1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// The rules for header parsing were borrowed from Firefox:
6// http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpResponseHead.cpp
7// The rules for parsing content-types were also borrowed from Firefox:
8// http://lxr.mozilla.org/mozilla/source/netwerk/base/src/nsURLHelper.cpp#834
9
10#include "net/http/http_response_headers.h"
11
12#include <algorithm>
13
14#include "base/format_macros.h"
15#include "base/logging.h"
16#include "base/metrics/histogram.h"
17#include "base/pickle.h"
18#include "base/strings/string_number_conversions.h"
19#include "base/strings/string_piece.h"
20#include "base/strings/string_util.h"
21#include "base/strings/stringprintf.h"
22#include "base/time/time.h"
23#include "base/values.h"
24#include "net/base/escape.h"
25#include "net/http/http_byte_range.h"
26#include "net/http/http_log_util.h"
27#include "net/http/http_util.h"
28
29using base::StringPiece;
30using base::Time;
31using base::TimeDelta;
32
33namespace net {
34
35//-----------------------------------------------------------------------------
36
37namespace {
38
39// These headers are RFC 2616 hop-by-hop headers;
40// not to be stored by caches.
41const char* const kHopByHopResponseHeaders[] = {
42  "connection",
43  "proxy-connection",
44  "keep-alive",
45  "trailer",
46  "transfer-encoding",
47  "upgrade"
48};
49
50// These headers are challenge response headers;
51// not to be stored by caches.
52const char* const kChallengeResponseHeaders[] = {
53  "www-authenticate",
54  "proxy-authenticate"
55};
56
57// These headers are cookie setting headers;
58// not to be stored by caches or disclosed otherwise.
59const char* const kCookieResponseHeaders[] = {
60  "set-cookie",
61  "set-cookie2"
62};
63
64// By default, do not cache Strict-Transport-Security or Public-Key-Pins.
65// This avoids erroneously re-processing them on page loads from cache ---
66// they are defined to be valid only on live and error-free HTTPS
67// connections.
68const char* const kSecurityStateHeaders[] = {
69  "strict-transport-security",
70  "public-key-pins"
71};
72
73// These response headers are not copied from a 304/206 response to the cached
74// response headers.  This list is based on Mozilla's nsHttpResponseHead.cpp.
75const char* const kNonUpdatedHeaders[] = {
76  "connection",
77  "proxy-connection",
78  "keep-alive",
79  "www-authenticate",
80  "proxy-authenticate",
81  "trailer",
82  "transfer-encoding",
83  "upgrade",
84  "etag",
85  "x-frame-options",
86  "x-xss-protection",
87};
88
89// Some header prefixes mean "Don't copy this header from a 304 response.".
90// Rather than listing all the relevant headers, we can consolidate them into
91// this list:
92const char* const kNonUpdatedHeaderPrefixes[] = {
93  "content-",
94  "x-content-",
95  "x-webkit-"
96};
97
98bool ShouldUpdateHeader(const std::string::const_iterator& name_begin,
99                        const std::string::const_iterator& name_end) {
100  for (size_t i = 0; i < arraysize(kNonUpdatedHeaders); ++i) {
101    if (LowerCaseEqualsASCII(name_begin, name_end, kNonUpdatedHeaders[i]))
102      return false;
103  }
104  for (size_t i = 0; i < arraysize(kNonUpdatedHeaderPrefixes); ++i) {
105    if (StartsWithASCII(std::string(name_begin, name_end),
106                        kNonUpdatedHeaderPrefixes[i], false))
107      return false;
108  }
109  return true;
110}
111
112void CheckDoesNotHaveEmbededNulls(const std::string& str) {
113  // Care needs to be taken when adding values to the raw headers string to
114  // make sure it does not contain embeded NULLs. Any embeded '\0' may be
115  // understood as line terminators and change how header lines get tokenized.
116  CHECK(str.find('\0') == std::string::npos);
117}
118
119}  // namespace
120
121const char HttpResponseHeaders::kContentRange[] = "Content-Range";
122
123struct HttpResponseHeaders::ParsedHeader {
124  // A header "continuation" contains only a subsequent value for the
125  // preceding header.  (Header values are comma separated.)
126  bool is_continuation() const { return name_begin == name_end; }
127
128  std::string::const_iterator name_begin;
129  std::string::const_iterator name_end;
130  std::string::const_iterator value_begin;
131  std::string::const_iterator value_end;
132};
133
134//-----------------------------------------------------------------------------
135
136HttpResponseHeaders::HttpResponseHeaders(const std::string& raw_input)
137    : response_code_(-1) {
138  Parse(raw_input);
139
140  // The most important thing to do with this histogram is find out
141  // the existence of unusual HTTP status codes.  As it happens
142  // right now, there aren't double-constructions of response headers
143  // using this constructor, so our counts should also be accurate,
144  // without instantiating the histogram in two places.  It is also
145  // important that this histogram not collect data in the other
146  // constructor, which rebuilds an histogram from a pickle, since
147  // that would actually create a double call between the original
148  // HttpResponseHeader that was serialized, and initialization of the
149  // new object from that pickle.
150  UMA_HISTOGRAM_CUSTOM_ENUMERATION("Net.HttpResponseCode",
151                                   HttpUtil::MapStatusCodeForHistogram(
152                                       response_code_),
153                                   // Note the third argument is only
154                                   // evaluated once, see macro
155                                   // definition for details.
156                                   HttpUtil::GetStatusCodesForHistogram());
157}
158
159HttpResponseHeaders::HttpResponseHeaders(const Pickle& pickle,
160                                         PickleIterator* iter)
161    : response_code_(-1) {
162  std::string raw_input;
163  if (pickle.ReadString(iter, &raw_input))
164    Parse(raw_input);
165}
166
167void HttpResponseHeaders::Persist(Pickle* pickle, PersistOptions options) {
168  if (options == PERSIST_RAW) {
169    pickle->WriteString(raw_headers_);
170    return;  // Done.
171  }
172
173  HeaderSet filter_headers;
174
175  // Construct set of headers to filter out based on options.
176  if ((options & PERSIST_SANS_NON_CACHEABLE) == PERSIST_SANS_NON_CACHEABLE)
177    AddNonCacheableHeaders(&filter_headers);
178
179  if ((options & PERSIST_SANS_COOKIES) == PERSIST_SANS_COOKIES)
180    AddCookieHeaders(&filter_headers);
181
182  if ((options & PERSIST_SANS_CHALLENGES) == PERSIST_SANS_CHALLENGES)
183    AddChallengeHeaders(&filter_headers);
184
185  if ((options & PERSIST_SANS_HOP_BY_HOP) == PERSIST_SANS_HOP_BY_HOP)
186    AddHopByHopHeaders(&filter_headers);
187
188  if ((options & PERSIST_SANS_RANGES) == PERSIST_SANS_RANGES)
189    AddHopContentRangeHeaders(&filter_headers);
190
191  if ((options & PERSIST_SANS_SECURITY_STATE) == PERSIST_SANS_SECURITY_STATE)
192    AddSecurityStateHeaders(&filter_headers);
193
194  std::string blob;
195  blob.reserve(raw_headers_.size());
196
197  // This copies the status line w/ terminator null.
198  // Note raw_headers_ has embedded nulls instead of \n,
199  // so this just copies the first header line.
200  blob.assign(raw_headers_.c_str(), strlen(raw_headers_.c_str()) + 1);
201
202  for (size_t i = 0; i < parsed_.size(); ++i) {
203    DCHECK(!parsed_[i].is_continuation());
204
205    // Locate the start of the next header.
206    size_t k = i;
207    while (++k < parsed_.size() && parsed_[k].is_continuation()) {}
208    --k;
209
210    std::string header_name(parsed_[i].name_begin, parsed_[i].name_end);
211    base::StringToLowerASCII(&header_name);
212
213    if (filter_headers.find(header_name) == filter_headers.end()) {
214      // Make sure there is a null after the value.
215      blob.append(parsed_[i].name_begin, parsed_[k].value_end);
216      blob.push_back('\0');
217    }
218
219    i = k;
220  }
221  blob.push_back('\0');
222
223  pickle->WriteString(blob);
224}
225
226void HttpResponseHeaders::Update(const HttpResponseHeaders& new_headers) {
227  DCHECK(new_headers.response_code() == 304 ||
228         new_headers.response_code() == 206);
229
230  // Copy up to the null byte.  This just copies the status line.
231  std::string new_raw_headers(raw_headers_.c_str());
232  new_raw_headers.push_back('\0');
233
234  HeaderSet updated_headers;
235
236  // NOTE: we write the new headers then the old headers for convenience.  The
237  // order should not matter.
238
239  // Figure out which headers we want to take from new_headers:
240  for (size_t i = 0; i < new_headers.parsed_.size(); ++i) {
241    const HeaderList& new_parsed = new_headers.parsed_;
242
243    DCHECK(!new_parsed[i].is_continuation());
244
245    // Locate the start of the next header.
246    size_t k = i;
247    while (++k < new_parsed.size() && new_parsed[k].is_continuation()) {}
248    --k;
249
250    const std::string::const_iterator& name_begin = new_parsed[i].name_begin;
251    const std::string::const_iterator& name_end = new_parsed[i].name_end;
252    if (ShouldUpdateHeader(name_begin, name_end)) {
253      std::string name(name_begin, name_end);
254      base::StringToLowerASCII(&name);
255      updated_headers.insert(name);
256
257      // Preserve this header line in the merged result, making sure there is
258      // a null after the value.
259      new_raw_headers.append(name_begin, new_parsed[k].value_end);
260      new_raw_headers.push_back('\0');
261    }
262
263    i = k;
264  }
265
266  // Now, build the new raw headers.
267  MergeWithHeaders(new_raw_headers, updated_headers);
268}
269
270void HttpResponseHeaders::MergeWithHeaders(const std::string& raw_headers,
271                                           const HeaderSet& headers_to_remove) {
272  std::string new_raw_headers(raw_headers);
273  for (size_t i = 0; i < parsed_.size(); ++i) {
274    DCHECK(!parsed_[i].is_continuation());
275
276    // Locate the start of the next header.
277    size_t k = i;
278    while (++k < parsed_.size() && parsed_[k].is_continuation()) {}
279    --k;
280
281    std::string name(parsed_[i].name_begin, parsed_[i].name_end);
282    base::StringToLowerASCII(&name);
283    if (headers_to_remove.find(name) == headers_to_remove.end()) {
284      // It's ok to preserve this header in the final result.
285      new_raw_headers.append(parsed_[i].name_begin, parsed_[k].value_end);
286      new_raw_headers.push_back('\0');
287    }
288
289    i = k;
290  }
291  new_raw_headers.push_back('\0');
292
293  // Make this object hold the new data.
294  raw_headers_.clear();
295  parsed_.clear();
296  Parse(new_raw_headers);
297}
298
299void HttpResponseHeaders::RemoveHeader(const std::string& name) {
300  // Copy up to the null byte.  This just copies the status line.
301  std::string new_raw_headers(raw_headers_.c_str());
302  new_raw_headers.push_back('\0');
303
304  std::string lowercase_name(name);
305  base::StringToLowerASCII(&lowercase_name);
306  HeaderSet to_remove;
307  to_remove.insert(lowercase_name);
308  MergeWithHeaders(new_raw_headers, to_remove);
309}
310
311void HttpResponseHeaders::RemoveHeaderLine(const std::string& name,
312                                           const std::string& value) {
313  std::string name_lowercase(name);
314  base::StringToLowerASCII(&name_lowercase);
315
316  std::string new_raw_headers(GetStatusLine());
317  new_raw_headers.push_back('\0');
318
319  new_raw_headers.reserve(raw_headers_.size());
320
321  void* iter = NULL;
322  std::string old_header_name;
323  std::string old_header_value;
324  while (EnumerateHeaderLines(&iter, &old_header_name, &old_header_value)) {
325    std::string old_header_name_lowercase(name);
326    base::StringToLowerASCII(&old_header_name_lowercase);
327
328    if (name_lowercase == old_header_name_lowercase &&
329        value == old_header_value)
330      continue;
331
332    new_raw_headers.append(old_header_name);
333    new_raw_headers.push_back(':');
334    new_raw_headers.push_back(' ');
335    new_raw_headers.append(old_header_value);
336    new_raw_headers.push_back('\0');
337  }
338  new_raw_headers.push_back('\0');
339
340  // Make this object hold the new data.
341  raw_headers_.clear();
342  parsed_.clear();
343  Parse(new_raw_headers);
344}
345
346void HttpResponseHeaders::AddHeader(const std::string& header) {
347  CheckDoesNotHaveEmbededNulls(header);
348  DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 2]);
349  DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 1]);
350  // Don't copy the last null.
351  std::string new_raw_headers(raw_headers_, 0, raw_headers_.size() - 1);
352  new_raw_headers.append(header);
353  new_raw_headers.push_back('\0');
354  new_raw_headers.push_back('\0');
355
356  // Make this object hold the new data.
357  raw_headers_.clear();
358  parsed_.clear();
359  Parse(new_raw_headers);
360}
361
362void HttpResponseHeaders::ReplaceStatusLine(const std::string& new_status) {
363  CheckDoesNotHaveEmbededNulls(new_status);
364  // Copy up to the null byte.  This just copies the status line.
365  std::string new_raw_headers(new_status);
366  new_raw_headers.push_back('\0');
367
368  HeaderSet empty_to_remove;
369  MergeWithHeaders(new_raw_headers, empty_to_remove);
370}
371
372void HttpResponseHeaders::UpdateWithNewRange(
373    const HttpByteRange& byte_range,
374    int64 resource_size,
375    bool replace_status_line) {
376  DCHECK(byte_range.IsValid());
377  DCHECK(byte_range.HasFirstBytePosition());
378  DCHECK(byte_range.HasLastBytePosition());
379
380  const char kLengthHeader[] = "Content-Length";
381  const char kRangeHeader[] = "Content-Range";
382
383  RemoveHeader(kLengthHeader);
384  RemoveHeader(kRangeHeader);
385
386  int64 start = byte_range.first_byte_position();
387  int64 end = byte_range.last_byte_position();
388  int64 range_len = end - start + 1;
389
390  if (replace_status_line)
391    ReplaceStatusLine("HTTP/1.1 206 Partial Content");
392
393  AddHeader(base::StringPrintf("%s: bytes %" PRId64 "-%" PRId64 "/%" PRId64,
394                               kRangeHeader, start, end, resource_size));
395  AddHeader(base::StringPrintf("%s: %" PRId64, kLengthHeader, range_len));
396}
397
398void HttpResponseHeaders::Parse(const std::string& raw_input) {
399  raw_headers_.reserve(raw_input.size());
400
401  // ParseStatusLine adds a normalized status line to raw_headers_
402  std::string::const_iterator line_begin = raw_input.begin();
403  std::string::const_iterator line_end =
404      std::find(line_begin, raw_input.end(), '\0');
405  // has_headers = true, if there is any data following the status line.
406  // Used by ParseStatusLine() to decide if a HTTP/0.9 is really a HTTP/1.0.
407  bool has_headers = (line_end != raw_input.end() &&
408                      (line_end + 1) != raw_input.end() &&
409                      *(line_end + 1) != '\0');
410  ParseStatusLine(line_begin, line_end, has_headers);
411  raw_headers_.push_back('\0');  // Terminate status line with a null.
412
413  if (line_end == raw_input.end()) {
414    raw_headers_.push_back('\0');  // Ensure the headers end with a double null.
415
416    DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 2]);
417    DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 1]);
418    return;
419  }
420
421  // Including a terminating null byte.
422  size_t status_line_len = raw_headers_.size();
423
424  // Now, we add the rest of the raw headers to raw_headers_, and begin parsing
425  // it (to populate our parsed_ vector).
426  raw_headers_.append(line_end + 1, raw_input.end());
427
428  // Ensure the headers end with a double null.
429  while (raw_headers_.size() < 2 ||
430         raw_headers_[raw_headers_.size() - 2] != '\0' ||
431         raw_headers_[raw_headers_.size() - 1] != '\0') {
432    raw_headers_.push_back('\0');
433  }
434
435  // Adjust to point at the null byte following the status line
436  line_end = raw_headers_.begin() + status_line_len - 1;
437
438  HttpUtil::HeadersIterator headers(line_end + 1, raw_headers_.end(),
439                                    std::string(1, '\0'));
440  while (headers.GetNext()) {
441    AddHeader(headers.name_begin(),
442              headers.name_end(),
443              headers.values_begin(),
444              headers.values_end());
445  }
446
447  DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 2]);
448  DCHECK_EQ('\0', raw_headers_[raw_headers_.size() - 1]);
449}
450
451// Append all of our headers to the final output string.
452void HttpResponseHeaders::GetNormalizedHeaders(std::string* output) const {
453  // copy up to the null byte.  this just copies the status line.
454  output->assign(raw_headers_.c_str());
455
456  // headers may appear multiple times (not necessarily in succession) in the
457  // header data, so we build a map from header name to generated header lines.
458  // to preserve the order of the original headers, the actual values are kept
459  // in a separate list.  finally, the list of headers is flattened to form
460  // the normalized block of headers.
461  //
462  // NOTE: We take special care to preserve the whitespace around any commas
463  // that may occur in the original response headers.  Because our consumer may
464  // be a web app, we cannot be certain of the semantics of commas despite the
465  // fact that RFC 2616 says that they should be regarded as value separators.
466  //
467  typedef base::hash_map<std::string, size_t> HeadersMap;
468  HeadersMap headers_map;
469  HeadersMap::iterator iter = headers_map.end();
470
471  std::vector<std::string> headers;
472
473  for (size_t i = 0; i < parsed_.size(); ++i) {
474    DCHECK(!parsed_[i].is_continuation());
475
476    std::string name(parsed_[i].name_begin, parsed_[i].name_end);
477    std::string lower_name = base::StringToLowerASCII(name);
478
479    iter = headers_map.find(lower_name);
480    if (iter == headers_map.end()) {
481      iter = headers_map.insert(
482          HeadersMap::value_type(lower_name, headers.size())).first;
483      headers.push_back(name + ": ");
484    } else {
485      headers[iter->second].append(", ");
486    }
487
488    std::string::const_iterator value_begin = parsed_[i].value_begin;
489    std::string::const_iterator value_end = parsed_[i].value_end;
490    while (++i < parsed_.size() && parsed_[i].is_continuation())
491      value_end = parsed_[i].value_end;
492    --i;
493
494    headers[iter->second].append(value_begin, value_end);
495  }
496
497  for (size_t i = 0; i < headers.size(); ++i) {
498    output->push_back('\n');
499    output->append(headers[i]);
500  }
501
502  output->push_back('\n');
503}
504
505bool HttpResponseHeaders::GetNormalizedHeader(const std::string& name,
506                                              std::string* value) const {
507  // If you hit this assertion, please use EnumerateHeader instead!
508  DCHECK(!HttpUtil::IsNonCoalescingHeader(name));
509
510  value->clear();
511
512  bool found = false;
513  size_t i = 0;
514  while (i < parsed_.size()) {
515    i = FindHeader(i, name);
516    if (i == std::string::npos)
517      break;
518
519    found = true;
520
521    if (!value->empty())
522      value->append(", ");
523
524    std::string::const_iterator value_begin = parsed_[i].value_begin;
525    std::string::const_iterator value_end = parsed_[i].value_end;
526    while (++i < parsed_.size() && parsed_[i].is_continuation())
527      value_end = parsed_[i].value_end;
528    value->append(value_begin, value_end);
529  }
530
531  return found;
532}
533
534std::string HttpResponseHeaders::GetStatusLine() const {
535  // copy up to the null byte.
536  return std::string(raw_headers_.c_str());
537}
538
539std::string HttpResponseHeaders::GetStatusText() const {
540  // GetStatusLine() is already normalized, so it has the format:
541  // <http_version> SP <response_code> SP <status_text>
542  std::string status_text = GetStatusLine();
543  std::string::const_iterator begin = status_text.begin();
544  std::string::const_iterator end = status_text.end();
545  for (int i = 0; i < 2; ++i)
546    begin = std::find(begin, end, ' ') + 1;
547  return std::string(begin, end);
548}
549
550bool HttpResponseHeaders::EnumerateHeaderLines(void** iter,
551                                               std::string* name,
552                                               std::string* value) const {
553  size_t i = reinterpret_cast<size_t>(*iter);
554  if (i == parsed_.size())
555    return false;
556
557  DCHECK(!parsed_[i].is_continuation());
558
559  name->assign(parsed_[i].name_begin, parsed_[i].name_end);
560
561  std::string::const_iterator value_begin = parsed_[i].value_begin;
562  std::string::const_iterator value_end = parsed_[i].value_end;
563  while (++i < parsed_.size() && parsed_[i].is_continuation())
564    value_end = parsed_[i].value_end;
565
566  value->assign(value_begin, value_end);
567
568  *iter = reinterpret_cast<void*>(i);
569  return true;
570}
571
572bool HttpResponseHeaders::EnumerateHeader(void** iter,
573                                          const base::StringPiece& name,
574                                          std::string* value) const {
575  size_t i;
576  if (!iter || !*iter) {
577    i = FindHeader(0, name);
578  } else {
579    i = reinterpret_cast<size_t>(*iter);
580    if (i >= parsed_.size()) {
581      i = std::string::npos;
582    } else if (!parsed_[i].is_continuation()) {
583      i = FindHeader(i, name);
584    }
585  }
586
587  if (i == std::string::npos) {
588    value->clear();
589    return false;
590  }
591
592  if (iter)
593    *iter = reinterpret_cast<void*>(i + 1);
594  value->assign(parsed_[i].value_begin, parsed_[i].value_end);
595  return true;
596}
597
598bool HttpResponseHeaders::HasHeaderValue(const base::StringPiece& name,
599                                         const base::StringPiece& value) const {
600  // The value has to be an exact match.  This is important since
601  // 'cache-control: no-cache' != 'cache-control: no-cache="foo"'
602  void* iter = NULL;
603  std::string temp;
604  while (EnumerateHeader(&iter, name, &temp)) {
605    if (value.size() == temp.size() &&
606        std::equal(temp.begin(), temp.end(), value.begin(),
607                   base::CaseInsensitiveCompare<char>()))
608      return true;
609  }
610  return false;
611}
612
613bool HttpResponseHeaders::HasHeader(const base::StringPiece& name) const {
614  return FindHeader(0, name) != std::string::npos;
615}
616
617HttpResponseHeaders::HttpResponseHeaders() : response_code_(-1) {
618}
619
620HttpResponseHeaders::~HttpResponseHeaders() {
621}
622
623// Note: this implementation implicitly assumes that line_end points at a valid
624// sentinel character (such as '\0').
625// static
626HttpVersion HttpResponseHeaders::ParseVersion(
627    std::string::const_iterator line_begin,
628    std::string::const_iterator line_end) {
629  std::string::const_iterator p = line_begin;
630
631  // RFC2616 sec 3.1: HTTP-Version   = "HTTP" "/" 1*DIGIT "." 1*DIGIT
632  // TODO: (1*DIGIT apparently means one or more digits, but we only handle 1).
633  // TODO: handle leading zeros, which is allowed by the rfc1616 sec 3.1.
634
635  if ((line_end - p < 4) || !LowerCaseEqualsASCII(p, p + 4, "http")) {
636    DVLOG(1) << "missing status line";
637    return HttpVersion();
638  }
639
640  p += 4;
641
642  if (p >= line_end || *p != '/') {
643    DVLOG(1) << "missing version";
644    return HttpVersion();
645  }
646
647  std::string::const_iterator dot = std::find(p, line_end, '.');
648  if (dot == line_end) {
649    DVLOG(1) << "malformed version";
650    return HttpVersion();
651  }
652
653  ++p;  // from / to first digit.
654  ++dot;  // from . to second digit.
655
656  if (!(*p >= '0' && *p <= '9' && *dot >= '0' && *dot <= '9')) {
657    DVLOG(1) << "malformed version number";
658    return HttpVersion();
659  }
660
661  uint16 major = *p - '0';
662  uint16 minor = *dot - '0';
663
664  return HttpVersion(major, minor);
665}
666
667// Note: this implementation implicitly assumes that line_end points at a valid
668// sentinel character (such as '\0').
669void HttpResponseHeaders::ParseStatusLine(
670    std::string::const_iterator line_begin,
671    std::string::const_iterator line_end,
672    bool has_headers) {
673  // Extract the version number
674  parsed_http_version_ = ParseVersion(line_begin, line_end);
675
676  // Clamp the version number to one of: {0.9, 1.0, 1.1}
677  if (parsed_http_version_ == HttpVersion(0, 9) && !has_headers) {
678    http_version_ = HttpVersion(0, 9);
679    raw_headers_ = "HTTP/0.9";
680  } else if (parsed_http_version_ >= HttpVersion(1, 1)) {
681    http_version_ = HttpVersion(1, 1);
682    raw_headers_ = "HTTP/1.1";
683  } else {
684    // Treat everything else like HTTP 1.0
685    http_version_ = HttpVersion(1, 0);
686    raw_headers_ = "HTTP/1.0";
687  }
688  if (parsed_http_version_ != http_version_) {
689    DVLOG(1) << "assuming HTTP/" << http_version_.major_value() << "."
690             << http_version_.minor_value();
691  }
692
693  // TODO(eroman): this doesn't make sense if ParseVersion failed.
694  std::string::const_iterator p = std::find(line_begin, line_end, ' ');
695
696  if (p == line_end) {
697    DVLOG(1) << "missing response status; assuming 200 OK";
698    raw_headers_.append(" 200 OK");
699    response_code_ = 200;
700    return;
701  }
702
703  // Skip whitespace.
704  while (*p == ' ')
705    ++p;
706
707  std::string::const_iterator code = p;
708  while (*p >= '0' && *p <= '9')
709    ++p;
710
711  if (p == code) {
712    DVLOG(1) << "missing response status number; assuming 200";
713    raw_headers_.append(" 200 OK");
714    response_code_ = 200;
715    return;
716  }
717  raw_headers_.push_back(' ');
718  raw_headers_.append(code, p);
719  raw_headers_.push_back(' ');
720  base::StringToInt(StringPiece(code, p), &response_code_);
721
722  // Skip whitespace.
723  while (*p == ' ')
724    ++p;
725
726  // Trim trailing whitespace.
727  while (line_end > p && line_end[-1] == ' ')
728    --line_end;
729
730  if (p == line_end) {
731    DVLOG(1) << "missing response status text; assuming OK";
732    // Not super critical what we put here. Just use "OK"
733    // even if it isn't descriptive of response_code_.
734    raw_headers_.append("OK");
735  } else {
736    raw_headers_.append(p, line_end);
737  }
738}
739
740size_t HttpResponseHeaders::FindHeader(size_t from,
741                                       const base::StringPiece& search) const {
742  for (size_t i = from; i < parsed_.size(); ++i) {
743    if (parsed_[i].is_continuation())
744      continue;
745    const std::string::const_iterator& name_begin = parsed_[i].name_begin;
746    const std::string::const_iterator& name_end = parsed_[i].name_end;
747    if (static_cast<size_t>(name_end - name_begin) == search.size() &&
748        std::equal(name_begin, name_end, search.begin(),
749                   base::CaseInsensitiveCompare<char>()))
750      return i;
751  }
752
753  return std::string::npos;
754}
755
756bool HttpResponseHeaders::GetCacheControlDirective(const StringPiece& directive,
757                                                   TimeDelta* result) const {
758  StringPiece name("cache-control");
759  std::string value;
760
761  size_t directive_size = directive.size();
762
763  void* iter = NULL;
764  while (EnumerateHeader(&iter, name, &value)) {
765    if (value.size() > directive_size + 1 &&
766        LowerCaseEqualsASCII(value.begin(),
767                             value.begin() + directive_size,
768                             directive.begin()) &&
769        value[directive_size] == '=') {
770      int64 seconds;
771      base::StringToInt64(
772          StringPiece(value.begin() + directive_size + 1, value.end()),
773          &seconds);
774      *result = TimeDelta::FromSeconds(seconds);
775      return true;
776    }
777  }
778
779  return false;
780}
781
782void HttpResponseHeaders::AddHeader(std::string::const_iterator name_begin,
783                                    std::string::const_iterator name_end,
784                                    std::string::const_iterator values_begin,
785                                    std::string::const_iterator values_end) {
786  // If the header can be coalesced, then we should split it up.
787  if (values_begin == values_end ||
788      HttpUtil::IsNonCoalescingHeader(name_begin, name_end)) {
789    AddToParsed(name_begin, name_end, values_begin, values_end);
790  } else {
791    HttpUtil::ValuesIterator it(values_begin, values_end, ',');
792    while (it.GetNext()) {
793      AddToParsed(name_begin, name_end, it.value_begin(), it.value_end());
794      // clobber these so that subsequent values are treated as continuations
795      name_begin = name_end = raw_headers_.end();
796    }
797  }
798}
799
800void HttpResponseHeaders::AddToParsed(std::string::const_iterator name_begin,
801                                      std::string::const_iterator name_end,
802                                      std::string::const_iterator value_begin,
803                                      std::string::const_iterator value_end) {
804  ParsedHeader header;
805  header.name_begin = name_begin;
806  header.name_end = name_end;
807  header.value_begin = value_begin;
808  header.value_end = value_end;
809  parsed_.push_back(header);
810}
811
812void HttpResponseHeaders::AddNonCacheableHeaders(HeaderSet* result) const {
813  // Add server specified transients.  Any 'cache-control: no-cache="foo,bar"'
814  // headers present in the response specify additional headers that we should
815  // not store in the cache.
816  const char kCacheControl[] = "cache-control";
817  const char kPrefix[] = "no-cache=\"";
818  const size_t kPrefixLen = sizeof(kPrefix) - 1;
819
820  std::string value;
821  void* iter = NULL;
822  while (EnumerateHeader(&iter, kCacheControl, &value)) {
823    // If the value is smaller than the prefix and a terminal quote, skip
824    // it.
825    if (value.size() <= kPrefixLen ||
826        value.compare(0, kPrefixLen, kPrefix) != 0) {
827      continue;
828    }
829    // if it doesn't end with a quote, then treat as malformed
830    if (value[value.size()-1] != '\"')
831      continue;
832
833    // process the value as a comma-separated list of items. Each
834    // item can be wrapped by linear white space.
835    std::string::const_iterator item = value.begin() + kPrefixLen;
836    std::string::const_iterator end = value.end() - 1;
837    while (item != end) {
838      // Find the comma to compute the length of the current item,
839      // and the position of the next one.
840      std::string::const_iterator item_next = std::find(item, end, ',');
841      std::string::const_iterator item_end = end;
842      if (item_next != end) {
843        // Skip over comma for next position.
844        item_end = item_next;
845        item_next++;
846      }
847      // trim off leading and trailing whitespace in this item.
848      HttpUtil::TrimLWS(&item, &item_end);
849
850      // assuming the header is not empty, lowercase and insert into set
851      if (item_end > item) {
852        std::string name(&*item, item_end - item);
853        base::StringToLowerASCII(&name);
854        result->insert(name);
855      }
856
857      // Continue to next item.
858      item = item_next;
859    }
860  }
861}
862
863void HttpResponseHeaders::AddHopByHopHeaders(HeaderSet* result) {
864  for (size_t i = 0; i < arraysize(kHopByHopResponseHeaders); ++i)
865    result->insert(std::string(kHopByHopResponseHeaders[i]));
866}
867
868void HttpResponseHeaders::AddCookieHeaders(HeaderSet* result) {
869  for (size_t i = 0; i < arraysize(kCookieResponseHeaders); ++i)
870    result->insert(std::string(kCookieResponseHeaders[i]));
871}
872
873void HttpResponseHeaders::AddChallengeHeaders(HeaderSet* result) {
874  for (size_t i = 0; i < arraysize(kChallengeResponseHeaders); ++i)
875    result->insert(std::string(kChallengeResponseHeaders[i]));
876}
877
878void HttpResponseHeaders::AddHopContentRangeHeaders(HeaderSet* result) {
879  result->insert(kContentRange);
880}
881
882void HttpResponseHeaders::AddSecurityStateHeaders(HeaderSet* result) {
883  for (size_t i = 0; i < arraysize(kSecurityStateHeaders); ++i)
884    result->insert(std::string(kSecurityStateHeaders[i]));
885}
886
887void HttpResponseHeaders::GetMimeTypeAndCharset(std::string* mime_type,
888                                                std::string* charset) const {
889  mime_type->clear();
890  charset->clear();
891
892  std::string name = "content-type";
893  std::string value;
894
895  bool had_charset = false;
896
897  void* iter = NULL;
898  while (EnumerateHeader(&iter, name, &value))
899    HttpUtil::ParseContentType(value, mime_type, charset, &had_charset, NULL);
900}
901
902bool HttpResponseHeaders::GetMimeType(std::string* mime_type) const {
903  std::string unused;
904  GetMimeTypeAndCharset(mime_type, &unused);
905  return !mime_type->empty();
906}
907
908bool HttpResponseHeaders::GetCharset(std::string* charset) const {
909  std::string unused;
910  GetMimeTypeAndCharset(&unused, charset);
911  return !charset->empty();
912}
913
914bool HttpResponseHeaders::IsRedirect(std::string* location) const {
915  if (!IsRedirectResponseCode(response_code_))
916    return false;
917
918  // If we lack a Location header, then we can't treat this as a redirect.
919  // We assume that the first non-empty location value is the target URL that
920  // we want to follow.  TODO(darin): Is this consistent with other browsers?
921  size_t i = std::string::npos;
922  do {
923    i = FindHeader(++i, "location");
924    if (i == std::string::npos)
925      return false;
926    // If the location value is empty, then it doesn't count.
927  } while (parsed_[i].value_begin == parsed_[i].value_end);
928
929  if (location) {
930    // Escape any non-ASCII characters to preserve them.  The server should
931    // only be returning ASCII here, but for compat we need to do this.
932    *location = EscapeNonASCII(
933        std::string(parsed_[i].value_begin, parsed_[i].value_end));
934  }
935
936  return true;
937}
938
939// static
940bool HttpResponseHeaders::IsRedirectResponseCode(int response_code) {
941  // Users probably want to see 300 (multiple choice) pages, so we don't count
942  // them as redirects that need to be followed.
943  return (response_code == 301 ||
944          response_code == 302 ||
945          response_code == 303 ||
946          response_code == 307 ||
947          response_code == 308);
948}
949
950// From RFC 2616 section 13.2.4:
951//
952// The calculation to determine if a response has expired is quite simple:
953//
954//   response_is_fresh = (freshness_lifetime > current_age)
955//
956// Of course, there are other factors that can force a response to always be
957// validated or re-fetched.
958//
959bool HttpResponseHeaders::RequiresValidation(const Time& request_time,
960                                             const Time& response_time,
961                                             const Time& current_time) const {
962  TimeDelta lifetime =
963      GetFreshnessLifetime(response_time);
964  if (lifetime == TimeDelta())
965    return true;
966
967  return lifetime <= GetCurrentAge(request_time, response_time, current_time);
968}
969
970// From RFC 2616 section 13.2.4:
971//
972// The max-age directive takes priority over Expires, so if max-age is present
973// in a response, the calculation is simply:
974//
975//   freshness_lifetime = max_age_value
976//
977// Otherwise, if Expires is present in the response, the calculation is:
978//
979//   freshness_lifetime = expires_value - date_value
980//
981// Note that neither of these calculations is vulnerable to clock skew, since
982// all of the information comes from the origin server.
983//
984// Also, if the response does have a Last-Modified time, the heuristic
985// expiration value SHOULD be no more than some fraction of the interval since
986// that time. A typical setting of this fraction might be 10%:
987//
988//   freshness_lifetime = (date_value - last_modified_value) * 0.10
989//
990TimeDelta HttpResponseHeaders::GetFreshnessLifetime(
991    const Time& response_time) const {
992  // Check for headers that force a response to never be fresh.  For backwards
993  // compat, we treat "Pragma: no-cache" as a synonym for "Cache-Control:
994  // no-cache" even though RFC 2616 does not specify it.
995  if (HasHeaderValue("cache-control", "no-cache") ||
996      HasHeaderValue("cache-control", "no-store") ||
997      HasHeaderValue("pragma", "no-cache") ||
998      HasHeaderValue("vary", "*"))  // see RFC 2616 section 13.6
999    return TimeDelta();  // not fresh
1000
1001  // NOTE: "Cache-Control: max-age" overrides Expires, so we only check the
1002  // Expires header after checking for max-age in GetFreshnessLifetime.  This
1003  // is important since "Expires: <date in the past>" means not fresh, but
1004  // it should not trump a max-age value.
1005
1006  TimeDelta max_age_value;
1007  if (GetMaxAgeValue(&max_age_value))
1008    return max_age_value;
1009
1010  // If there is no Date header, then assume that the server response was
1011  // generated at the time when we received the response.
1012  Time date_value;
1013  if (!GetDateValue(&date_value))
1014    date_value = response_time;
1015
1016  Time expires_value;
1017  if (GetExpiresValue(&expires_value)) {
1018    // The expires value can be a date in the past!
1019    if (expires_value > date_value)
1020      return expires_value - date_value;
1021
1022    return TimeDelta();  // not fresh
1023  }
1024
1025  // From RFC 2616 section 13.4:
1026  //
1027  //   A response received with a status code of 200, 203, 206, 300, 301 or 410
1028  //   MAY be stored by a cache and used in reply to a subsequent request,
1029  //   subject to the expiration mechanism, unless a cache-control directive
1030  //   prohibits caching.
1031  //   ...
1032  //   A response received with any other status code (e.g. status codes 302
1033  //   and 307) MUST NOT be returned in a reply to a subsequent request unless
1034  //   there are cache-control directives or another header(s) that explicitly
1035  //   allow it.
1036  //
1037  // From RFC 2616 section 14.9.4:
1038  //
1039  //   When the must-revalidate directive is present in a response received by
1040  //   a cache, that cache MUST NOT use the entry after it becomes stale to
1041  //   respond to a subsequent request without first revalidating it with the
1042  //   origin server. (I.e., the cache MUST do an end-to-end revalidation every
1043  //   time, if, based solely on the origin server's Expires or max-age value,
1044  //   the cached response is stale.)
1045  //
1046  // https://datatracker.ietf.org/doc/draft-reschke-http-status-308/ is an
1047  // experimental RFC that adds 308 permanent redirect as well, for which "any
1048  // future references ... SHOULD use one of the returned URIs."
1049  if ((response_code_ == 200 || response_code_ == 203 ||
1050       response_code_ == 206) &&
1051      !HasHeaderValue("cache-control", "must-revalidate")) {
1052    // TODO(darin): Implement a smarter heuristic.
1053    Time last_modified_value;
1054    if (GetLastModifiedValue(&last_modified_value)) {
1055      // The last-modified value can be a date in the past!
1056      if (last_modified_value <= date_value)
1057        return (date_value - last_modified_value) / 10;
1058    }
1059  }
1060
1061  // These responses are implicitly fresh (unless otherwise overruled):
1062  if (response_code_ == 300 || response_code_ == 301 || response_code_ == 308 ||
1063      response_code_ == 410) {
1064    return TimeDelta::Max();
1065  }
1066
1067  return TimeDelta();  // not fresh
1068}
1069
1070// From RFC 2616 section 13.2.3:
1071//
1072// Summary of age calculation algorithm, when a cache receives a response:
1073//
1074//   /*
1075//    * age_value
1076//    *      is the value of Age: header received by the cache with
1077//    *              this response.
1078//    * date_value
1079//    *      is the value of the origin server's Date: header
1080//    * request_time
1081//    *      is the (local) time when the cache made the request
1082//    *              that resulted in this cached response
1083//    * response_time
1084//    *      is the (local) time when the cache received the
1085//    *              response
1086//    * now
1087//    *      is the current (local) time
1088//    */
1089//   apparent_age = max(0, response_time - date_value);
1090//   corrected_received_age = max(apparent_age, age_value);
1091//   response_delay = response_time - request_time;
1092//   corrected_initial_age = corrected_received_age + response_delay;
1093//   resident_time = now - response_time;
1094//   current_age   = corrected_initial_age + resident_time;
1095//
1096TimeDelta HttpResponseHeaders::GetCurrentAge(const Time& request_time,
1097                                             const Time& response_time,
1098                                             const Time& current_time) const {
1099  // If there is no Date header, then assume that the server response was
1100  // generated at the time when we received the response.
1101  Time date_value;
1102  if (!GetDateValue(&date_value))
1103    date_value = response_time;
1104
1105  // If there is no Age header, then assume age is zero.  GetAgeValue does not
1106  // modify its out param if the value does not exist.
1107  TimeDelta age_value;
1108  GetAgeValue(&age_value);
1109
1110  TimeDelta apparent_age = std::max(TimeDelta(), response_time - date_value);
1111  TimeDelta corrected_received_age = std::max(apparent_age, age_value);
1112  TimeDelta response_delay = response_time - request_time;
1113  TimeDelta corrected_initial_age = corrected_received_age + response_delay;
1114  TimeDelta resident_time = current_time - response_time;
1115  TimeDelta current_age = corrected_initial_age + resident_time;
1116
1117  return current_age;
1118}
1119
1120bool HttpResponseHeaders::GetMaxAgeValue(TimeDelta* result) const {
1121  return GetCacheControlDirective("max-age", result);
1122}
1123
1124bool HttpResponseHeaders::GetAgeValue(TimeDelta* result) const {
1125  std::string value;
1126  if (!EnumerateHeader(NULL, "Age", &value))
1127    return false;
1128
1129  int64 seconds;
1130  base::StringToInt64(value, &seconds);
1131  *result = TimeDelta::FromSeconds(seconds);
1132  return true;
1133}
1134
1135bool HttpResponseHeaders::GetDateValue(Time* result) const {
1136  return GetTimeValuedHeader("Date", result);
1137}
1138
1139bool HttpResponseHeaders::GetLastModifiedValue(Time* result) const {
1140  return GetTimeValuedHeader("Last-Modified", result);
1141}
1142
1143bool HttpResponseHeaders::GetExpiresValue(Time* result) const {
1144  return GetTimeValuedHeader("Expires", result);
1145}
1146
1147bool HttpResponseHeaders::GetStaleWhileRevalidateValue(
1148    TimeDelta* result) const {
1149  return GetCacheControlDirective("stale-while-revalidate", result);
1150}
1151
1152bool HttpResponseHeaders::GetTimeValuedHeader(const std::string& name,
1153                                              Time* result) const {
1154  std::string value;
1155  if (!EnumerateHeader(NULL, name, &value))
1156    return false;
1157
1158  // When parsing HTTP dates it's beneficial to default to GMT because:
1159  // 1. RFC2616 3.3.1 says times should always be specified in GMT
1160  // 2. Only counter-example incorrectly appended "UTC" (crbug.com/153759)
1161  // 3. When adjusting cookie expiration times for clock skew
1162  //    (crbug.com/135131) this better matches our cookie expiration
1163  //    time parser which ignores timezone specifiers and assumes GMT.
1164  // 4. This is exactly what Firefox does.
1165  // TODO(pauljensen): The ideal solution would be to return false if the
1166  // timezone could not be understood so as to avoid makeing other calculations
1167  // based on an incorrect time.  This would require modifying the time
1168  // library or duplicating the code. (http://crbug.com/158327)
1169  return Time::FromUTCString(value.c_str(), result);
1170}
1171
1172bool HttpResponseHeaders::IsKeepAlive() const {
1173  if (http_version_ < HttpVersion(1, 0))
1174    return false;
1175
1176  // NOTE: It is perhaps risky to assume that a Proxy-Connection header is
1177  // meaningful when we don't know that this response was from a proxy, but
1178  // Mozilla also does this, so we'll do the same.
1179  std::string connection_val;
1180  if (!EnumerateHeader(NULL, "connection", &connection_val))
1181    EnumerateHeader(NULL, "proxy-connection", &connection_val);
1182
1183  bool keep_alive;
1184
1185  if (http_version_ == HttpVersion(1, 0)) {
1186    // HTTP/1.0 responses default to NOT keep-alive
1187    keep_alive = LowerCaseEqualsASCII(connection_val, "keep-alive");
1188  } else {
1189    // HTTP/1.1 responses default to keep-alive
1190    keep_alive = !LowerCaseEqualsASCII(connection_val, "close");
1191  }
1192
1193  return keep_alive;
1194}
1195
1196bool HttpResponseHeaders::HasStrongValidators() const {
1197  std::string etag_header;
1198  EnumerateHeader(NULL, "etag", &etag_header);
1199  std::string last_modified_header;
1200  EnumerateHeader(NULL, "Last-Modified", &last_modified_header);
1201  std::string date_header;
1202  EnumerateHeader(NULL, "Date", &date_header);
1203  return HttpUtil::HasStrongValidators(GetHttpVersion(),
1204                                       etag_header,
1205                                       last_modified_header,
1206                                       date_header);
1207}
1208
1209// From RFC 2616:
1210// Content-Length = "Content-Length" ":" 1*DIGIT
1211int64 HttpResponseHeaders::GetContentLength() const {
1212  return GetInt64HeaderValue("content-length");
1213}
1214
1215int64 HttpResponseHeaders::GetInt64HeaderValue(
1216    const std::string& header) const {
1217  void* iter = NULL;
1218  std::string content_length_val;
1219  if (!EnumerateHeader(&iter, header, &content_length_val))
1220    return -1;
1221
1222  if (content_length_val.empty())
1223    return -1;
1224
1225  if (content_length_val[0] == '+')
1226    return -1;
1227
1228  int64 result;
1229  bool ok = base::StringToInt64(content_length_val, &result);
1230  if (!ok || result < 0)
1231    return -1;
1232
1233  return result;
1234}
1235
1236// From RFC 2616 14.16:
1237// content-range-spec =
1238//     bytes-unit SP byte-range-resp-spec "/" ( instance-length | "*" )
1239// byte-range-resp-spec = (first-byte-pos "-" last-byte-pos) | "*"
1240// instance-length = 1*DIGIT
1241// bytes-unit = "bytes"
1242bool HttpResponseHeaders::GetContentRange(int64* first_byte_position,
1243                                          int64* last_byte_position,
1244                                          int64* instance_length) const {
1245  void* iter = NULL;
1246  std::string content_range_spec;
1247  *first_byte_position = *last_byte_position = *instance_length = -1;
1248  if (!EnumerateHeader(&iter, kContentRange, &content_range_spec))
1249    return false;
1250
1251  // If the header value is empty, we have an invalid header.
1252  if (content_range_spec.empty())
1253    return false;
1254
1255  size_t space_position = content_range_spec.find(' ');
1256  if (space_position == std::string::npos)
1257    return false;
1258
1259  // Invalid header if it doesn't contain "bytes-unit".
1260  std::string::const_iterator content_range_spec_begin =
1261      content_range_spec.begin();
1262  std::string::const_iterator content_range_spec_end =
1263      content_range_spec.begin() + space_position;
1264  HttpUtil::TrimLWS(&content_range_spec_begin, &content_range_spec_end);
1265  if (!LowerCaseEqualsASCII(content_range_spec_begin,
1266                            content_range_spec_end,
1267                            "bytes")) {
1268    return false;
1269  }
1270
1271  size_t slash_position = content_range_spec.find('/', space_position + 1);
1272  if (slash_position == std::string::npos)
1273    return false;
1274
1275  // Obtain the part behind the space and before slash.
1276  std::string::const_iterator byte_range_resp_spec_begin =
1277      content_range_spec.begin() + space_position + 1;
1278  std::string::const_iterator byte_range_resp_spec_end =
1279      content_range_spec.begin() + slash_position;
1280  HttpUtil::TrimLWS(&byte_range_resp_spec_begin, &byte_range_resp_spec_end);
1281
1282  // Parse the byte-range-resp-spec part.
1283  std::string byte_range_resp_spec(byte_range_resp_spec_begin,
1284                                   byte_range_resp_spec_end);
1285  // If byte-range-resp-spec != "*".
1286  if (!LowerCaseEqualsASCII(byte_range_resp_spec, "*")) {
1287    size_t minus_position = byte_range_resp_spec.find('-');
1288    if (minus_position != std::string::npos) {
1289      // Obtain first-byte-pos.
1290      std::string::const_iterator first_byte_pos_begin =
1291          byte_range_resp_spec.begin();
1292      std::string::const_iterator first_byte_pos_end =
1293          byte_range_resp_spec.begin() + minus_position;
1294      HttpUtil::TrimLWS(&first_byte_pos_begin, &first_byte_pos_end);
1295
1296      bool ok = base::StringToInt64(StringPiece(first_byte_pos_begin,
1297                                                first_byte_pos_end),
1298                                    first_byte_position);
1299
1300      // Obtain last-byte-pos.
1301      std::string::const_iterator last_byte_pos_begin =
1302          byte_range_resp_spec.begin() + minus_position + 1;
1303      std::string::const_iterator last_byte_pos_end =
1304          byte_range_resp_spec.end();
1305      HttpUtil::TrimLWS(&last_byte_pos_begin, &last_byte_pos_end);
1306
1307      ok &= base::StringToInt64(StringPiece(last_byte_pos_begin,
1308                                            last_byte_pos_end),
1309                                last_byte_position);
1310      if (!ok) {
1311        *first_byte_position = *last_byte_position = -1;
1312        return false;
1313      }
1314      if (*first_byte_position < 0 || *last_byte_position < 0 ||
1315          *first_byte_position > *last_byte_position)
1316        return false;
1317    } else {
1318      return false;
1319    }
1320  }
1321
1322  // Parse the instance-length part.
1323  // If instance-length == "*".
1324  std::string::const_iterator instance_length_begin =
1325      content_range_spec.begin() + slash_position + 1;
1326  std::string::const_iterator instance_length_end =
1327      content_range_spec.end();
1328  HttpUtil::TrimLWS(&instance_length_begin, &instance_length_end);
1329
1330  if (LowerCaseEqualsASCII(instance_length_begin, instance_length_end, "*")) {
1331    return false;
1332  } else if (!base::StringToInt64(StringPiece(instance_length_begin,
1333                                              instance_length_end),
1334                                  instance_length)) {
1335    *instance_length = -1;
1336    return false;
1337  }
1338
1339  // We have all the values; let's verify that they make sense for a 206
1340  // response.
1341  if (*first_byte_position < 0 || *last_byte_position < 0 ||
1342      *instance_length < 0 || *instance_length - 1 < *last_byte_position)
1343    return false;
1344
1345  return true;
1346}
1347
1348base::Value* HttpResponseHeaders::NetLogCallback(
1349    NetLog::LogLevel log_level) const {
1350  base::DictionaryValue* dict = new base::DictionaryValue();
1351  base::ListValue* headers = new base::ListValue();
1352  headers->Append(new base::StringValue(GetStatusLine()));
1353  void* iterator = NULL;
1354  std::string name;
1355  std::string value;
1356  while (EnumerateHeaderLines(&iterator, &name, &value)) {
1357    std::string log_value = ElideHeaderValueForNetLog(log_level, name, value);
1358    std::string escaped_name = EscapeNonASCII(name);
1359    std::string escaped_value = EscapeNonASCII(log_value);
1360    headers->Append(
1361      new base::StringValue(
1362          base::StringPrintf("%s: %s", escaped_name.c_str(),
1363                             escaped_value.c_str())));
1364  }
1365  dict->Set("headers", headers);
1366  return dict;
1367}
1368
1369// static
1370bool HttpResponseHeaders::FromNetLogParam(
1371    const base::Value* event_param,
1372    scoped_refptr<HttpResponseHeaders>* http_response_headers) {
1373  *http_response_headers = NULL;
1374
1375  const base::DictionaryValue* dict = NULL;
1376  const base::ListValue* header_list = NULL;
1377
1378  if (!event_param ||
1379      !event_param->GetAsDictionary(&dict) ||
1380      !dict->GetList("headers", &header_list)) {
1381    return false;
1382  }
1383
1384  std::string raw_headers;
1385  for (base::ListValue::const_iterator it = header_list->begin();
1386       it != header_list->end();
1387       ++it) {
1388    std::string header_line;
1389    if (!(*it)->GetAsString(&header_line))
1390      return false;
1391
1392    raw_headers.append(header_line);
1393    raw_headers.push_back('\0');
1394  }
1395  raw_headers.push_back('\0');
1396  *http_response_headers = new HttpResponseHeaders(raw_headers);
1397  return true;
1398}
1399
1400bool HttpResponseHeaders::IsChunkEncoded() const {
1401  // Ignore spurious chunked responses from HTTP/1.0 servers and proxies.
1402  return GetHttpVersion() >= HttpVersion(1, 1) &&
1403      HasHeaderValue("Transfer-Encoding", "chunked");
1404}
1405
1406}  // namespace net
1407