextImpl::SocketImpl::WasAlpnNegotiated() const { - NOTIMPLEMENTED(); - return false; + return negotiated_protocol_ != kProtoUnknown; } NextProto SSLServerContextImpl::SocketImpl::GetNegotiatedProtocol() const { - // ALPN is not supported by this class. - return kProtoUnknown; + return negotiated_protocol_; } bool SSLServerContextImpl::SocketImpl::GetSSLInfo(SSLInfo* ssl_info) { @@ -594,9 +637,8 @@ int SSLServerContextImpl::SocketImpl::DoPayloadRead() { int net_error = MapOpenSSLErrorWithDetails(ssl_error, err_tracer, &error_info); if (net_error != ERR_IO_PENDING) { - net_log_.AddEvent( - NetLogEventType::SSL_READ_ERROR, - CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); + NetLogOpenSSLError(net_log_, NetLogEventType::SSL_READ_ERROR, net_error, + ssl_error, error_info); } return net_error; } @@ -615,9 +657,8 @@ int SSLServerContextImpl::SocketImpl::DoPayloadWrite() { int net_error = MapOpenSSLErrorWithDetails(ssl_error, err_tracer, &error_info); if (net_error != ERR_IO_PENDING) { - net_log_.AddEvent( - NetLogEventType::SSL_WRITE_ERROR, - CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); + NetLogOpenSSLError(net_log_, NetLogEventType::SSL_WRITE_ERROR, net_error, + ssl_error, error_info); } return net_error; } @@ -659,6 +700,15 @@ int SSLServerContextImpl::SocketImpl::DoHandshake() { if (!client_cert_) return ERR_SSL_CLIENT_AUTH_CERT_BAD_FORMAT; } + + const uint8_t* alpn_proto = nullptr; + unsigned alpn_len = 0; + SSL_get0_alpn_selected(ssl_.get(), &alpn_proto, &alpn_len); + if (alpn_len > 0) { + base::StringPiece proto(reinterpret_cast(alpn_proto), + alpn_len); + negotiated_protocol_ = NextProtoFromString(proto); + } } else { int ssl_error = SSL_get_error(ssl_.get(), rv); @@ -685,9 +735,8 @@ int SSLServerContextImpl::SocketImpl::DoHandshake() { } else { LOG(ERROR) << "handshake failed; returned " << rv << ", SSL error code " << ssl_error << ", net_error " << net_error; - net_log_.AddEvent( - NetLogEventType::SSL_HANDSHAKE_ERROR, - CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); + NetLogOpenSSLError(net_log_, NetLogEventType::SSL_HANDSHAKE_ERROR, + net_error, ssl_error, error_info); } } return net_error; @@ -915,6 +964,9 @@ void SSLServerContextImpl::Init() { } SSL_CTX_set0_client_CAs(ssl_ctx_.get(), stack.release()); } + + SSL_CTX_set_alpn_select_cb(ssl_ctx_.get(), &SocketImpl::ALPNSelectCallback, + nullptr); } SSLServerContextImpl::~SSLServerContextImpl() = default; diff --git a/chromium/net/socket/ssl_server_socket_unittest.cc b/chromium/net/socket/ssl_server_socket_unittest.cc index 0a4c466fa15..c288bcad423 100644 --- a/chromium/net/socket/ssl_server_socket_unittest.cc +++ b/chromium/net/socket/ssl_server_socket_unittest.cc @@ -103,11 +103,7 @@ class MockCTPolicyEnforcer : public CTPolicyEnforcer { class FakeDataChannel { public: FakeDataChannel() - : read_buf_len_(0), - closed_(false), - write_called_after_close_(false), - weak_factory_(this) { - } + : read_buf_len_(0), closed_(false), write_called_after_close_(false) {} int Read(IOBuffer* buf, int buf_len, CompletionOnceCallback callback) { DCHECK(read_callback_.is_null()); @@ -214,7 +210,7 @@ class FakeDataChannel { // asynchronously. bool write_called_after_close_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(FakeDataChannel); }; @@ -357,8 +353,7 @@ class SSLServerSocketTest : public PlatformTest, public WithScopedTaskEnvironment { public: SSLServerSocketTest() - : socket_factory_(ClientSocketFactory::GetDefaultFactory()), - cert_verifier_(new MockCertVerifier()), + : cert_verifier_(new MockCertVerifier()), client_cert_verifier_(new MockClientCertVerifier()), transport_security_state_(new TransportSecurityState), ct_verifier_(new DoNothingCTVerifier), @@ -388,6 +383,11 @@ class SSLServerSocketTest : public PlatformTest, // Certificate provided by the host doesn't need authority. client_ssl_config_.allowed_bad_certs.emplace_back( server_cert_, CERT_STATUS_AUTHORITY_INVALID); + + client_context_ = std::make_unique( + cert_verifier_.get(), transport_security_state_.get(), + ct_verifier_.get(), ct_policy_enforcer_.get(), + ssl_client_session_cache_.get()); } protected: @@ -396,7 +396,6 @@ class SSLServerSocketTest : public PlatformTest, server_socket_.reset(); channel_1_.reset(); channel_2_.reset(); - server_context_.reset(); server_context_ = CreateSSLServerContext( server_cert_.get(), *server_private_key_, server_ssl_config_); } @@ -422,14 +421,9 @@ class SSLServerSocketTest : public PlatformTest, std::make_unique(channel_2_.get(), channel_1_.get()); HostPortPair host_and_pair("unittest", 0); - SSLClientSocketContext context( - cert_verifier_.get(), transport_security_state_.get(), - ct_verifier_.get(), ct_policy_enforcer_.get(), - ssl_client_session_cache_.get()); - client_socket_ = socket_factory_->CreateSSLClientSocket( - std::move(client_connection), host_and_pair, client_ssl_config_, - context); + client_socket_ = client_context_->CreateSSLClientSocket( + std::move(client_connection), host_and_pair, client_ssl_config_); ASSERT_TRUE(client_socket_); server_socket_ = @@ -515,16 +509,16 @@ class SSLServerSocketTest : public PlatformTest, std::unique_ptr channel_2_; SSLConfig client_ssl_config_; SSLServerConfig server_ssl_config_; - std::unique_ptr client_socket_; - std::unique_ptr server_socket_; - ClientSocketFactory* socket_factory_; std::unique_ptr cert_verifier_; std::unique_ptr client_cert_verifier_; std::unique_ptr transport_security_state_; std::unique_ptr ct_verifier_; std::unique_ptr ct_policy_enforcer_; std::unique_ptr ssl_client_session_cache_; + std::unique_ptr client_context_; std::unique_ptr server_context_; + std::unique_ptr client_socket_; + std::unique_ptr server_socket_; std::unique_ptr server_private_key_; scoped_refptr server_ssl_private_key_; scoped_refptr server_cert_; @@ -791,7 +785,7 @@ TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSupplied) { connect_callback.GetResult( client_socket_->Connect(connect_callback.callback()))); - scoped_refptr request_info = new SSLCertRequestInfo(); + auto request_info = base::MakeRefCounted(); client_socket_->GetSSLCertRequestInfo(request_info.get()); // Check that the authority name that arrived in the CertificateRequest @@ -825,7 +819,7 @@ TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSuppliedCached) { connect_callback.GetResult( client_socket_->Connect(connect_callback.callback()))); - scoped_refptr request_info = new SSLCertRequestInfo(); + auto request_info = base::MakeRefCounted(); client_socket_->GetSSLCertRequestInfo(request_info.get()); // Check that the authority name that arrived in the CertificateRequest @@ -851,7 +845,7 @@ TEST_F(SSLServerSocketTest, HandshakeWithClientCertRequiredNotSuppliedCached) { connect_callback2.GetResult( client_socket_->Connect(connect_callback2.callback()))); - scoped_refptr request_info2 = new SSLCertRequestInfo(); + auto request_info2 = base::MakeRefCounted(); client_socket_->GetSSLCertRequestInfo(request_info2.get()); // Check that the authority name that arrived in the CertificateRequest @@ -1255,6 +1249,7 @@ TEST_F(SSLServerSocketTest, HandshakeServerSSLPrivateKeyRequireEcdhe) { }; client_ssl_config_.disabled_cipher_suites.assign( kEcdheCiphers, kEcdheCiphers + base::size(kEcdheCiphers)); + // TLS 1.3 always works with SSLPrivateKey. client_ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1_2; diff --git a/chromium/net/socket/tcp_client_socket.cc b/chromium/net/socket/tcp_client_socket.cc index c6970172beb..46d0a7d5854 100644 --- a/chromium/net/socket/tcp_client_socket.cc +++ b/chromium/net/socket/tcp_client_socket.cc @@ -49,9 +49,7 @@ TCPClientSocket::TCPClientSocket(std::unique_ptr connected_socket, TCPClientSocket::~TCPClientSocket() { Disconnect(); #if defined(TCP_CLIENT_SOCKET_OBSERVES_SUSPEND) - base::PowerMonitor* power_monitor = base::PowerMonitor::Get(); - if (power_monitor) - power_monitor->RemoveObserver(this); + base::PowerMonitor::RemoveObserver(this); #endif // defined(TCP_CLIENT_SOCKET_OBSERVES_SUSPEND) } @@ -144,15 +142,12 @@ TCPClientSocket::TCPClientSocket(std::unique_ptr socket, previously_disconnected_(false), total_received_bytes_(0), was_ever_used_(false), - was_disconnected_on_suspend_(false), - weak_ptr_factory_(this) { + was_disconnected_on_suspend_(false) { DCHECK(socket_); if (socket_->IsValid()) socket_->SetDefaultOptionsForClient(); #if defined(TCP_CLIENT_SOCKET_OBSERVES_SUSPEND) - base::PowerMonitor* power_monitor = base::PowerMonitor::Get(); - if (power_monitor) - power_monitor->AddObserver(this); + base::PowerMonitor::AddObserver(this); #endif // defined(TCP_CLIENT_SOCKET_OBSERVES_SUSPEND) } diff --git a/chromium/net/socket/tcp_client_socket.h b/chromium/net/socket/tcp_client_socket.h index 1bf00384458..306c6b359e1 100644 --- a/chromium/net/socket/tcp_client_socket.h +++ b/chromium/net/socket/tcp_client_socket.h @@ -207,7 +207,7 @@ class NET_EXPORT TCPClientSocket : public TransportClientSocket, // Connect() or Disconnect() is called. bool was_disconnected_on_suspend_; - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(TCPClientSocket); }; diff --git a/chromium/net/socket/tcp_client_socket_unittest.cc b/chromium/net/socket/tcp_client_socket_unittest.cc index d2268247d92..0fc860632c9 100644 --- a/chromium/net/socket/tcp_client_socket_unittest.cc +++ b/chromium/net/socket/tcp_client_socket_unittest.cc @@ -55,8 +55,6 @@ class TestPowerMonitorSource : public base::PowerMonitorSource { TestPowerMonitorSource() = default; ~TestPowerMonitorSource() override = default; - void Shutdown() override {} - void Suspend() { ProcessPowerEvent(SUSPEND_EVENT); } void Resume() { ProcessPowerEvent(RESUME_EVENT); } @@ -75,10 +73,11 @@ class TCPClientSocketTest : public testing::Test { std::unique_ptr power_monitor_source = std::make_unique(); power_monitor_source_ = power_monitor_source.get(); - power_monitor_ = - std::make_unique(std::move(power_monitor_source)); + base::PowerMonitor::Initialize(std::move(power_monitor_source)); } + ~TCPClientSocketTest() override { base::PowerMonitor::ShutdownForTesting(); } + void Suspend() { power_monitor_source_->Suspend(); } void Resume() { power_monitor_source_->Resume(); } @@ -124,7 +123,6 @@ class TCPClientSocketTest : public testing::Test { private: base::test::ScopedTaskEnvironment scoped_task_environment_; - std::unique_ptr power_monitor_; TestPowerMonitorSource* power_monitor_source_; }; diff --git a/chromium/net/socket/tcp_socket_posix.cc b/chromium/net/socket/tcp_socket_posix.cc index deb88c0965c..520f8d7865e 100644 --- a/chromium/net/socket/tcp_socket_posix.cc +++ b/chromium/net/socket/tcp_socket_posix.cc @@ -139,8 +139,7 @@ TCPSocketPosix::TCPSocketPosix( : socket_performance_watcher_(std::move(socket_performance_watcher)), logging_multiple_connect_attempts_(false), net_log_(NetLogWithSource::Make(net_log, NetLogSourceType::SOCKET)) { - net_log_.BeginEvent(NetLogEventType::SOCKET_ALIVE, - source.ToEventParametersCallback()); + net_log_.BeginEventReferencingSource(NetLogEventType::SOCKET_ALIVE, source); } TCPSocketPosix::~TCPSocketPosix() { @@ -233,7 +232,7 @@ int TCPSocketPosix::Connect(const IPEndPoint& address, LogConnectBegin(AddressList(address)); net_log_.BeginEvent(NetLogEventType::TCP_CONNECT_ATTEMPT, - CreateNetLogIPEndPointCallback(&address)); + [&] { return CreateNetLogIPEndPointParams(&address); }); SockaddrStorage storage; if (!address.ToSockAddr(storage.addr, &storage.addr_len)) @@ -485,7 +484,7 @@ int TCPSocketPosix::HandleAcceptCompleted( if (rv == OK) { net_log_.EndEvent(NetLogEventType::TCP_ACCEPT, - CreateNetLogIPEndPointCallback(address)); + [&] { return CreateNetLogIPEndPointParams(address); }); } else { net_log_.EndEventWithNetErrorCode(NetLogEventType::TCP_ACCEPT, rv); } @@ -519,8 +518,8 @@ void TCPSocketPosix::ConnectCompleted(CompletionOnceCallback callback, int rv) { int TCPSocketPosix::HandleConnectCompleted(int rv) { // Log the end of this attempt (and any OS error it threw). if (rv != OK) { - net_log_.EndEvent(NetLogEventType::TCP_CONNECT_ATTEMPT, - NetLog::IntCallback("os_error", errno)); + net_log_.EndEventWithIntParams(NetLogEventType::TCP_CONNECT_ATTEMPT, + "os_error", errno); tag_ = SocketTag(); } else { net_log_.EndEvent(NetLogEventType::TCP_CONNECT_ATTEMPT); @@ -539,7 +538,7 @@ int TCPSocketPosix::HandleConnectCompleted(int rv) { void TCPSocketPosix::LogConnectBegin(const AddressList& addresses) const { net_log_.BeginEvent(NetLogEventType::TCP_CONNECT, - addresses.CreateNetLogCallback()); + [&] { return addresses.NetLogParams(); }); } void TCPSocketPosix::LogConnectEnd(int net_error) const { @@ -557,9 +556,9 @@ void TCPSocketPosix::LogConnectEnd(int net_error) const { return; } - net_log_.EndEvent( - NetLogEventType::TCP_CONNECT, - CreateNetLogSourceAddressCallback(storage.addr, storage.addr_len)); + net_log_.EndEvent(NetLogEventType::TCP_CONNECT, [&] { + return CreateNetLogSourceAddressParams(storage.addr, storage.addr_len); + }); } void TCPSocketPosix::ReadCompleted(const scoped_refptr& buf, @@ -598,8 +597,7 @@ int TCPSocketPosix::HandleReadCompleted(IOBuffer* buf, int rv) { void TCPSocketPosix::HandleReadCompletedHelper(int rv) { if (rv < 0) { - net_log_.AddEvent(NetLogEventType::SOCKET_READ_ERROR, - CreateNetLogSocketErrorCallback(rv, errno)); + NetLogSocketError(net_log_, NetLogEventType::SOCKET_READ_ERROR, rv, errno); } } @@ -612,8 +610,7 @@ void TCPSocketPosix::WriteCompleted(const scoped_refptr& buf, int TCPSocketPosix::HandleWriteCompleted(IOBuffer* buf, int rv) { if (rv < 0) { - net_log_.AddEvent(NetLogEventType::SOCKET_WRITE_ERROR, - CreateNetLogSocketErrorCallback(rv, errno)); + NetLogSocketError(net_log_, NetLogEventType::SOCKET_WRITE_ERROR, rv, errno); return rv; } diff --git a/chromium/net/socket/tcp_socket_win.cc b/chromium/net/socket/tcp_socket_win.cc index 3e6ecb8e9c6..6a8c306a569 100644 --- a/chromium/net/socket/tcp_socket_win.cc +++ b/chromium/net/socket/tcp_socket_win.cc @@ -267,8 +267,7 @@ TCPSocketWin::TCPSocketWin( connect_os_error_(0), logging_multiple_connect_attempts_(false), net_log_(NetLogWithSource::Make(net_log, NetLogSourceType::SOCKET)) { - net_log_.BeginEvent(NetLogEventType::SOCKET_ALIVE, - source.ToEventParametersCallback()); + net_log_.BeginEventReferencingSource(NetLogEventType::SOCKET_ALIVE, source); EnsureWinsockInit(); } @@ -518,8 +517,8 @@ int TCPSocketWin::ReadIfReady(IOBuffer* buf, if (rv == SOCKET_ERROR) { if (os_error != WSAEWOULDBLOCK) { int net_error = MapSystemError(os_error); - net_log_.AddEvent(NetLogEventType::SOCKET_READ_ERROR, - CreateNetLogSocketErrorCallback(net_error, os_error)); + NetLogSocketError(net_log_, NetLogEventType::SOCKET_READ_ERROR, net_error, + os_error); return net_error; } } else { @@ -586,8 +585,8 @@ int TCPSocketWin::Write( } else { if (os_error != WSA_IO_PENDING) { int net_error = MapSystemError(os_error); - net_log_.AddEvent(NetLogEventType::SOCKET_WRITE_ERROR, - CreateNetLogSocketErrorCallback(net_error, os_error)); + NetLogSocketError(net_log_, NetLogEventType::SOCKET_WRITE_ERROR, + net_error, os_error); return net_error; } } @@ -795,8 +794,9 @@ int TCPSocketWin::AcceptInternal(std::unique_ptr* socket, } *socket = std::move(tcp_socket); *address = ip_end_point; - net_log_.EndEvent(NetLogEventType::TCP_ACCEPT, - CreateNetLogIPEndPointCallback(&ip_end_point)); + net_log_.EndEvent(NetLogEventType::TCP_ACCEPT, [&] { + return CreateNetLogIPEndPointParams(&ip_end_point); + }); return OK; } @@ -829,8 +829,9 @@ int TCPSocketWin::DoConnect() { DCHECK_EQ(connect_os_error_, 0); DCHECK(!core_.get()); - net_log_.BeginEvent(NetLogEventType::TCP_CONNECT_ATTEMPT, - CreateNetLogIPEndPointCallback(peer_address_.get())); + net_log_.BeginEvent(NetLogEventType::TCP_CONNECT_ATTEMPT, [&] { + return CreateNetLogIPEndPointParams(peer_address_.get()); + }); core_ = new Core(this); @@ -877,8 +878,8 @@ void TCPSocketWin::DoConnectComplete(int result) { int os_error = connect_os_error_; connect_os_error_ = 0; if (result != OK) { - net_log_.EndEvent(NetLogEventType::TCP_CONNECT_ATTEMPT, - NetLog::IntCallback("os_error", os_error)); + net_log_.EndEventWithIntParams(NetLogEventType::TCP_CONNECT_ATTEMPT, + "os_error", os_error); } else { net_log_.EndEvent(NetLogEventType::TCP_CONNECT_ATTEMPT); } @@ -889,7 +890,7 @@ void TCPSocketWin::DoConnectComplete(int result) { void TCPSocketWin::LogConnectBegin(const AddressList& addresses) { net_log_.BeginEvent(NetLogEventType::TCP_CONNECT, - addresses.CreateNetLogCallback()); + [&] { return addresses.NetLogParams(); }); } void TCPSocketWin::LogConnectEnd(int net_error) { @@ -910,11 +911,11 @@ void TCPSocketWin::LogConnectEnd(int net_error) { return; } - net_log_.EndEvent( - NetLogEventType::TCP_CONNECT, - CreateNetLogSourceAddressCallback( - reinterpret_cast(&source_address), - sizeof(source_address))); + net_log_.EndEvent(NetLogEventType::TCP_CONNECT, [&] { + return CreateNetLogSourceAddressParams( + reinterpret_cast(&source_address), + sizeof(source_address)); + }); } void TCPSocketWin::RetryRead(int rv) { @@ -974,8 +975,8 @@ void TCPSocketWin::DidCompleteWrite() { int rv; if (!ok) { rv = MapSystemError(os_error); - net_log_.AddEvent(NetLogEventType::SOCKET_WRITE_ERROR, - CreateNetLogSocketErrorCallback(rv, os_error)); + NetLogSocketError(net_log_, NetLogEventType::SOCKET_WRITE_ERROR, rv, + os_error); } else { rv = static_cast(num_bytes); if (rv > core_->write_buffer_length_ || rv < 0) { diff --git a/chromium/net/socket/transport_client_socket_pool.cc b/chromium/net/socket/transport_client_socket_pool.cc index 3a1fb84662c..5c569152a2a 100644 --- a/chromium/net/socket/transport_client_socket_pool.cc +++ b/chromium/net/socket/transport_client_socket_pool.cc @@ -38,10 +38,9 @@ namespace { // after a certain timeout has passed without receiving an ACK. bool g_connect_backup_jobs_enabled = true; -base::Value NetLogCreateConnectJobCallback( +base::Value NetLogCreateConnectJobParams( bool backup_job, - const ClientSocketPool::GroupId* group_id, - net::NetLogCaptureMode capture_mode) { + const ClientSocketPool::GroupId* group_id) { base::DictionaryValue dict; dict.SetBoolean("backup_job", backup_job); dict.SetString("group_id", group_id->ToString()); @@ -225,14 +224,14 @@ bool TransportClientSocketPool::IsStalled() const { void TransportClientSocketPool::AddHigherLayeredPool( HigherLayeredPool* higher_pool) { CHECK(higher_pool); - CHECK(!base::ContainsKey(higher_pools_, higher_pool)); + CHECK(!base::Contains(higher_pools_, higher_pool)); higher_pools_.insert(higher_pool); } void TransportClientSocketPool::RemoveHigherLayeredPool( HigherLayeredPool* higher_pool) { CHECK(higher_pool); - CHECK(base::ContainsKey(higher_pools_, higher_pool)); + CHECK(base::Contains(higher_pools_, higher_pool)); higher_pools_.erase(higher_pool); } @@ -297,8 +296,7 @@ void TransportClientSocketPool::RequestSockets( if (net_log.IsCapturing()) { // TODO(eroman): Split out the host and port parameters. net_log.AddEvent(NetLogEventType::TCP_CLIENT_SOCKET_POOL_REQUESTED_SOCKETS, - base::BindRepeating(&NetLogGroupIdCallback, - base::Unretained(&group_id))); + [&] { return NetLogGroupIdParams(group_id); }); } Request request(nullptr /* no handle */, CompletionOnceCallback(), @@ -313,9 +311,9 @@ void TransportClientSocketPool::RequestSockets( num_sockets = max_sockets_per_group_; } - request.net_log().BeginEvent( - NetLogEventType::SOCKET_POOL_CONNECTING_N_SOCKETS, - NetLog::IntCallback("num_sockets", num_sockets)); + request.net_log().BeginEventWithIntParams( + NetLogEventType::SOCKET_POOL_CONNECTING_N_SOCKETS, "num_sockets", + num_sockets); Group* group = GetOrCreateGroup(group_id); @@ -329,11 +327,11 @@ void TransportClientSocketPool::RequestSockets( rv = RequestSocketInternal(group_id, request); if (rv < 0 && rv != ERR_IO_PENDING) { // We're encountering a synchronous error. Give up. - if (!base::ContainsKey(group_map_, group_id)) + if (!base::Contains(group_map_, group_id)) deleted_group = true; break; } - if (!base::ContainsKey(group_map_, group_id)) { + if (!base::Contains(group_map_, group_id)) { // Unexpected. The group should only be getting deleted on synchronous // error. NOTREACHED(); @@ -417,9 +415,9 @@ int TransportClientSocketPool::RequestSocketInternal(const GroupId& group_id, group_id, request.socket_params(), request.proxy_annotation_tag(), request.priority(), request.socket_tag(), group)); owned_connect_job->net_log().AddEvent( - NetLogEventType::SOCKET_POOL_CONNECT_JOB_CREATED, - base::BindRepeating(&NetLogCreateConnectJobCallback, - false /* backup_job */, base::Unretained(&group_id))); + NetLogEventType::SOCKET_POOL_CONNECT_JOB_CREATED, [&] { + return NetLogCreateConnectJobParams(false /* backup_job */, &group_id); + }); ConnectJob* connect_job = owned_connect_job.get(); bool was_group_empty = group->IsEmpty(); // Need to add the ConnectJob to the group before connecting, to ensure @@ -528,8 +526,8 @@ bool TransportClientSocketPool::AssignIdleSocketToRequest( void TransportClientSocketPool::LogBoundConnectJobToRequest( const NetLogSource& connect_job_source, const Request& request) { - request.net_log().AddEvent(NetLogEventType::SOCKET_POOL_BOUND_TO_CONNECT_JOB, - connect_job_source.ToEventParametersCallback()); + request.net_log().AddEventReferencingSource( + NetLogEventType::SOCKET_POOL_BOUND_TO_CONNECT_JOB, connect_job_source); } void TransportClientSocketPool::SetPriority(const GroupId& group_id, @@ -537,7 +535,7 @@ void TransportClientSocketPool::SetPriority(const GroupId& group_id, RequestPriority priority) { auto group_it = group_map_.find(group_id); if (group_it == group_map_.end()) { - DCHECK(base::ContainsKey(pending_callback_map_, handle)); + DCHECK(base::Contains(pending_callback_map_, handle)); // The Request has already completed and been destroyed; nothing to // reprioritize. return; @@ -570,7 +568,7 @@ void TransportClientSocketPool::CancelRequest(const GroupId& group_id, return; } - CHECK(base::ContainsKey(group_map_, group_id)); + CHECK(base::Contains(group_map_, group_id)); Group* group = GetOrCreateGroup(group_id); std::unique_ptr request = group->FindAndRemoveBoundRequest(handle); @@ -633,7 +631,7 @@ size_t TransportClientSocketPool::IdleSocketCountInGroup( LoadState TransportClientSocketPool::GetLoadState( const GroupId& group_id, const ClientSocketHandle* handle) const { - if (base::ContainsKey(pending_callback_map_, handle)) + if (base::Contains(pending_callback_map_, handle)) return LOAD_STATE_CONNECTING; auto group_it = group_map_.find(group_id); @@ -780,8 +778,7 @@ TransportClientSocketPool::TransportClientSocketPool( connect_job_factory_(std::move(connect_job_factory)), connect_backup_jobs_enabled_(connect_backup_jobs_enabled && g_connect_backup_jobs_enabled), - ssl_config_service_(ssl_config_service), - weak_factory_(this) { + ssl_config_service_(ssl_config_service) { DCHECK_LE(0, max_sockets_per_group); DCHECK_LE(max_sockets_per_group, max_sockets); @@ -798,7 +795,7 @@ void TransportClientSocketPool::OnSSLConfigChanged() { } bool TransportClientSocketPool::HasGroup(const GroupId& group_id) const { - return base::ContainsKey(group_map_, group_id); + return base::Contains(group_map_, group_id); } void TransportClientSocketPool::CleanupIdleSockets(bool force) { @@ -1023,7 +1020,7 @@ void TransportClientSocketPool::RemoveConnectJob(ConnectJob* job, void TransportClientSocketPool::OnAvailableSocketSlot(const GroupId& group_id, Group* group) { - DCHECK(base::ContainsKey(group_map_, group_id)); + DCHECK(base::Contains(group_map_, group_id)); if (group->IsEmpty()) { RemoveGroup(group_id); } else if (group->has_unbound_requests()) { @@ -1074,10 +1071,9 @@ void TransportClientSocketPool::HandOutSocket( handle->set_connect_timing(connect_timing); if (reuse_type == ClientSocketHandle::REUSED_IDLE) { - net_log.AddEvent( - NetLogEventType::SOCKET_POOL_REUSED_AN_EXISTING_SOCKET, - NetLog::IntCallback("idle_ms", - static_cast(idle_time.InMilliseconds()))); + net_log.AddEventWithIntParams( + NetLogEventType::SOCKET_POOL_REUSED_AN_EXISTING_SOCKET, "idle_ms", + static_cast(idle_time.InMilliseconds())); } if (reuse_type != ClientSocketHandle::UNUSED) { @@ -1087,9 +1083,9 @@ void TransportClientSocketPool::HandOutSocket( idle_socket_count_ + 1, 1, 256, 50); } - net_log.AddEvent( + net_log.AddEventReferencingSource( NetLogEventType::SOCKET_POOL_BOUND_TO_SOCKET, - handle->socket()->NetLog().source().ToEventParametersCallback()); + handle->socket()->NetLog().source()); handed_out_socket_count_++; group->IncrementActiveSocketCount(); @@ -1295,7 +1291,7 @@ void TransportClientSocketPool::InvokeUserCallbackLater( CompletionOnceCallback callback, int rv, const SocketTag& socket_tag) { - CHECK(!base::ContainsKey(pending_callback_map_, handle)); + CHECK(!base::Contains(pending_callback_map_, handle)); pending_callback_map_[handle] = CallbackResultPair(std::move(callback), rv); if (rv == OK) { handle->socket()->ApplySocketTag(socket_tag); @@ -1512,9 +1508,9 @@ void TransportClientSocketPool::Group::OnBackupJobTimerFired( group_id, request->socket_params(), request->proxy_annotation_tag(), request->priority(), request->socket_tag(), this); owned_backup_job->net_log().AddEvent( - NetLogEventType::SOCKET_POOL_CONNECT_JOB_CREATED, - base::BindRepeating(&NetLogCreateConnectJobCallback, - true /* backup_job */, &group_id_)); + NetLogEventType::SOCKET_POOL_CONNECT_JOB_CREATED, [&] { + return NetLogCreateConnectJobParams(true /* backup_job */, &group_id_); + }); ConnectJob* backup_job = owned_backup_job.get(); AddJob(std::move(owned_backup_job), false); client_socket_pool_->connecting_socket_count_++; diff --git a/chromium/net/socket/transport_client_socket_pool.h b/chromium/net/socket/transport_client_socket_pool.h index 2f61148245d..02ac61e95b5 100644 --- a/chromium/net/socket/transport_client_socket_pool.h +++ b/chromium/net/socket/transport_client_socket_pool.h @@ -795,7 +795,7 @@ class NET_EXPORT_PRIVATE TransportClientSocketPool SSLConfigService* const ssl_config_service_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(TransportClientSocketPool); }; diff --git a/chromium/net/socket/transport_client_socket_pool_test_util.cc b/chromium/net/socket/transport_client_socket_pool_test_util.cc index bf8b36601a4..ba52c32aa6c 100644 --- a/chromium/net/socket/transport_client_socket_pool_test_util.cc +++ b/chromium/net/socket/transport_client_socket_pool_test_util.cc @@ -194,8 +194,7 @@ class MockTriggerableClientSocket : public TransportClientSocket { : should_connect_(should_connect), is_connected_(false), addrlist_(addrlist), - net_log_(NetLogWithSource::Make(net_log, NetLogSourceType::SOCKET)), - weak_factory_(this) {} + net_log_(NetLogWithSource::Make(net_log, NetLogSourceType::SOCKET)) {} // Call this method to get a closure which will trigger the connect callback // when called. The closure can be called even after the socket is deleted; it @@ -322,7 +321,7 @@ class MockTriggerableClientSocket : public TransportClientSocket { CompletionOnceCallback callback_; ConnectionAttempts connection_attempts_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(MockTriggerableClientSocket); }; @@ -444,12 +443,12 @@ MockTransportClientSocketFactory::CreateTransportClientSocket( std::unique_ptr MockTransportClientSocketFactory::CreateSSLClientSocket( + SSLClientContext* context, std::unique_ptr stream_socket, const HostPortPair& host_and_port, - const SSLConfig& ssl_config, - const SSLClientSocketContext& context) { + const SSLConfig& ssl_config) { NOTIMPLEMENTED(); - return std::unique_ptr(); + return nullptr; } std::unique_ptr diff --git a/chromium/net/socket/transport_client_socket_pool_test_util.h b/chromium/net/socket/transport_client_socket_pool_test_util.h index 38a9744138f..a10aea17f6a 100644 --- a/chromium/net/socket/transport_client_socket_pool_test_util.h +++ b/chromium/net/socket/transport_client_socket_pool_test_util.h @@ -86,12 +86,11 @@ class MockTransportClientSocketFactory : public ClientSocketFactory { NetLog* /* net_log */, const NetLogSource& /* source */) override; - std::unique_ptr CreateSSLClientSocket( + SSLClientContext* context, std::unique_ptr nested_socket, const HostPortPair& host_and_port, - const SSLConfig& ssl_config, - const SSLClientSocketContext& context) override; + const SSLConfig& ssl_config) override; std::unique_ptr CreateProxyClientSocket( std::unique_ptr stream_socket, diff --git a/chromium/net/socket/transport_client_socket_pool_unittest.cc b/chromium/net/socket/transport_client_socket_pool_unittest.cc index d8d59caf1f5..8a1058402bb 100644 --- a/chromium/net/socket/transport_client_socket_pool_unittest.cc +++ b/chromium/net/socket/transport_client_socket_pool_unittest.cc @@ -94,17 +94,11 @@ class SOCKS5MockData { class TransportClientSocketPoolTest : public ::testing::Test, public WithScopedTaskEnvironment { protected: - // Default constructor. - TransportClientSocketPoolTest() - : TransportClientSocketPoolTest( - base::test::ScopedTaskEnvironment::MainThreadType::IO, - base::test::ScopedTaskEnvironment::NowSource::REAL_TIME) {} - // Constructor that allows mocking of the time. - TransportClientSocketPoolTest( - base::test::ScopedTaskEnvironment::MainThreadType type, - base::test::ScopedTaskEnvironment::NowSource now_source) - : WithScopedTaskEnvironment(type, now_source), + explicit TransportClientSocketPoolTest( + base::test::ScopedTaskEnvironment::TimeSource time_source = + base::test::ScopedTaskEnvironment::TimeSource::DEFAULT) + : WithScopedTaskEnvironment(time_source), connect_backup_jobs_enabled_( TransportClientSocketPool::set_connect_backup_jobs_enabled(true)), group_id_(HostPortPair("www.google.com", 80), @@ -2174,13 +2168,7 @@ class TransportClientSocketPoolMockNowSourceTest protected: TransportClientSocketPoolMockNowSourceTest() : TransportClientSocketPoolTest( - base::test::ScopedTaskEnvironment::MainThreadType::IO_MOCK_TIME, - base::test::ScopedTaskEnvironment::NowSource:: - MAIN_THREAD_MOCK_TIME) { - // Forward the clock by a non-zero amount to avoid triggering DCHECKs that - // verify that certain timestamps are non-null. - FastForwardBy(base::TimeDelta::FromSeconds(1)); - } + base::test::ScopedTaskEnvironment::TimeSource::MOCK_TIME_AND_NOW) {} private: DISALLOW_COPY_AND_ASSIGN(TransportClientSocketPoolMockNowSourceTest); diff --git a/chromium/net/socket/transport_client_socket_unittest.cc b/chromium/net/socket/transport_client_socket_unittest.cc index 38cff8f2917..46e285ef568 100644 --- a/chromium/net/socket/transport_client_socket_unittest.cc +++ b/chromium/net/socket/transport_client_socket_unittest.cc @@ -17,7 +17,6 @@ #include "net/log/net_log_source.h" #include "net/log/net_log_with_source.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/socket/client_socket_factory.h" #include "net/socket/tcp_client_socket.h" @@ -236,8 +235,7 @@ TEST_P(TransportClientSocketTest, Connect) { // Wait for |listen_sock_| to accept a connection. connect_loop_.Run(); - TestNetLogEntry::List net_log_entries; - net_log_.GetEntries(&net_log_entries); + auto net_log_entries = net_log_.GetEntries(); EXPECT_TRUE( LogContainsBeginEvent(net_log_entries, 0, NetLogEventType::SOCKET_ALIVE)); EXPECT_TRUE( @@ -250,7 +248,7 @@ TEST_P(TransportClientSocketTest, Connect) { } EXPECT_TRUE(sock_->IsConnected()); - net_log_.GetEntries(&net_log_entries); + net_log_entries = net_log_.GetEntries(); EXPECT_TRUE( LogContainsEndEvent(net_log_entries, -1, NetLogEventType::TCP_CONNECT)); diff --git a/chromium/net/socket/transport_connect_job.cc b/chromium/net/socket/transport_connect_job.cc index 047ac7add56..dafaecab369 100644 --- a/chromium/net/socket/transport_connect_job.cc +++ b/chromium/net/socket/transport_connect_job.cc @@ -101,8 +101,7 @@ TransportConnectJob::TransportConnectJob( NetLogEventType::TRANSPORT_CONNECT_JOB_CONNECT), params_(params), next_state_(STATE_NONE), - resolve_result_(OK), - weak_ptr_factory_(this) { + resolve_result_(OK) { // This is only set for WebSockets. DCHECK(!common_connect_job_params->websocket_endpoint_lock_manager); } diff --git a/chromium/net/socket/transport_connect_job.h b/chromium/net/socket/transport_connect_job.h index 0258e52eb42..69b763d3007 100644 --- a/chromium/net/socket/transport_connect_job.h +++ b/chromium/net/socket/transport_connect_job.h @@ -170,7 +170,7 @@ class NET_EXPORT_PRIVATE TransportConnectJob : public ConnectJob { ConnectionAttempts connection_attempts_; ConnectionAttempts fallback_connection_attempts_; - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(TransportConnectJob); }; diff --git a/chromium/net/socket/transport_connect_job_unittest.cc b/chromium/net/socket/transport_connect_job_unittest.cc index 0b14db63192..0489b276302 100644 --- a/chromium/net/socket/transport_connect_job_unittest.cc +++ b/chromium/net/socket/transport_connect_job_unittest.cc @@ -35,9 +35,7 @@ class TransportConnectJobTest : public WithScopedTaskEnvironment, public: TransportConnectJobTest() : WithScopedTaskEnvironment( - base::test::ScopedTaskEnvironment::MainThreadType::MOCK_TIME, - base::test::ScopedTaskEnvironment::NowSource:: - MAIN_THREAD_MOCK_TIME), + base::test::ScopedTaskEnvironment::TimeSource::MOCK_TIME_AND_NOW), client_socket_factory_(&net_log_), common_connect_job_params_( &client_socket_factory_, @@ -49,16 +47,11 @@ class TransportConnectJobTest : public WithScopedTaskEnvironment, nullptr /* quic_stream_factory */, nullptr /* proxy_delegate */, nullptr /* http_user_agent_settings */, - SSLClientSocketContext(), - SSLClientSocketContext(), + nullptr /* ssl_client_context */, nullptr /* socket_performance_watcher_factory */, nullptr /* network_quality_estimator */, &net_log_, - nullptr /* websocket_endpoint_lock_manager */) { - // Set an initial delay to ensure that calls to TimeTicks::Now() do not - // return a null value. - FastForwardBy(base::TimeDelta::FromSeconds(1)); - } + nullptr /* websocket_endpoint_lock_manager */) {} ~TransportConnectJobTest() override {} diff --git a/chromium/net/socket/udp_net_log_parameters.cc b/chromium/net/socket/udp_net_log_parameters.cc index d6b6fad3af7..f0bc87d9ff2 100644 --- a/chromium/net/socket/udp_net_log_parameters.cc +++ b/chromium/net/socket/udp_net_log_parameters.cc @@ -6,34 +6,33 @@ #include -#include "base/bind.h" #include "base/values.h" #include "net/base/ip_endpoint.h" -#include "net/log/net_log.h" +#include "net/log/net_log_values.h" +#include "net/log/net_log_with_source.h" namespace net { namespace { -base::Value NetLogUDPDataTranferCallback(int byte_count, - const char* bytes, - const IPEndPoint* address, - NetLogCaptureMode capture_mode) { +base::Value NetLogUDPDataTransferParams(int byte_count, + const char* bytes, + const IPEndPoint* address, + NetLogCaptureMode capture_mode) { base::DictionaryValue dict; dict.SetInteger("byte_count", byte_count); - if (capture_mode.include_socket_bytes()) + if (NetLogCaptureIncludesSocketBytes(capture_mode)) dict.SetKey("bytes", NetLogBinaryValue(bytes, byte_count)); if (address) dict.SetString("address", address->ToString()); return std::move(dict); } -base::Value NetLogUDPConnectCallback( - const IPEndPoint* address, - NetworkChangeNotifier::NetworkHandle network, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogUDPConnectParams( + const IPEndPoint& address, + NetworkChangeNotifier::NetworkHandle network) { base::DictionaryValue dict; - dict.SetString("address", address->ToString()); + dict.SetString("address", address.ToString()); if (network != NetworkChangeNotifier::kInvalidNetworkHandle) dict.SetInteger("bound_to_network", network); return std::move(dict); @@ -41,19 +40,22 @@ base::Value NetLogUDPConnectCallback( } // namespace -NetLogParametersCallback CreateNetLogUDPDataTranferCallback( - int byte_count, - const char* bytes, - const IPEndPoint* address) { +void NetLogUDPDataTransfer(const NetLogWithSource& net_log, + NetLogEventType type, + int byte_count, + const char* bytes, + const IPEndPoint* address) { DCHECK(bytes); - return base::Bind(&NetLogUDPDataTranferCallback, byte_count, bytes, address); + net_log.AddEvent(type, [&](NetLogCaptureMode capture_mode) { + return NetLogUDPDataTransferParams(byte_count, bytes, address, + capture_mode); + }); } -NetLogParametersCallback CreateNetLogUDPConnectCallback( - const IPEndPoint* address, +base::Value CreateNetLogUDPConnectParams( + const IPEndPoint& address, NetworkChangeNotifier::NetworkHandle network) { - DCHECK(address); - return base::Bind(&NetLogUDPConnectCallback, address, network); + return NetLogUDPConnectParams(address, network); } } // namespace net diff --git a/chromium/net/socket/udp_net_log_parameters.h b/chromium/net/socket/udp_net_log_parameters.h index 78b080b96e4..0ba1240d69b 100644 --- a/chromium/net/socket/udp_net_log_parameters.h +++ b/chromium/net/socket/udp_net_log_parameters.h @@ -6,26 +6,29 @@ #define NET_SOCKET_UDP_NET_LOG_PARAMETERS_H_ #include "net/base/network_change_notifier.h" -#include "net/log/net_log_parameters_callback.h" +#include "net/log/net_log_event_type.h" + +namespace base { +class Value; +} namespace net { +class NetLogWithSource; class IPEndPoint; -// Creates a NetLog callback that returns parameters describing a UDP -// receive/send event. |bytes| are only logged when byte logging is -// enabled. |address| may be NULL. |address| (if given) and |bytes| -// must be valid for the life of the callback. -NetLogParametersCallback CreateNetLogUDPDataTranferCallback( - int byte_count, - const char* bytes, - const IPEndPoint* address); - -// Creates a NetLog callback that returns parameters describing a UDP -// connect event. |address| cannot be NULL, and must remain valid for -// the lifetime of the callback. -NetLogParametersCallback CreateNetLogUDPConnectCallback( - const IPEndPoint* address, +// Emits a NetLog event with parameters describing a UDP receive/send event. +// |bytes| are only logged when byte logging is enabled. |address| may be +// nullptr. +void NetLogUDPDataTransfer(const NetLogWithSource& net_log, + NetLogEventType type, + int byte_count, + const char* bytes, + const IPEndPoint* address); + +// Creates NetLog parameters describing a UDP connect event. +base::Value CreateNetLogUDPConnectParams( + const IPEndPoint& address, NetworkChangeNotifier::NetworkHandle network); } // namespace net diff --git a/chromium/net/socket/udp_socket_perftest.cc b/chromium/net/socket/udp_socket_perftest.cc index 4c3408284b4..05018fffbe8 100644 --- a/chromium/net/socket/udp_socket_perftest.cc +++ b/chromium/net/socket/udp_socket_perftest.cc @@ -30,8 +30,7 @@ namespace { class UDPSocketPerfTest : public PlatformTest { public: UDPSocketPerfTest() - : buffer_(base::MakeRefCounted(kPacketSize)), - weak_factory_(this) {} + : buffer_(base::MakeRefCounted(kPacketSize)) {} void DoneWritePacketsToSocket(UDPClientSocket* socket, int num_of_packets, @@ -52,7 +51,7 @@ class UDPSocketPerfTest : public PlatformTest { protected: static const int kPacketSize = 1024; scoped_refptr buffer_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; }; const int UDPSocketPerfTest::kPacketSize; diff --git a/chromium/net/socket/udp_socket_posix.cc b/chromium/net/socket/udp_socket_posix.cc index 08bf79c75c1..dbc8c5aaf3b 100644 --- a/chromium/net/socket/udp_socket_posix.cc +++ b/chromium/net/socket/udp_socket_posix.cc @@ -200,10 +200,8 @@ UDPSocketPosix::UDPSocketPosix(DatagramSocket::BindType bind_type, write_buf_len_(0), net_log_(NetLogWithSource::Make(net_log, NetLogSourceType::UDP_SOCKET)), bound_network_(NetworkChangeNotifier::kInvalidNetworkHandle), - experimental_recv_optimization_enabled_(false), - weak_factory_(this) { - net_log_.BeginEvent(NetLogEventType::SOCKET_ALIVE, - source.ToEventParametersCallback()); + experimental_recv_optimization_enabled_(false) { + net_log_.BeginEventReferencingSource(NetLogEventType::SOCKET_ALIVE, source); } UDPSocketPosix::~UDPSocketPosix() { @@ -364,9 +362,9 @@ int UDPSocketPosix::GetLocalAddress(IPEndPoint* address) const { if (!address->FromSockAddr(storage.addr, storage.addr_len)) return ERR_ADDRESS_INVALID; local_address_ = std::move(address); - net_log_.AddEvent( - NetLogEventType::UDP_LOCAL_ADDRESS, - CreateNetLogUDPConnectCallback(local_address_.get(), bound_network_)); + net_log_.AddEvent(NetLogEventType::UDP_LOCAL_ADDRESS, [&] { + return CreateNetLogUDPConnectParams(*local_address_, bound_network_); + }); } *address = *local_address_; @@ -460,8 +458,9 @@ int UDPSocketPosix::SendToOrWrite(IOBuffer* buf, int UDPSocketPosix::Connect(const IPEndPoint& address) { DCHECK_NE(socket_, kInvalidSocket); - net_log_.BeginEvent(NetLogEventType::UDP_CONNECT, - CreateNetLogUDPConnectCallback(&address, bound_network_)); + net_log_.BeginEvent(NetLogEventType::UDP_CONNECT, [&] { + return CreateNetLogUDPConnectParams(address, bound_network_); + }); int rv = SetMulticastOptions(); if (rv != OK) return rv; @@ -765,9 +764,8 @@ void UDPSocketPosix::LogRead(int result, IPEndPoint address; bool is_address_valid = address.FromSockAddr(addr, addr_len); - net_log_.AddEvent(NetLogEventType::UDP_BYTES_RECEIVED, - CreateNetLogUDPDataTranferCallback( - result, bytes, is_address_valid ? &address : NULL)); + NetLogUDPDataTransfer(net_log_, NetLogEventType::UDP_BYTES_RECEIVED, result, + bytes, is_address_valid ? &address : nullptr); } received_activity_monitor_.Increment(result); @@ -795,9 +793,8 @@ void UDPSocketPosix::LogWrite(int result, } if (net_log_.IsCapturing()) { - net_log_.AddEvent( - NetLogEventType::UDP_BYTES_SENT, - CreateNetLogUDPDataTranferCallback(result, bytes, address)); + NetLogUDPDataTransfer(net_log_, NetLogEventType::UDP_BYTES_SENT, result, + bytes, address); } sent_activity_monitor_.Increment(result); diff --git a/chromium/net/socket/udp_socket_posix.h b/chromium/net/socket/udp_socket_posix.h index c62b4a88147..ce96046e720 100644 --- a/chromium/net/socket/udp_socket_posix.h +++ b/chromium/net/socket/udp_socket_posix.h @@ -632,7 +632,7 @@ class NET_EXPORT UDPSocketPosix { THREAD_CHECKER(thread_checker_); // Used for alternate writes that are posted for concurrent execution. - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(UDPSocketPosix); }; diff --git a/chromium/net/socket/udp_socket_posix_unittest.cc b/chromium/net/socket/udp_socket_posix_unittest.cc index 42a42a16287..43817cc5be5 100644 --- a/chromium/net/socket/udp_socket_posix_unittest.cc +++ b/chromium/net/socket/udp_socket_posix_unittest.cc @@ -8,7 +8,6 @@ #include "net/base/completion_repeating_callback.h" #include "net/base/net_errors.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/socket/datagram_socket.h" #include "net/test/test_with_scoped_task_environment.h" @@ -131,10 +130,9 @@ class UDPSocketPosixTest : public TestWithScopedTaskEnvironment { public: UDPSocketPosixTest() : TestWithScopedTaskEnvironment( - base::test::ScopedTaskEnvironment::MainThreadType::MOCK_TIME), + base::test::ScopedTaskEnvironment::TimeSource::MOCK_TIME), socket_(DatagramSocket::DEFAULT_BIND, &client_log_, NetLogSource()), - callback_fired_(false), - weak_factory_(this) { + callback_fired_(false) { write_callback_ = base::BindRepeating(&UDPSocketPosixTest::OnWriteComplete, weak_factory_.GetWeakPtr()); } @@ -236,7 +234,7 @@ class UDPSocketPosixTest : public TestWithScopedTaskEnvironment { struct iovec msg_iov_[kNumMsgs]; struct mmsghdr msgvec_[kNumMsgs]; #endif - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; }; TEST_F(UDPSocketPosixTest, InternalSendBuffers) { @@ -345,8 +343,7 @@ TEST_F(UDPSocketPosixTest, DidSendBuffers) { socket_.DidSendBuffers(std::move(send_result)); EXPECT_EQ(0u, socket_.GetUnwrittenBuffers().size()); VerifyBuffersDequeued(); - TestNetLogEntry::List client_entries; - client_log_.GetEntries(&client_entries); + auto client_entries = client_log_.GetEntries(); EXPECT_EQ(4u, client_entries.size()); EXPECT_TRUE( LogContainsBeginEvent(client_entries, 0, NetLogEventType::SOCKET_ALIVE)); @@ -369,8 +366,7 @@ TEST_F(UDPSocketPosixTest, DidSendBuffersAsync) { socket_.SetWriteCallback(write_callback_); socket_.DidSendBuffers(std::move(send_result)); EXPECT_EQ(0u, socket_.GetUnwrittenBuffers().size()); - TestNetLogEntry::List client_entries; - client_log_.GetEntries(&client_entries); + auto client_entries = client_log_.GetEntries(); EXPECT_EQ(4u, client_entries.size()); EXPECT_TRUE( LogContainsBeginEvent(client_entries, 0, NetLogEventType::SOCKET_ALIVE)); @@ -394,8 +390,7 @@ TEST_F(UDPSocketPosixTest, DidSendBuffersError) { socket_.SetWriteCallback(write_callback_); socket_.DidSendBuffers(std::move(send_result)); EXPECT_EQ(2u, socket_.GetUnwrittenBuffers().size()); - TestNetLogEntry::List client_entries; - client_log_.GetEntries(&client_entries); + auto client_entries = client_log_.GetEntries(); EXPECT_EQ(2u, client_entries.size()); EXPECT_TRUE( LogContainsBeginEvent(client_entries, 0, NetLogEventType::SOCKET_ALIVE)); @@ -413,8 +408,7 @@ TEST_F(UDPSocketPosixTest, DidSendBuffersShort) { socket_.SetWriteCallback(write_callback_); socket_.DidSendBuffers(std::move(send_result)); EXPECT_EQ(2u, socket_.GetUnwrittenBuffers().size()); - TestNetLogEntry::List client_entries; - client_log_.GetEntries(&client_entries); + auto client_entries = client_log_.GetEntries(); EXPECT_EQ(2u, client_entries.size()); EXPECT_TRUE( LogContainsBeginEvent(client_entries, 0, NetLogEventType::SOCKET_ALIVE)); @@ -433,8 +427,7 @@ TEST_F(UDPSocketPosixTest, DidSendBuffersPending) { EXPECT_CALL(socket_, InternalWatchFileDescriptor()).WillOnce(Return(true)); socket_.DidSendBuffers(std::move(send_result)); EXPECT_EQ(2u, socket_.GetUnwrittenBuffers().size()); - TestNetLogEntry::List client_entries; - client_log_.GetEntries(&client_entries); + auto client_entries = client_log_.GetEntries(); EXPECT_EQ(2u, client_entries.size()); EXPECT_TRUE( LogContainsBeginEvent(client_entries, 0, NetLogEventType::SOCKET_ALIVE)); @@ -454,8 +447,7 @@ TEST_F(UDPSocketPosixTest, DidSendBuffersWatchError) { .WillOnce(InvokeWithoutArgs(WatcherSetInvalidHandle)); socket_.DidSendBuffers(std::move(send_result)); EXPECT_EQ(2u, socket_.GetUnwrittenBuffers().size()); - TestNetLogEntry::List client_entries; - client_log_.GetEntries(&client_entries); + auto client_entries = client_log_.GetEntries(); EXPECT_EQ(3u, client_entries.size()); EXPECT_TRUE( LogContainsBeginEvent(client_entries, 0, NetLogEventType::SOCKET_ALIVE)); @@ -478,8 +470,7 @@ TEST_F(UDPSocketPosixTest, DidSendBuffersStopWatch) { socket_.DidSendBuffers(std::move(send_result)); buffers_ = socket_.GetUnwrittenBuffers(); EXPECT_EQ(2u, buffers_.size()); - TestNetLogEntry::List client_entries; - client_log_.GetEntries(&client_entries); + auto client_entries = client_log_.GetEntries(); EXPECT_EQ(2u, client_entries.size()); EXPECT_TRUE( LogContainsBeginEvent(client_entries, 0, NetLogEventType::SOCKET_ALIVE)); @@ -497,7 +488,7 @@ TEST_F(UDPSocketPosixTest, DidSendBuffersStopWatch) { socket_.DidSendBuffers(std::move(send_result2)); EXPECT_EQ(0u, socket_.GetUnwrittenBuffers().size()); - client_log_.GetEntries(&client_entries); + client_entries = client_log_.GetEntries(); EXPECT_EQ(4u, client_entries.size()); EXPECT_TRUE( LogContainsBeginEvent(client_entries, 0, NetLogEventType::SOCKET_ALIVE)); @@ -523,8 +514,7 @@ TEST_F(UDPSocketPosixTest, DidSendBuffersErrorStopWatch) { socket_.DidSendBuffers(std::move(send_result)); buffers_ = socket_.GetUnwrittenBuffers(); EXPECT_EQ(2u, buffers_.size()); - TestNetLogEntry::List client_entries; - client_log_.GetEntries(&client_entries); + auto client_entries = client_log_.GetEntries(); EXPECT_EQ(2u, client_entries.size()); EXPECT_TRUE( LogContainsBeginEvent(client_entries, 0, NetLogEventType::SOCKET_ALIVE)); @@ -542,7 +532,7 @@ TEST_F(UDPSocketPosixTest, DidSendBuffersErrorStopWatch) { socket_.DidSendBuffers(std::move(send_result2)); EXPECT_EQ(2u, socket_.GetUnwrittenBuffers().size()); - client_log_.GetEntries(&client_entries); + client_entries = client_log_.GetEntries(); EXPECT_EQ(2u, client_entries.size()); EXPECT_TRUE( LogContainsBeginEvent(client_entries, 0, NetLogEventType::SOCKET_ALIVE)); @@ -561,8 +551,7 @@ TEST_F(UDPSocketPosixTest, DidSendBuffersDelayCallbackWhileTooManyBuffers) { ResetWriteCallback(); socket_.SetWriteCallback(write_callback_); socket_.DidSendBuffers(std::move(send_result)); - TestNetLogEntry::List client_entries; - client_log_.GetEntries(&client_entries); + auto client_entries = client_log_.GetEntries(); EXPECT_EQ(3u, client_entries.size()); EXPECT_TRUE( LogContainsBeginEvent(client_entries, 0, NetLogEventType::SOCKET_ALIVE)); diff --git a/chromium/net/socket/udp_socket_unittest.cc b/chromium/net/socket/udp_socket_unittest.cc index b89b518b4bc..47ff0d115e8 100644 --- a/chromium/net/socket/udp_socket_unittest.cc +++ b/chromium/net/socket/udp_socket_unittest.cc @@ -25,7 +25,6 @@ #include "net/log/net_log_event_type.h" #include "net/log/net_log_source.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/socket/socket_test_util.h" #include "net/socket/udp_client_socket.h" @@ -219,8 +218,7 @@ void UDPSocketTest::ConnectTest(bool use_nonblocking_io) { client.reset(); // Check the server's log. - TestNetLogEntry::List server_entries; - server_log.GetEntries(&server_entries); + auto server_entries = server_log.GetEntries(); ASSERT_EQ(6u, server_entries.size()); EXPECT_TRUE( LogContainsBeginEvent(server_entries, 0, NetLogEventType::SOCKET_ALIVE)); @@ -240,8 +238,7 @@ void UDPSocketTest::ConnectTest(bool use_nonblocking_io) { LogContainsEndEvent(server_entries, 5, NetLogEventType::SOCKET_ALIVE)); // Check the client's log. - TestNetLogEntry::List client_entries; - client_log.GetEntries(&client_entries); + auto client_entries = client_log.GetEntries(); EXPECT_EQ(7u, client_entries.size()); EXPECT_TRUE( LogContainsBeginEvent(client_entries, 0, NetLogEventType::SOCKET_ALIVE)); @@ -651,8 +648,6 @@ TEST_F(UDPSocketTest, JoinMulticastGroup) { socket.Close(); } -#if !defined(OS_FUCHSIA) -// TODO(https://crbug.com/900709): SO_REUSEPORT doesn't work on Fuchsia. #if defined(OS_IOS) // TODO(https://crbug.com/947115): failing on device on iOS 12.2. #define MAYBE_SharedMulticastAddress DISABLED_SharedMulticastAddress @@ -711,7 +706,6 @@ TEST_F(UDPSocketTest, MAYBE_SharedMulticastAddress) { EXPECT_EQ(kMessage, RecvFromSocket(&socket2)); #endif // !defined(OS_CHROMEOS) } -#endif // !defined(OS_FUCHSIA) #endif // !defined(OS_ANDROID) TEST_F(UDPSocketTest, MulticastOptions) { diff --git a/chromium/net/socket/udp_socket_win.cc b/chromium/net/socket/udp_socket_win.cc index 8bc2497da39..f9cfcc474e9 100644 --- a/chromium/net/socket/udp_socket_win.cc +++ b/chromium/net/socket/udp_socket_win.cc @@ -259,8 +259,7 @@ UDPSocketWin::UDPSocketWin(DatagramSocket::BindType bind_type, net_log_(NetLogWithSource::Make(net_log, NetLogSourceType::UDP_SOCKET)), event_pending_(this) { EnsureWinsockInit(); - net_log_.BeginEvent(NetLogEventType::SOCKET_ALIVE, - source.ToEventParametersCallback()); + net_log_.BeginEventReferencingSource(NetLogEventType::SOCKET_ALIVE, source); } UDPSocketWin::~UDPSocketWin() { @@ -361,10 +360,10 @@ int UDPSocketWin::GetLocalAddress(IPEndPoint* address) const { if (!local_address->FromSockAddr(storage.addr, storage.addr_len)) return ERR_ADDRESS_INVALID; local_address_ = std::move(local_address); - net_log_.AddEvent(NetLogEventType::UDP_LOCAL_ADDRESS, - CreateNetLogUDPConnectCallback( - local_address_.get(), - NetworkChangeNotifier::kInvalidNetworkHandle)); + net_log_.AddEvent(NetLogEventType::UDP_LOCAL_ADDRESS, [&] { + return CreateNetLogUDPConnectParams( + *local_address_, NetworkChangeNotifier::kInvalidNetworkHandle); + }); } *address = *local_address_; @@ -445,10 +444,10 @@ int UDPSocketWin::SendToOrWrite(IOBuffer* buf, int UDPSocketWin::Connect(const IPEndPoint& address) { DCHECK_NE(socket_, INVALID_SOCKET); - net_log_.BeginEvent( - NetLogEventType::UDP_CONNECT, - CreateNetLogUDPConnectCallback( - &address, NetworkChangeNotifier::kInvalidNetworkHandle)); + net_log_.BeginEvent(NetLogEventType::UDP_CONNECT, [&] { + return CreateNetLogUDPConnectParams( + address, NetworkChangeNotifier::kInvalidNetworkHandle); + }); int rv = SetMulticastOptions(); if (rv != OK) return rv; @@ -743,9 +742,8 @@ void UDPSocketWin::LogRead(int result, } if (net_log_.IsCapturing()) { - net_log_.AddEvent( - NetLogEventType::UDP_BYTES_RECEIVED, - CreateNetLogUDPDataTranferCallback(result, bytes, address)); + NetLogUDPDataTransfer(net_log_, NetLogEventType::UDP_BYTES_RECEIVED, result, + bytes, address); } NetworkActivityMonitor::GetInstance()->IncrementBytesReceived(result); @@ -760,9 +758,8 @@ void UDPSocketWin::LogWrite(int result, } if (net_log_.IsCapturing()) { - net_log_.AddEvent( - NetLogEventType::UDP_BYTES_SENT, - CreateNetLogUDPDataTranferCallback(result, bytes, address)); + NetLogUDPDataTransfer(net_log_, NetLogEventType::UDP_BYTES_SENT, result, + bytes, address); } NetworkActivityMonitor::GetInstance()->IncrementBytesSent(result); diff --git a/chromium/net/socket/websocket_endpoint_lock_manager.cc b/chromium/net/socket/websocket_endpoint_lock_manager.cc index cdf90aa8132..9124b235aa5 100644 --- a/chromium/net/socket/websocket_endpoint_lock_manager.cc +++ b/chromium/net/socket/websocket_endpoint_lock_manager.cc @@ -47,8 +47,7 @@ WebSocketEndpointLockManager::LockReleaser::~LockReleaser() { WebSocketEndpointLockManager::WebSocketEndpointLockManager() : unlock_delay_(base::TimeDelta::FromMilliseconds(kUnlockDelayInMs)), - pending_unlock_count_(0), - weak_factory_(this) {} + pending_unlock_count_(0) {} WebSocketEndpointLockManager::~WebSocketEndpointLockManager() { DCHECK_EQ(lock_info_map_.size(), pending_unlock_count_); diff --git a/chromium/net/socket/websocket_endpoint_lock_manager.h b/chromium/net/socket/websocket_endpoint_lock_manager.h index 2d7cdf5ea8d..4e96c736a10 100644 --- a/chromium/net/socket/websocket_endpoint_lock_manager.h +++ b/chromium/net/socket/websocket_endpoint_lock_manager.h @@ -130,7 +130,7 @@ class NET_EXPORT_PRIVATE WebSocketEndpointLockManager { // Number of sockets currently pending unlock. size_t pending_unlock_count_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(WebSocketEndpointLockManager); }; diff --git a/chromium/net/socket/websocket_transport_client_socket_pool.cc b/chromium/net/socket/websocket_transport_client_socket_pool.cc index 820288f6c66..aa0eba304bd 100644 --- a/chromium/net/socket/websocket_transport_client_socket_pool.cc +++ b/chromium/net/socket/websocket_transport_client_socket_pool.cc @@ -36,8 +36,7 @@ WebSocketTransportClientSocketPool::WebSocketTransportClientSocketPool( common_connect_job_params_(common_connect_job_params), max_sockets_(max_sockets), handed_out_socket_count_(0), - flushing_(false), - weak_factory_(this) { + flushing_(false) { DCHECK(common_connect_job_params_->websocket_endpoint_lock_manager); } @@ -113,10 +112,9 @@ int WebSocketTransportClientSocketPool::RequestSocket( // Regardless of the outcome of |connect_job|, it will always be bound to // |handle|, since this pool uses early-binding. So the binding is logged // here, without waiting for the result. - request_net_log.AddEvent(NetLogEventType::SOCKET_POOL_BOUND_TO_CONNECT_JOB, - connect_job_delegate->connect_job_net_log() - .source() - .ToEventParametersCallback()); + request_net_log.AddEventReferencingSource( + NetLogEventType::SOCKET_POOL_BOUND_TO_CONNECT_JOB, + connect_job_delegate->connect_job_net_log().source()); if (result == ERR_IO_PENDING) { // TODO(ricea): Implement backup job timer? @@ -373,9 +371,9 @@ void WebSocketTransportClientSocketPool::HandOutSocket( handle->set_group_generation(0); handle->set_connect_timing(connect_timing); - net_log.AddEvent( + net_log.AddEventReferencingSource( NetLogEventType::SOCKET_POOL_BOUND_TO_SOCKET, - handle->socket()->NetLog().source().ToEventParametersCallback()); + handle->socket()->NetLog().source()); ++handed_out_socket_count_; } diff --git a/chromium/net/socket/websocket_transport_client_socket_pool.h b/chromium/net/socket/websocket_transport_client_socket_pool.h index f1d5f0d9497..904e71975d2 100644 --- a/chromium/net/socket/websocket_transport_client_socket_pool.h +++ b/chromium/net/socket/websocket_transport_client_socket_pool.h @@ -211,7 +211,7 @@ class NET_EXPORT_PRIVATE WebSocketTransportClientSocketPool int handed_out_socket_count_; bool flushing_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(WebSocketTransportClientSocketPool); }; diff --git a/chromium/net/socket/websocket_transport_client_socket_pool_unittest.cc b/chromium/net/socket/websocket_transport_client_socket_pool_unittest.cc index 944fcac5443..c404a2d35d9 100644 --- a/chromium/net/socket/websocket_transport_client_socket_pool_unittest.cc +++ b/chromium/net/socket/websocket_transport_client_socket_pool_unittest.cc @@ -80,8 +80,7 @@ class WebSocketTransportClientSocketPoolTest nullptr /* quic_stream_factory */, nullptr /* proxy_delegate */, nullptr /* http_user_agent_settings */, - SSLClientSocketContext(), - SSLClientSocketContext(), + nullptr /* ssl_client_context */, nullptr /* socket_performance_watcher_factory */, nullptr /* network_quality_estimator */, nullptr /* netlog */, diff --git a/chromium/net/socket/websocket_transport_connect_job.cc b/chromium/net/socket/websocket_transport_connect_job.cc index 1b80ee69585..5510ec197e4 100644 --- a/chromium/net/socket/websocket_transport_connect_job.cc +++ b/chromium/net/socket/websocket_transport_connect_job.cc @@ -41,8 +41,7 @@ WebSocketTransportConnectJob::WebSocketTransportConnectJob( next_state_(STATE_NONE), race_result_(TransportConnectJob::RACE_UNKNOWN), had_ipv4_(false), - had_ipv6_(false), - weak_ptr_factory_(this) { + had_ipv6_(false) { DCHECK(common_connect_job_params->websocket_endpoint_lock_manager); } diff --git a/chromium/net/socket/websocket_transport_connect_job.h b/chromium/net/socket/websocket_transport_connect_job.h index 6ba51a0840c..cfd0ed38890 100644 --- a/chromium/net/socket/websocket_transport_connect_job.h +++ b/chromium/net/socket/websocket_transport_connect_job.h @@ -106,7 +106,7 @@ class NET_EXPORT_PRIVATE WebSocketTransportConnectJob : public ConnectJob { bool had_ipv4_; bool had_ipv6_; - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(WebSocketTransportConnectJob); }; diff --git a/chromium/net/spdy/bidirectional_stream_spdy_impl.cc b/chromium/net/spdy/bidirectional_stream_spdy_impl.cc index 32d0999841e..f428a759d5a 100644 --- a/chromium/net/spdy/bidirectional_stream_spdy_impl.cc +++ b/chromium/net/spdy/bidirectional_stream_spdy_impl.cc @@ -45,8 +45,7 @@ BidirectionalStreamSpdyImpl::BidirectionalStreamSpdyImpl( closed_stream_status_(ERR_FAILED), closed_stream_received_bytes_(0), closed_stream_sent_bytes_(0), - closed_has_load_timing_info_(false), - weak_factory_(this) {} + closed_has_load_timing_info_(false) {} BidirectionalStreamSpdyImpl::~BidirectionalStreamSpdyImpl() { // Sends a RST to the remote if the stream is destroyed before it completes. diff --git a/chromium/net/spdy/bidirectional_stream_spdy_impl.h b/chromium/net/spdy/bidirectional_stream_spdy_impl.h index 7266e66f0d4..954a678252a 100644 --- a/chromium/net/spdy/bidirectional_stream_spdy_impl.h +++ b/chromium/net/spdy/bidirectional_stream_spdy_impl.h @@ -130,7 +130,7 @@ class NET_EXPORT_PRIVATE BidirectionalStreamSpdyImpl // Keep a reference here so it is alive until OnDataSent is invoked. scoped_refptr pending_combined_buffer_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(BidirectionalStreamSpdyImpl); }; diff --git a/chromium/net/spdy/bidirectional_stream_spdy_impl_unittest.cc b/chromium/net/spdy/bidirectional_stream_spdy_impl_unittest.cc index 1a314666e47..5373ba3879d 100644 --- a/chromium/net/spdy/bidirectional_stream_spdy_impl_unittest.cc +++ b/chromium/net/spdy/bidirectional_stream_spdy_impl_unittest.cc @@ -432,7 +432,7 @@ TEST_F(BidirectionalStreamSpdyImplTest, SendDataAfterStreamFailed) { delegate->SendData(buf.get(), buf->size(), false); base::RunLoop().RunUntilIdle(); - EXPECT_THAT(delegate->error(), IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(delegate->error(), IsError(ERR_HTTP2_PROTOCOL_ERROR)); EXPECT_EQ(0, delegate->on_data_read_count()); EXPECT_EQ(0, delegate->on_data_sent_count()); EXPECT_EQ(kProtoHTTP2, delegate->GetProtocol()); diff --git a/chromium/net/spdy/buffered_spdy_framer.h b/chromium/net/spdy/buffered_spdy_framer.h index ca497b9f9fa..1d0851ae696 100644 --- a/chromium/net/spdy/buffered_spdy_framer.h +++ b/chromium/net/spdy/buffered_spdy_framer.h @@ -240,7 +240,7 @@ class NET_EXPORT_PRIVATE BufferedSpdyFramer http2::Http2DecoderAdapter deframer_; BufferedSpdyFramerVisitorInterface* visitor_; - int frames_received_; + int frames_received_ = 0; // Collection of fields from control frames that we need to // buffer up from the spdy framer. @@ -248,16 +248,16 @@ class NET_EXPORT_PRIVATE BufferedSpdyFramer ControlFrameFields(); spdy::SpdyFrameType type; - spdy::SpdyStreamId stream_id; - spdy::SpdyStreamId associated_stream_id; - spdy::SpdyStreamId promised_stream_id; - bool has_priority; - spdy::SpdyPriority priority; - int weight; - spdy::SpdyStreamId parent_stream_id; - bool exclusive; - bool fin; - bool unidirectional; + spdy::SpdyStreamId stream_id = 0U; + spdy::SpdyStreamId associated_stream_id = 0U; + spdy::SpdyStreamId promised_stream_id = 0U; + bool has_priority = false; + spdy::SpdyPriority priority = 0U; + int weight = 0; + spdy::SpdyStreamId parent_stream_id = 0U; + bool exclusive = false; + bool fin = false; + bool unidirectional = false; base::TimeTicks recv_first_byte_time; }; std::unique_ptr control_frame_fields_; diff --git a/chromium/net/spdy/header_coalescer.cc b/chromium/net/spdy/header_coalescer.cc index 9a3bb1888c6..a77c1b8840d 100644 --- a/chromium/net/spdy/header_coalescer.cc +++ b/chromium/net/spdy/header_coalescer.cc @@ -8,31 +8,32 @@ #include #include -#include "base/bind.h" -#include "base/callback.h" #include "base/strings/string_util.h" #include "base/strings/stringprintf.h" #include "base/trace_event/memory_usage_estimator.h" #include "base/values.h" -#include "net/base/escape.h" #include "net/http/http_log_util.h" #include "net/http/http_util.h" -#include "net/log/net_log.h" +#include "net/log/net_log_values.h" namespace net { namespace { -base::Value ElideNetLogHeaderCallback(base::StringPiece header_name, - base::StringPiece header_value, - base::StringPiece error_message, - NetLogCaptureMode capture_mode) { - base::DictionaryValue dict; - dict.SetKey("header_name", NetLogStringValue(header_name)); - dict.SetKey("header_value", NetLogStringValue(ElideHeaderValueForNetLog( - capture_mode, header_name.as_string(), - header_value.as_string()))); - dict.SetString("error", error_message); - return std::move(dict); +void NetLogInvalidHeader(const NetLogWithSource& net_log, + base::StringPiece header_name, + base::StringPiece header_value, + const char* error_message) { + net_log.AddEvent(NetLogEventType::HTTP2_SESSION_RECV_INVALID_HEADER, + [&](NetLogCaptureMode capture_mode) { + base::DictionaryValue dict; + dict.SetKey("header_name", NetLogStringValue(header_name)); + dict.SetKey("header_value", + NetLogStringValue(ElideHeaderValueForNetLog( + capture_mode, header_name.as_string(), + header_value.as_string()))); + dict.SetString("error", error_message); + return dict; + }); } bool ContainsUppercaseAscii(base::StringPiece str) { @@ -65,19 +66,15 @@ size_t HeaderCoalescer::EstimateMemoryUsage() const { bool HeaderCoalescer::AddHeader(base::StringPiece key, base::StringPiece value) { if (key.empty()) { - net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_RECV_INVALID_HEADER, - base::Bind(&ElideNetLogHeaderCallback, key, value, - "Header name must not be empty.")); + NetLogInvalidHeader(net_log_, key, value, "Header name must not be empty."); return false; } base::StringPiece key_name = key; if (key[0] == ':') { if (regular_header_seen_) { - net_log_.AddEvent( - NetLogEventType::HTTP2_SESSION_RECV_INVALID_HEADER, - base::Bind(&ElideNetLogHeaderCallback, key, value, - "Pseudo header must not follow regular headers.")); + NetLogInvalidHeader(net_log_, key, value, + "Pseudo header must not follow regular headers."); return false; } key_name.remove_prefix(1); @@ -86,25 +83,21 @@ bool HeaderCoalescer::AddHeader(base::StringPiece key, } if (!HttpUtil::IsValidHeaderName(key_name)) { - net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_RECV_INVALID_HEADER, - base::Bind(&ElideNetLogHeaderCallback, key, value, - "Invalid character in header name.")); + NetLogInvalidHeader(net_log_, key, value, + "Invalid character in header name."); return false; } if (ContainsUppercaseAscii(key_name)) { - net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_RECV_INVALID_HEADER, - base::Bind(&ElideNetLogHeaderCallback, key, value, - "Upper case characters in header name.")); + NetLogInvalidHeader(net_log_, key, value, + "Upper case characters in header name."); return false; } // 32 byte overhead according to RFC 7540 Section 6.5.2. header_list_size_ += key.size() + value.size() + 32; if (header_list_size_ > max_header_list_size_) { - net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_RECV_INVALID_HEADER, - base::Bind(&ElideNetLogHeaderCallback, key, value, - "Header list too large.")); + NetLogInvalidHeader(net_log_, key, value, "Header list too large."); return false; } @@ -124,9 +117,7 @@ bool HeaderCoalescer::AddHeader(base::StringPiece key, std::string error_line; base::StringAppendF(&error_line, "Invalid character 0x%02X in header value.", c); - net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_RECV_INVALID_HEADER, - base::Bind(&ElideNetLogHeaderCallback, key, value, - error_line.c_str())); + NetLogInvalidHeader(net_log_, key, value, error_line.c_str()); return false; } } diff --git a/chromium/net/spdy/header_coalescer_test.cc b/chromium/net/spdy/header_coalescer_test.cc index 72693b87740..b6aa1b5acf9 100644 --- a/chromium/net/spdy/header_coalescer_test.cc +++ b/chromium/net/spdy/header_coalescer_test.cc @@ -8,6 +8,7 @@ #include #include "net/log/test_net_log.h" +#include "net/log/test_net_log_util.h" #include "net/spdy/spdy_test_util_common.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" @@ -26,19 +27,18 @@ class HeaderCoalescerTest : public ::testing::Test { void ExpectEntry(base::StringPiece expected_header_name, base::StringPiece expected_header_value, base::StringPiece expected_error_message) { - TestNetLogEntry::List entry_list; - net_log_.GetEntries(&entry_list); + auto entry_list = net_log_.GetEntries(); ASSERT_EQ(1u, entry_list.size()); EXPECT_EQ(entry_list[0].type, NetLogEventType::HTTP2_SESSION_RECV_INVALID_HEADER); EXPECT_EQ(entry_list[0].source.id, net_log_.bound().source().id); std::string value; - EXPECT_TRUE(entry_list[0].GetStringValue("header_name", &value)); - EXPECT_EQ(expected_header_name, value); - EXPECT_TRUE(entry_list[0].GetStringValue("header_value", &value)); - EXPECT_EQ(expected_header_value, value); - EXPECT_TRUE(entry_list[0].GetStringValue("error", &value)); - EXPECT_EQ(expected_error_message, value); + EXPECT_EQ(expected_header_name, + GetStringValueFromParams(entry_list[0], "header_name")); + EXPECT_EQ(expected_header_value, + GetStringValueFromParams(entry_list[0], "header_value")); + EXPECT_EQ(expected_error_message, + GetStringValueFromParams(entry_list[0], "error")); } protected: diff --git a/chromium/net/spdy/platform/impl/spdy_containers_impl.h b/chromium/net/spdy/platform/impl/spdy_containers_impl.h index 5792eb759a1..1a5381ae690 100644 --- a/chromium/net/spdy/platform/impl/spdy_containers_impl.h +++ b/chromium/net/spdy/platform/impl/spdy_containers_impl.h @@ -8,6 +8,7 @@ #include #include +#include "base/containers/small_map.h" #include "base/strings/string_piece.h" #include "net/third_party/quiche/src/common/simple_linked_hash_map.h" @@ -34,6 +35,12 @@ inline size_t SpdyHashStringPairImpl(SpdyStringPiece a, SpdyStringPiece b) { return base::StringPieceHash()(a) ^ base::StringPieceHash()(b); } +// A map which is faster than (for example) hash_map for a certain number of +// unique key-value-pair elements, and upgrades itself to unordered_map when +// runs out of space. +template +using SpdySmallMapImpl = base::small_map, Size>; + } // namespace spdy #endif // NET_SPDY_PLATFORM_IMPL_SPDY_CONTAINERS_IMPL_H_ diff --git a/chromium/net/spdy/platform/impl/spdy_test_impl.h b/chromium/net/spdy/platform/impl/spdy_test_impl.h new file mode 100644 index 00000000000..3b31aba0f92 --- /dev/null +++ b/chromium/net/spdy/platform/impl/spdy_test_impl.h @@ -0,0 +1,12 @@ +// Copyright (c) 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_SPDY_PLATFORM_IMPL_SPDY_TEST_IMPL_H_ +#define NET_SPDY_PLATFORM_IMPL_SPDY_TEST_IMPL_H_ + +#include "testing/gmock/include/gmock/gmock.h" // IWYU pragma: export +#include "testing/gtest/include/gtest/gtest-spi.h" // IWYU pragma: export +#include "testing/gtest/include/gtest/gtest.h" // IWYU pragma: export + +#endif // NET_SPDY_PLATFORM_IMPL_SPDY_TEST_IMPL_H_ diff --git a/chromium/net/spdy/spdy_http_stream.cc b/chromium/net/spdy/spdy_http_stream.cc index 3a8865e2896..9b91a1e6f99 100644 --- a/chromium/net/spdy/spdy_http_stream.cc +++ b/chromium/net/spdy/spdy_http_stream.cc @@ -121,8 +121,7 @@ SpdyHttpStream::SpdyHttpStream(const base::WeakPtr& spdy_session, request_body_buf_size_(0), buffered_read_callback_pending_(false), more_read_data_pending_(false), - was_alpn_negotiated_(false), - weak_factory_(this) { + was_alpn_negotiated_(false) { DCHECK(spdy_session_.get()); } @@ -348,7 +347,9 @@ int SpdyHttpStream::SendRequest(const HttpRequestHeaders& request_headers, CreateSpdyHeadersFromHttpRequest(*request_info_, request_headers, &headers); stream_->net_log().AddEvent( NetLogEventType::HTTP_TRANSACTION_HTTP2_SEND_REQUEST_HEADERS, - base::Bind(&SpdyHeaderBlockNetLogCallback, &headers)); + [&](NetLogCaptureMode capture_mode) { + return SpdyHeaderBlockNetLogParams(&headers, capture_mode); + }); DispatchRequestHeadersCallback(headers); result = stream_->SendRequestHeaders( std::move(headers), @@ -399,7 +400,7 @@ void SpdyHttpStream::OnHeadersReceived( response_headers, *response_info_)) { // Cancel will call OnClose, which might call callbacks and might destroy // |this|. - stream_->Cancel(ERR_SPDY_PUSHED_RESPONSE_DOES_NOT_MATCH); + stream_->Cancel(ERR_HTTP2_PUSHED_RESPONSE_DOES_NOT_MATCH); return; } diff --git a/chromium/net/spdy/spdy_http_stream.h b/chromium/net/spdy/spdy_http_stream.h index 643c4f374ce..a647849b2b0 100644 --- a/chromium/net/spdy/spdy_http_stream.h +++ b/chromium/net/spdy/spdy_http_stream.h @@ -233,7 +233,7 @@ class NET_EXPORT_PRIVATE SpdyHttpStream : public SpdyStream::Delegate, base::debug::StackTrace stack_trace_; #endif - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(SpdyHttpStream); }; diff --git a/chromium/net/spdy/spdy_http_stream_unittest.cc b/chromium/net/spdy/spdy_http_stream_unittest.cc index 6993bbbeb88..fd8484702d7 100644 --- a/chromium/net/spdy/spdy_http_stream_unittest.cc +++ b/chromium/net/spdy/spdy_http_stream_unittest.cc @@ -76,7 +76,7 @@ class ReadErrorUploadDataStream : public UploadDataStream { enum class FailureMode { SYNC, ASYNC }; explicit ReadErrorUploadDataStream(FailureMode mode) - : UploadDataStream(true, 0), async_(mode), weak_factory_(this) {} + : UploadDataStream(true, 0), async_(mode) {} private: void CompleteRead() { UploadDataStream::OnReadCompleted(ERR_FAILED); } @@ -98,7 +98,7 @@ class ReadErrorUploadDataStream : public UploadDataStream { const FailureMode async_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(ReadErrorUploadDataStream); }; diff --git a/chromium/net/spdy/spdy_log_util.cc b/chromium/net/spdy/spdy_log_util.cc index bb44301df67..fe85d2f016c 100644 --- a/chromium/net/spdy/spdy_log_util.cc +++ b/chromium/net/spdy/spdy_log_util.cc @@ -10,12 +10,13 @@ #include "base/strings/string_number_conversions.h" #include "base/values.h" #include "net/http/http_log_util.h" +#include "net/log/net_log_values.h" namespace net { base::Value ElideGoAwayDebugDataForNetLog(NetLogCaptureMode capture_mode, base::StringPiece debug_data) { - if (capture_mode.include_cookies_and_credentials()) + if (NetLogCaptureIncludesSensitive(capture_mode)) return NetLogStringValue(debug_data); return NetLogStringValue(base::StrCat( @@ -37,8 +38,8 @@ base::ListValue ElideSpdyHeaderBlockForNetLog( return headers_list; } -base::Value SpdyHeaderBlockNetLogCallback(const spdy::SpdyHeaderBlock* headers, - NetLogCaptureMode capture_mode) { +base::Value SpdyHeaderBlockNetLogParams(const spdy::SpdyHeaderBlock* headers, + NetLogCaptureMode capture_mode) { base::DictionaryValue dict; dict.SetKey("headers", ElideSpdyHeaderBlockForNetLog(*headers, capture_mode)); return std::move(dict); diff --git a/chromium/net/spdy/spdy_log_util.h b/chromium/net/spdy/spdy_log_util.h index df08152b292..4638caa9848 100644 --- a/chromium/net/spdy/spdy_log_util.h +++ b/chromium/net/spdy/spdy_log_util.h @@ -34,7 +34,7 @@ NET_EXPORT_PRIVATE base::ListValue ElideSpdyHeaderBlockForNetLog( NetLogCaptureMode capture_mode); // Converts a spdy::SpdyHeaderBlock into NetLog event parameters. -NET_EXPORT_PRIVATE base::Value SpdyHeaderBlockNetLogCallback( +NET_EXPORT_PRIVATE base::Value SpdyHeaderBlockNetLogParams( const spdy::SpdyHeaderBlock* headers, NetLogCaptureMode capture_mode); diff --git a/chromium/net/spdy/spdy_log_util_unittest.cc b/chromium/net/spdy/spdy_log_util_unittest.cc index 53f788a6f31..9d4594620f9 100644 --- a/chromium/net/spdy/spdy_log_util_unittest.cc +++ b/chromium/net/spdy/spdy_log_util_unittest.cc @@ -21,15 +21,13 @@ std::string ElideGoAwayDebugDataForNetLogAsString( TEST(SpdyLogUtilTest, ElideGoAwayDebugDataForNetLog) { // Only elide for appropriate log level. EXPECT_EQ("[6 bytes were stripped]", - ElideGoAwayDebugDataForNetLogAsString(NetLogCaptureMode::Default(), + ElideGoAwayDebugDataForNetLogAsString(NetLogCaptureMode::kDefault, "foobar")); - EXPECT_EQ("foobar", + EXPECT_EQ("foobar", ElideGoAwayDebugDataForNetLogAsString( + NetLogCaptureMode::kIncludeSensitive, "foobar")); + EXPECT_EQ("%ESCAPED:\xE2\x80\x8B %FE%FF", ElideGoAwayDebugDataForNetLogAsString( - NetLogCaptureMode::IncludeCookiesAndCredentials(), "foobar")); - EXPECT_EQ( - "%ESCAPED:\xE2\x80\x8B %FE%FF", - ElideGoAwayDebugDataForNetLogAsString( - NetLogCaptureMode::IncludeCookiesAndCredentials(), "\xfe\xff\x00")); + NetLogCaptureMode::kIncludeSensitive, "\xfe\xff\x00")); } TEST(SpdyLogUtilTest, ElideSpdyHeaderBlockForNetLog) { @@ -38,7 +36,7 @@ TEST(SpdyLogUtilTest, ElideSpdyHeaderBlockForNetLog) { headers["cookie"] = "name=value"; base::ListValue list = - ElideSpdyHeaderBlockForNetLog(headers, NetLogCaptureMode::Default()); + ElideSpdyHeaderBlockForNetLog(headers, NetLogCaptureMode::kDefault); ASSERT_FALSE(list.is_none()); ASSERT_EQ(2u, list.GetList().size()); @@ -49,8 +47,8 @@ TEST(SpdyLogUtilTest, ElideSpdyHeaderBlockForNetLog) { ASSERT_TRUE(list.GetList()[1].is_string()); EXPECT_EQ("cookie: [10 bytes were stripped]", list.GetList()[1].GetString()); - list = ElideSpdyHeaderBlockForNetLog( - headers, NetLogCaptureMode::IncludeCookiesAndCredentials()); + list = ElideSpdyHeaderBlockForNetLog(headers, + NetLogCaptureMode::kIncludeSensitive); ASSERT_FALSE(list.is_none()); ASSERT_EQ(2u, list.GetList().size()); @@ -62,13 +60,13 @@ TEST(SpdyLogUtilTest, ElideSpdyHeaderBlockForNetLog) { EXPECT_EQ("cookie: name=value", list.GetList()[1].GetString()); } -TEST(SpdyLogUtilTest, SpdyHeaderBlockNetLogCallback) { +TEST(SpdyLogUtilTest, SpdyHeaderBlockNetLogParams) { spdy::SpdyHeaderBlock headers; headers["foo"] = "bar"; headers["cookie"] = "name=value"; std::unique_ptr dict = base::Value::ToUniquePtrValue( - SpdyHeaderBlockNetLogCallback(&headers, NetLogCaptureMode::Default())); + SpdyHeaderBlockNetLogParams(&headers, NetLogCaptureMode::kDefault)); ASSERT_TRUE(dict); ASSERT_TRUE(dict->is_dict()); @@ -86,8 +84,8 @@ TEST(SpdyLogUtilTest, SpdyHeaderBlockNetLogCallback) { EXPECT_EQ("cookie: [10 bytes were stripped]", header_list->GetList()[1].GetString()); - dict = base::Value::ToUniquePtrValue(SpdyHeaderBlockNetLogCallback( - &headers, NetLogCaptureMode::IncludeCookiesAndCredentials())); + dict = base::Value::ToUniquePtrValue(SpdyHeaderBlockNetLogParams( + &headers, NetLogCaptureMode::kIncludeSensitive)); ASSERT_TRUE(dict); ASSERT_TRUE(dict->is_dict()); @@ -113,7 +111,7 @@ TEST(SpdyLogUtilTest, ElideSpdyHeaderBlockForNetLogWithNonUTF8Characters) { headers["\xde\xad"] = "\xbe\xef"; base::ListValue list = - ElideSpdyHeaderBlockForNetLog(headers, NetLogCaptureMode::Default()); + ElideSpdyHeaderBlockForNetLog(headers, NetLogCaptureMode::kDefault); ASSERT_EQ(3u, list.GetSize()); std::string field; diff --git a/chromium/net/spdy/spdy_network_transaction_unittest.cc b/chromium/net/spdy/spdy_network_transaction_unittest.cc index 444861f9189..95678b2d9a9 100644 --- a/chromium/net/spdy/spdy_network_transaction_unittest.cc +++ b/chromium/net/spdy/spdy_network_transaction_unittest.cc @@ -41,7 +41,6 @@ #include "net/log/net_log_event_type.h" #include "net/log/net_log_with_source.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/socket/next_proto.h" #include "net/socket/socket_tag.h" @@ -2117,7 +2116,7 @@ TEST_F(SpdyNetworkTransactionTest, ResponseWithoutHeaders) { NormalSpdyTransactionHelper helper(request_, DEFAULT_PRIORITY, log_, nullptr); helper.RunToCompletion(&data); TransactionHelperResult out = helper.output(); - EXPECT_THAT(out.rv, IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(out.rv, IsError(ERR_HTTP2_PROTOCOL_ERROR)); } // Test that the transaction doesn't crash when we get two replies on the same @@ -2161,7 +2160,7 @@ TEST_F(SpdyNetworkTransactionTest, ResponseWithTwoSynReplies) { EXPECT_TRUE(response->was_fetched_via_spdy); std::string response_data; rv = ReadTransaction(trans, &response_data); - EXPECT_THAT(rv, IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(rv, IsError(ERR_HTTP2_PROTOCOL_ERROR)); helper.VerifyDataConsumed(); } @@ -2191,7 +2190,7 @@ TEST_F(SpdyNetworkTransactionTest, ResetReplyWithTransferEncoding) { NormalSpdyTransactionHelper helper(request_, DEFAULT_PRIORITY, log_, nullptr); helper.RunToCompletion(&data); TransactionHelperResult out = helper.output(); - EXPECT_THAT(out.rv, IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(out.rv, IsError(ERR_HTTP2_PROTOCOL_ERROR)); helper.session()->spdy_session_pool()->CloseAllSessions(); helper.VerifyDataConsumed(); @@ -4540,7 +4539,7 @@ TEST_F(SpdyNetworkTransactionTest, InvalidResponseHeaders) { nullptr); helper.RunToCompletion(&data); TransactionHelperResult out = helper.output(); - EXPECT_THAT(out.rv, IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(out.rv, IsError(ERR_HTTP2_PROTOCOL_ERROR)); } } @@ -4568,7 +4567,7 @@ TEST_F(SpdyNetworkTransactionTest, CorruptFrameSessionError) { NormalSpdyTransactionHelper helper(request_, DEFAULT_PRIORITY, log_, nullptr); helper.RunToCompletion(&data); TransactionHelperResult out = helper.output(); - EXPECT_THAT(out.rv, IsError(ERR_SPDY_COMPRESSION_ERROR)); + EXPECT_THAT(out.rv, IsError(ERR_HTTP2_COMPRESSION_ERROR)); } TEST_F(SpdyNetworkTransactionTest, GoAwayOnDecompressionFailure) { @@ -4589,7 +4588,7 @@ TEST_F(SpdyNetworkTransactionTest, GoAwayOnDecompressionFailure) { NormalSpdyTransactionHelper helper(request_, DEFAULT_PRIORITY, log_, nullptr); helper.RunToCompletion(&data); TransactionHelperResult out = helper.output(); - EXPECT_THAT(out.rv, IsError(ERR_SPDY_COMPRESSION_ERROR)); + EXPECT_THAT(out.rv, IsError(ERR_HTTP2_COMPRESSION_ERROR)); } TEST_F(SpdyNetworkTransactionTest, GoAwayOnFrameSizeError) { @@ -4610,7 +4609,7 @@ TEST_F(SpdyNetworkTransactionTest, GoAwayOnFrameSizeError) { NormalSpdyTransactionHelper helper(request_, DEFAULT_PRIORITY, log_, nullptr); helper.RunToCompletion(&data); TransactionHelperResult out = helper.output(); - EXPECT_THAT(out.rv, IsError(ERR_SPDY_FRAME_SIZE_ERROR)); + EXPECT_THAT(out.rv, IsError(ERR_HTTP2_FRAME_SIZE_ERROR)); } // Test that we shutdown correctly on write errors. @@ -4702,8 +4701,7 @@ TEST_F(SpdyNetworkTransactionTest, NetLog) { // This test is intentionally non-specific about the exact ordering of the // log; instead we just check to make sure that certain events exist, and that // they are in the right order. - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_LT(0u, entries.size()); int pos = 0; @@ -4731,8 +4729,8 @@ TEST_F(SpdyNetworkTransactionTest, NetLog) { NetLogEventType::HTTP2_SESSION_SEND_HEADERS, NetLogEventPhase::NONE); - ASSERT_TRUE(entries[pos].params); - auto* header_list = entries[pos].params->FindKey("headers"); + ASSERT_TRUE(entries[pos].HasParams()); + auto* header_list = entries[pos].params.FindKey("headers"); ASSERT_TRUE(header_list); ASSERT_TRUE(header_list->is_list()); ASSERT_EQ(5u, header_list->GetList().size()); @@ -6106,11 +6104,11 @@ TEST_F(SpdyNetworkTransactionTest, ResponseHeadersTwice) { NormalSpdyTransactionHelper helper(request_, DEFAULT_PRIORITY, log_, nullptr); helper.RunToCompletion(&data); TransactionHelperResult out = helper.output(); - EXPECT_THAT(out.rv, IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(out.rv, IsError(ERR_HTTP2_PROTOCOL_ERROR)); } // Tests that receiving HEADERS, DATA, HEADERS, and DATA in that sequence will -// trigger a ERR_SPDY_PROTOCOL_ERROR because trailing HEADERS must not be +// trigger a ERR_HTTP2_PROTOCOL_ERROR because trailing HEADERS must not be // followed by any DATA frames. TEST_F(SpdyNetworkTransactionTest, SyncReplyDataAfterTrailers) { spdy::SpdySerializedFrame req( @@ -6143,7 +6141,7 @@ TEST_F(SpdyNetworkTransactionTest, SyncReplyDataAfterTrailers) { NormalSpdyTransactionHelper helper(request_, DEFAULT_PRIORITY, log_, nullptr); helper.RunToCompletion(&data); TransactionHelperResult out = helper.output(); - EXPECT_THAT(out.rv, IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(out.rv, IsError(ERR_HTTP2_PROTOCOL_ERROR)); } struct PushUrlTestParams { @@ -7040,7 +7038,7 @@ TEST_F(SpdyNetworkTransactionTest, WindowUpdateOverflow) { base::RunLoop().RunUntilIdle(); ASSERT_TRUE(callback.have_result()); - EXPECT_THAT(callback.WaitForResult(), IsError(ERR_SPDY_FLOW_CONTROL_ERROR)); + EXPECT_THAT(callback.WaitForResult(), IsError(ERR_HTTP2_FLOW_CONTROL_ERROR)); helper.VerifyDataConsumed(); } @@ -7074,7 +7072,7 @@ TEST_F(SpdyNetworkTransactionTest, InitialWindowSizeOverflow) { NormalSpdyTransactionHelper helper(request_, DEFAULT_PRIORITY, log_, nullptr); helper.RunToCompletion(&data); TransactionHelperResult out = helper.output(); - EXPECT_THAT(out.rv, IsError(ERR_SPDY_FLOW_CONTROL_ERROR)); + EXPECT_THAT(out.rv, IsError(ERR_HTTP2_FLOW_CONTROL_ERROR)); } // Test that after hitting a send window size of 0, the write process @@ -7585,7 +7583,7 @@ TEST_F(SpdyNetworkTransactionTest, GoAwayOnOddPushStreamId) { NormalSpdyTransactionHelper helper(request_, DEFAULT_PRIORITY, log_, nullptr); helper.RunToCompletion(&data); TransactionHelperResult out = helper.output(); - EXPECT_THAT(out.rv, IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(out.rv, IsError(ERR_HTTP2_PROTOCOL_ERROR)); histogram_tester.ExpectBucketCount( "Net.SpdyPushedStreamFate", @@ -7624,7 +7622,7 @@ TEST_F(SpdyNetworkTransactionTest, NormalSpdyTransactionHelper helper(request_, DEFAULT_PRIORITY, log_, nullptr); helper.RunToCompletion(&data); TransactionHelperResult out = helper.output(); - EXPECT_THAT(out.rv, IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(out.rv, IsError(ERR_HTTP2_PROTOCOL_ERROR)); histogram_tester.ExpectBucketCount( "Net.SpdyPushedStreamFate", @@ -7723,7 +7721,7 @@ TEST_F(SpdyNetworkTransactionTest, CRLFInHeaderValue) { helper.RunToCompletion(&data); TransactionHelperResult out = helper.output(); - EXPECT_THAT(out.rv, IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(out.rv, IsError(ERR_HTTP2_PROTOCOL_ERROR)); } // Regression test for https://crbug.com/603182. @@ -7742,7 +7740,7 @@ TEST_F(SpdyNetworkTransactionTest, RstStreamNoError) { NormalSpdyTransactionHelper helper(request_, DEFAULT_PRIORITY, log_, nullptr); helper.RunToCompletion(&data); TransactionHelperResult out = helper.output(); - EXPECT_THAT(out.rv, IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(out.rv, IsError(ERR_HTTP2_PROTOCOL_ERROR)); } // Regression test for https://crbug.com/603182. @@ -7801,7 +7799,7 @@ TEST_F(SpdyNetworkTransactionTest, 100Continue) { // has not been sent and received." (RFC7540 Section 8.1) // Regression test for https://crbug.com/606990. Server responds before POST // data are sent and closes connection: this must result in -// ERR_CONNECTION_CLOSED (as opposed to ERR_SPDY_PROTOCOL_ERROR). +// ERR_CONNECTION_CLOSED (as opposed to ERR_HTTP2_PROTOCOL_ERROR). TEST_F(SpdyNetworkTransactionTest, ResponseBeforePostDataSent) { spdy::SpdySerializedFrame req( spdy_util_.ConstructChunkedSpdyPost(nullptr, 0)); @@ -7910,7 +7908,7 @@ class SpdyNetworkTransactionTLSUsageCheckTest nullptr); helper.RunToCompletionWithSSLData(&data, std::move(ssl_provider)); TransactionHelperResult out = helper.output(); - EXPECT_THAT(out.rv, IsError(ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY)); + EXPECT_THAT(out.rv, IsError(ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY)); } }; @@ -7956,7 +7954,7 @@ TEST_F(SpdyNetworkTransactionTest, InsecureUrlCreatesSecureSpdySession) { helper.RunToCompletionWithSSLData(&data, std::move(ssl_provider)); TransactionHelperResult out = helper.output(); - EXPECT_THAT(out.rv, IsError(ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY)); + EXPECT_THAT(out.rv, IsError(ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY)); } TEST_F(SpdyNetworkTransactionTest, RequestHeadersCallback) { diff --git a/chromium/net/spdy/spdy_proxy_client_socket.cc b/chromium/net/spdy/spdy_proxy_client_socket.cc index 33303052173..4356d9605ad 100644 --- a/chromium/net/spdy/spdy_proxy_client_socket.cc +++ b/chromium/net/spdy/spdy_proxy_client_socket.cc @@ -20,6 +20,7 @@ #include "net/base/io_buffer.h" #include "net/http/http_auth_cache.h" #include "net/http/http_auth_handler_factory.h" +#include "net/http/http_log_util.h" #include "net/http/http_request_info.h" #include "net/http/http_response_headers.h" #include "net/log/net_log_event_type.h" @@ -46,16 +47,14 @@ SpdyProxyClientSocket::SpdyProxyClientSocket( was_ever_used_(false), net_log_(NetLogWithSource::Make(spdy_stream->net_log().net_log(), NetLogSourceType::PROXY_CLIENT_SOCKET)), - source_dependency_(source_net_log.source()), - weak_factory_(this), - write_callback_weak_factory_(this) { + source_dependency_(source_net_log.source()) { request_.method = "CONNECT"; request_.url = GURL("https://" + endpoint.ToString()); - net_log_.BeginEvent(NetLogEventType::SOCKET_ALIVE, - source_net_log.source().ToEventParametersCallback()); - net_log_.AddEvent( + net_log_.BeginEventReferencingSource(NetLogEventType::SOCKET_ALIVE, + source_net_log.source()); + net_log_.AddEventReferencingSource( NetLogEventType::HTTP2_PROXY_CLIENT_SESSION, - spdy_stream->net_log().source().ToEventParametersCallback()); + spdy_stream->net_log().source()); spdy_stream_->SetDelegate(this); was_ever_used_ = spdy_stream_->WasEverUsed(); @@ -368,10 +367,9 @@ int SpdyProxyClientSocket::DoSendRequest() { BuildTunnelRequest(endpoint_, authorization_headers, user_agent_, &request_line, &request_.extra_headers); - net_log_.AddEvent( - NetLogEventType::HTTP_TRANSACTION_SEND_TUNNEL_HEADERS, - base::Bind(&HttpRequestHeaders::NetLogCallback, - base::Unretained(&request_.extra_headers), &request_line)); + NetLogRequestHeaders(net_log_, + NetLogEventType::HTTP_TRANSACTION_SEND_TUNNEL_HEADERS, + request_line, &request_.extra_headers); spdy::SpdyHeaderBlock headers; CreateSpdyHeadersFromHttpRequest(request_, request_.extra_headers, &headers); @@ -400,9 +398,9 @@ int SpdyProxyClientSocket::DoReadReplyComplete(int result) { if (response_.headers->GetHttpVersion() < HttpVersion(1, 0)) return ERR_TUNNEL_CONNECTION_FAILED; - net_log_.AddEvent( - NetLogEventType::HTTP_TRANSACTION_READ_TUNNEL_RESPONSE_HEADERS, - base::Bind(&HttpResponseHeaders::NetLogCallback, response_.headers)); + NetLogResponseHeaders( + net_log_, NetLogEventType::HTTP_TRANSACTION_READ_TUNNEL_RESPONSE_HEADERS, + response_.headers.get()); switch (response_.headers->response_code()) { case 200: // OK diff --git a/chromium/net/spdy/spdy_proxy_client_socket.h b/chromium/net/spdy/spdy_proxy_client_socket.h index 02a2ecf972b..eb47162cf2e 100644 --- a/chromium/net/spdy/spdy_proxy_client_socket.h +++ b/chromium/net/spdy/spdy_proxy_client_socket.h @@ -173,11 +173,12 @@ class NET_EXPORT_PRIVATE SpdyProxyClientSocket : public ProxyClientSocket, const NetLogSource source_dependency_; // The default weak pointer factory. - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; // Only used for posting write callbacks. Weak pointers created by this // factory are invalidated in Disconnect(). - base::WeakPtrFactory write_callback_weak_factory_; + base::WeakPtrFactory write_callback_weak_factory_{ + this}; DISALLOW_COPY_AND_ASSIGN(SpdyProxyClientSocket); }; diff --git a/chromium/net/spdy/spdy_proxy_client_socket_unittest.cc b/chromium/net/spdy/spdy_proxy_client_socket_unittest.cc index 3570796a0dd..6e1652f15a3 100644 --- a/chromium/net/spdy/spdy_proxy_client_socket_unittest.cc +++ b/chromium/net/spdy/spdy_proxy_client_socket_unittest.cc @@ -23,7 +23,6 @@ #include "net/log/net_log_event_type.h" #include "net/log/net_log_source.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/socket/client_socket_factory.h" #include "net/socket/connect_job_test_util.h" @@ -98,7 +97,7 @@ base::WeakPtr CreateSpdyProxySession( SSLConfig ssl_config; auto ssl_params = base::MakeRefCounted( transport_params, nullptr, nullptr, key.host_port_pair(), ssl_config, - key.privacy_mode()); + key.privacy_mode(), key.network_isolation_key()); TestConnectJobDelegate connect_job_delegate; SSLConnectJob connect_job(MEDIUM, SocketTag(), common_connect_job_params, ssl_params, &connect_job_delegate, @@ -179,12 +178,12 @@ class SpdyProxyClientSocketTest : public PlatformTest, // Whether to use net::Socket::ReadIfReady() instead of net::Socket::Read(). bool use_read_if_ready() const { return GetParam(); } + BoundTestNetLog net_log_; SpdyTestUtil spdy_util_; std::unique_ptr sock_; TestCompletionCallback read_callback_; TestCompletionCallback write_callback_; std::unique_ptr data_; - BoundTestNetLog net_log_; private: scoped_refptr read_buf_; @@ -1417,8 +1416,7 @@ TEST_P(SpdyProxyClientSocketTest, NetLog) { NetLogSource sock_source = sock_->NetLog().source(); sock_.reset(); - TestNetLogEntry::List entry_list; - net_log_.GetEntriesForSource(sock_source, &entry_list); + auto entry_list = net_log_.GetEntriesForSource(sock_source); ASSERT_EQ(entry_list.size(), 10u); EXPECT_TRUE( diff --git a/chromium/net/spdy/spdy_session.cc b/chromium/net/spdy/spdy_session.cc index 6e71a07e045..ba7797357e7 100644 --- a/chromium/net/spdy/spdy_session.cc +++ b/chromium/net/spdy/spdy_session.cc @@ -54,7 +54,7 @@ #include "net/spdy/spdy_stream.h" #include "net/ssl/ssl_cipher_suite_names.h" #include "net/ssl/ssl_connection_status_flags.h" -#include "net/third_party/quiche/src/quic/core/http/spdy_utils.h" +#include "net/third_party/quiche/src/quic/core/http/spdy_server_push_utils.h" #include "net/third_party/quiche/src/spdy/core/spdy_frame_builder.h" #include "net/third_party/quiche/src/spdy/core/spdy_protocol.h" #include "url/url_constants.h" @@ -223,15 +223,15 @@ bool IsPushEnabled(const spdy::SettingsMap& initial_settings) { return it->second == 1; } -base::Value NetLogSpdyHeadersSentCallback(const spdy::SpdyHeaderBlock* headers, - bool fin, - spdy::SpdyStreamId stream_id, - bool has_priority, - int weight, - spdy::SpdyStreamId parent_stream_id, - bool exclusive, - NetLogSource source_dependency, - NetLogCaptureMode capture_mode) { +base::Value NetLogSpdyHeadersSentParams(const spdy::SpdyHeaderBlock* headers, + bool fin, + spdy::SpdyStreamId stream_id, + bool has_priority, + int weight, + spdy::SpdyStreamId parent_stream_id, + bool exclusive, + NetLogSource source_dependency, + NetLogCaptureMode capture_mode) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetKey("headers", ElideSpdyHeaderBlockForNetLog(*headers, capture_mode)); dict.SetBoolKey("fin", fin); @@ -248,7 +248,7 @@ base::Value NetLogSpdyHeadersSentCallback(const spdy::SpdyHeaderBlock* headers, return dict; } -base::Value NetLogSpdyHeadersReceivedCallback( +base::Value NetLogSpdyHeadersReceivedParams( const spdy::SpdyHeaderBlock* headers, bool fin, spdy::SpdyStreamId stream_id, @@ -260,27 +260,22 @@ base::Value NetLogSpdyHeadersReceivedCallback( return dict; } -base::Value NetLogSpdySessionCloseCallback( - int net_error, - const std::string* description, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogSpdySessionCloseParams(int net_error, + const std::string& description) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetIntKey("net_error", net_error); - dict.SetStringKey("description", *description); + dict.SetStringKey("description", description); return dict; } -base::Value NetLogSpdySessionCallback(const HostPortProxyPair* host_pair, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogSpdySessionParams(const HostPortProxyPair& host_pair) { base::Value dict(base::Value::Type::DICTIONARY); - dict.SetStringKey("host", host_pair->first.ToString()); - dict.SetStringKey("proxy", host_pair->second.ToPacString()); + dict.SetStringKey("host", host_pair.first.ToString()); + dict.SetStringKey("proxy", host_pair.second.ToPacString()); return dict; } -base::Value NetLogSpdyInitializedCallback( - NetLogSource source, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogSpdyInitializedParams(NetLogSource source) { base::Value dict(base::Value::Type::DICTIONARY); if (source.IsValid()) { source.AddToEventParameters(&dict); @@ -289,9 +284,7 @@ base::Value NetLogSpdyInitializedCallback( return dict; } -base::Value NetLogSpdySendSettingsCallback( - const spdy::SettingsMap* settings, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogSpdySendSettingsParams(const spdy::SettingsMap* settings) { base::Value dict(base::Value::Type::DICTIONARY); base::ListValue settings_list; for (auto it = settings->begin(); it != settings->end(); ++it) { @@ -305,10 +298,8 @@ base::Value NetLogSpdySendSettingsCallback( return dict; } -base::Value NetLogSpdyRecvSettingCallback( - spdy::SpdySettingsId id, - uint32_t value, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogSpdyRecvSettingParams(spdy::SpdySettingsId id, + uint32_t value) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetStringKey( "id", @@ -317,30 +308,25 @@ base::Value NetLogSpdyRecvSettingCallback( return dict; } -base::Value NetLogSpdyWindowUpdateFrameCallback( - spdy::SpdyStreamId stream_id, - uint32_t delta, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogSpdyWindowUpdateFrameParams(spdy::SpdyStreamId stream_id, + uint32_t delta) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetIntKey("stream_id", static_cast(stream_id)); dict.SetIntKey("delta", delta); return dict; } -base::Value NetLogSpdySessionWindowUpdateCallback( - int32_t delta, - int32_t window_size, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogSpdySessionWindowUpdateParams(int32_t delta, + int32_t window_size) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetIntKey("delta", delta); dict.SetIntKey("window_size", window_size); return dict; } -base::Value NetLogSpdyDataCallback(spdy::SpdyStreamId stream_id, - int size, - bool fin, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogSpdyDataParams(spdy::SpdyStreamId stream_id, + int size, + bool fin) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetIntKey("stream_id", static_cast(stream_id)); dict.SetIntKey("size", size); @@ -348,10 +334,8 @@ base::Value NetLogSpdyDataCallback(spdy::SpdyStreamId stream_id, return dict; } -base::Value NetLogSpdyRecvRstStreamCallback( - spdy::SpdyStreamId stream_id, - spdy::SpdyErrorCode error_code, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogSpdyRecvRstStreamParams(spdy::SpdyStreamId stream_id, + spdy::SpdyErrorCode error_code) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetIntKey("stream_id", static_cast(stream_id)); dict.SetStringKey( @@ -360,24 +344,21 @@ base::Value NetLogSpdyRecvRstStreamCallback( return dict; } -base::Value NetLogSpdySendRstStreamCallback( - spdy::SpdyStreamId stream_id, - spdy::SpdyErrorCode error_code, - const std::string* description, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogSpdySendRstStreamParams(spdy::SpdyStreamId stream_id, + spdy::SpdyErrorCode error_code, + const std::string& description) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetIntKey("stream_id", static_cast(stream_id)); dict.SetStringKey( "error_code", base::StringPrintf("%u (%s)", error_code, ErrorCodeToString(error_code))); - dict.SetStringKey("description", *description); + dict.SetStringKey("description", description); return dict; } -base::Value NetLogSpdyPingCallback(spdy::SpdyPingId unique_id, - bool is_ack, - const char* type, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogSpdyPingParams(spdy::SpdyPingId unique_id, + bool is_ack, + const char* type) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetIntKey("unique_id", static_cast(unique_id)); dict.SetStringKey("type", type); @@ -385,12 +366,12 @@ base::Value NetLogSpdyPingCallback(spdy::SpdyPingId unique_id, return dict; } -base::Value NetLogSpdyRecvGoAwayCallback(spdy::SpdyStreamId last_stream_id, - int active_streams, - int unclaimed_streams, - spdy::SpdyErrorCode error_code, - base::StringPiece debug_data, - NetLogCaptureMode capture_mode) { +base::Value NetLogSpdyRecvGoAwayParams(spdy::SpdyStreamId last_stream_id, + int active_streams, + int unclaimed_streams, + spdy::SpdyErrorCode error_code, + base::StringPiece debug_data, + NetLogCaptureMode capture_mode) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetIntKey("last_accepted_stream_id", static_cast(last_stream_id)); dict.SetIntKey("active_streams", active_streams); @@ -403,7 +384,7 @@ base::Value NetLogSpdyRecvGoAwayCallback(spdy::SpdyStreamId last_stream_id, return dict; } -base::Value NetLogSpdyPushPromiseReceivedCallback( +base::Value NetLogSpdyPushPromiseReceivedParams( const spdy::SpdyHeaderBlock* headers, spdy::SpdyStreamId stream_id, spdy::SpdyStreamId promised_stream_id, @@ -415,22 +396,19 @@ base::Value NetLogSpdyPushPromiseReceivedCallback( return dict; } -base::Value NetLogSpdyAdoptedPushStreamCallback( - spdy::SpdyStreamId stream_id, - const GURL* url, - NetLogCaptureMode capture_mode) { +base::Value NetLogSpdyAdoptedPushStreamParams(spdy::SpdyStreamId stream_id, + const GURL& url) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetIntKey("stream_id", stream_id); - dict.SetStringKey("url", url->spec()); + dict.SetStringKey("url", url.spec()); return dict; } -base::Value NetLogSpdySessionStalledCallback(size_t num_active_streams, - size_t num_created_streams, - size_t num_pushed_streams, - size_t max_concurrent_streams, - const std::string& url, - NetLogCaptureMode capture_mode) { +base::Value NetLogSpdySessionStalledParams(size_t num_active_streams, + size_t num_created_streams, + size_t num_pushed_streams, + size_t max_concurrent_streams, + const std::string& url) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetIntKey("num_active_streams", num_active_streams); dict.SetIntKey("num_created_streams", num_created_streams); @@ -440,11 +418,10 @@ base::Value NetLogSpdySessionStalledCallback(size_t num_active_streams, return dict; } -base::Value NetLogSpdyPriorityCallback(spdy::SpdyStreamId stream_id, - spdy::SpdyStreamId parent_stream_id, - int weight, - bool exclusive, - NetLogCaptureMode capture_mode) { +base::Value NetLogSpdyPriorityParams(spdy::SpdyStreamId stream_id, + spdy::SpdyStreamId parent_stream_id, + int weight, + bool exclusive) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetIntKey("stream_id", stream_id); dict.SetIntKey("parent_stream_id", parent_stream_id); @@ -553,42 +530,42 @@ Error MapFramerErrorToNetError( case http2::Http2DecoderAdapter::SPDY_NO_ERROR: return OK; case http2::Http2DecoderAdapter::SPDY_INVALID_CONTROL_FRAME: - return ERR_SPDY_PROTOCOL_ERROR; + return ERR_HTTP2_PROTOCOL_ERROR; case http2::Http2DecoderAdapter::SPDY_CONTROL_PAYLOAD_TOO_LARGE: - return ERR_SPDY_FRAME_SIZE_ERROR; + return ERR_HTTP2_FRAME_SIZE_ERROR; case http2::Http2DecoderAdapter::SPDY_ZLIB_INIT_FAILURE: - return ERR_SPDY_COMPRESSION_ERROR; + return ERR_HTTP2_COMPRESSION_ERROR; case http2::Http2DecoderAdapter::SPDY_UNSUPPORTED_VERSION: - return ERR_SPDY_PROTOCOL_ERROR; + return ERR_HTTP2_PROTOCOL_ERROR; case http2::Http2DecoderAdapter::SPDY_DECOMPRESS_FAILURE: - return ERR_SPDY_COMPRESSION_ERROR; + return ERR_HTTP2_COMPRESSION_ERROR; case http2::Http2DecoderAdapter::SPDY_COMPRESS_FAILURE: - return ERR_SPDY_COMPRESSION_ERROR; + return ERR_HTTP2_COMPRESSION_ERROR; case http2::Http2DecoderAdapter::SPDY_GOAWAY_FRAME_CORRUPT: - return ERR_SPDY_PROTOCOL_ERROR; + return ERR_HTTP2_PROTOCOL_ERROR; case http2::Http2DecoderAdapter::SPDY_RST_STREAM_FRAME_CORRUPT: - return ERR_SPDY_PROTOCOL_ERROR; + return ERR_HTTP2_PROTOCOL_ERROR; case http2::Http2DecoderAdapter::SPDY_INVALID_PADDING: - return ERR_SPDY_PROTOCOL_ERROR; + return ERR_HTTP2_PROTOCOL_ERROR; case http2::Http2DecoderAdapter::SPDY_INVALID_DATA_FRAME_FLAGS: - return ERR_SPDY_PROTOCOL_ERROR; + return ERR_HTTP2_PROTOCOL_ERROR; case http2::Http2DecoderAdapter::SPDY_INVALID_CONTROL_FRAME_FLAGS: - return ERR_SPDY_PROTOCOL_ERROR; + return ERR_HTTP2_PROTOCOL_ERROR; case http2::Http2DecoderAdapter::SPDY_UNEXPECTED_FRAME: - return ERR_SPDY_PROTOCOL_ERROR; + return ERR_HTTP2_PROTOCOL_ERROR; case http2::Http2DecoderAdapter::SPDY_INTERNAL_FRAMER_ERROR: - return ERR_SPDY_PROTOCOL_ERROR; + return ERR_HTTP2_PROTOCOL_ERROR; case http2::Http2DecoderAdapter::SPDY_INVALID_CONTROL_FRAME_SIZE: - return ERR_SPDY_FRAME_SIZE_ERROR; + return ERR_HTTP2_FRAME_SIZE_ERROR; case http2::Http2DecoderAdapter::SPDY_INVALID_STREAM_ID: - return ERR_SPDY_PROTOCOL_ERROR; + return ERR_HTTP2_PROTOCOL_ERROR; case http2::Http2DecoderAdapter::SPDY_OVERSIZED_PAYLOAD: - return ERR_SPDY_FRAME_SIZE_ERROR; + return ERR_HTTP2_FRAME_SIZE_ERROR; case http2::Http2DecoderAdapter::LAST_ERROR: NOTREACHED(); } NOTREACHED(); - return ERR_SPDY_PROTOCOL_ERROR; + return ERR_HTTP2_PROTOCOL_ERROR; } SpdyProtocolErrorDetails MapRstStreamStatusToProtocolError( @@ -631,22 +608,22 @@ spdy::SpdyErrorCode MapNetErrorToGoAwayStatus(Error err) { switch (err) { case OK: return spdy::ERROR_CODE_NO_ERROR; - case ERR_SPDY_PROTOCOL_ERROR: + case ERR_HTTP2_PROTOCOL_ERROR: return spdy::ERROR_CODE_PROTOCOL_ERROR; - case ERR_SPDY_FLOW_CONTROL_ERROR: + case ERR_HTTP2_FLOW_CONTROL_ERROR: return spdy::ERROR_CODE_FLOW_CONTROL_ERROR; - case ERR_SPDY_FRAME_SIZE_ERROR: + case ERR_HTTP2_FRAME_SIZE_ERROR: return spdy::ERROR_CODE_FRAME_SIZE_ERROR; - case ERR_SPDY_COMPRESSION_ERROR: + case ERR_HTTP2_COMPRESSION_ERROR: return spdy::ERROR_CODE_COMPRESSION_ERROR; - case ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY: + case ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY: return spdy::ERROR_CODE_INADEQUATE_SECURITY; default: return spdy::ERROR_CODE_PROTOCOL_ERROR; } } -SpdyStreamRequest::SpdyStreamRequest() : weak_ptr_factory_(this) { +SpdyStreamRequest::SpdyStreamRequest() { Reset(); } @@ -953,18 +930,15 @@ SpdySession::SpdySession( base::TimeDelta::FromSeconds(kDefaultConnectionAtRiskOfLossSeconds)), hung_interval_(base::TimeDelta::FromSeconds(kHungIntervalSeconds)), time_func_(time_func), - network_quality_estimator_(network_quality_estimator), - weak_factory_(this) { - net_log_.BeginEvent( - NetLogEventType::HTTP2_SESSION, - base::Bind(&NetLogSpdySessionCallback, &host_port_proxy_pair())); + network_quality_estimator_(network_quality_estimator) { + net_log_.BeginEvent(NetLogEventType::HTTP2_SESSION, [&] { + return NetLogSpdySessionParams(host_port_proxy_pair()); + }); + DCHECK(base::Contains(initial_settings_, spdy::SETTINGS_HEADER_TABLE_SIZE)); DCHECK( - base::ContainsKey(initial_settings_, spdy::SETTINGS_HEADER_TABLE_SIZE)); - DCHECK(base::ContainsKey(initial_settings_, - spdy::SETTINGS_MAX_CONCURRENT_STREAMS)); - DCHECK( - base::ContainsKey(initial_settings_, spdy::SETTINGS_INITIAL_WINDOW_SIZE)); + base::Contains(initial_settings_, spdy::SETTINGS_MAX_CONCURRENT_STREAMS)); + DCHECK(base::Contains(initial_settings_, spdy::SETTINGS_INITIAL_WINDOW_SIZE)); if (greased_http2_frame_) { // See https://tools.ietf.org/html/draft-bishop-httpbis-grease-00 @@ -1010,12 +984,12 @@ int SpdySession::GetPushedStream(const GURL& url, if (active_it == active_streams_.end()) { // A previously claimed pushed stream might not be available, for example, // if the server has reset it in the meanwhile. - return ERR_SPDY_PUSHED_STREAM_NOT_AVAILABLE; + return ERR_HTTP2_PUSHED_STREAM_NOT_AVAILABLE; } - net_log_.AddEvent( - NetLogEventType::HTTP2_STREAM_ADOPTED_PUSH_STREAM, - base::Bind(&NetLogSpdyAdoptedPushStreamCallback, pushed_stream_id, &url)); + net_log_.AddEvent(NetLogEventType::HTTP2_STREAM_ADOPTED_PUSH_STREAM, [&] { + return NetLogSpdyAdoptedPushStreamParams(pushed_stream_id, url); + }); *stream = active_it->second; @@ -1138,12 +1112,13 @@ std::unique_ptr SpdySession::CreateHeaders( stream_id, spdy_priority, &parent_stream_id, &weight, &exclusive); if (net_log().IsCapturing()) { - net_log().AddEvent( - NetLogEventType::HTTP2_SESSION_SEND_HEADERS, - base::Bind(&NetLogSpdyHeadersSentCallback, &block, - (flags & spdy::CONTROL_FLAG_FIN) != 0, stream_id, - has_priority, weight, parent_stream_id, exclusive, - source_dependency)); + net_log().AddEvent(NetLogEventType::HTTP2_SESSION_SEND_HEADERS, + [&](NetLogCaptureMode capture_mode) { + return NetLogSpdyHeadersSentParams( + &block, (flags & spdy::CONTROL_FLAG_FIN) != 0, + stream_id, has_priority, weight, parent_stream_id, + exclusive, source_dependency, capture_mode); + }); } spdy::SpdyHeadersIR headers(stream_id, std::move(block)); @@ -1212,9 +1187,9 @@ std::unique_ptr SpdySession::CreateDataBuffer( // Even though we're currently stalled only by the stream, we // might end up being stalled by the session also. QueueSendStalledStream(*stream); - net_log().AddEvent( + net_log().AddEventWithIntParams( NetLogEventType::HTTP2_SESSION_STREAM_STALLED_BY_STREAM_SEND_WINDOW, - NetLog::IntCallback("stream_id", stream_id)); + "stream_id", stream_id); return std::unique_ptr(); } @@ -1224,9 +1199,9 @@ std::unique_ptr SpdySession::CreateDataBuffer( if (send_stalled_by_session) { stream->set_send_stalled_by_flow_control(true); QueueSendStalledStream(*stream); - net_log().AddEvent( + net_log().AddEventWithIntParams( NetLogEventType::HTTP2_SESSION_STREAM_STALLED_BY_SESSION_SEND_WINDOW, - NetLog::IntCallback("stream_id", stream_id)); + "stream_id", stream_id); return std::unique_ptr(); } @@ -1240,10 +1215,10 @@ std::unique_ptr SpdySession::CreateDataBuffer( flags = static_cast(flags & ~spdy::DATA_FLAG_FIN); if (net_log().IsCapturing()) { - net_log().AddEvent( - NetLogEventType::HTTP2_SESSION_SEND_DATA, - base::Bind(&NetLogSpdyDataCallback, stream_id, effective_len, - (flags & spdy::DATA_FLAG_FIN) != 0)); + net_log().AddEvent(NetLogEventType::HTTP2_SESSION_SEND_DATA, [&] { + return NetLogSpdyDataParams(stream_id, effective_len, + (flags & spdy::DATA_FLAG_FIN) != 0); + }); } // Send PrefacePing for DATA_FRAMEs with nonzero payload size. @@ -1335,7 +1310,7 @@ void SpdySession::ResetStream(spdy::SpdyStreamId stream_id, } bool SpdySession::IsStreamActive(spdy::SpdyStreamId stream_id) const { - return base::ContainsKey(active_streams_, stream_id); + return base::Contains(active_streams_, stream_id); } LoadState SpdySession::GetLoadState() const { @@ -1676,9 +1651,9 @@ void SpdySession::InitializeInternal(SpdySessionPool* pool) { buffered_spdy_framer_->set_debug_visitor(this); buffered_spdy_framer_->UpdateHeaderDecoderTableSize(max_header_table_size_); - net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_INITIALIZED, - base::BindRepeating(&NetLogSpdyInitializedCallback, - socket_->NetLog().source())); + net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_INITIALIZED, [&] { + return NetLogSpdyInitializedParams(socket_->NetLog().source()); + }); DCHECK_EQ(availability_state_, STATE_AVAILABLE); if (enable_sending_initial_data_) @@ -1716,11 +1691,11 @@ int SpdySession::TryCreateStream( } if (net_log().IsCapturing()) { - net_log().AddEvent( - NetLogEventType::HTTP2_SESSION_STALLED_MAX_STREAMS, - base::Bind(&NetLogSpdySessionStalledCallback, active_streams_.size(), - created_streams_.size(), num_pushed_streams_, - max_concurrent_streams_, request->url().spec())); + net_log().AddEvent(NetLogEventType::HTTP2_SESSION_STALLED_MAX_STREAMS, [&] { + return NetLogSpdySessionStalledParams( + active_streams_.size(), created_streams_.size(), num_pushed_streams_, + max_concurrent_streams_, request->url().spec()); + }); } RequestPriority priority = request->priority(); CHECK_GE(priority, MINIMUM_PRIORITY); @@ -1864,7 +1839,7 @@ void SpdySession::TryCreatePushStream(spdy::SpdyStreamId stream_id, LOG(WARNING) << description; RecordSpdyPushedStreamFateHistogram( SpdyPushedStreamFate::kPromisedStreamIdParityError); - CloseSessionOnError(ERR_SPDY_PROTOCOL_ERROR, description); + CloseSessionOnError(ERR_HTTP2_PROTOCOL_ERROR, description); return; } @@ -1875,7 +1850,7 @@ void SpdySession::TryCreatePushStream(spdy::SpdyStreamId stream_id, LOG(WARNING) << description; RecordSpdyPushedStreamFateHistogram( SpdyPushedStreamFate::kAssociatedStreamIdParityError); - CloseSessionOnError(ERR_SPDY_PROTOCOL_ERROR, description); + CloseSessionOnError(ERR_HTTP2_PROTOCOL_ERROR, description); return; } @@ -1886,7 +1861,7 @@ void SpdySession::TryCreatePushStream(spdy::SpdyStreamId stream_id, LOG(WARNING) << description; RecordSpdyPushedStreamFateHistogram( SpdyPushedStreamFate::kStreamIdOutOfOrder); - CloseSessionOnError(ERR_SPDY_PROTOCOL_ERROR, description); + CloseSessionOnError(ERR_HTTP2_PROTOCOL_ERROR, description); return; } @@ -1907,7 +1882,7 @@ void SpdySession::TryCreatePushStream(spdy::SpdyStreamId stream_id, streams_pushed_count_++; // Verify that the response had a URL for us. - GURL gurl(quic::SpdyUtils::GetPromisedUrlFromHeaders(headers)); + GURL gurl(quic::SpdyServerPushUtils::GetPromisedUrlFromHeaders(headers)); if (!gurl.is_valid()) { RecordSpdyPushedStreamFateHistogram(SpdyPushedStreamFate::kInvalidUrl); EnqueueResetStreamFrame(stream_id, request_priority, @@ -2112,14 +2087,14 @@ void SpdySession::ResetStreamIterator(ActiveStreamMap::iterator it, if (error == ERR_FAILED) { error_code = spdy::ERROR_CODE_INTERNAL_ERROR; } else if (error == ERR_ABORTED || - error == ERR_SPDY_PUSHED_RESPONSE_DOES_NOT_MATCH) { + error == ERR_HTTP2_PUSHED_RESPONSE_DOES_NOT_MATCH) { error_code = spdy::ERROR_CODE_CANCEL; - } else if (error == ERR_SPDY_FLOW_CONTROL_ERROR) { + } else if (error == ERR_HTTP2_FLOW_CONTROL_ERROR) { error_code = spdy::ERROR_CODE_FLOW_CONTROL_ERROR; } else if (error == ERR_TIMED_OUT || - error == ERR_SPDY_CLIENT_REFUSED_STREAM) { + error == ERR_HTTP2_CLIENT_REFUSED_STREAM) { error_code = spdy::ERROR_CODE_REFUSED_STREAM; - } else if (error == ERR_SPDY_STREAM_CLOSED) { + } else if (error == ERR_HTTP2_STREAM_CLOSED) { error_code = spdy::ERROR_CODE_STREAM_CLOSED; } spdy::SpdyStreamId stream_id = it->first; @@ -2137,9 +2112,9 @@ void SpdySession::EnqueueResetStreamFrame(spdy::SpdyStreamId stream_id, const std::string& description) { DCHECK_NE(stream_id, 0u); - net_log().AddEvent(NetLogEventType::HTTP2_SESSION_SEND_RST_STREAM, - base::Bind(&NetLogSpdySendRstStreamCallback, stream_id, - error_code, &description)); + net_log().AddEvent(NetLogEventType::HTTP2_SESSION_SEND_RST_STREAM, [&] { + return NetLogSpdySendRstStreamParams(stream_id, error_code, description); + }); DCHECK(buffered_spdy_framer_.get()); std::unique_ptr rst_frame( @@ -2154,9 +2129,10 @@ void SpdySession::EnqueuePriorityFrame(spdy::SpdyStreamId stream_id, spdy::SpdyStreamId dependency_id, int weight, bool exclusive) { - net_log().AddEvent(NetLogEventType::HTTP2_STREAM_SEND_PRIORITY, - base::Bind(&NetLogSpdyPriorityCallback, stream_id, - dependency_id, weight, exclusive)); + net_log().AddEvent(NetLogEventType::HTTP2_STREAM_SEND_PRIORITY, [&] { + return NetLogSpdyPriorityParams(stream_id, dependency_id, weight, + exclusive); + }); DCHECK(buffered_spdy_framer_.get()); std::unique_ptr frame( @@ -2495,8 +2471,9 @@ void SpdySession::SendInitialData() { settings_map.insert(setting); } } - net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_SEND_SETTINGS, - base::Bind(&NetLogSpdySendSettingsCallback, &settings_map)); + net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_SEND_SETTINGS, [&] { + return NetLogSpdySendSettingsParams(&settings_map); + }); std::unique_ptr settings_frame( buffered_spdy_framer_->CreateSettings(settings_map)); @@ -2513,15 +2490,17 @@ void SpdySession::SendInitialData() { const int32_t delta_window_size = session_max_recv_window_size_ - session_recv_window_size_; session_recv_window_size_ += delta_window_size; - net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_UPDATE_RECV_WINDOW, - base::Bind(&NetLogSpdySessionWindowUpdateCallback, - delta_window_size, session_recv_window_size_)); + net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_UPDATE_RECV_WINDOW, [&] { + return NetLogSpdySessionWindowUpdateParams(delta_window_size, + session_recv_window_size_); + }); session_unacked_recv_window_bytes_ += delta_window_size; - net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_SEND_WINDOW_UPDATE, - base::Bind(&NetLogSpdyWindowUpdateFrameCallback, - spdy::kSessionFlowControlStreamId, - session_unacked_recv_window_bytes_)); + net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_SEND_WINDOW_UPDATE, [&] { + return NetLogSpdyWindowUpdateFrameParams( + spdy::kSessionFlowControlStreamId, + session_unacked_recv_window_bytes_); + }); window_update_frame = buffered_spdy_framer_->CreateWindowUpdate( spdy::kSessionFlowControlStreamId, session_unacked_recv_window_bytes_); session_unacked_recv_window_bytes_ = 0; @@ -2566,9 +2545,9 @@ void SpdySession::HandleSetting(uint32_t id, uint32_t value) { break; case spdy::SETTINGS_INITIAL_WINDOW_SIZE: { if (value > static_cast(std::numeric_limits::max())) { - net_log().AddEvent( + net_log().AddEventWithIntParams( NetLogEventType::HTTP2_SESSION_INITIAL_WINDOW_SIZE_OUT_OF_RANGE, - NetLog::IntCallback("initial_window_size", value)); + "initial_window_size", value); return; } @@ -2578,15 +2557,15 @@ void SpdySession::HandleSetting(uint32_t id, uint32_t value) { static_cast(value) - stream_initial_send_window_size_; stream_initial_send_window_size_ = static_cast(value); UpdateStreamsSendWindowSize(delta_window_size); - net_log().AddEvent( + net_log().AddEventWithIntParams( NetLogEventType::HTTP2_SESSION_UPDATE_STREAMS_SEND_WINDOW_SIZE, - NetLog::IntCallback("delta_window_size", delta_window_size)); + "delta_window_size", delta_window_size); break; } case spdy::SETTINGS_ENABLE_CONNECT_PROTOCOL: if ((value != 0 && value != 1) || (support_websocket_ && value == 0)) { DoDrainSession( - ERR_SPDY_PROTOCOL_ERROR, + ERR_HTTP2_PROTOCOL_ERROR, "Invalid value for spdy::SETTINGS_ENABLE_CONNECT_PROTOCOL."); return; } @@ -2601,7 +2580,7 @@ void SpdySession::UpdateStreamsSendWindowSize(int32_t delta_window_size) { for (const auto& value : active_streams_) { if (!value.second->AdjustSendWindowSize(delta_window_size)) { DoDrainSession( - ERR_SPDY_FLOW_CONTROL_ERROR, + ERR_HTTP2_FLOW_CONTROL_ERROR, base::StringPrintf( "New spdy::SETTINGS_INITIAL_WINDOW_SIZE value overflows " "flow control window of stream %d.", @@ -2613,7 +2592,7 @@ void SpdySession::UpdateStreamsSendWindowSize(int32_t delta_window_size) { for (auto* const stream : created_streams_) { if (!stream->AdjustSendWindowSize(delta_window_size)) { DoDrainSession( - ERR_SPDY_FLOW_CONTROL_ERROR, + ERR_HTTP2_FLOW_CONTROL_ERROR, base::StringPrintf( "New spdy::SETTINGS_INITIAL_WINDOW_SIZE value overflows " "flow control window of stream %d.", @@ -2645,9 +2624,9 @@ void SpdySession::SendWindowUpdateFrame(spdy::SpdyStreamId stream_id, CHECK_EQ(stream_id, spdy::kSessionFlowControlStreamId); } - net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_SEND_WINDOW_UPDATE, - base::Bind(&NetLogSpdyWindowUpdateFrameCallback, stream_id, - delta_window_size)); + net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_SEND_WINDOW_UPDATE, [&] { + return NetLogSpdyWindowUpdateFrameParams(stream_id, delta_window_size); + }); DCHECK(buffered_spdy_framer_.get()); std::unique_ptr window_update_frame( @@ -2664,9 +2643,9 @@ void SpdySession::WritePingFrame(spdy::SpdyPingId unique_id, bool is_ack) { std::move(ping_frame)); if (net_log().IsCapturing()) { - net_log().AddEvent( - NetLogEventType::HTTP2_SESSION_PING, - base::Bind(&NetLogSpdyPingCallback, unique_id, is_ack, "sent")); + net_log().AddEvent(NetLogEventType::HTTP2_SESSION_PING, [&] { + return NetLogSpdyPingParams(unique_id, is_ack, "sent"); + }); } if (!is_ack) { DCHECK(!ping_in_flight_); @@ -2704,7 +2683,7 @@ void SpdySession::CheckPingStatus(base::TimeTicks last_check_time) { if (now > last_read_time_ + hung_interval_ || last_read_time_ < last_check_time) { check_ping_status_pending_ = false; - DoDrainSession(ERR_SPDY_PING_FAILED, "Failed ping."); + DoDrainSession(ERR_HTTP2_PING_FAILED, "Failed ping."); return; } @@ -2902,9 +2881,9 @@ void SpdySession::DoDrainSession(Error err, const std::string& description) { availability_state_ = STATE_DRAINING; error_on_close_ = err; - net_log_.AddEvent( - NetLogEventType::HTTP2_SESSION_CLOSE, - base::Bind(&NetLogSpdySessionCloseCallback, err, &description)); + net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_CLOSE, [&] { + return NetLogSpdySessionCloseParams(err, description); + }); base::UmaHistogramSparse("Net.SpdySession.ClosedOnError", -err); @@ -3001,15 +2980,15 @@ void SpdySession::OnStreamError(spdy::SpdyStreamId stream_id, return; } - ResetStreamIterator(it, ERR_SPDY_PROTOCOL_ERROR, description); + ResetStreamIterator(it, ERR_HTTP2_PROTOCOL_ERROR, description); } void SpdySession::OnPing(spdy::SpdyPingId unique_id, bool is_ack) { CHECK(in_io_loop_); - net_log_.AddEvent( - NetLogEventType::HTTP2_SESSION_PING, - base::Bind(&NetLogSpdyPingCallback, unique_id, is_ack, "received")); + net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_PING, [&] { + return NetLogSpdyPingParams(unique_id, is_ack, "received"); + }); // Send response to a PING from server. if (!is_ack) { @@ -3019,7 +2998,7 @@ void SpdySession::OnPing(spdy::SpdyPingId unique_id, bool is_ack) { if (!ping_in_flight_) { RecordProtocolErrorHistogram(PROTOCOL_ERROR_UNEXPECTED_PING); - DoDrainSession(ERR_SPDY_PROTOCOL_ERROR, "Unexpected PING ACK."); + DoDrainSession(ERR_HTTP2_PROTOCOL_ERROR, "Unexpected PING ACK."); return; } @@ -3038,9 +3017,9 @@ void SpdySession::OnRstStream(spdy::SpdyStreamId stream_id, spdy::SpdyErrorCode error_code) { CHECK(in_io_loop_); - net_log().AddEvent( - NetLogEventType::HTTP2_SESSION_RECV_RST_STREAM, - base::Bind(&NetLogSpdyRecvRstStreamCallback, stream_id, error_code)); + net_log().AddEvent(NetLogEventType::HTTP2_SESSION_RECV_RST_STREAM, [&] { + return NetLogSpdyRecvRstStreamParams(stream_id, error_code); + }); auto it = active_streams_.find(stream_id); if (it == active_streams_.end()) { @@ -3054,11 +3033,11 @@ void SpdySession::OnRstStream(spdy::SpdyStreamId stream_id, if (it->second->ShouldRetryRSTPushStream()) { CloseActiveStreamIterator(it, - ERR_SPDY_CLAIMED_PUSHED_STREAM_RESET_BY_SERVER); + ERR_HTTP2_CLAIMED_PUSHED_STREAM_RESET_BY_SERVER); } else if (error_code == spdy::ERROR_CODE_NO_ERROR) { - CloseActiveStreamIterator(it, ERR_SPDY_RST_STREAM_NO_ERROR_RECEIVED); + CloseActiveStreamIterator(it, ERR_HTTP2_RST_STREAM_NO_ERROR_RECEIVED); } else if (error_code == spdy::ERROR_CODE_REFUSED_STREAM) { - CloseActiveStreamIterator(it, ERR_SPDY_SERVER_REFUSED_STREAM); + CloseActiveStreamIterator(it, ERR_HTTP2_SERVER_REFUSED_STREAM); } else if (error_code == spdy::ERROR_CODE_HTTP_1_1_REQUIRED) { // TODO(bnc): Record histogram with number of open streams capped at 50. if (net_log().IsCapturing()) { @@ -3071,12 +3050,12 @@ void SpdySession::OnRstStream(spdy::SpdyStreamId stream_id, RecordProtocolErrorHistogram( PROTOCOL_ERROR_RST_STREAM_FOR_NON_ACTIVE_STREAM); if (net_log().IsCapturing()) { - it->second->LogStreamError(ERR_SPDY_PROTOCOL_ERROR, + it->second->LogStreamError(ERR_HTTP2_PROTOCOL_ERROR, "Server reset stream."); } // TODO(mbelshe): Map from Spdy-protocol errors to something sensical. // For now, it doesn't matter much - it is a protocol error. - CloseActiveStreamIterator(it, ERR_SPDY_PROTOCOL_ERROR); + CloseActiveStreamIterator(it, ERR_HTTP2_PROTOCOL_ERROR); } } @@ -3089,16 +3068,18 @@ void SpdySession::OnGoAway(spdy::SpdyStreamId last_accepted_stream_id, net_log_.AddEvent( NetLogEventType::HTTP2_SESSION_RECV_GOAWAY, - base::Bind(&NetLogSpdyRecvGoAwayCallback, last_accepted_stream_id, - active_streams_.size(), - pool_->push_promise_index()->CountStreamsForSession(this), - error_code, debug_data)); + [&](NetLogCaptureMode capture_mode) { + return NetLogSpdyRecvGoAwayParams( + last_accepted_stream_id, active_streams_.size(), + pool_->push_promise_index()->CountStreamsForSession(this), + error_code, debug_data, capture_mode); + }); MakeUnavailable(); if (error_code == spdy::ERROR_CODE_HTTP_1_1_REQUIRED) { // TODO(bnc): Record histogram with number of open streams capped at 50. DoDrainSession(ERR_HTTP_1_1_REQUIRED, "HTTP_1_1_REQUIRED for stream."); } else if (error_code == spdy::ERROR_CODE_NO_ERROR) { - StartGoingAway(last_accepted_stream_id, ERR_SPDY_SERVER_REFUSED_STREAM); + StartGoingAway(last_accepted_stream_id, ERR_HTTP2_SERVER_REFUSED_STREAM); } else { StartGoingAway(last_accepted_stream_id, ERR_ABORTED); } @@ -3133,9 +3114,9 @@ void SpdySession::OnStreamFrameData(spdy::SpdyStreamId stream_id, CHECK(in_io_loop_); DCHECK_LT(len, 1u << 24); if (net_log().IsCapturing()) { - net_log().AddEvent( - NetLogEventType::HTTP2_SESSION_RECV_DATA, - base::Bind(&NetLogSpdyDataCallback, stream_id, len, false)); + net_log().AddEvent(NetLogEventType::HTTP2_SESSION_RECV_DATA, [&] { + return NetLogSpdyDataParams(stream_id, len, false); + }); } // Build the buffer as early as possible so that we go through the @@ -3172,8 +3153,9 @@ void SpdySession::OnStreamFrameData(spdy::SpdyStreamId stream_id, void SpdySession::OnStreamEnd(spdy::SpdyStreamId stream_id) { CHECK(in_io_loop_); if (net_log().IsCapturing()) { - net_log().AddEvent(NetLogEventType::HTTP2_SESSION_RECV_DATA, - base::Bind(&NetLogSpdyDataCallback, stream_id, 0, true)); + net_log().AddEvent(NetLogEventType::HTTP2_SESSION_RECV_DATA, [&] { + return NetLogSpdyDataParams(stream_id, 0, true); + }); } auto it = active_streams_.find(stream_id); @@ -3233,23 +3215,23 @@ void SpdySession::OnSetting(spdy::SpdySettingsId id, uint32_t value) { // Log the setting. net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_RECV_SETTING, - base::Bind(&NetLogSpdyRecvSettingCallback, id, value)); + [&] { return NetLogSpdyRecvSettingParams(id, value); }); } void SpdySession::OnWindowUpdate(spdy::SpdyStreamId stream_id, int delta_window_size) { CHECK(in_io_loop_); - net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_RECV_WINDOW_UPDATE, - base::Bind(&NetLogSpdyWindowUpdateFrameCallback, stream_id, - delta_window_size)); + net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_RECV_WINDOW_UPDATE, [&] { + return NetLogSpdyWindowUpdateFrameParams(stream_id, delta_window_size); + }); if (stream_id == spdy::kSessionFlowControlStreamId) { // WINDOW_UPDATE for the session. if (delta_window_size < 1) { RecordProtocolErrorHistogram(PROTOCOL_ERROR_INVALID_WINDOW_UPDATE_SIZE); DoDrainSession( - ERR_SPDY_PROTOCOL_ERROR, + ERR_HTTP2_PROTOCOL_ERROR, "Received WINDOW_UPDATE with an invalid delta_window_size " + base::NumberToString(delta_window_size)); return; @@ -3271,7 +3253,7 @@ void SpdySession::OnWindowUpdate(spdy::SpdyStreamId stream_id, if (delta_window_size < 1) { ResetStreamIterator( - it, ERR_SPDY_FLOW_CONTROL_ERROR, + it, ERR_HTTP2_FLOW_CONTROL_ERROR, "Received WINDOW_UPDATE with an invalid delta_window_size."); return; } @@ -3288,8 +3270,11 @@ void SpdySession::OnPushPromise(spdy::SpdyStreamId stream_id, if (net_log_.IsCapturing()) { net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_RECV_PUSH_PROMISE, - base::Bind(&NetLogSpdyPushPromiseReceivedCallback, - &headers, stream_id, promised_stream_id)); + [&](NetLogCaptureMode capture_mode) { + return NetLogSpdyPushPromiseReceivedParams( + &headers, stream_id, promised_stream_id, + capture_mode); + }); } TryCreatePushStream(promised_stream_id, stream_id, std::move(headers)); @@ -3307,8 +3292,10 @@ void SpdySession::OnHeaders(spdy::SpdyStreamId stream_id, if (net_log().IsCapturing()) { net_log().AddEvent(NetLogEventType::HTTP2_SESSION_RECV_HEADERS, - base::Bind(&NetLogSpdyHeadersReceivedCallback, &headers, - fin, stream_id)); + [&](NetLogCaptureMode capture_mode) { + return NetLogSpdyHeadersReceivedParams( + &headers, fin, stream_id, capture_mode); + }); } auto it = active_streams_.find(stream_id); @@ -3333,7 +3320,7 @@ void SpdySession::OnHeaders(spdy::SpdyStreamId stream_id, num_active_pushed_streams_ >= max_concurrent_pushed_streams_) { RecordSpdyPushedStreamFateHistogram( SpdyPushedStreamFate::kTooManyPushedStreams); - ResetStream(stream_id, ERR_SPDY_CLIENT_REFUSED_STREAM, + ResetStream(stream_id, ERR_HTTP2_CLIENT_REFUSED_STREAM, "Stream concurrency limit reached."); return; } @@ -3488,7 +3475,7 @@ void SpdySession::IncreaseSendWindowSize(int delta_window_size) { if (delta_window_size > max_delta_window_size) { RecordProtocolErrorHistogram(PROTOCOL_ERROR_INVALID_WINDOW_UPDATE_SIZE); DoDrainSession( - ERR_SPDY_PROTOCOL_ERROR, + ERR_HTTP2_PROTOCOL_ERROR, "Received WINDOW_UPDATE [delta: " + base::NumberToString(delta_window_size) + "] for session overflows session_send_window_size_ [current: " + @@ -3498,9 +3485,10 @@ void SpdySession::IncreaseSendWindowSize(int delta_window_size) { session_send_window_size_ += delta_window_size; - net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_UPDATE_SEND_WINDOW, - base::Bind(&NetLogSpdySessionWindowUpdateCallback, - delta_window_size, session_send_window_size_)); + net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_UPDATE_SEND_WINDOW, [&] { + return NetLogSpdySessionWindowUpdateParams(delta_window_size, + session_send_window_size_); + }); DCHECK(!IsSendStalled()); ResumeSendStalledStreams(); @@ -3518,9 +3506,10 @@ void SpdySession::DecreaseSendWindowSize(int32_t delta_window_size) { session_send_window_size_ -= delta_window_size; - net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_UPDATE_SEND_WINDOW, - base::Bind(&NetLogSpdySessionWindowUpdateCallback, - -delta_window_size, session_send_window_size_)); + net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_UPDATE_SEND_WINDOW, [&] { + return NetLogSpdySessionWindowUpdateParams(-delta_window_size, + session_send_window_size_); + }); } void SpdySession::OnReadBufferConsumed( @@ -3544,9 +3533,10 @@ void SpdySession::IncreaseRecvWindowSize(int32_t delta_window_size) { std::numeric_limits::max() - session_recv_window_size_); session_recv_window_size_ += delta_window_size; - net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_UPDATE_RECV_WINDOW, - base::Bind(&NetLogSpdySessionWindowUpdateCallback, - delta_window_size, session_recv_window_size_)); + net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_UPDATE_RECV_WINDOW, [&] { + return NetLogSpdySessionWindowUpdateParams(delta_window_size, + session_recv_window_size_); + }); session_unacked_recv_window_bytes_ += delta_window_size; if (session_unacked_recv_window_bytes_ > session_max_recv_window_size_ / 2) { @@ -3568,7 +3558,7 @@ void SpdySession::DecreaseRecvWindowSize(int32_t delta_window_size) { session_recv_window_size_ - session_unacked_recv_window_bytes_) { RecordProtocolErrorHistogram(PROTOCOL_ERROR_RECEIVE_WINDOW_VIOLATION); DoDrainSession( - ERR_SPDY_FLOW_CONTROL_ERROR, + ERR_HTTP2_FLOW_CONTROL_ERROR, "delta_window_size is " + base::NumberToString(delta_window_size) + " in DecreaseRecvWindowSize, which is larger than the receive " + "window size of " + @@ -3577,9 +3567,10 @@ void SpdySession::DecreaseRecvWindowSize(int32_t delta_window_size) { } session_recv_window_size_ -= delta_window_size; - net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_UPDATE_RECV_WINDOW, - base::Bind(&NetLogSpdySessionWindowUpdateCallback, - -delta_window_size, session_recv_window_size_)); + net_log_.AddEvent(NetLogEventType::HTTP2_SESSION_UPDATE_RECV_WINDOW, [&] { + return NetLogSpdySessionWindowUpdateParams(-delta_window_size, + session_recv_window_size_); + }); } void SpdySession::QueueSendStalledStream(const SpdyStream& stream) { diff --git a/chromium/net/spdy/spdy_session.h b/chromium/net/spdy/spdy_session.h index 4a1a74042f2..7de36a4be8e 100644 --- a/chromium/net/spdy/spdy_session.h +++ b/chromium/net/spdy/spdy_session.h @@ -285,7 +285,7 @@ class NET_EXPORT_PRIVATE SpdyStreamRequest { MutableNetworkTrafficAnnotationTag traffic_annotation_; State next_state_; - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(SpdyStreamRequest); }; @@ -346,7 +346,7 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface, // |pushed_stream_id| must not be kNoPushedStreamFound. // // Returns ERR_CONNECTION_CLOSED if the connection is being closed. - // Returns ERR_SPDY_PUSHED_STREAM_NOT_AVAILABLE if the pushed stream is not + // Returns ERR_HTTP2_PUSHED_STREAM_NOT_AVAILABLE if the pushed stream is not // available any longer, for example, if the server has reset it. // Returns OK if the stream is still available, and returns the stream in // |*spdy_stream|. If the stream is still open, updates its priority to @@ -1212,7 +1212,7 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface, // SpdySession is refcounted because we don't need to keep the SpdySession // alive if the last reference is within a RunnableMethod. Just revoke the // method. - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; }; } // namespace net diff --git a/chromium/net/spdy/spdy_session_fuzzer.cc b/chromium/net/spdy/spdy_session_fuzzer.cc index 417cd9a6a08..4e139e60e5b 100644 --- a/chromium/net/spdy/spdy_session_fuzzer.cc +++ b/chromium/net/spdy/spdy_session_fuzzer.cc @@ -5,7 +5,6 @@ #include "base/logging.h" #include "base/run_loop.h" #include "base/stl_util.h" -#include "base/test/fuzzed_data_provider.h" #include "net/base/host_port_pair.h" #include "net/base/net_errors.h" #include "net/base/request_priority.h" @@ -19,6 +18,7 @@ #include "net/spdy/spdy_test_util_common.h" #include "net/ssl/ssl_config.h" #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" +#include "third_party/libFuzzer/src/utils/FuzzedDataProvider.h" namespace { @@ -59,22 +59,22 @@ namespace { class FuzzedSocketFactoryWithMockSSLData : public FuzzedSocketFactory { public: explicit FuzzedSocketFactoryWithMockSSLData( - base::FuzzedDataProvider* data_provider); + FuzzedDataProvider* data_provider); void AddSSLSocketDataProvider(SSLSocketDataProvider* socket); std::unique_ptr CreateSSLClientSocket( + SSLClientContext* context, std::unique_ptr nested_socket, const HostPortPair& host_and_port, - const SSLConfig& ssl_config, - const SSLClientSocketContext& context) override; + const SSLConfig& ssl_config) override; private: SocketDataProviderArray mock_ssl_data_; }; FuzzedSocketFactoryWithMockSSLData::FuzzedSocketFactoryWithMockSSLData( - base::FuzzedDataProvider* data_provider) + FuzzedDataProvider* data_provider) : FuzzedSocketFactory(data_provider) {} void FuzzedSocketFactoryWithMockSSLData::AddSSLSocketDataProvider( @@ -84,10 +84,10 @@ void FuzzedSocketFactoryWithMockSSLData::AddSSLSocketDataProvider( std::unique_ptr FuzzedSocketFactoryWithMockSSLData::CreateSSLClientSocket( + SSLClientContext* context, std::unique_ptr nested_socket, const HostPortPair& host_and_port, - const SSLConfig& ssl_config, - const SSLClientSocketContext& context) { + const SSLConfig& ssl_config) { return std::make_unique(std::move(nested_socket), host_and_port, ssl_config, mock_ssl_data_.GetNext()); @@ -102,7 +102,7 @@ FuzzedSocketFactoryWithMockSSLData::CreateSSLClientSocket( // |data| is used to create a FuzzedServerSocket. extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { net::BoundTestNetLog bound_test_net_log; - base::FuzzedDataProvider data_provider(data, size); + FuzzedDataProvider data_provider(data, size); net::FuzzedSocketFactoryWithMockSSLData socket_factory(&data_provider); socket_factory.set_fuzz_connect_result(false); diff --git a/chromium/net/spdy/spdy_session_pool.cc b/chromium/net/spdy/spdy_session_pool.cc index 0d527b67670..e47037015b8 100644 --- a/chromium/net/spdy/spdy_session_pool.cc +++ b/chromium/net/spdy/spdy_session_pool.cc @@ -103,8 +103,7 @@ SpdySessionPool::SpdySessionPool( greased_http2_frame_(greased_http2_frame), time_func_(time_func), push_delegate_(nullptr), - network_quality_estimator_(network_quality_estimator), - weak_ptr_factory_(this) { + network_quality_estimator_(network_quality_estimator) { NetworkChangeNotifier::AddIPAddressObserver(this); if (ssl_config_service_) ssl_config_service_->AddObserver(this); @@ -185,18 +184,18 @@ base::WeakPtr SpdySessionPool::FindAvailableSession( if (key == it->second->spdy_session_key()) { UMA_HISTOGRAM_ENUMERATION("Net.SpdySessionGet", FOUND_EXISTING, SPDY_SESSION_GET_MAX); - net_log.AddEvent( + net_log.AddEventReferencingSource( NetLogEventType::HTTP2_SESSION_POOL_FOUND_EXISTING_SESSION, - it->second->net_log().source().ToEventParametersCallback()); + it->second->net_log().source()); return it->second; } if (enable_ip_based_pooling) { UMA_HISTOGRAM_ENUMERATION("Net.SpdySessionGet", FOUND_EXISTING_FROM_IP_POOL, SPDY_SESSION_GET_MAX); - net_log.AddEvent( + net_log.AddEventReferencingSource( NetLogEventType::HTTP2_SESSION_POOL_FOUND_EXISTING_SESSION_FROM_IP_POOL, - it->second->net_log().source().ToEventParametersCallback()); + it->second->net_log().source()); return it->second; } @@ -496,7 +495,7 @@ void SpdySessionPool::RemoveRequestForSpdySession(SpdySessionRequest* request) { weak_ptr_factory_.GetWeakPtr(), request->key())); } - DCHECK(base::ContainsKey(iter->second.request_set, request)); + DCHECK(base::Contains(iter->second.request_set, request)); RemoveRequestInternal(iter, iter->second.request_set.find(request)); } @@ -563,7 +562,7 @@ bool SpdySessionPool::IsSessionAvailable( void SpdySessionPool::MapKeyToAvailableSession( const SpdySessionKey& key, const base::WeakPtr& session) { - DCHECK(base::ContainsKey(sessions_, session.get())); + DCHECK(base::Contains(sessions_, session.get())); std::pair result = available_sessions_.insert(std::make_pair(key, session)); CHECK(result.second); @@ -666,9 +665,9 @@ base::WeakPtr SpdySessionPool::InsertSession( FROM_HERE, base::BindOnce(&SpdySessionPool::UpdatePendingRequests, weak_ptr_factory_.GetWeakPtr(), key)); - source_net_log.AddEvent( + source_net_log.AddEventReferencingSource( NetLogEventType::HTTP2_SESSION_POOL_IMPORTED_SESSION_FROM_SOCKET, - available_session->net_log().source().ToEventParametersCallback()); + available_session->net_log().source()); // Look up the IP address for this session so that we can match // future sessions (potentially to different domains) which can diff --git a/chromium/net/spdy/spdy_session_pool.h b/chromium/net/spdy/spdy_session_pool.h index 143d5645aed..3dbfba25f29 100644 --- a/chromium/net/spdy/spdy_session_pool.h +++ b/chromium/net/spdy/spdy_session_pool.h @@ -447,7 +447,7 @@ class NET_EXPORT SpdySessionPool NetworkQualityEstimator* network_quality_estimator_; - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(SpdySessionPool); }; diff --git a/chromium/net/spdy/spdy_session_pool_unittest.cc b/chromium/net/spdy/spdy_session_pool_unittest.cc index a2808fb0b6a..3013b536712 100644 --- a/chromium/net/spdy/spdy_session_pool_unittest.cc +++ b/chromium/net/spdy/spdy_session_pool_unittest.cc @@ -21,7 +21,6 @@ #include "net/http/http_network_session.h" #include "net/log/net_log_with_source.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/socket/client_socket_handle.h" #include "net/socket/socket_tag.h" #include "net/socket/transport_client_socket_pool.h" @@ -710,8 +709,7 @@ TEST_F(SpdySessionPoolTest, IPPoolingNetLog) { // FindAvailableSession() should have logged a netlog event indicating IP // pooling. - TestNetLogEntry::List entry_list; - net_log.GetEntries(&entry_list); + auto entry_list = net_log.GetEntries(); EXPECT_EQ( NetLogEventType::HTTP2_SESSION_POOL_FOUND_EXISTING_SESSION_FROM_IP_POOL, entry_list[0].type); @@ -892,7 +890,7 @@ TEST_F(SpdySessionPoolTest, IPAddressChanged) { base::WeakPtr sessionC = CreateSpdySession(http_session_.get(), keyC, NetLogWithSource()); - sessionC->CloseSessionOnError(ERR_SPDY_PROTOCOL_ERROR, "Error!"); + sessionC->CloseSessionOnError(ERR_HTTP2_PROTOCOL_ERROR, "Error!"); EXPECT_TRUE(sessionC->IsDraining()); spdy_session_pool_->OnIPAddressChanged(); diff --git a/chromium/net/spdy/spdy_session_unittest.cc b/chromium/net/spdy/spdy_session_unittest.cc index baabba7ad3d..a8ffdfcd426 100644 --- a/chromium/net/spdy/spdy_session_unittest.cc +++ b/chromium/net/spdy/spdy_session_unittest.cc @@ -32,7 +32,6 @@ #include "net/log/net_log_event_type.h" #include "net/log/net_log_source.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/nqe/network_quality_estimator_test_util.h" #include "net/socket/client_socket_pool.h" @@ -152,13 +151,10 @@ class SpdySessionTest : public PlatformTest, public WithScopedTaskEnvironment { } protected: - SpdySessionTest() - : SpdySessionTest(base::test::ScopedTaskEnvironment::MainThreadType::IO) { - } - explicit SpdySessionTest( - base::test::ScopedTaskEnvironment::MainThreadType type) - : WithScopedTaskEnvironment(type), + base::test::ScopedTaskEnvironment::TimeSource time_source = + base::test::ScopedTaskEnvironment::TimeSource::DEFAULT) + : WithScopedTaskEnvironment(time_source), old_max_group_sockets_(ClientSocketPoolManager::max_sockets_per_group( HttpNetworkSession::NORMAL_SOCKET_POOL)), old_max_pool_sockets_(ClientSocketPoolManager::max_sockets_per_pool( @@ -365,6 +361,8 @@ class SpdySessionTest : public PlatformTest, public WithScopedTaskEnvironment { url, session_.get()) != kNoPushedStreamFound; } + BoundTestNetLog log_; + // Original socket limits. Some tests set these. Safest to always restore // them once each test has been run. int old_max_group_sockets_; @@ -380,14 +378,13 @@ class SpdySessionTest : public PlatformTest, public WithScopedTaskEnvironment { const url::SchemeHostPort test_server_; SpdySessionKey key_; SSLSocketDataProvider ssl_; - BoundTestNetLog log_; }; class SpdySessionTestWithMockTime : public SpdySessionTest { protected: SpdySessionTestWithMockTime() : SpdySessionTest( - base::test::ScopedTaskEnvironment::MainThreadType::MOCK_TIME) {} + base::test::ScopedTaskEnvironment::TimeSource::MOCK_TIME) {} }; // Try to create a SPDY session that will fail during @@ -2148,8 +2145,7 @@ TEST_F(SpdySessionTest, Initialize) { // Flush the read completion task. base::RunLoop().RunUntilIdle(); - TestNetLogEntry::List entries; - log_.GetEntries(&entries); + auto entries = log_.GetEntries(); EXPECT_LT(0u, entries.size()); // Check that we logged HTTP2_SESSION_INITIALIZED correctly. @@ -2158,10 +2154,9 @@ TEST_F(SpdySessionTest, Initialize) { NetLogEventPhase::NONE); EXPECT_LT(0, pos); - TestNetLogEntry entry = entries[pos]; NetLogSource socket_source; EXPECT_TRUE( - NetLogSource::FromEventParameters(entry.params.get(), &socket_source)); + NetLogSource::FromEventParameters(&entries[pos].params, &socket_source)); EXPECT_TRUE(socket_source.IsValid()); EXPECT_NE(log_.bound().source().id, socket_source.id); } @@ -2189,38 +2184,24 @@ TEST_F(SpdySessionTest, NetLogOnSessionGoaway) { EXPECT_FALSE(session_); // Check that the NetLog was filled reasonably. - TestNetLogEntry::List entries; - log_.GetEntries(&entries); + auto entries = log_.GetEntries(); EXPECT_LT(0u, entries.size()); int pos = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::HTTP2_SESSION_RECV_GOAWAY, NetLogEventPhase::NONE); - TestNetLogEntry entry = entries[pos]; - int last_accepted_stream_id; - ASSERT_TRUE(entry.GetIntegerValue("last_accepted_stream_id", - &last_accepted_stream_id)); - EXPECT_EQ(42, last_accepted_stream_id); - int active_streams; - ASSERT_TRUE(entry.GetIntegerValue("active_streams", &active_streams)); - EXPECT_EQ(0, active_streams); - int unclaimed_streams; - ASSERT_TRUE(entry.GetIntegerValue("unclaimed_streams", &unclaimed_streams)); - EXPECT_EQ(0, unclaimed_streams); - std::string error_code; - ASSERT_TRUE(entry.GetStringValue("error_code", &error_code)); - EXPECT_EQ("11 (ENHANCE_YOUR_CALM)", error_code); - std::string debug_data; - ASSERT_TRUE(entry.GetStringValue("debug_data", &debug_data)); - EXPECT_EQ("foo", debug_data); + ASSERT_EQ(42, + GetIntegerValueFromParams(entries[pos], "last_accepted_stream_id")); + ASSERT_EQ(0, GetIntegerValueFromParams(entries[pos], "active_streams")); + ASSERT_EQ(0, GetIntegerValueFromParams(entries[pos], "unclaimed_streams")); + ASSERT_EQ("11 (ENHANCE_YOUR_CALM)", + GetStringValueFromParams(entries[pos], "error_code")); + ASSERT_EQ("foo", GetStringValueFromParams(entries[pos], "debug_data")); // Check that we logged SPDY_SESSION_CLOSE correctly. pos = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::HTTP2_SESSION_CLOSE, NetLogEventPhase::NONE); - entry = entries[pos]; - int net_error_code = 0; - ASSERT_TRUE(entry.GetNetErrorCode(&net_error_code)); - EXPECT_THAT(net_error_code, IsOk()); + EXPECT_THAT(GetNetErrorCodeFromParams(entries[pos]), IsOk()); } TEST_F(SpdySessionTest, NetLogOnSessionEOF) { @@ -2244,8 +2225,7 @@ TEST_F(SpdySessionTest, NetLogOnSessionEOF) { EXPECT_FALSE(session_); // Check that the NetLog was filled reasonably. - TestNetLogEntry::List entries; - log_.GetEntries(&entries); + auto entries = log_.GetEntries(); EXPECT_LT(0u, entries.size()); // Check that we logged SPDY_SESSION_CLOSE correctly. @@ -2253,10 +2233,8 @@ TEST_F(SpdySessionTest, NetLogOnSessionEOF) { entries, 0, NetLogEventType::HTTP2_SESSION_CLOSE, NetLogEventPhase::NONE); if (pos < static_cast(entries.size())) { - TestNetLogEntry entry = entries[pos]; - int error_code = 0; - ASSERT_TRUE(entry.GetNetErrorCode(&error_code)); - EXPECT_THAT(error_code, IsError(ERR_CONNECTION_CLOSED)); + ASSERT_THAT(GetNetErrorCodeFromParams(entries[pos]), + IsError(ERR_CONNECTION_CLOSED)); } else { ADD_FAILURE(); } @@ -2718,7 +2696,7 @@ class SessionClosingDelegate : public test::StreamDelegateDoNothing { ~SessionClosingDelegate() override = default; void OnClose(int status) override { - session_to_close_->CloseSessionOnError(ERR_SPDY_PROTOCOL_ERROR, "Error"); + session_to_close_->CloseSessionOnError(ERR_HTTP2_PROTOCOL_ERROR, "Error"); } private: @@ -5187,7 +5165,7 @@ TEST_F(SpdySessionTest, GoAwayOnSessionFlowControlError) { data.Resume(); base::RunLoop().RunUntilIdle(); - EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_SPDY_FLOW_CONTROL_ERROR)); + EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_HTTP2_FLOW_CONTROL_ERROR)); EXPECT_FALSE(session_); } @@ -5814,7 +5792,7 @@ TEST_F(SpdySessionTest, GetPushedStream) { SpdyStream* pushed_stream; int rv = session_->GetPushedStream(pushed_url, 2 /* pushed_stream_id */, IDLE, &pushed_stream); - EXPECT_THAT(rv, IsError(ERR_SPDY_PUSHED_STREAM_NOT_AVAILABLE)); + EXPECT_THAT(rv, IsError(ERR_HTTP2_PUSHED_STREAM_NOT_AVAILABLE)); // Read PUSH_PROMISE. data.Resume(); @@ -5845,7 +5823,7 @@ TEST_F(SpdySessionTest, GetPushedStream) { // stream with ID |pushed_stream_id|. rv = session_->GetPushedStream(pushed_url, 4 /* pushed_stream_id */, IDLE, &pushed_stream); - EXPECT_THAT(rv, IsError(ERR_SPDY_PUSHED_STREAM_NOT_AVAILABLE)); + EXPECT_THAT(rv, IsError(ERR_HTTP2_PUSHED_STREAM_NOT_AVAILABLE)); // GetPushedStream() should return OK and return the pushed stream in // |pushed_stream| outparam if |pushed_stream_id| matches. @@ -6597,19 +6575,19 @@ TEST(MapFramerErrorToProtocolError, MapsValues) { } TEST(MapFramerErrorToNetError, MapsValue) { - CHECK_EQ(ERR_SPDY_PROTOCOL_ERROR, + CHECK_EQ(ERR_HTTP2_PROTOCOL_ERROR, MapFramerErrorToNetError( http2::Http2DecoderAdapter::SPDY_INVALID_CONTROL_FRAME)); - CHECK_EQ(ERR_SPDY_COMPRESSION_ERROR, + CHECK_EQ(ERR_HTTP2_COMPRESSION_ERROR, MapFramerErrorToNetError( http2::Http2DecoderAdapter::SPDY_COMPRESS_FAILURE)); - CHECK_EQ(ERR_SPDY_COMPRESSION_ERROR, + CHECK_EQ(ERR_HTTP2_COMPRESSION_ERROR, MapFramerErrorToNetError( http2::Http2DecoderAdapter::SPDY_DECOMPRESS_FAILURE)); - CHECK_EQ(ERR_SPDY_FRAME_SIZE_ERROR, + CHECK_EQ(ERR_HTTP2_FRAME_SIZE_ERROR, MapFramerErrorToNetError( http2::Http2DecoderAdapter::SPDY_CONTROL_PAYLOAD_TOO_LARGE)); - CHECK_EQ(ERR_SPDY_FRAME_SIZE_ERROR, + CHECK_EQ(ERR_HTTP2_FRAME_SIZE_ERROR, MapFramerErrorToNetError( http2::Http2DecoderAdapter::SPDY_OVERSIZED_PAYLOAD)); } @@ -6633,15 +6611,15 @@ TEST(MapRstStreamStatusToProtocolError, MapsValues) { TEST(MapNetErrorToGoAwayStatus, MapsValue) { CHECK_EQ(spdy::ERROR_CODE_INADEQUATE_SECURITY, - MapNetErrorToGoAwayStatus(ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY)); + MapNetErrorToGoAwayStatus(ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY)); CHECK_EQ(spdy::ERROR_CODE_FLOW_CONTROL_ERROR, - MapNetErrorToGoAwayStatus(ERR_SPDY_FLOW_CONTROL_ERROR)); + MapNetErrorToGoAwayStatus(ERR_HTTP2_FLOW_CONTROL_ERROR)); CHECK_EQ(spdy::ERROR_CODE_PROTOCOL_ERROR, - MapNetErrorToGoAwayStatus(ERR_SPDY_PROTOCOL_ERROR)); + MapNetErrorToGoAwayStatus(ERR_HTTP2_PROTOCOL_ERROR)); CHECK_EQ(spdy::ERROR_CODE_COMPRESSION_ERROR, - MapNetErrorToGoAwayStatus(ERR_SPDY_COMPRESSION_ERROR)); + MapNetErrorToGoAwayStatus(ERR_HTTP2_COMPRESSION_ERROR)); CHECK_EQ(spdy::ERROR_CODE_FRAME_SIZE_ERROR, - MapNetErrorToGoAwayStatus(ERR_SPDY_FRAME_SIZE_ERROR)); + MapNetErrorToGoAwayStatus(ERR_HTTP2_FRAME_SIZE_ERROR)); CHECK_EQ(spdy::ERROR_CODE_PROTOCOL_ERROR, MapNetErrorToGoAwayStatus(ERR_UNEXPECTED)); } diff --git a/chromium/net/spdy/spdy_stream.cc b/chromium/net/spdy/spdy_stream.cc index 785de06409e..8df8a74d6fb 100644 --- a/chromium/net/spdy/spdy_stream.cc +++ b/chromium/net/spdy/spdy_stream.cc @@ -32,11 +32,9 @@ namespace net { namespace { -base::Value NetLogSpdyStreamErrorCallback( - spdy::SpdyStreamId stream_id, - int net_error, - const std::string* description, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogSpdyStreamErrorParams(spdy::SpdyStreamId stream_id, + int net_error, + const std::string* description) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetIntKey("stream_id", static_cast(stream_id)); dict.SetStringKey("net_error", ErrorToShortString(net_error)); @@ -44,11 +42,9 @@ base::Value NetLogSpdyStreamErrorCallback( return dict; } -base::Value NetLogSpdyStreamWindowUpdateCallback( - spdy::SpdyStreamId stream_id, - int32_t delta, - int32_t window_size, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogSpdyStreamWindowUpdateParams(spdy::SpdyStreamId stream_id, + int32_t delta, + int32_t window_size) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetIntKey("stream_id", stream_id); dict.SetIntKey("delta", delta); @@ -111,8 +107,7 @@ SpdyStream::SpdyStream(SpdyStreamType type, raw_sent_bytes_(0), recv_bytes_(0), write_handler_guard_(false), - traffic_annotation_(traffic_annotation), - weak_ptr_factory_(this) { + traffic_annotation_(traffic_annotation) { CHECK(type_ == SPDY_BIDIRECTIONAL_STREAM || type_ == SPDY_REQUEST_RESPONSE_STREAM || type_ == SPDY_PUSH_STREAM); @@ -238,10 +233,10 @@ bool SpdyStream::AdjustSendWindowSize(int32_t delta_window_size) { send_window_size_ += delta_window_size; - net_log_.AddEvent( - NetLogEventType::HTTP2_STREAM_UPDATE_SEND_WINDOW, - base::Bind(&NetLogSpdyStreamWindowUpdateCallback, stream_id_, - delta_window_size, send_window_size_)); + net_log_.AddEvent(NetLogEventType::HTTP2_STREAM_UPDATE_SEND_WINDOW, [&] { + return NetLogSpdyStreamWindowUpdateParams(stream_id_, delta_window_size, + send_window_size_); + }); PossiblyResumeIfSendStalled(); return true; @@ -272,7 +267,7 @@ void SpdyStream::IncreaseSendWindowSize(int32_t delta_window_size) { "Received WINDOW_UPDATE [delta: %d] for stream %d overflows " "send_window_size_ [current: %d]", delta_window_size, stream_id_, send_window_size_); - session_->ResetStream(stream_id_, ERR_SPDY_FLOW_CONTROL_ERROR, desc); + session_->ResetStream(stream_id_, ERR_HTTP2_FLOW_CONTROL_ERROR, desc); } } @@ -291,10 +286,10 @@ void SpdyStream::DecreaseSendWindowSize(int32_t delta_window_size) { send_window_size_ -= delta_window_size; - net_log_.AddEvent( - NetLogEventType::HTTP2_STREAM_UPDATE_SEND_WINDOW, - base::Bind(&NetLogSpdyStreamWindowUpdateCallback, stream_id_, - -delta_window_size, send_window_size_)); + net_log_.AddEvent(NetLogEventType::HTTP2_STREAM_UPDATE_SEND_WINDOW, [&] { + return NetLogSpdyStreamWindowUpdateParams(stream_id_, -delta_window_size, + send_window_size_); + }); } void SpdyStream::OnReadBufferConsumed( @@ -320,10 +315,10 @@ void SpdyStream::IncreaseRecvWindowSize(int32_t delta_window_size) { std::numeric_limits::max() - recv_window_size_); recv_window_size_ += delta_window_size; - net_log_.AddEvent( - NetLogEventType::HTTP2_STREAM_UPDATE_RECV_WINDOW, - base::Bind(&NetLogSpdyStreamWindowUpdateCallback, stream_id_, - delta_window_size, recv_window_size_)); + net_log_.AddEvent(NetLogEventType::HTTP2_STREAM_UPDATE_RECV_WINDOW, [&] { + return NetLogSpdyStreamWindowUpdateParams(stream_id_, delta_window_size, + recv_window_size_); + }); unacked_recv_window_bytes_ += delta_window_size; if (unacked_recv_window_bytes_ > max_recv_window_size_ / 2) { @@ -342,7 +337,7 @@ void SpdyStream::DecreaseRecvWindowSize(int32_t delta_window_size) { // the peer, that means that the receive window is not being respected. if (delta_window_size > recv_window_size_ - unacked_recv_window_bytes_) { session_->ResetStream( - stream_id_, ERR_SPDY_FLOW_CONTROL_ERROR, + stream_id_, ERR_HTTP2_FLOW_CONTROL_ERROR, "delta_window_size is " + base::NumberToString(delta_window_size) + " in DecreaseRecvWindowSize, which is larger than the receive " + "window size of " + base::NumberToString(recv_window_size_)); @@ -350,10 +345,10 @@ void SpdyStream::DecreaseRecvWindowSize(int32_t delta_window_size) { } recv_window_size_ -= delta_window_size; - net_log_.AddEvent( - NetLogEventType::HTTP2_STREAM_UPDATE_RECV_WINDOW, - base::Bind(&NetLogSpdyStreamWindowUpdateCallback, stream_id_, - -delta_window_size, recv_window_size_)); + net_log_.AddEvent(NetLogEventType::HTTP2_STREAM_UPDATE_RECV_WINDOW, [&] { + return NetLogSpdyStreamWindowUpdateParams(stream_id_, -delta_window_size, + recv_window_size_); + }); } int SpdyStream::GetPeerAddress(IPEndPoint* address) const { @@ -389,16 +384,16 @@ void SpdyStream::OnHeadersReceived( response_headers.find(spdy::kHttp2StatusHeader); if (it == response_headers.end()) { const std::string error("Response headers do not include :status."); - LogStreamError(ERR_SPDY_PROTOCOL_ERROR, error); - session_->ResetStream(stream_id_, ERR_SPDY_PROTOCOL_ERROR, error); + LogStreamError(ERR_HTTP2_PROTOCOL_ERROR, error); + session_->ResetStream(stream_id_, ERR_HTTP2_PROTOCOL_ERROR, error); return; } int status; if (!StringToInt(it->second, &status)) { const std::string error("Cannot parse :status."); - LogStreamError(ERR_SPDY_PROTOCOL_ERROR, error); - session_->ResetStream(stream_id_, ERR_SPDY_PROTOCOL_ERROR, error); + LogStreamError(ERR_HTTP2_PROTOCOL_ERROR, error); + session_->ResetStream(stream_id_, ERR_HTTP2_PROTOCOL_ERROR, error); return; } @@ -428,8 +423,8 @@ void SpdyStream::OnHeadersReceived( // the response headers only after request headers are sent. if (io_state_ == STATE_IDLE) { const std::string error("Response received before request sent."); - LogStreamError(ERR_SPDY_PROTOCOL_ERROR, error); - session_->ResetStream(stream_id_, ERR_SPDY_PROTOCOL_ERROR, error); + LogStreamError(ERR_HTTP2_PROTOCOL_ERROR, error); + session_->ResetStream(stream_id_, ERR_HTTP2_PROTOCOL_ERROR, error); return; } break; @@ -458,8 +453,8 @@ void SpdyStream::OnHeadersReceived( // Second header block is trailers. if (type_ == SPDY_PUSH_STREAM) { const std::string error("Trailers not supported for push stream."); - LogStreamError(ERR_SPDY_PROTOCOL_ERROR, error); - session_->ResetStream(stream_id_, ERR_SPDY_PROTOCOL_ERROR, error); + LogStreamError(ERR_HTTP2_PROTOCOL_ERROR, error); + session_->ResetStream(stream_id_, ERR_HTTP2_PROTOCOL_ERROR, error); return; } @@ -470,8 +465,8 @@ void SpdyStream::OnHeadersReceived( case TRAILERS_RECEIVED: // No further header blocks are allowed after trailers. const std::string error("Header block received after trailers."); - LogStreamError(ERR_SPDY_PROTOCOL_ERROR, error); - session_->ResetStream(stream_id_, ERR_SPDY_PROTOCOL_ERROR, error); + LogStreamError(ERR_HTTP2_PROTOCOL_ERROR, error); + session_->ResetStream(stream_id_, ERR_HTTP2_PROTOCOL_ERROR, error); break; } } @@ -499,22 +494,22 @@ void SpdyStream::OnDataReceived(std::unique_ptr buffer) { if (response_state_ == READY_FOR_HEADERS) { const std::string error("DATA received before headers."); - LogStreamError(ERR_SPDY_PROTOCOL_ERROR, error); - session_->ResetStream(stream_id_, ERR_SPDY_PROTOCOL_ERROR, error); + LogStreamError(ERR_HTTP2_PROTOCOL_ERROR, error); + session_->ResetStream(stream_id_, ERR_HTTP2_PROTOCOL_ERROR, error); return; } if (response_state_ == TRAILERS_RECEIVED && buffer) { const std::string error("DATA received after trailers."); - LogStreamError(ERR_SPDY_PROTOCOL_ERROR, error); - session_->ResetStream(stream_id_, ERR_SPDY_PROTOCOL_ERROR, error); + LogStreamError(ERR_HTTP2_PROTOCOL_ERROR, error); + session_->ResetStream(stream_id_, ERR_HTTP2_PROTOCOL_ERROR, error); return; } if (io_state_ == STATE_HALF_CLOSED_REMOTE) { const std::string error("DATA received on half-closed (remove) stream."); - LogStreamError(ERR_SPDY_STREAM_CLOSED, error); - session_->ResetStream(stream_id_, ERR_SPDY_STREAM_CLOSED, error); + LogStreamError(ERR_HTTP2_STREAM_CLOSED, error); + session_->ResetStream(stream_id_, ERR_HTTP2_STREAM_CLOSED, error); return; } @@ -665,18 +660,18 @@ int SpdyStream::OnDataSent(size_t frame_size) { } void SpdyStream::LogStreamError(int error, const std::string& description) { - net_log_.AddEvent(NetLogEventType::HTTP2_STREAM_ERROR, - base::Bind(&NetLogSpdyStreamErrorCallback, stream_id_, - error, &description)); + net_log_.AddEvent(NetLogEventType::HTTP2_STREAM_ERROR, [&] { + return NetLogSpdyStreamErrorParams(stream_id_, error, &description); + }); } void SpdyStream::OnClose(int status) { // In most cases, the stream should already be CLOSED. The exception is when a // SpdySession is shutting down while the stream is in an intermediate state. io_state_ = STATE_CLOSED; - if (status == ERR_SPDY_RST_STREAM_NO_ERROR_RECEIVED) { + if (status == ERR_HTTP2_RST_STREAM_NO_ERROR_RECEIVED) { if (response_state_ == READY_FOR_HEADERS) { - status = ERR_SPDY_PROTOCOL_ERROR; + status = ERR_HTTP2_PROTOCOL_ERROR; } else { status = OK; } @@ -766,8 +761,9 @@ SpdyStream::ShouldRequeueStream SpdyStream::PossiblyResumeIfSendStalled() { if (session_->IsSendStalled() || send_window_size_ <= 0) { return Requeue; } - net_log_.AddEvent(NetLogEventType::HTTP2_STREAM_FLOW_CONTROL_UNSTALLED, - NetLog::IntCallback("stream_id", stream_id_)); + net_log_.AddEventWithIntParams( + NetLogEventType::HTTP2_STREAM_FLOW_CONTROL_UNSTALLED, "stream_id", + stream_id_); send_stalled_by_flow_control_ = false; QueueNextDataFrame(); return DoNotRequeue; @@ -881,7 +877,7 @@ void SpdyStream::SaveResponseHeaders( int status) { DCHECK(response_headers_.empty()); if (response_headers.find("transfer-encoding") != response_headers.end()) { - session_->ResetStream(stream_id_, ERR_SPDY_PROTOCOL_ERROR, + session_->ResetStream(stream_id_, ERR_HTTP2_PROTOCOL_ERROR, "Received transfer-encoding header"); return; } @@ -897,7 +893,7 @@ void SpdyStream::SaveResponseHeaders( (status / 100 != 2 && status / 100 != 3 && status != 416)) { SpdySession::RecordSpdyPushedStreamFateHistogram( SpdyPushedStreamFate::kUnsupportedStatusCode); - session_->ResetStream(stream_id_, ERR_SPDY_CLIENT_REFUSED_STREAM, + session_->ResetStream(stream_id_, ERR_HTTP2_CLIENT_REFUSED_STREAM, "Unsupported status code for pushed stream."); return; } diff --git a/chromium/net/spdy/spdy_stream.h b/chromium/net/spdy/spdy_stream.h index a7a8e7b4c53..efdc0d9b022 100644 --- a/chromium/net/spdy/spdy_stream.h +++ b/chromium/net/spdy/spdy_stream.h @@ -530,7 +530,7 @@ class NET_EXPORT_PRIVATE SpdyStream { const NetworkTrafficAnnotationTag traffic_annotation_; - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(SpdyStream); }; diff --git a/chromium/net/spdy/spdy_stream_unittest.cc b/chromium/net/spdy/spdy_stream_unittest.cc index e0dc4d759fa..78ba72a1f32 100644 --- a/chromium/net/spdy/spdy_stream_unittest.cc +++ b/chromium/net/spdy/spdy_stream_unittest.cc @@ -23,7 +23,6 @@ #include "net/http/http_request_info.h" #include "net/log/net_log_event_type.h" #include "net/log/test_net_log.h" -#include "net/log/test_net_log_entry.h" #include "net/log/test_net_log_util.h" #include "net/socket/socket_tag.h" #include "net/socket/socket_test_util.h" @@ -449,17 +448,15 @@ TEST_F(SpdyStreamTest, StreamError) { EXPECT_TRUE(data.AllWriteDataConsumed()); // Check that the NetLog was filled reasonably. - TestNetLogEntry::List entries; - log.GetEntries(&entries); + auto entries = log.GetEntries(); EXPECT_LT(0u, entries.size()); // Check that we logged SPDY_STREAM_ERROR correctly. int pos = ExpectLogContainsSomewhere( entries, 0, NetLogEventType::HTTP2_STREAM_ERROR, NetLogEventPhase::NONE); - int stream_id2; - ASSERT_TRUE(entries[pos].GetIntegerValue("stream_id", &stream_id2)); - EXPECT_EQ(static_cast(stream_id), stream_id2); + EXPECT_EQ(static_cast(stream_id), + GetIntegerValueFromParams(entries[pos], "stream_id")); } // Make sure that large blocks of data are properly split up into frame-sized @@ -605,7 +602,7 @@ TEST_F(SpdyStreamTest, UpperCaseHeaders) { stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND), IsError(ERR_IO_PENDING)); - EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_HTTP2_PROTOCOL_ERROR)); // Finish async network reads and writes. base::RunLoop().RunUntilIdle(); @@ -720,7 +717,7 @@ TEST_F(SpdyStreamTest, HeadersMustHaveStatus) { EXPECT_EQ(ERR_IO_PENDING, stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND)); - EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_HTTP2_PROTOCOL_ERROR)); // Finish async network reads and writes. base::RunLoop().RunUntilIdle(); @@ -839,7 +836,7 @@ TEST_F(SpdyStreamTest, HeadersMustPreceedData) { EXPECT_EQ(ERR_IO_PENDING, stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND)); - EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_HTTP2_PROTOCOL_ERROR)); } TEST_F(SpdyStreamTest, HeadersMustPreceedDataOnPushedStream) { @@ -962,7 +959,7 @@ TEST_F(SpdyStreamTest, TrailersMustNotFollowTrailers) { EXPECT_EQ(ERR_IO_PENDING, stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND)); - EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_HTTP2_PROTOCOL_ERROR)); // Finish async network reads and writes. base::RunLoop().RunUntilIdle(); @@ -1021,7 +1018,7 @@ TEST_F(SpdyStreamTest, DataMustNotFollowTrailers) { EXPECT_EQ(ERR_IO_PENDING, stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND)); - EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_HTTP2_PROTOCOL_ERROR)); // Finish async network reads and writes. base::RunLoop().RunUntilIdle(); @@ -1125,7 +1122,7 @@ TEST_F(SpdyStreamTest, StatusMustBeNumber) { EXPECT_EQ(ERR_IO_PENDING, stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND)); - EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_HTTP2_PROTOCOL_ERROR)); // Finish async network reads and writes. base::RunLoop().RunUntilIdle(); @@ -1178,7 +1175,7 @@ TEST_F(SpdyStreamTest, StatusCannotHaveExtraText) { EXPECT_EQ(ERR_IO_PENDING, stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND)); - EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_HTTP2_PROTOCOL_ERROR)); // Finish async network reads and writes. base::RunLoop().RunUntilIdle(); @@ -1229,7 +1226,7 @@ TEST_F(SpdyStreamTest, StatusMustBePresent) { EXPECT_EQ(ERR_IO_PENDING, stream->SendRequestHeaders(std::move(headers), NO_MORE_DATA_TO_SEND)); - EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_SPDY_PROTOCOL_ERROR)); + EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_HTTP2_PROTOCOL_ERROR)); // Finish async network reads and writes. base::RunLoop().RunUntilIdle(); @@ -1291,7 +1288,7 @@ TEST_F(SpdyStreamTest, IncreaseSendWindowSizeOverflow) { data.Resume(); base::RunLoop().RunUntilIdle(); - EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_SPDY_FLOW_CONTROL_ERROR)); + EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_HTTP2_FLOW_CONTROL_ERROR)); } // Functions used with @@ -1590,7 +1587,7 @@ TEST_F(SpdyStreamTest, DataOnHalfClosedRemoveStream) { EXPECT_THAT(stream->SendRequestHeaders(std::move(headers), MORE_DATA_TO_SEND), IsError(ERR_IO_PENDING)); - EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_SPDY_STREAM_CLOSED)); + EXPECT_THAT(delegate.WaitForClose(), IsError(ERR_HTTP2_STREAM_CLOSED)); base::RunLoop().RunUntilIdle(); diff --git a/chromium/net/ssl/client_cert_store_mac_unittest.cc b/chromium/net/ssl/client_cert_store_mac_unittest.cc index 8427b7c9fad..4dd4d6fe754 100644 --- a/chromium/net/ssl/client_cert_store_mac_unittest.cc +++ b/chromium/net/ssl/client_cert_store_mac_unittest.cc @@ -63,7 +63,7 @@ TEST_F(ClientCertStoreMacTest, FilterOutThePreferredCert) { EXPECT_FALSE(cert_1->IsIssuedByEncoded(authority_2)); std::vector > certs; - scoped_refptr request(new SSLCertRequestInfo()); + auto request = base::MakeRefCounted(); request->cert_authorities = authority_2; ClientCertIdentityList selected_certs; @@ -85,7 +85,7 @@ TEST_F(ClientCertStoreMacTest, PreferredCertGoesFirst) { std::vector > certs; certs.push_back(cert_2); - scoped_refptr request(new SSLCertRequestInfo()); + auto request = base::MakeRefCounted(); ClientCertIdentityList selected_certs; bool rv = SelectClientCertsGivenPreferred( diff --git a/chromium/net/ssl/client_cert_store_nss_unittest.cc b/chromium/net/ssl/client_cert_store_nss_unittest.cc index c6c7f29857e..cf3a2942ae4 100644 --- a/chromium/net/ssl/client_cert_store_nss_unittest.cc +++ b/chromium/net/ssl/client_cert_store_nss_unittest.cc @@ -100,7 +100,7 @@ TEST(ClientCertStoreNSSTest, BuildsCertificateChain) { { // Request certificates matching B CA, |client_1|'s issuer. - scoped_refptr request(new SSLCertRequestInfo); + auto request = base::MakeRefCounted(); request->cert_authorities.push_back(std::string( reinterpret_cast(kAuthority1DN), sizeof(kAuthority1DN))); @@ -133,7 +133,7 @@ TEST(ClientCertStoreNSSTest, BuildsCertificateChain) { { // Request certificates matching C Root CA, |client_1_ca|'s issuer. - scoped_refptr request(new SSLCertRequestInfo); + auto request = base::MakeRefCounted(); request->cert_authorities.push_back( std::string(reinterpret_cast(kAuthorityRootDN), sizeof(kAuthorityRootDN))); @@ -212,7 +212,7 @@ TEST(ClientCertStoreNSSTest, SubjectPrintableStringContainingUTF8) { 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64}; - scoped_refptr request(new SSLCertRequestInfo); + auto request = base::MakeRefCounted(); request->cert_authorities.push_back(std::string( reinterpret_cast(kAuthorityDN), sizeof(kAuthorityDN))); diff --git a/chromium/net/ssl/client_cert_store_unittest-inl.h b/chromium/net/ssl/client_cert_store_unittest-inl.h index 6cc1118e5c0..71318b519a9 100644 --- a/chromium/net/ssl/client_cert_store_unittest-inl.h +++ b/chromium/net/ssl/client_cert_store_unittest-inl.h @@ -67,7 +67,7 @@ TYPED_TEST_SUITE_P(ClientCertStoreTest); TYPED_TEST_P(ClientCertStoreTest, EmptyQuery) { CertificateList certs; - scoped_refptr request(new SSLCertRequestInfo()); + auto request = base::MakeRefCounted(); ClientCertIdentityList selected_identities; bool rv = this->delegate_.SelectClientCerts(certs, *request.get(), @@ -85,7 +85,7 @@ TYPED_TEST_P(ClientCertStoreTest, AllIssuersAllowed) { std::vector > certs; certs.push_back(cert); - scoped_refptr request(new SSLCertRequestInfo()); + auto request = base::MakeRefCounted(); ClientCertIdentityList selected_identities; bool rv = this->delegate_.SelectClientCerts(certs, *request.get(), @@ -120,7 +120,7 @@ TYPED_TEST_P(ClientCertStoreTest, CertAuthorityFiltering) { std::vector > certs; certs.push_back(cert_1); certs.push_back(cert_2); - scoped_refptr request(new SSLCertRequestInfo()); + auto request = base::MakeRefCounted(); request->cert_authorities = authority_1; ClientCertIdentityList selected_identities; @@ -158,7 +158,7 @@ TYPED_TEST_P(ClientCertStoreTest, PrintableStringContainingUTF8) { options); ASSERT_TRUE(cert); - scoped_refptr request(new SSLCertRequestInfo()); + auto request = base::MakeRefCounted(); ClientCertIdentityList selected_identities; bool rv = this->delegate_.SelectClientCerts({cert}, *request.get(), diff --git a/chromium/net/ssl/openssl_ssl_util.cc b/chromium/net/ssl/openssl_ssl_util.cc index fea33f4f03d..f5185218e4e 100644 --- a/chromium/net/ssl/openssl_ssl_util.cc +++ b/chromium/net/ssl/openssl_ssl_util.cc @@ -5,10 +5,9 @@ #include "net/ssl/openssl_ssl_util.h" #include + #include -#include "base/bind.h" -#include "base/callback.h" #include "base/lazy_instance.h" #include "base/location.h" #include "base/logging.h" @@ -17,6 +16,7 @@ #include "crypto/openssl_util.h" #include "net/base/net_errors.h" #include "net/cert/x509_util.h" +#include "net/log/net_log_with_source.h" #include "net/ssl/ssl_connection_status_flags.h" #include "third_party/boringssl/src/include/openssl/err.h" #include "third_party/boringssl/src/include/openssl/ssl.h" @@ -128,10 +128,9 @@ int MapOpenSSLErrorSSL(uint32_t error_code) { } } -base::Value NetLogOpenSSLErrorCallback(int net_error, - int ssl_error, - const OpenSSLErrorInfo& error_info, - NetLogCaptureMode /* capture_mode */) { +base::Value NetLogOpenSSLErrorParams(int net_error, + int ssl_error, + const OpenSSLErrorInfo& error_info) { base::DictionaryValue dict; dict.SetInteger("net_error", net_error); dict.SetInteger("ssl_error", ssl_error); @@ -210,12 +209,14 @@ int MapOpenSSLErrorWithDetails(int err, } } -NetLogParametersCallback CreateNetLogOpenSSLErrorCallback( - int net_error, - int ssl_error, - const OpenSSLErrorInfo& error_info) { - return base::Bind(&NetLogOpenSSLErrorCallback, - net_error, ssl_error, error_info); +void NetLogOpenSSLError(const NetLogWithSource& net_log, + NetLogEventType type, + int net_error, + int ssl_error, + const OpenSSLErrorInfo& error_info) { + net_log.AddEvent(type, [&] { + return NetLogOpenSSLErrorParams(net_error, ssl_error, error_info); + }); } int GetNetSSLVersion(SSL* ssl) { diff --git a/chromium/net/ssl/openssl_ssl_util.h b/chromium/net/ssl/openssl_ssl_util.h index e205d56d977..18c70403045 100644 --- a/chromium/net/ssl/openssl_ssl_util.h +++ b/chromium/net/ssl/openssl_ssl_util.h @@ -9,7 +9,7 @@ #include "net/base/net_export.h" #include "net/cert/x509_certificate.h" -#include "net/log/net_log_parameters_callback.h" +#include "net/log/net_log_event_type.h" #include "third_party/boringssl/src/include/openssl/base.h" namespace crypto { @@ -22,6 +22,8 @@ class Location; namespace net { +class NetLogWithSource; + // Puts a net error, |err|, on the error stack in OpenSSL. The file and line are // extracted from |posted_from|. The function code of the error is left as 0. void OpenSSLPutNetError(const base::Location& posted_from, int err); @@ -68,11 +70,12 @@ int MapOpenSSLErrorWithDetails(int err, const crypto::OpenSSLErrStackTracer& tracer, OpenSSLErrorInfo* out_error_info); -// Creates NetLog callback for an OpenSSL error. -NetLogParametersCallback CreateNetLogOpenSSLErrorCallback( - int net_error, - int ssl_error, - const OpenSSLErrorInfo& error_info); +// Logs an OpenSSL error to the NetLog. +void NetLogOpenSSLError(const NetLogWithSource& net_log, + NetLogEventType type, + int net_error, + int ssl_error, + const OpenSSLErrorInfo& error_info); // Returns the net SSL version number (see ssl_connection_status_flags.h) for // this SSL connection. diff --git a/chromium/net/ssl/ssl_client_session_cache.cc b/chromium/net/ssl/ssl_client_session_cache.cc index 8729b84daec..da21c11510b 100644 --- a/chromium/net/ssl/ssl_client_session_cache.cc +++ b/chromium/net/ssl/ssl_client_session_cache.cc @@ -79,14 +79,6 @@ bssl::UniquePtr SSLClientSessionCache::Lookup( return session; } -void SSLClientSessionCache::ResetLookupCount(const std::string& cache_key) { - // It's possible that the cached session for this key was deleted after the - // Lookup. If that's the case, don't do anything. - auto iter = cache_.Get(cache_key); - if (iter == cache_.end()) - return; -} - void SSLClientSessionCache::Insert(const std::string& cache_key, bssl::UniquePtr session) { if (IsTLS13(session.get())) { @@ -115,7 +107,11 @@ bool SSLClientSessionCache::IsExpired(SSL_SESSION* session, time_t now) { if (now < 0) return true; uint64_t now_u64 = static_cast(now); - return now_u64 < SSL_SESSION_get_time(session) || + + // now_u64 may be slightly behind because of differences in how + // time is calculated at this layer versus BoringSSL. + // Add a second of wiggle room to account for this. + return now_u64 < SSL_SESSION_get_time(session) - 1 || now_u64 >= SSL_SESSION_get_time(session) + SSL_SESSION_get_timeout(session); } diff --git a/chromium/net/ssl/ssl_client_session_cache.h b/chromium/net/ssl/ssl_client_session_cache.h index 2a372933eca..858dd61c7fd 100644 --- a/chromium/net/ssl/ssl_client_session_cache.h +++ b/chromium/net/ssl/ssl_client_session_cache.h @@ -53,10 +53,6 @@ class NET_EXPORT SSLClientSessionCache : public CertDatabase::Observer { // of the MRU list. Returns nullptr if there is none. bssl::UniquePtr Lookup(const std::string& cache_key); - // Resets the count returned by Lookup to 0 for the session associated with - // |cache_key|. - void ResetLookupCount(const std::string& cache_key); - // Inserts |session| into the cache at |cache_key|. If there is an existing // one, it is released. Every |expiration_check_count| calls, the cache is // checked for stale entries. diff --git a/chromium/net/ssl/ssl_client_session_cache_unittest.cc b/chromium/net/ssl/ssl_client_session_cache_unittest.cc index 2fcb2563864..610c2f3ec92 100644 --- a/chromium/net/ssl/ssl_client_session_cache_unittest.cc +++ b/chromium/net/ssl/ssl_client_session_cache_unittest.cc @@ -350,7 +350,7 @@ TEST_F(SSLClientSessionCacheTest, LookupExpirationCheck) { EXPECT_EQ(1u, cache.size()); // Sessions also are treated as expired if the clock rewinds. - clock->Advance(base::TimeDelta::FromSeconds(-1)); + clock->Advance(base::TimeDelta::FromSeconds(-2)); EXPECT_EQ(nullptr, cache.Lookup("key").get()); EXPECT_EQ(0u, cache.size()); } diff --git a/chromium/net/ssl/ssl_config.cc b/chromium/net/ssl/ssl_config.cc index bdcc43d32e2..4b1ce4c24ed 100644 --- a/chromium/net/ssl/ssl_config.cc +++ b/chromium/net/ssl/ssl_config.cc @@ -30,7 +30,8 @@ SSLConfig::SSLConfig() ignore_certificate_errors(false), disable_cert_verification_network_fetches(false), send_client_cert(false), - renego_allowed_default(false) {} + renego_allowed_default(false), + privacy_mode(PRIVACY_MODE_DISABLED) {} SSLConfig::SSLConfig(const SSLConfig& other) = default; diff --git a/chromium/net/ssl/ssl_config.h b/chromium/net/ssl/ssl_config.h index 7a23fc45936..44ea9fb18ad 100644 --- a/chromium/net/ssl/ssl_config.h +++ b/chromium/net/ssl/ssl_config.h @@ -9,6 +9,8 @@ #include "base/memory/ref_counted.h" #include "net/base/net_export.h" +#include "net/base/network_isolation_key.h" +#include "net/base/privacy_mode.h" #include "net/cert/x509_certificate.h" #include "net/socket/next_proto.h" #include "net/ssl/ssl_private_key.h" @@ -122,7 +124,7 @@ struct NET_EXPORT SSLConfig { bool send_client_cert; // The list of application level protocols supported with ALPN (Application - // Layer Protocol Negotation), in decreasing order of preference. Protocols + // Layer Protocol Negotiation), in decreasing order of preference. Protocols // will be advertised in this order during TLS handshake. NextProtoVector alpn_protos; @@ -135,6 +137,20 @@ struct NET_EXPORT SSLConfig { scoped_refptr client_cert; scoped_refptr client_private_key; + + // If the PartitionSSLSessionsByNetworkIsolationKey feature is enabled, the + // session cache is partitioned by this value. + NetworkIsolationKey network_isolation_key; + + // An additional boolean to partition the session cache by. + // + // TODO(https://crbug.com/775438, https://crbug.com/951205): This should + // additionally disable client certificates, once client certificate handling + // is moved into SSLClientContext. With client certificates are disabled, the + // current session cache partitioning behavior will be needed to correctly + // implement it. For now, it acts as an incomplete version of + // PartitionSSLSessionsByNetworkIsolationKey. + PrivacyMode privacy_mode; }; } // namespace net diff --git a/chromium/net/ssl/ssl_handshake_details.h b/chromium/net/ssl/ssl_handshake_details.h new file mode 100644 index 00000000000..a9a024f40a8 --- /dev/null +++ b/chromium/net/ssl/ssl_handshake_details.h @@ -0,0 +1,29 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_SSL_SSL_HANDSHAKE_DETAILS_H_ +#define NET_SSL_SSL_HANDSHAKE_DETAILS_H_ + +namespace net { + +// This enum is persisted into histograms. Values may not be renumbered. +enum class SSLHandshakeDetails { + // TLS 1.2 (or earlier) full handshake (2-RTT) + kTLS12Full = 0, + // TLS 1.2 (or earlier) resumption (1-RTT) + kTLS12Resume = 1, + // TLS 1.2 full handshake with False Start (1-RTT) + kTLS12FalseStart = 2, + // TLS 1.3 full handshake (1-RTT, usually) + kTLS13Full = 3, + // TLS 1.3 resumption handshake (1-RTT, usually) + kTLS13Resume = 4, + // TLS 1.3 0-RTT handshake (0-RTT) + kTLS13Early = 5, + kMaxValue = kTLS13Early, +}; + +} // namespace net + +#endif // NET_SSL_SSL_HANDSHAKE_DETAILS_H_ diff --git a/chromium/net/ssl/ssl_platform_key_android_unittest.cc b/chromium/net/ssl/ssl_platform_key_android_unittest.cc index bdad44ddb70..a09ebc23c54 100644 --- a/chromium/net/ssl/ssl_platform_key_android_unittest.cc +++ b/chromium/net/ssl/ssl_platform_key_android_unittest.cc @@ -13,10 +13,10 @@ #include "base/files/file_util.h" #include "net/android/keystore.h" #include "net/cert/x509_certificate.h" +#include "net/net_test_jni_headers/AndroidKeyStoreTestUtil_jni.h" #include "net/ssl/ssl_private_key.h" #include "net/ssl/ssl_private_key_test_util.h" #include "net/test/cert_test_util.h" -#include "net/test/jni/AndroidKeyStoreTestUtil_jni.h" #include "net/test/test_data_directory.h" #include "net/test/test_with_scoped_task_environment.h" #include "testing/gtest/include/gtest/gtest.h" diff --git a/chromium/net/ssl/ssl_platform_key_util.h b/chromium/net/ssl/ssl_platform_key_util.h index eaf9ccc3501..02729fecba7 100644 --- a/chromium/net/ssl/ssl_platform_key_util.h +++ b/chromium/net/ssl/ssl_platform_key_util.h @@ -25,7 +25,8 @@ class X509Certificate; // background thread to avoid problems with buggy smartcards. Its underlying // Thread is non-joinable and as such provides // TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN semantics. -scoped_refptr GetSSLPlatformKeyTaskRunner(); +NET_EXPORT_PRIVATE scoped_refptr +GetSSLPlatformKeyTaskRunner(); // Returns the public key of |certificate| as an |EVP_PKEY| or nullptr on error. bssl::UniquePtr GetClientCertPublicKey( diff --git a/chromium/net/ssl/ssl_server_config.h b/chromium/net/ssl/ssl_server_config.h index 5ae81d460d9..01bd03908c1 100644 --- a/chromium/net/ssl/ssl_server_config.h +++ b/chromium/net/ssl/ssl_server_config.h @@ -10,6 +10,7 @@ #include #include "net/base/net_export.h" +#include "net/socket/next_proto.h" #include "net/ssl/ssl_config.h" namespace net { @@ -81,6 +82,11 @@ struct NET_EXPORT SSLServerConfig { // This field is meaningful only if client certificates are requested. // If a verifier is not provided then all certificates are accepted. ClientCertVerifier* client_cert_verifier; + + // The list of application level protocols supported with ALPN (Application + // Layer Protocol Negotiation), in decreasing order of preference. Protocols + // will be advertised in this order during TLS handshake. + NextProtoVector alpn_protos; }; } // namespace net diff --git a/chromium/net/ssl/test_ssl_private_key.h b/chromium/net/ssl/test_ssl_private_key.h index 2fa6c1a2a55..2201594885c 100644 --- a/chromium/net/ssl/test_ssl_private_key.h +++ b/chromium/net/ssl/test_ssl_private_key.h @@ -6,7 +6,6 @@ #define NET_SSL_TEST_SSL_PRIVATE_KEY_H_ #include "base/memory/ref_counted.h" -#include "net/base/net_export.h" #include "third_party/boringssl/src/include/openssl/base.h" namespace crypto { @@ -19,11 +18,11 @@ class SSLPrivateKey; // Returns a new SSLPrivateKey which uses |key| for signing operations or // nullptr on error. -NET_EXPORT scoped_refptr WrapOpenSSLPrivateKey( +scoped_refptr WrapOpenSSLPrivateKey( bssl::UniquePtr key); -NET_EXPORT scoped_refptr WrapRSAPrivateKey( +scoped_refptr WrapRSAPrivateKey( crypto::RSAPrivateKey* rsa_private_key); -NET_EXPORT scoped_refptr CreateFailSigningSSLPrivateKey(); +scoped_refptr CreateFailSigningSSLPrivateKey(); } // namespace net diff --git a/chromium/net/ssl/threaded_ssl_private_key.cc b/chromium/net/ssl/threaded_ssl_private_key.cc index 67597609f77..df24528c8ed 100644 --- a/chromium/net/ssl/threaded_ssl_private_key.cc +++ b/chromium/net/ssl/threaded_ssl_private_key.cc @@ -53,8 +53,7 @@ ThreadedSSLPrivateKey::ThreadedSSLPrivateKey( std::unique_ptr delegate, scoped_refptr task_runner) : core_(new Core(std::move(delegate))), - task_runner_(std::move(task_runner)), - weak_factory_(this) {} + task_runner_(std::move(task_runner)) {} std::string ThreadedSSLPrivateKey::GetProviderName() { return core_->delegate()->GetProviderName(); diff --git a/chromium/net/ssl/threaded_ssl_private_key.h b/chromium/net/ssl/threaded_ssl_private_key.h index 87dd94a8456..a769331c980 100644 --- a/chromium/net/ssl/threaded_ssl_private_key.h +++ b/chromium/net/ssl/threaded_ssl_private_key.h @@ -15,6 +15,7 @@ #include "base/macros.h" #include "base/memory/ref_counted.h" #include "base/memory/weak_ptr.h" +#include "net/base/net_export.h" #include "net/ssl/ssl_private_key.h" namespace base { @@ -25,7 +26,7 @@ namespace net { // An SSLPrivateKey implementation which offloads key operations to a background // task runner. -class ThreadedSSLPrivateKey : public SSLPrivateKey { +class NET_EXPORT ThreadedSSLPrivateKey : public SSLPrivateKey { public: // Interface for consumers to implement to perform the actual signing // operation. @@ -81,7 +82,7 @@ class ThreadedSSLPrivateKey : public SSLPrivateKey { scoped_refptr core_; scoped_refptr task_runner_; - base::WeakPtrFactory weak_factory_; + base::WeakPtrFactory weak_factory_{this}; DISALLOW_COPY_AND_ASSIGN(ThreadedSSLPrivateKey); }; diff --git a/chromium/net/test/android/javatests/AndroidManifest.xml b/chromium/net/test/android/javatests/AndroidManifest.xml index 4f0a46e7395..22916853e94 100644 --- a/chromium/net/test/android/javatests/AndroidManifest.xml +++ b/chromium/net/test/android/javatests/AndroidManifest.xml @@ -8,7 +8,6 @@ xmlns:tools="http://schemas.android.com/tools" package="org.chromium.net.test.support"> - diff --git a/chromium/net/test/embedded_test_server/android/embedded_test_server_android.cc b/chromium/net/test/embedded_test_server/android/embedded_test_server_android.cc index 6f6431e1a3a..99571e16ba0 100644 --- a/chromium/net/test/embedded_test_server/android/embedded_test_server_android.cc +++ b/chromium/net/test/embedded_test_server/android/embedded_test_server_android.cc @@ -11,7 +11,7 @@ #include "base/files/file_path.h" #include "base/test/test_support_android.h" #include "base/trace_event/trace_event.h" -#include "net/test/jni/EmbeddedTestServerImpl_jni.h" +#include "net/net_test_jni_headers/EmbeddedTestServerImpl_jni.h" using base::android::JavaParamRef; using base::android::JavaRef; @@ -156,6 +156,10 @@ static void JNI_EmbeddedTestServerImpl_Init( base::FilePath test_data_dir( base::android::ConvertJavaStringToUTF8(env, jtest_data_dir)); base::InitAndroidTestPaths(test_data_dir); + + // Bare new does not leak here because the instance deletes itself when it + // receives a Destroy() call its Java counterpart. The Java counterpart owns + // the instance created here. new EmbeddedTestServerAndroid(env, jobj, jhttps); } diff --git a/chromium/net/test/embedded_test_server/controllable_http_response.cc b/chromium/net/test/embedded_test_server/controllable_http_response.cc index bb509015cf5..e7470f2bf71 100644 --- a/chromium/net/test/embedded_test_server/controllable_http_response.cc +++ b/chromium/net/test/embedded_test_server/controllable_http_response.cc @@ -45,8 +45,7 @@ class ControllableHttpResponse::Interceptor : public HttpResponse { ControllableHttpResponse::ControllableHttpResponse( EmbeddedTestServer* embedded_test_server, const std::string& relative_url, - bool relative_url_is_prefix) - : weak_ptr_factory_(this) { + bool relative_url_is_prefix) { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); embedded_test_server->RegisterRequestHandler(base::BindRepeating( RequestHandler, weak_ptr_factory_.GetWeakPtr(), diff --git a/chromium/net/test/embedded_test_server/controllable_http_response.h b/chromium/net/test/embedded_test_server/controllable_http_response.h index efb23fda7e2..22406a70056 100644 --- a/chromium/net/test/embedded_test_server/controllable_http_response.h +++ b/chromium/net/test/embedded_test_server/controllable_http_response.h @@ -88,7 +88,7 @@ class ControllableHttpResponse { SEQUENCE_CHECKER(sequence_checker_); - base::WeakPtrFactory weak_ptr_factory_; + base::WeakPtrFactory weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(ControllableHttpResponse); }; diff --git a/chromium/net/test/embedded_test_server/default_handlers.cc b/chromium/net/test/embedded_test_server/default_handlers.cc index 58151d3cda0..fc81c976020 100644 --- a/chromium/net/test/embedded_test_server/default_handlers.cc +++ b/chromium/net/test/embedded_test_server/default_handlers.cc @@ -52,23 +52,23 @@ std::unique_ptr HandleDefaultConnect(const HttpRequest& request) { if (request.method != METHOD_CONNECT) return nullptr; - std::unique_ptr http_response(new BasicHttpResponse); + auto http_response = std::make_unique(); http_response->set_code(HTTP_BAD_REQUEST); http_response->set_content( "Your client has issued a malformed or illegal request."); http_response->set_content_type("text/html"); - return std::move(http_response); + return http_response; } // /cachetime // Returns a cacheable response. std::unique_ptr HandleCacheTime(const HttpRequest& request) { - std::unique_ptr http_response(new BasicHttpResponse); + auto http_response = std::make_unique(); http_response->set_content( "Cache: max-age=60"); http_response->set_content_type("text/html"); http_response->AddCustomHeader("Cache-Control", "max-age=60"); - return std::move(http_response); + return http_response; } // /echoheader?HEADERS | /echoheadercache?HEADERS @@ -80,7 +80,7 @@ std::unique_ptr HandleEchoHeader(const std::string& url, if (!ShouldHandle(request, url)) return nullptr; - std::unique_ptr http_response(new BasicHttpResponse); + auto http_response = std::make_unique(); GURL request_url = request.GetURL(); std::string vary; @@ -103,14 +103,14 @@ std::unique_ptr HandleEchoHeader(const std::string& url, http_response->set_content(content); http_response->set_content_type("text/plain"); http_response->AddCustomHeader("Cache-Control", cache_control); - return std::move(http_response); + return http_response; } // /echo?status=STATUS // Responds with the request body as the response body and // a status code of STATUS. std::unique_ptr HandleEcho(const HttpRequest& request) { - std::unique_ptr http_response(new BasicHttpResponse); + auto http_response = std::make_unique(); GURL request_url = request.GetURL(); if (request_url.has_query()) { @@ -125,17 +125,17 @@ std::unique_ptr HandleEcho(const HttpRequest& request) { http_response->set_content("Echo"); else http_response->set_content(request.content); - return std::move(http_response); + return http_response; } // /echotitle // Responds with the request body as the title. std::unique_ptr HandleEchoTitle(const HttpRequest& request) { - std::unique_ptr http_response(new BasicHttpResponse); + auto http_response = std::make_unique(); http_response->set_content_type("text/html"); http_response->set_content("" + request.content + ""); - return std::move(http_response); + return http_response; } // /echoall?QUERY @@ -144,7 +144,7 @@ std::unique_ptr HandleEchoTitle(const HttpRequest& request) { // Alternative form: // /echoall/nocache?QUERY prevents caching of the response. std::unique_ptr HandleEchoAll(const HttpRequest& request) { - std::unique_ptr http_response(new BasicHttpResponse); + auto http_response = std::make_unique(); std::string body = "EmbeddedTestServer - EchoAll