Home | History | Annotate | Download | only in http
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 // The rules for header parsing were borrowed from Firefox:
      6 // http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpResponseHead.cpp
      7 // The rules for parsing content-types were also borrowed from Firefox:
      8 // http://lxr.mozilla.org/mozilla/source/netwerk/base/src/nsURLHelper.cpp#834
      9 
     10 #include "net/http/http_response_headers.h"
     11 
     12 #include <algorithm>
     13 
     14 #include "base/format_macros.h"
     15 #include "base/logging.h"
     16 #include "base/metrics/histogram.h"
     17 #include "base/pickle.h"
     18 #include "base/strings/string_number_conversions.h"
     19 #include "base/strings/string_piece.h"
     20 #include "base/strings/string_util.h"
     21 #include "base/strings/stringprintf.h"
     22 #include "base/time/time.h"
     23 #include "base/values.h"
     24 #include "net/base/escape.h"
     25 #include "net/http/http_byte_range.h"
     26 #include "net/http/http_log_util.h"
     27 #include "net/http/http_util.h"
     28 
     29 using base::StringPiece;
     30 using base::Time;
     31 using base::TimeDelta;
     32 
     33 namespace net {
     34 
     35 //-----------------------------------------------------------------------------
     36 
     37 namespace {
     38 
     39 // These headers are RFC 2616 hop-by-hop headers;
     40 // not to be stored by caches.
     41 const char* const kHopByHopResponseHeaders[] = {
     42   "connection",
     43   "proxy-connection",
     44   "keep-alive",
     45   "trailer",
     46   "transfer-encoding",
     47   "upgrade"
     48 };
     49 
     50 // These headers are challenge response headers;
     51 // not to be stored by caches.
     52 const char* const kChallengeResponseHeaders[] = {
     53   "www-authenticate",
     54   "proxy-authenticate"
     55 };
     56 
     57 // These headers are cookie setting headers;
     58 // not to be stored by caches or disclosed otherwise.
     59 const char* const kCookieResponseHeaders[] = {
     60   "set-cookie",
     61   "set-cookie2"
     62 };
     63 
     64 // By default, do not cache Strict-Transport-Security or Public-Key-Pins.
     65 // This avoids erroneously re-processing them on page loads from cache ---
     66 // they are defined to be valid only on live and error-free HTTPS
     67 // connections.
     68 const char* const kSecurityStateHeaders[] = {
     69   "strict-transport-security",
     70   "public-key-pins"
     71 };
     72 
     73 // These response headers are not copied from a 304/206 response to the cached
     74 // response headers.  This list is based on Mozilla's nsHttpResponseHead.cpp.
     75 const char* const kNonUpdatedHeaders[] = {
     76   "connection",
     77   "proxy-connection",
     78   "keep-alive",
     79   "www-authenticate",
     80   "proxy-authenticate",
     81   "trailer",
     82   "transfer-encoding",
     83   "upgrade",
     84   "etag",
     85   "x-frame-options",
     86   "x-xss-protection",
     87 };
     88 
     89 // Some header prefixes mean "Don't copy this header from a 304 response.".
     90 // Rather than listing all the relevant headers, we can consolidate them into
     91 // this list:
     92 const char* const kNonUpdatedHeaderPrefixes[] = {
     93   "content-",
     94   "x-content-",
     95   "x-webkit-"
     96 };
     97 
     98 bool ShouldUpdateHeader(const std::string::const_iterator& name_begin,
     99                         const std::string::const_iterator& name_end) {
    100   for (size_t i = 0; i < arraysize(kNonUpdatedHeaders); ++i) {
    101     if (LowerCaseEqualsASCII(name_begin, name_end, kNonUpdatedHeaders[i]))
    102       return false;
    103   }
    104   for (size_t i = 0; i < arraysize(kNonUpdatedHeaderPrefixes); ++i) {
    105     if (StartsWithASCII(std::string(name_begin, name_end),
    106                         kNonUpdatedHeaderPrefixes[i], false))
    107       return false;
    108   }
    109   return true;
    110 }
    111 
    112 void CheckDoesNotHaveEmbededNulls(const std::string& str) {
    113   // Care needs to be taken when adding values to the raw headers string to
    114   // make sure it does not contain embeded NULLs. Any embeded '\0' may be
    115   // understood as line terminators and change how header lines get tokenized.
    116   CHECK(str.find('\0') == std::string::npos);
    117 }
    118 
    119 }  // namespace
    120 
    121 const char HttpResponseHeaders::kContentRange[] = "Content-Range";
    122 
    123 struct HttpResponseHeaders::ParsedHeader {
    124   // A header "continuation" contains only a subsequent value for the
    125   // preceding header.  (Header values are comma separated.)
    126   bool is_continuation() const { return name_begin == name_end; }
    127 
    128   std::string::const_iterator name_begin;
    129   std::string::const_iterator name_end;
    130   std::string::const_iterator value_begin;
    131   std::string::const_iterator value_end;
    132 };
    133 
    134 //-----------------------------------------------------------------------------
    135 
    136 HttpResponseHeaders::HttpResponseHeaders(const std::string& raw_input)
    137     : response_code_(-1) {
    138   Parse(raw_input);
    139 
    140   // The most important thing to do with this histogram is find out
    141   // the existence of unusual HTTP status codes.  As it happens
    142   // right now, there aren't double-constructions of response headers
    143   // using this constructor, so our counts should also be accurate,
    144   // without instantiating the histogram in two places.  It is also
    145   // important that this histogram not collect data in the other
    146   // constructor, which rebuilds an histogram from a pickle, since
    147   // that would actually create a double call between the original
    148   // HttpResponseHeader that was serialized, and initialization of the
    149   // new object from that pickle.
    150   UMA_HISTOGRAM_CUSTOM_ENUMERATION("Net.HttpResponseCode",
    151                                    HttpUtil::MapStatusCodeForHistogram(
    152                                        response_code_),
    153                                    // Note the third argument is only
    154                                    // evaluated once, see macro
    155                                    // definition for details.
    156                                    HttpUtil::GetStatusCodesForHistogram());
    157 }
    158 
    159 HttpResponseHeaders::HttpResponseHeaders(const Pickle& pickle,
    160                                          PickleIterator* iter)
    161     : response_code_(-1) {
    162   std::string raw_input;
    163   if (pickle.ReadString(iter, &raw_input))
    164     Parse(raw_input);
    165 }
    166 
    167 void HttpResponseHeaders::Persist(Pickle* pickle, PersistOptions options) {
    168   if (options == PERSIST_RAW) {
    169     pickle->WriteString(raw_headers_);
    170     return;  // Done.
    171   }
    172 
    173   HeaderSet filter_headers;
    174 
    175   // Construct set of headers to filter out based on options.
    176   if ((options & PERSIST_SANS_NON_CACHEABLE) == PERSIST_SANS_NON_CACHEABLE)
    177     AddNonCacheableHeaders(&filter_headers);
    178 
    179   if ((options & PERSIST_SANS_COOKIES) == PERSIST_SANS_COOKIES)
    180     AddCookieHeaders(&filter_headers);
    181 
    182   if ((options & PERSIST_SANS_CHALLENGES) == PERSIST_SANS_CHALLENGES)
    183     AddChallengeHeaders(&filter_headers);
    184 
    185   if ((options & PERSIST_SANS_HOP_BY_HOP) == PERSIST_SANS_HOP_BY_HOP)
    186     AddHopByHopHeaders(&filter_headers);
    187 
    188   if ((options & PERSIST_SANS_RANGES) == PERSIST_SANS_RANGES)
    189     AddHopContentRangeHeaders(&filter_headers);
    190 
    191   if ((options & PERSIST_SANS_SECURITY_STATE) == PERSIST_SANS_SECURITY_STATE)
    192     AddSecurityStateHeaders(&filter_headers);
    193 
    194   std::string blob;
    195   blob.reserve(raw_headers_.size());
    196 
    197   // This copies the status line w/ terminator null.
    198   // Note raw_headers_ has embedded nulls instead of \n,
    199   // so this just copies the first header line.
    200   blob.assign(raw_headers_.c_str(), strlen(raw_headers_.c_str()) + 1);
    201 
    202   for (size_t i = 0; i < parsed_.size(); ++i) {
    203     DCHECK(!parsed_[i].is_continuation());
    204 
    205     // Locate the start of the next header.
    206     size_t k = i;
    207     while (++k < parsed_.size() && parsed_[k].is_continuation()) {}
    208     --k;
    209 
    210     std::string header_name(parsed_[i].name_begin, parsed_[i].name_end);
    211     base::StringToLowerASCII(&header_name);
    212 
    213     if (filter_headers.find(header_name) == filter_headers.end()) {
    214       // Make sure there is a null after the value.
    215       blob.append(parsed_[i].name_begin, parsed_[k].value_end);
    216       blob.push_back('\0');
    217     }
    218 
    219     i = k;
    220   }
    221   blob.push_back('\0');
    222 
    223   pickle->WriteString(blob);
    224 }
    225 
    226 void HttpResponseHeaders::Update(const HttpResponseHeaders& new_headers) {
    227   DCHECK(new_headers.response_code() == 304 ||
    228          new_headers.response_code() == 206);
    229 
    230   // Copy up to the null byte.  This just copies the status line.
    231   std::string new_raw_headers(raw_headers_.c_str());
    232   new_raw_headers.push_back('\0');
    233 
    234   HeaderSet updated_headers;
    235 
    236   // NOTE: we write the new headers then the old headers for convenience.  The
    237   // order should not matter.
    238 
    239   // Figure out which headers we want to take from new_headers:
    240   for (size_t i = 0; i < new_headers.parsed_.size(); ++i) {
    241     const HeaderList& new_parsed = new_headers.parsed_;
    242 
    243     DCHECK(!new_parsed[i].is_continuation());
    244 
    245     // Locate the start of the next header.
    246     size_t k = i;
    247     while (++k < new_parsed.size() && new_parsed[k].is_continuation()) {}
    248     --k;
    249 
    250     const std::string::const_iterator& name_begin = new_parsed[i].name_begin;
    251     const std::string::const_iterator& name_end = new_parsed[i].name_end;
    252     if (ShouldUpdateHeader(name_begin, name_end)) {
    253       std::string name(name_begin, name_end);
    254       base::StringToLowerASCII(&name);
    255       updated_headers.insert(name);
    256 
    257       // Preserve this header line in the merged result, making sure there is
    258       // a null after the value.
    259       new_raw_headers.append(name_begin, new_parsed[k].value_end);
    260       new_raw_headers.push_back('\0');
    261     }
    262 
    263     i = k;
    264   }
    265 
    266   // Now, build the new raw headers.
    267   MergeWithHeaders(new_raw_headers, updated_headers);
    268 }
    269 
    270 void HttpResponseHeaders::MergeWithHeaders(const std::string& raw_headers,
    271                                            const HeaderSet& headers_to_remove) {
    272   std::string new_raw_headers(raw_headers);
    273   for (size_t i = 0; i < parsed_.size(); ++i) {
    274     DCHECK(!parsed_[i].is_continuation());
    275 
    276     // Locate the start of the next header.
    277     size_t k = i;
    278     while (++k < parsed_.size() && parsed_[k].is_continuation()) {}
    279     --k;
    280 
    281     std::string name(parsed_[i].name_begin, parsed_[i].name_end);
    282     base::StringToLowerASCII(&name);
    283     if (headers_to_remove.find(name) == headers_to_remove.end()) {
    284       // It's ok to preserve this header in the final result.
    285       new_raw_headers.append(parsed_[i].name_begin, parsed_[k].value_end);
    286       new_raw_headers.push_back('\0');
    287     }
    288 
    289     i = k;
    290   }
    291   new_raw_headers.push_back('\0');
    292 
    293   // Make this object hold the new data.
    294   raw_headers_.clear();
    295   parsed_.clear();
    296   Parse(new_raw_headers);
    297 }
    298 
    299 void HttpResponseHeaders::RemoveHeader(const std::string& name) {
    300   // Copy up to the null byte.  This just copies the status line.
    301   std::string new_raw_headers(raw_headers_.c_str());
    302   new_raw_headers.push_back('\0');
    303 
    304   std::string lowercase_name(name);
    305   base::StringToLowerASCII(&lowercase_name);
    306   HeaderSet to_remove;
    307   to_remove.insert(lowercase_name);
    308   MergeWithHeaders(new_raw_headers, to_remove);
    309 }
    310 
    311 void HttpResponseHeaders::RemoveHeaderLine(const std::string& name,
    312                                            const std::string& value) {
    313   std::string name_lowercase(name);
    314   base::StringToLowerASCII(&name_lowercase);
    315 
    316   std::string new_raw_headers(GetStatusLine());
    317   new_raw_headers.push_back('\0');
    318 
    319   new_raw_headers.reserve(raw_headers_.size());
    320 
    321   void* iter = NULL;
    322   std::string old_header_name;
    323   std::string old_header_value;
    324   while (EnumerateHeaderLines(&iter, &old_header_name, &old_header_value)) {
    325     std::string old_header_name_lowercase(name);
    326     base::StringToLowerASCII(&old_header_name_lowercase);
    327 
    328     if (name_lowercase == old_header_name_lowercase &&
    329         value == old_header_value)
    330       continue;
    331 
    332     new_raw_headers.append(old_header_name);
    333     new_raw_headers.push_back(':');
    334     new_raw_headers.push_back(' ');
    335     new_raw_headers.append(old_header_value);
    336     new_raw_headers.push_back('\0');
    337   }
    338   new_raw_headers.push_back('\0');
    339 
    340   // Make this object hold the new data.
    341   raw_headers_.clear();
    342   parsed_.clear();
    343   Parse(new_raw_headers);
    344 }
    345 
    346 void HttpResponseHeaders::AddHeader(const std::string& header) {
    347   CheckDoesNotHaveEmbededNulls(header);
    348   DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 2]);
    349   DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 1]);
    350   // Don't copy the last null.
    351   std::string new_raw_headers(raw_headers_, 0, raw_headers_.size() - 1);
    352   new_raw_headers.append(header);
    353   new_raw_headers.push_back('\0');
    354   new_raw_headers.push_back('\0');
    355 
    356   // Make this object hold the new data.
    357   raw_headers_.clear();
    358   parsed_.clear();
    359   Parse(new_raw_headers);
    360 }
    361 
    362 void HttpResponseHeaders::ReplaceStatusLine(const std::string& new_status) {
    363   CheckDoesNotHaveEmbededNulls(new_status);
    364   // Copy up to the null byte.  This just copies the status line.
    365   std::string new_raw_headers(new_status);
    366   new_raw_headers.push_back('\0');
    367 
    368   HeaderSet empty_to_remove;
    369   MergeWithHeaders(new_raw_headers, empty_to_remove);
    370 }
    371 
    372 void HttpResponseHeaders::UpdateWithNewRange(
    373     const HttpByteRange& byte_range,
    374     int64 resource_size,
    375     bool replace_status_line) {
    376   DCHECK(byte_range.IsValid());
    377   DCHECK(byte_range.HasFirstBytePosition());
    378   DCHECK(byte_range.HasLastBytePosition());
    379 
    380   const char kLengthHeader[] = "Content-Length";
    381   const char kRangeHeader[] = "Content-Range";
    382 
    383   RemoveHeader(kLengthHeader);
    384   RemoveHeader(kRangeHeader);
    385 
    386   int64 start = byte_range.first_byte_position();
    387   int64 end = byte_range.last_byte_position();
    388   int64 range_len = end - start + 1;
    389 
    390   if (replace_status_line)
    391     ReplaceStatusLine("HTTP/1.1 206 Partial Content");
    392 
    393   AddHeader(base::StringPrintf("%s: bytes %" PRId64 "-%" PRId64 "/%" PRId64,
    394                                kRangeHeader, start, end, resource_size));
    395   AddHeader(base::StringPrintf("%s: %" PRId64, kLengthHeader, range_len));
    396 }
    397 
    398 void HttpResponseHeaders::Parse(const std::string& raw_input) {
    399   raw_headers_.reserve(raw_input.size());
    400 
    401   // ParseStatusLine adds a normalized status line to raw_headers_
    402   std::string::const_iterator line_begin = raw_input.begin();
    403   std::string::const_iterator line_end =
    404       std::find(line_begin, raw_input.end(), '\0');
    405   // has_headers = true, if there is any data following the status line.
    406   // Used by ParseStatusLine() to decide if a HTTP/0.9 is really a HTTP/1.0.
    407   bool has_headers = (line_end != raw_input.end() &&
    408                       (line_end + 1) != raw_input.end() &&
    409                       *(line_end + 1) != '\0');
    410   ParseStatusLine(line_begin, line_end, has_headers);
    411   raw_headers_.push_back('\0');  // Terminate status line with a null.
    412 
    413   if (line_end == raw_input.end()) {
    414     raw_headers_.push_back('\0');  // Ensure the headers end with a double null.
    415 
    416     DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 2]);
    417     DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 1]);
    418     return;
    419   }
    420 
    421   // Including a terminating null byte.
    422   size_t status_line_len = raw_headers_.size();
    423 
    424   // Now, we add the rest of the raw headers to raw_headers_, and begin parsing
    425   // it (to populate our parsed_ vector).
    426   raw_headers_.append(line_end + 1, raw_input.end());
    427 
    428   // Ensure the headers end with a double null.
    429   while (raw_headers_.size() < 2 ||
    430          raw_headers_[raw_headers_.size() - 2] != '\0' ||
    431          raw_headers_[raw_headers_.size() - 1] != '\0') {
    432     raw_headers_.push_back('\0');
    433   }
    434 
    435   // Adjust to point at the null byte following the status line
    436   line_end = raw_headers_.begin() + status_line_len - 1;
    437 
    438   HttpUtil::HeadersIterator headers(line_end + 1, raw_headers_.end(),
    439                                     std::string(1, '\0'));
    440   while (headers.GetNext()) {
    441     AddHeader(headers.name_begin(),
    442               headers.name_end(),
    443               headers.values_begin(),
    444               headers.values_end());
    445   }
    446 
    447   DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 2]);
    448   DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 1]);
    449 }
    450 
    451 // Append all of our headers to the final output string.
    452 void HttpResponseHeaders::GetNormalizedHeaders(std::string* output) const {
    453   // copy up to the null byte.  this just copies the status line.
    454   output->assign(raw_headers_.c_str());
    455 
    456   // headers may appear multiple times (not necessarily in succession) in the
    457   // header data, so we build a map from header name to generated header lines.
    458   // to preserve the order of the original headers, the actual values are kept
    459   // in a separate list.  finally, the list of headers is flattened to form
    460   // the normalized block of headers.
    461   //
    462   // NOTE: We take special care to preserve the whitespace around any commas
    463   // that may occur in the original response headers.  Because our consumer may
    464   // be a web app, we cannot be certain of the semantics of commas despite the
    465   // fact that RFC 2616 says that they should be regarded as value separators.
    466   //
    467   typedef base::hash_map<std::string, size_t> HeadersMap;
    468   HeadersMap headers_map;
    469   HeadersMap::iterator iter = headers_map.end();
    470 
    471   std::vector<std::string> headers;
    472 
    473   for (size_t i = 0; i < parsed_.size(); ++i) {
    474     DCHECK(!parsed_[i].is_continuation());
    475 
    476     std::string name(parsed_[i].name_begin, parsed_[i].name_end);
    477     std::string lower_name = base::StringToLowerASCII(name);
    478 
    479     iter = headers_map.find(lower_name);
    480     if (iter == headers_map.end()) {
    481       iter = headers_map.insert(
    482           HeadersMap::value_type(lower_name, headers.size())).first;
    483       headers.push_back(name + ": ");
    484     } else {
    485       headers[iter->second].append(", ");
    486     }
    487 
    488     std::string::const_iterator value_begin = parsed_[i].value_begin;
    489     std::string::const_iterator value_end = parsed_[i].value_end;
    490     while (++i < parsed_.size() && parsed_[i].is_continuation())
    491       value_end = parsed_[i].value_end;
    492     --i;
    493 
    494     headers[iter->second].append(value_begin, value_end);
    495   }
    496 
    497   for (size_t i = 0; i < headers.size(); ++i) {
    498     output->push_back('\n');
    499     output->append(headers[i]);
    500   }
    501 
    502   output->push_back('\n');
    503 }
    504 
    505 bool HttpResponseHeaders::GetNormalizedHeader(const std::string& name,
    506                                               std::string* value) const {
    507   // If you hit this assertion, please use EnumerateHeader instead!
    508   DCHECK(!HttpUtil::IsNonCoalescingHeader(name));
    509 
    510   value->clear();
    511 
    512   bool found = false;
    513   size_t i = 0;
    514   while (i < parsed_.size()) {
    515     i = FindHeader(i, name);
    516     if (i == std::string::npos)
    517       break;
    518 
    519     found = true;
    520 
    521     if (!value->empty())
    522       value->append(", ");
    523 
    524     std::string::const_iterator value_begin = parsed_[i].value_begin;
    525     std::string::const_iterator value_end = parsed_[i].value_end;
    526     while (++i < parsed_.size() && parsed_[i].is_continuation())
    527       value_end = parsed_[i].value_end;
    528     value->append(value_begin, value_end);
    529   }
    530 
    531   return found;
    532 }
    533 
    534 std::string HttpResponseHeaders::GetStatusLine() const {
    535   // copy up to the null byte.
    536   return std::string(raw_headers_.c_str());
    537 }
    538 
    539 std::string HttpResponseHeaders::GetStatusText() const {
    540   // GetStatusLine() is already normalized, so it has the format:
    541   // <http_version> SP <response_code> SP <status_text>
    542   std::string status_text = GetStatusLine();
    543   std::string::const_iterator begin = status_text.begin();
    544   std::string::const_iterator end = status_text.end();
    545   for (int i = 0; i < 2; ++i)
    546     begin = std::find(begin, end, ' ') + 1;
    547   return std::string(begin, end);
    548 }
    549 
    550 bool HttpResponseHeaders::EnumerateHeaderLines(void** iter,
    551                                                std::string* name,
    552                                                std::string* value) const {
    553   size_t i = reinterpret_cast<size_t>(*iter);
    554   if (i == parsed_.size())
    555     return false;
    556 
    557   DCHECK(!parsed_[i].is_continuation());
    558 
    559   name->assign(parsed_[i].name_begin, parsed_[i].name_end);
    560 
    561   std::string::const_iterator value_begin = parsed_[i].value_begin;
    562   std::string::const_iterator value_end = parsed_[i].value_end;
    563   while (++i < parsed_.size() && parsed_[i].is_continuation())
    564     value_end = parsed_[i].value_end;
    565 
    566   value->assign(value_begin, value_end);
    567 
    568   *iter = reinterpret_cast<void*>(i);
    569   return true;
    570 }
    571 
    572 bool HttpResponseHeaders::EnumerateHeader(void** iter,
    573                                           const base::StringPiece& name,
    574                                           std::string* value) const {
    575   size_t i;
    576   if (!iter || !*iter) {
    577     i = FindHeader(0, name);
    578   } else {
    579     i = reinterpret_cast<size_t>(*iter);
    580     if (i >= parsed_.size()) {
    581       i = std::string::npos;
    582     } else if (!parsed_[i].is_continuation()) {
    583       i = FindHeader(i, name);
    584     }
    585   }
    586 
    587   if (i == std::string::npos) {
    588     value->clear();
    589     return false;
    590   }
    591 
    592   if (iter)
    593     *iter = reinterpret_cast<void*>(i + 1);
    594   value->assign(parsed_[i].value_begin, parsed_[i].value_end);
    595   return true;
    596 }
    597 
    598 bool HttpResponseHeaders::HasHeaderValue(const base::StringPiece& name,
    599                                          const base::StringPiece& value) const {
    600   // The value has to be an exact match.  This is important since
    601   // 'cache-control: no-cache' != 'cache-control: no-cache="foo"'
    602   void* iter = NULL;
    603   std::string temp;
    604   while (EnumerateHeader(&iter, name, &temp)) {
    605     if (value.size() == temp.size() &&
    606         std::equal(temp.begin(), temp.end(), value.begin(),
    607                    base::CaseInsensitiveCompare<char>()))
    608       return true;
    609   }
    610   return false;
    611 }
    612 
    613 bool HttpResponseHeaders::HasHeader(const base::StringPiece& name) const {
    614   return FindHeader(0, name) != std::string::npos;
    615 }
    616 
    617 HttpResponseHeaders::HttpResponseHeaders() : response_code_(-1) {
    618 }
    619 
    620 HttpResponseHeaders::~HttpResponseHeaders() {
    621 }
    622 
    623 // Note: this implementation implicitly assumes that line_end points at a valid
    624 // sentinel character (such as '\0').
    625 // static
    626 HttpVersion HttpResponseHeaders::ParseVersion(
    627     std::string::const_iterator line_begin,
    628     std::string::const_iterator line_end) {
    629   std::string::const_iterator p = line_begin;
    630 
    631   // RFC2616 sec 3.1: HTTP-Version   = "HTTP" "/" 1*DIGIT "." 1*DIGIT
    632   // TODO: (1*DIGIT apparently means one or more digits, but we only handle 1).
    633   // TODO: handle leading zeros, which is allowed by the rfc1616 sec 3.1.
    634 
    635   if ((line_end - p < 4) || !LowerCaseEqualsASCII(p, p + 4, "http")) {
    636     DVLOG(1) << "missing status line";
    637     return HttpVersion();
    638   }
    639 
    640   p += 4;
    641 
    642   if (p >= line_end || *p != '/') {
    643     DVLOG(1) << "missing version";
    644     return HttpVersion();
    645   }
    646 
    647   std::string::const_iterator dot = std::find(p, line_end, '.');
    648   if (dot == line_end) {
    649     DVLOG(1) << "malformed version";
    650     return HttpVersion();
    651   }
    652 
    653   ++p;  // from / to first digit.
    654   ++dot;  // from . to second digit.
    655 
    656   if (!(*p >= '0' && *p <= '9' && *dot >= '0' && *dot <= '9')) {
    657     DVLOG(1) << "malformed version number";
    658     return HttpVersion();
    659   }
    660 
    661   uint16 major = *p - '0';
    662   uint16 minor = *dot - '0';
    663 
    664   return HttpVersion(major, minor);
    665 }
    666 
    667 // Note: this implementation implicitly assumes that line_end points at a valid
    668 // sentinel character (such as '\0').
    669 void HttpResponseHeaders::ParseStatusLine(
    670     std::string::const_iterator line_begin,
    671     std::string::const_iterator line_end,
    672     bool has_headers) {
    673   // Extract the version number
    674   parsed_http_version_ = ParseVersion(line_begin, line_end);
    675 
    676   // Clamp the version number to one of: {0.9, 1.0, 1.1}
    677   if (parsed_http_version_ == HttpVersion(0, 9) && !has_headers) {
    678     http_version_ = HttpVersion(0, 9);
    679     raw_headers_ = "HTTP/0.9";
    680   } else if (parsed_http_version_ >= HttpVersion(1, 1)) {
    681     http_version_ = HttpVersion(1, 1);
    682     raw_headers_ = "HTTP/1.1";
    683   } else {
    684     // Treat everything else like HTTP 1.0
    685     http_version_ = HttpVersion(1, 0);
    686     raw_headers_ = "HTTP/1.0";
    687   }
    688   if (parsed_http_version_ != http_version_) {
    689     DVLOG(1) << "assuming HTTP/" << http_version_.major_value() << "."
    690              << http_version_.minor_value();
    691   }
    692 
    693   // TODO(eroman): this doesn't make sense if ParseVersion failed.
    694   std::string::const_iterator p = std::find(line_begin, line_end, ' ');
    695 
    696   if (p == line_end) {
    697     DVLOG(1) << "missing response status; assuming 200 OK";
    698     raw_headers_.append(" 200 OK");
    699     response_code_ = 200;
    700     return;
    701   }
    702 
    703   // Skip whitespace.
    704   while (*p == ' ')
    705     ++p;
    706 
    707   std::string::const_iterator code = p;
    708   while (*p >= '0' && *p <= '9')
    709     ++p;
    710 
    711   if (p == code) {
    712     DVLOG(1) << "missing response status number; assuming 200";
    713     raw_headers_.append(" 200 OK");
    714     response_code_ = 200;
    715     return;
    716   }
    717   raw_headers_.push_back(' ');
    718   raw_headers_.append(code, p);
    719   raw_headers_.push_back(' ');
    720   base::StringToInt(StringPiece(code, p), &response_code_);
    721 
    722   // Skip whitespace.
    723   while (*p == ' ')
    724     ++p;
    725 
    726   // Trim trailing whitespace.
    727   while (line_end > p && line_end[-1] == ' ')
    728     --line_end;
    729 
    730   if (p == line_end) {
    731     DVLOG(1) << "missing response status text; assuming OK";
    732     // Not super critical what we put here. Just use "OK"
    733     // even if it isn't descriptive of response_code_.
    734     raw_headers_.append("OK");
    735   } else {
    736     raw_headers_.append(p, line_end);
    737   }
    738 }
    739 
    740 size_t HttpResponseHeaders::FindHeader(size_t from,
    741                                        const base::StringPiece& search) const {
    742   for (size_t i = from; i < parsed_.size(); ++i) {
    743     if (parsed_[i].is_continuation())
    744       continue;
    745     const std::string::const_iterator& name_begin = parsed_[i].name_begin;
    746     const std::string::const_iterator& name_end = parsed_[i].name_end;
    747     if (static_cast<size_t>(name_end - name_begin) == search.size() &&
    748         std::equal(name_begin, name_end, search.begin(),
    749                    base::CaseInsensitiveCompare<char>()))
    750       return i;
    751   }
    752 
    753   return std::string::npos;
    754 }
    755 
    756 bool HttpResponseHeaders::GetCacheControlDirective(const StringPiece& directive,
    757                                                    TimeDelta* result) const {
    758   StringPiece name("cache-control");
    759   std::string value;
    760 
    761   size_t directive_size = directive.size();
    762 
    763   void* iter = NULL;
    764   while (EnumerateHeader(&iter, name, &value)) {
    765     if (value.size() > directive_size + 1 &&
    766         LowerCaseEqualsASCII(value.begin(),
    767                              value.begin() + directive_size,
    768                              directive.begin()) &&
    769         value[directive_size] == '=') {
    770       int64 seconds;
    771       base::StringToInt64(
    772           StringPiece(value.begin() + directive_size + 1, value.end()),
    773           &seconds);
    774       *result = TimeDelta::FromSeconds(seconds);
    775       return true;
    776     }
    777   }
    778 
    779   return false;
    780 }
    781 
    782 void HttpResponseHeaders::AddHeader(std::string::const_iterator name_begin,
    783                                     std::string::const_iterator name_end,
    784                                     std::string::const_iterator values_begin,
    785                                     std::string::const_iterator values_end) {
    786   // If the header can be coalesced, then we should split it up.
    787   if (values_begin == values_end ||
    788       HttpUtil::IsNonCoalescingHeader(name_begin, name_end)) {
    789     AddToParsed(name_begin, name_end, values_begin, values_end);
    790   } else {
    791     HttpUtil::ValuesIterator it(values_begin, values_end, ',');
    792     while (it.GetNext()) {
    793       AddToParsed(name_begin, name_end, it.value_begin(), it.value_end());
    794       // clobber these so that subsequent values are treated as continuations
    795       name_begin = name_end = raw_headers_.end();
    796     }
    797   }
    798 }
    799 
    800 void HttpResponseHeaders::AddToParsed(std::string::const_iterator name_begin,
    801                                       std::string::const_iterator name_end,
    802                                       std::string::const_iterator value_begin,
    803                                       std::string::const_iterator value_end) {
    804   ParsedHeader header;
    805   header.name_begin = name_begin;
    806   header.name_end = name_end;
    807   header.value_begin = value_begin;
    808   header.value_end = value_end;
    809   parsed_.push_back(header);
    810 }
    811 
    812 void HttpResponseHeaders::AddNonCacheableHeaders(HeaderSet* result) const {
    813   // Add server specified transients.  Any 'cache-control: no-cache="foo,bar"'
    814   // headers present in the response specify additional headers that we should
    815   // not store in the cache.
    816   const char kCacheControl[] = "cache-control";
    817   const char kPrefix[] = "no-cache=\"";
    818   const size_t kPrefixLen = sizeof(kPrefix) - 1;
    819 
    820   std::string value;
    821   void* iter = NULL;
    822   while (EnumerateHeader(&iter, kCacheControl, &value)) {
    823     // If the value is smaller than the prefix and a terminal quote, skip
    824     // it.
    825     if (value.size() <= kPrefixLen ||
    826         value.compare(0, kPrefixLen, kPrefix) != 0) {
    827       continue;
    828     }
    829     // if it doesn't end with a quote, then treat as malformed
    830     if (value[value.size()-1] != '\"')
    831       continue;
    832 
    833     // process the value as a comma-separated list of items. Each
    834     // item can be wrapped by linear white space.
    835     std::string::const_iterator item = value.begin() + kPrefixLen;
    836     std::string::const_iterator end = value.end() - 1;
    837     while (item != end) {
    838       // Find the comma to compute the length of the current item,
    839       // and the position of the next one.
    840       std::string::const_iterator item_next = std::find(item, end, ',');
    841       std::string::const_iterator item_end = end;
    842       if (item_next != end) {
    843         // Skip over comma for next position.
    844         item_end = item_next;
    845         item_next++;
    846       }
    847       // trim off leading and trailing whitespace in this item.
    848       HttpUtil::TrimLWS(&item, &item_end);
    849 
    850       // assuming the header is not empty, lowercase and insert into set
    851       if (item_end > item) {
    852         std::string name(&*item, item_end - item);
    853         base::StringToLowerASCII(&name);
    854         result->insert(name);
    855       }
    856 
    857       // Continue to next item.
    858       item = item_next;
    859     }
    860   }
    861 }
    862 
    863 void HttpResponseHeaders::AddHopByHopHeaders(HeaderSet* result) {
    864   for (size_t i = 0; i < arraysize(kHopByHopResponseHeaders); ++i)
    865     result->insert(std::string(kHopByHopResponseHeaders[i]));
    866 }
    867 
    868 void HttpResponseHeaders::AddCookieHeaders(HeaderSet* result) {
    869   for (size_t i = 0; i < arraysize(kCookieResponseHeaders); ++i)
    870     result->insert(std::string(kCookieResponseHeaders[i]));
    871 }
    872 
    873 void HttpResponseHeaders::AddChallengeHeaders(HeaderSet* result) {
    874   for (size_t i = 0; i < arraysize(kChallengeResponseHeaders); ++i)
    875     result->insert(std::string(kChallengeResponseHeaders[i]));
    876 }
    877 
    878 void HttpResponseHeaders::AddHopContentRangeHeaders(HeaderSet* result) {
    879   result->insert(kContentRange);
    880 }
    881 
    882 void HttpResponseHeaders::AddSecurityStateHeaders(HeaderSet* result) {
    883   for (size_t i = 0; i < arraysize(kSecurityStateHeaders); ++i)
    884     result->insert(std::string(kSecurityStateHeaders[i]));
    885 }
    886 
    887 void HttpResponseHeaders::GetMimeTypeAndCharset(std::string* mime_type,
    888                                                 std::string* charset) const {
    889   mime_type->clear();
    890   charset->clear();
    891 
    892   std::string name = "content-type";
    893   std::string value;
    894 
    895   bool had_charset = false;
    896 
    897   void* iter = NULL;
    898   while (EnumerateHeader(&iter, name, &value))
    899     HttpUtil::ParseContentType(value, mime_type, charset, &had_charset, NULL);
    900 }
    901 
    902 bool HttpResponseHeaders::GetMimeType(std::string* mime_type) const {
    903   std::string unused;
    904   GetMimeTypeAndCharset(mime_type, &unused);
    905   return !mime_type->empty();
    906 }
    907 
    908 bool HttpResponseHeaders::GetCharset(std::string* charset) const {
    909   std::string unused;
    910   GetMimeTypeAndCharset(&unused, charset);
    911   return !charset->empty();
    912 }
    913 
    914 bool HttpResponseHeaders::IsRedirect(std::string* location) const {
    915   if (!IsRedirectResponseCode(response_code_))
    916     return false;
    917 
    918   // If we lack a Location header, then we can't treat this as a redirect.
    919   // We assume that the first non-empty location value is the target URL that
    920   // we want to follow.  TODO(darin): Is this consistent with other browsers?
    921   size_t i = std::string::npos;
    922   do {
    923     i = FindHeader(++i, "location");
    924     if (i == std::string::npos)
    925       return false;
    926     // If the location value is empty, then it doesn't count.
    927   } while (parsed_[i].value_begin == parsed_[i].value_end);
    928 
    929   if (location) {
    930     // Escape any non-ASCII characters to preserve them.  The server should
    931     // only be returning ASCII here, but for compat we need to do this.
    932     *location = EscapeNonASCII(
    933         std::string(parsed_[i].value_begin, parsed_[i].value_end));
    934   }
    935 
    936   return true;
    937 }
    938 
    939 // static
    940 bool HttpResponseHeaders::IsRedirectResponseCode(int response_code) {
    941   // Users probably want to see 300 (multiple choice) pages, so we don't count
    942   // them as redirects that need to be followed.
    943   return (response_code == 301 ||
    944           response_code == 302 ||
    945           response_code == 303 ||
    946           response_code == 307 ||
    947           response_code == 308);
    948 }
    949 
    950 // From RFC 2616 section 13.2.4:
    951 //
    952 // The calculation to determine if a response has expired is quite simple:
    953 //
    954 //   response_is_fresh = (freshness_lifetime > current_age)
    955 //
    956 // Of course, there are other factors that can force a response to always be
    957 // validated or re-fetched.
    958 //
    959 bool HttpResponseHeaders::RequiresValidation(const Time& request_time,
    960                                              const Time& response_time,
    961                                              const Time& current_time) const {
    962   TimeDelta lifetime =
    963       GetFreshnessLifetime(response_time);
    964   if (lifetime == TimeDelta())
    965     return true;
    966 
    967   return lifetime <= GetCurrentAge(request_time, response_time, current_time);
    968 }
    969 
    970 // From RFC 2616 section 13.2.4:
    971 //
    972 // The max-age directive takes priority over Expires, so if max-age is present
    973 // in a response, the calculation is simply:
    974 //
    975 //   freshness_lifetime = max_age_value
    976 //
    977 // Otherwise, if Expires is present in the response, the calculation is:
    978 //
    979 //   freshness_lifetime = expires_value - date_value
    980 //
    981 // Note that neither of these calculations is vulnerable to clock skew, since
    982 // all of the information comes from the origin server.
    983 //
    984 // Also, if the response does have a Last-Modified time, the heuristic
    985 // expiration value SHOULD be no more than some fraction of the interval since
    986 // that time. A typical setting of this fraction might be 10%:
    987 //
    988 //   freshness_lifetime = (date_value - last_modified_value) * 0.10
    989 //
    990 TimeDelta HttpResponseHeaders::GetFreshnessLifetime(
    991     const Time& response_time) const {
    992   // Check for headers that force a response to never be fresh.  For backwards
    993   // compat, we treat "Pragma: no-cache" as a synonym for "Cache-Control:
    994   // no-cache" even though RFC 2616 does not specify it.
    995   if (HasHeaderValue("cache-control", "no-cache") ||
    996       HasHeaderValue("cache-control", "no-store") ||
    997       HasHeaderValue("pragma", "no-cache") ||
    998       HasHeaderValue("vary", "*"))  // see RFC 2616 section 13.6
    999     return TimeDelta();  // not fresh
   1000 
   1001   // NOTE: "Cache-Control: max-age" overrides Expires, so we only check the
   1002   // Expires header after checking for max-age in GetFreshnessLifetime.  This
   1003   // is important since "Expires: <date in the past>" means not fresh, but
   1004   // it should not trump a max-age value.
   1005 
   1006   TimeDelta max_age_value;
   1007   if (GetMaxAgeValue(&max_age_value))
   1008     return max_age_value;
   1009 
   1010   // If there is no Date header, then assume that the server response was
   1011   // generated at the time when we received the response.
   1012   Time date_value;
   1013   if (!GetDateValue(&date_value))
   1014     date_value = response_time;
   1015 
   1016   Time expires_value;
   1017   if (GetExpiresValue(&expires_value)) {
   1018     // The expires value can be a date in the past!
   1019     if (expires_value > date_value)
   1020       return expires_value - date_value;
   1021 
   1022     return TimeDelta();  // not fresh
   1023   }
   1024 
   1025   // From RFC 2616 section 13.4:
   1026   //
   1027   //   A response received with a status code of 200, 203, 206, 300, 301 or 410
   1028   //   MAY be stored by a cache and used in reply to a subsequent request,
   1029   //   subject to the expiration mechanism, unless a cache-control directive
   1030   //   prohibits caching.
   1031   //   ...
   1032   //   A response received with any other status code (e.g. status codes 302
   1033   //   and 307) MUST NOT be returned in a reply to a subsequent request unless
   1034   //   there are cache-control directives or another header(s) that explicitly
   1035   //   allow it.
   1036   //
   1037   // From RFC 2616 section 14.9.4:
   1038   //
   1039   //   When the must-revalidate directive is present in a response received by
   1040   //   a cache, that cache MUST NOT use the entry after it becomes stale to
   1041   //   respond to a subsequent request without first revalidating it with the
   1042   //   origin server. (I.e., the cache MUST do an end-to-end revalidation every
   1043   //   time, if, based solely on the origin server's Expires or max-age value,
   1044   //   the cached response is stale.)
   1045   //
   1046   // https://datatracker.ietf.org/doc/draft-reschke-http-status-308/ is an
   1047   // experimental RFC that adds 308 permanent redirect as well, for which "any
   1048   // future references ... SHOULD use one of the returned URIs."
   1049   if ((response_code_ == 200 || response_code_ == 203 ||
   1050        response_code_ == 206) &&
   1051       !HasHeaderValue("cache-control", "must-revalidate")) {
   1052     // TODO(darin): Implement a smarter heuristic.
   1053     Time last_modified_value;
   1054     if (GetLastModifiedValue(&last_modified_value)) {
   1055       // The last-modified value can be a date in the past!
   1056       if (last_modified_value <= date_value)
   1057         return (date_value - last_modified_value) / 10;
   1058     }
   1059   }
   1060 
   1061   // These responses are implicitly fresh (unless otherwise overruled):
   1062   if (response_code_ == 300 || response_code_ == 301 || response_code_ == 308 ||
   1063       response_code_ == 410) {
   1064     return TimeDelta::Max();
   1065   }
   1066 
   1067   return TimeDelta();  // not fresh
   1068 }
   1069 
   1070 // From RFC 2616 section 13.2.3:
   1071 //
   1072 // Summary of age calculation algorithm, when a cache receives a response:
   1073 //
   1074 //   /*
   1075 //    * age_value
   1076 //    *      is the value of Age: header received by the cache with
   1077 //    *              this response.
   1078 //    * date_value
   1079 //    *      is the value of the origin server's Date: header
   1080 //    * request_time
   1081 //    *      is the (local) time when the cache made the request
   1082 //    *              that resulted in this cached response
   1083 //    * response_time
   1084 //    *      is the (local) time when the cache received the
   1085 //    *              response
   1086 //    * now
   1087 //    *      is the current (local) time
   1088 //    */
   1089 //   apparent_age = max(0, response_time - date_value);
   1090 //   corrected_received_age = max(apparent_age, age_value);
   1091 //   response_delay = response_time - request_time;
   1092 //   corrected_initial_age = corrected_received_age + response_delay;
   1093 //   resident_time = now - response_time;
   1094 //   current_age   = corrected_initial_age + resident_time;
   1095 //
   1096 TimeDelta HttpResponseHeaders::GetCurrentAge(const Time& request_time,
   1097                                              const Time& response_time,
   1098                                              const Time& current_time) const {
   1099   // If there is no Date header, then assume that the server response was
   1100   // generated at the time when we received the response.
   1101   Time date_value;
   1102   if (!GetDateValue(&date_value))
   1103     date_value = response_time;
   1104 
   1105   // If there is no Age header, then assume age is zero.  GetAgeValue does not
   1106   // modify its out param if the value does not exist.
   1107   TimeDelta age_value;
   1108   GetAgeValue(&age_value);
   1109 
   1110   TimeDelta apparent_age = std::max(TimeDelta(), response_time - date_value);
   1111   TimeDelta corrected_received_age = std::max(apparent_age, age_value);
   1112   TimeDelta response_delay = response_time - request_time;
   1113   TimeDelta corrected_initial_age = corrected_received_age + response_delay;
   1114   TimeDelta resident_time = current_time - response_time;
   1115   TimeDelta current_age = corrected_initial_age + resident_time;
   1116 
   1117   return current_age;
   1118 }
   1119 
   1120 bool HttpResponseHeaders::GetMaxAgeValue(TimeDelta* result) const {
   1121   return GetCacheControlDirective("max-age", result);
   1122 }
   1123 
   1124 bool HttpResponseHeaders::GetAgeValue(TimeDelta* result) const {
   1125   std::string value;
   1126   if (!EnumerateHeader(NULL, "Age", &value))
   1127     return false;
   1128 
   1129   int64 seconds;
   1130   base::StringToInt64(value, &seconds);
   1131   *result = TimeDelta::FromSeconds(seconds);
   1132   return true;
   1133 }
   1134 
   1135 bool HttpResponseHeaders::GetDateValue(Time* result) const {
   1136   return GetTimeValuedHeader("Date", result);
   1137 }
   1138 
   1139 bool HttpResponseHeaders::GetLastModifiedValue(Time* result) const {
   1140   return GetTimeValuedHeader("Last-Modified", result);
   1141 }
   1142 
   1143 bool HttpResponseHeaders::GetExpiresValue(Time* result) const {
   1144   return GetTimeValuedHeader("Expires", result);
   1145 }
   1146 
   1147 bool HttpResponseHeaders::GetStaleWhileRevalidateValue(
   1148     TimeDelta* result) const {
   1149   return GetCacheControlDirective("stale-while-revalidate", result);
   1150 }
   1151 
   1152 bool HttpResponseHeaders::GetTimeValuedHeader(const std::string& name,
   1153                                               Time* result) const {
   1154   std::string value;
   1155   if (!EnumerateHeader(NULL, name, &value))
   1156     return false;
   1157 
   1158   // When parsing HTTP dates it's beneficial to default to GMT because:
   1159   // 1. RFC2616 3.3.1 says times should always be specified in GMT
   1160   // 2. Only counter-example incorrectly appended "UTC" (crbug.com/153759)
   1161   // 3. When adjusting cookie expiration times for clock skew
   1162   //    (crbug.com/135131) this better matches our cookie expiration
   1163   //    time parser which ignores timezone specifiers and assumes GMT.
   1164   // 4. This is exactly what Firefox does.
   1165   // TODO(pauljensen): The ideal solution would be to return false if the
   1166   // timezone could not be understood so as to avoid makeing other calculations
   1167   // based on an incorrect time.  This would require modifying the time
   1168   // library or duplicating the code. (http://crbug.com/158327)
   1169   return Time::FromUTCString(value.c_str(), result);
   1170 }
   1171 
   1172 bool HttpResponseHeaders::IsKeepAlive() const {
   1173   if (http_version_ < HttpVersion(1, 0))
   1174     return false;
   1175 
   1176   // NOTE: It is perhaps risky to assume that a Proxy-Connection header is
   1177   // meaningful when we don't know that this response was from a proxy, but
   1178   // Mozilla also does this, so we'll do the same.
   1179   std::string connection_val;
   1180   if (!EnumerateHeader(NULL, "connection", &connection_val))
   1181     EnumerateHeader(NULL, "proxy-connection", &connection_val);
   1182 
   1183   bool keep_alive;
   1184 
   1185   if (http_version_ == HttpVersion(1, 0)) {
   1186     // HTTP/1.0 responses default to NOT keep-alive
   1187     keep_alive = LowerCaseEqualsASCII(connection_val, "keep-alive");
   1188   } else {
   1189     // HTTP/1.1 responses default to keep-alive
   1190     keep_alive = !LowerCaseEqualsASCII(connection_val, "close");
   1191   }
   1192 
   1193   return keep_alive;
   1194 }
   1195 
   1196 bool HttpResponseHeaders::HasStrongValidators() const {
   1197   std::string etag_header;
   1198   EnumerateHeader(NULL, "etag", &etag_header);
   1199   std::string last_modified_header;
   1200   EnumerateHeader(NULL, "Last-Modified", &last_modified_header);
   1201   std::string date_header;
   1202   EnumerateHeader(NULL, "Date", &date_header);
   1203   return HttpUtil::HasStrongValidators(GetHttpVersion(),
   1204                                        etag_header,
   1205                                        last_modified_header,
   1206                                        date_header);
   1207 }
   1208 
   1209 // From RFC 2616:
   1210 // Content-Length = "Content-Length" ":" 1*DIGIT
   1211 int64 HttpResponseHeaders::GetContentLength() const {
   1212   return GetInt64HeaderValue("content-length");
   1213 }
   1214 
   1215 int64 HttpResponseHeaders::GetInt64HeaderValue(
   1216     const std::string& header) const {
   1217   void* iter = NULL;
   1218   std::string content_length_val;
   1219   if (!EnumerateHeader(&iter, header, &content_length_val))
   1220     return -1;
   1221 
   1222   if (content_length_val.empty())
   1223     return -1;
   1224 
   1225   if (content_length_val[0] == '+')
   1226     return -1;
   1227 
   1228   int64 result;
   1229   bool ok = base::StringToInt64(content_length_val, &result);
   1230   if (!ok || result < 0)
   1231     return -1;
   1232 
   1233   return result;
   1234 }
   1235 
   1236 // From RFC 2616 14.16:
   1237 // content-range-spec =
   1238 //     bytes-unit SP byte-range-resp-spec "/" ( instance-length | "*" )
   1239 // byte-range-resp-spec = (first-byte-pos "-" last-byte-pos) | "*"
   1240 // instance-length = 1*DIGIT
   1241 // bytes-unit = "bytes"
   1242 bool HttpResponseHeaders::GetContentRange(int64* first_byte_position,
   1243                                           int64* last_byte_position,
   1244                                           int64* instance_length) const {
   1245   void* iter = NULL;
   1246   std::string content_range_spec;
   1247   *first_byte_position = *last_byte_position = *instance_length = -1;
   1248   if (!EnumerateHeader(&iter, kContentRange, &content_range_spec))
   1249     return false;
   1250 
   1251   // If the header value is empty, we have an invalid header.
   1252   if (content_range_spec.empty())
   1253     return false;
   1254 
   1255   size_t space_position = content_range_spec.find(' ');
   1256   if (space_position == std::string::npos)
   1257     return false;
   1258 
   1259   // Invalid header if it doesn't contain "bytes-unit".
   1260   std::string::const_iterator content_range_spec_begin =
   1261       content_range_spec.begin();
   1262   std::string::const_iterator content_range_spec_end =
   1263       content_range_spec.begin() + space_position;
   1264   HttpUtil::TrimLWS(&content_range_spec_begin, &content_range_spec_end);
   1265   if (!LowerCaseEqualsASCII(content_range_spec_begin,
   1266                             content_range_spec_end,
   1267                             "bytes")) {
   1268     return false;
   1269   }
   1270 
   1271   size_t slash_position = content_range_spec.find('/', space_position + 1);
   1272   if (slash_position == std::string::npos)
   1273     return false;
   1274 
   1275   // Obtain the part behind the space and before slash.
   1276   std::string::const_iterator byte_range_resp_spec_begin =
   1277       content_range_spec.begin() + space_position + 1;
   1278   std::string::const_iterator byte_range_resp_spec_end =
   1279       content_range_spec.begin() + slash_position;
   1280   HttpUtil::TrimLWS(&byte_range_resp_spec_begin, &byte_range_resp_spec_end);
   1281 
   1282   // Parse the byte-range-resp-spec part.
   1283   std::string byte_range_resp_spec(byte_range_resp_spec_begin,
   1284                                    byte_range_resp_spec_end);
   1285   // If byte-range-resp-spec != "*".
   1286   if (!LowerCaseEqualsASCII(byte_range_resp_spec, "*")) {
   1287     size_t minus_position = byte_range_resp_spec.find('-');
   1288     if (minus_position != std::string::npos) {
   1289       // Obtain first-byte-pos.
   1290       std::string::const_iterator first_byte_pos_begin =
   1291           byte_range_resp_spec.begin();
   1292       std::string::const_iterator first_byte_pos_end =
   1293           byte_range_resp_spec.begin() + minus_position;
   1294       HttpUtil::TrimLWS(&first_byte_pos_begin, &first_byte_pos_end);
   1295 
   1296       bool ok = base::StringToInt64(StringPiece(first_byte_pos_begin,
   1297                                                 first_byte_pos_end),
   1298                                     first_byte_position);
   1299 
   1300       // Obtain last-byte-pos.
   1301       std::string::const_iterator last_byte_pos_begin =
   1302           byte_range_resp_spec.begin() + minus_position + 1;
   1303       std::string::const_iterator last_byte_pos_end =
   1304           byte_range_resp_spec.end();
   1305       HttpUtil::TrimLWS(&last_byte_pos_begin, &last_byte_pos_end);
   1306 
   1307       ok &= base::StringToInt64(StringPiece(last_byte_pos_begin,
   1308                                             last_byte_pos_end),
   1309                                 last_byte_position);
   1310       if (!ok) {
   1311         *first_byte_position = *last_byte_position = -1;
   1312         return false;
   1313       }
   1314       if (*first_byte_position < 0 || *last_byte_position < 0 ||
   1315           *first_byte_position > *last_byte_position)
   1316         return false;
   1317     } else {
   1318       return false;
   1319     }
   1320   }
   1321 
   1322   // Parse the instance-length part.
   1323   // If instance-length == "*".
   1324   std::string::const_iterator instance_length_begin =
   1325       content_range_spec.begin() + slash_position + 1;
   1326   std::string::const_iterator instance_length_end =
   1327       content_range_spec.end();
   1328   HttpUtil::TrimLWS(&instance_length_begin, &instance_length_end);
   1329 
   1330   if (LowerCaseEqualsASCII(instance_length_begin, instance_length_end, "*")) {
   1331     return false;
   1332   } else if (!base::StringToInt64(StringPiece(instance_length_begin,
   1333                                               instance_length_end),
   1334                                   instance_length)) {
   1335     *instance_length = -1;
   1336     return false;
   1337   }
   1338 
   1339   // We have all the values; let's verify that they make sense for a 206
   1340   // response.
   1341   if (*first_byte_position < 0 || *last_byte_position < 0 ||
   1342       *instance_length < 0 || *instance_length - 1 < *last_byte_position)
   1343     return false;
   1344 
   1345   return true;
   1346 }
   1347 
   1348 base::Value* HttpResponseHeaders::NetLogCallback(
   1349     NetLog::LogLevel log_level) const {
   1350   base::DictionaryValue* dict = new base::DictionaryValue();
   1351   base::ListValue* headers = new base::ListValue();
   1352   headers->Append(new base::StringValue(GetStatusLine()));
   1353   void* iterator = NULL;
   1354   std::string name;
   1355   std::string value;
   1356   while (EnumerateHeaderLines(&iterator, &name, &value)) {
   1357     std::string log_value = ElideHeaderValueForNetLog(log_level, name, value);
   1358     std::string escaped_name = EscapeNonASCII(name);
   1359     std::string escaped_value = EscapeNonASCII(log_value);
   1360     headers->Append(
   1361       new base::StringValue(
   1362           base::StringPrintf("%s: %s", escaped_name.c_str(),
   1363                              escaped_value.c_str())));
   1364   }
   1365   dict->Set("headers", headers);
   1366   return dict;
   1367 }
   1368 
   1369 // static
   1370 bool HttpResponseHeaders::FromNetLogParam(
   1371     const base::Value* event_param,
   1372     scoped_refptr<HttpResponseHeaders>* http_response_headers) {
   1373   *http_response_headers = NULL;
   1374 
   1375   const base::DictionaryValue* dict = NULL;
   1376   const base::ListValue* header_list = NULL;
   1377 
   1378   if (!event_param ||
   1379       !event_param->GetAsDictionary(&dict) ||
   1380       !dict->GetList("headers", &header_list)) {
   1381     return false;
   1382   }
   1383 
   1384   std::string raw_headers;
   1385   for (base::ListValue::const_iterator it = header_list->begin();
   1386        it != header_list->end();
   1387        ++it) {
   1388     std::string header_line;
   1389     if (!(*it)->GetAsString(&header_line))
   1390       return false;
   1391 
   1392     raw_headers.append(header_line);
   1393     raw_headers.push_back('\0');
   1394   }
   1395   raw_headers.push_back('\0');
   1396   *http_response_headers = new HttpResponseHeaders(raw_headers);
   1397   return true;
   1398 }
   1399 
   1400 bool HttpResponseHeaders::IsChunkEncoded() const {
   1401   // Ignore spurious chunked responses from HTTP/1.0 servers and proxies.
   1402   return GetHttpVersion() >= HttpVersion(1, 1) &&
   1403       HasHeaderValue("Transfer-Encoding", "chunked");
   1404 }
   1405 
   1406 }  // namespace net
   1407