Home | History | Annotate | Download | only in http
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "net/http/http_network_transaction.h"
      6 
      7 #include <set>
      8 #include <vector>
      9 
     10 #include "base/compiler_specific.h"
     11 #include "base/format_macros.h"
     12 #include "base/memory/scoped_ptr.h"
     13 #include "base/metrics/field_trial.h"
     14 #include "base/metrics/histogram.h"
     15 #include "base/metrics/stats_counters.h"
     16 #include "base/stl_util-inl.h"
     17 #include "base/string_number_conversions.h"
     18 #include "base/string_util.h"
     19 #include "base/stringprintf.h"
     20 #include "build/build_config.h"
     21 #include "googleurl/src/gurl.h"
     22 #include "net/base/auth.h"
     23 #include "net/base/host_port_pair.h"
     24 #include "net/base/io_buffer.h"
     25 #include "net/base/load_flags.h"
     26 #include "net/base/net_errors.h"
     27 #include "net/base/net_util.h"
     28 #include "net/base/network_delegate.h"
     29 #include "net/base/ssl_cert_request_info.h"
     30 #include "net/base/ssl_connection_status_flags.h"
     31 #include "net/base/upload_data_stream.h"
     32 #include "net/http/http_auth.h"
     33 #include "net/http/http_auth_handler.h"
     34 #include "net/http/http_auth_handler_factory.h"
     35 #include "net/http/http_basic_stream.h"
     36 #include "net/http/http_chunked_decoder.h"
     37 #include "net/http/http_net_log_params.h"
     38 #include "net/http/http_network_session.h"
     39 #include "net/http/http_proxy_client_socket.h"
     40 #include "net/http/http_proxy_client_socket_pool.h"
     41 #include "net/http/http_request_headers.h"
     42 #include "net/http/http_request_info.h"
     43 #include "net/http/http_response_body_drainer.h"
     44 #include "net/http/http_response_headers.h"
     45 #include "net/http/http_response_info.h"
     46 #include "net/http/http_stream_factory.h"
     47 #include "net/http/http_util.h"
     48 #include "net/http/url_security_manager.h"
     49 #include "net/socket/client_socket_factory.h"
     50 #include "net/socket/socks_client_socket_pool.h"
     51 #include "net/socket/ssl_client_socket.h"
     52 #include "net/socket/ssl_client_socket_pool.h"
     53 #include "net/socket/transport_client_socket_pool.h"
     54 #include "net/spdy/spdy_http_stream.h"
     55 #include "net/spdy/spdy_session.h"
     56 #include "net/spdy/spdy_session_pool.h"
     57 
     58 using base::Time;
     59 
     60 namespace net {
     61 
     62 namespace {
     63 
     64 void ProcessAlternateProtocol(HttpStreamFactory* factory,
     65                               HttpAlternateProtocols* alternate_protocols,
     66                               const HttpResponseHeaders& headers,
     67                               const HostPortPair& http_host_port_pair) {
     68   std::string alternate_protocol_str;
     69 
     70   if (!headers.EnumerateHeader(NULL, HttpAlternateProtocols::kHeader,
     71                                &alternate_protocol_str)) {
     72     // Header is not present.
     73     return;
     74   }
     75 
     76   factory->ProcessAlternateProtocol(alternate_protocols,
     77                                     alternate_protocol_str,
     78                                     http_host_port_pair);
     79 }
     80 
     81 // Returns true if |error| is a client certificate authentication error.
     82 bool IsClientCertificateError(int error) {
     83   switch (error) {
     84     case ERR_BAD_SSL_CLIENT_AUTH_CERT:
     85     case ERR_SSL_CLIENT_AUTH_PRIVATE_KEY_ACCESS_DENIED:
     86     case ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY:
     87     case ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED:
     88       return true;
     89     default:
     90       return false;
     91   }
     92 }
     93 
     94 }  // namespace
     95 
     96 //-----------------------------------------------------------------------------
     97 
     98 HttpNetworkTransaction::HttpNetworkTransaction(HttpNetworkSession* session)
     99     : pending_auth_target_(HttpAuth::AUTH_NONE),
    100       ALLOW_THIS_IN_INITIALIZER_LIST(
    101           io_callback_(this, &HttpNetworkTransaction::OnIOComplete)),
    102       ALLOW_THIS_IN_INITIALIZER_LIST(delegate_callback_(
    103           new CancelableCompletionCallback<HttpNetworkTransaction>(
    104               this, &HttpNetworkTransaction::OnIOComplete))),
    105       user_callback_(NULL),
    106       session_(session),
    107       request_(NULL),
    108       headers_valid_(false),
    109       logged_response_time_(false),
    110       request_headers_(),
    111       read_buf_len_(0),
    112       next_state_(STATE_NONE),
    113       establishing_tunnel_(false) {
    114   session->ssl_config_service()->GetSSLConfig(&ssl_config_);
    115   if (session->http_stream_factory()->next_protos())
    116     ssl_config_.next_protos = *session->http_stream_factory()->next_protos();
    117 }
    118 
    119 HttpNetworkTransaction::~HttpNetworkTransaction() {
    120   if (stream_.get()) {
    121     HttpResponseHeaders* headers = GetResponseHeaders();
    122     // TODO(mbelshe): The stream_ should be able to compute whether or not the
    123     //                stream should be kept alive.  No reason to compute here
    124     //                and pass it in.
    125     bool try_to_keep_alive =
    126         next_state_ == STATE_NONE &&
    127         stream_->CanFindEndOfResponse() &&
    128         (!headers || headers->IsKeepAlive());
    129     if (!try_to_keep_alive) {
    130       stream_->Close(true /* not reusable */);
    131     } else {
    132       if (stream_->IsResponseBodyComplete()) {
    133         // If the response body is complete, we can just reuse the socket.
    134         stream_->Close(false /* reusable */);
    135       } else if (stream_->IsSpdyHttpStream()) {
    136         // Doesn't really matter for SpdyHttpStream. Just close it.
    137         stream_->Close(true /* not reusable */);
    138       } else {
    139         // Otherwise, we try to drain the response body.
    140         // TODO(willchan): Consider moving this response body draining to the
    141         // stream implementation.  For SPDY, there's clearly no point.  For
    142         // HTTP, it can vary depending on whether or not we're pipelining.  It's
    143         // stream dependent, so the different subtypes should be implementing
    144         // their solutions.
    145         HttpResponseBodyDrainer* drainer =
    146           new HttpResponseBodyDrainer(stream_.release());
    147         drainer->Start(session_);
    148         // |drainer| will delete itself.
    149       }
    150     }
    151   }
    152 
    153   delegate_callback_->Cancel();
    154 }
    155 
    156 int HttpNetworkTransaction::Start(const HttpRequestInfo* request_info,
    157                                   CompletionCallback* callback,
    158                                   const BoundNetLog& net_log) {
    159   SIMPLE_STATS_COUNTER("HttpNetworkTransaction.Count");
    160 
    161   net_log_ = net_log;
    162   request_ = request_info;
    163   start_time_ = base::Time::Now();
    164 
    165   next_state_ = STATE_CREATE_STREAM;
    166   int rv = DoLoop(OK);
    167   if (rv == ERR_IO_PENDING)
    168     user_callback_ = callback;
    169   return rv;
    170 }
    171 
    172 int HttpNetworkTransaction::RestartIgnoringLastError(
    173     CompletionCallback* callback) {
    174   DCHECK(!stream_.get());
    175   DCHECK(!stream_request_.get());
    176   DCHECK_EQ(STATE_NONE, next_state_);
    177 
    178   next_state_ = STATE_CREATE_STREAM;
    179 
    180   int rv = DoLoop(OK);
    181   if (rv == ERR_IO_PENDING)
    182     user_callback_ = callback;
    183   return rv;
    184 }
    185 
    186 int HttpNetworkTransaction::RestartWithCertificate(
    187     X509Certificate* client_cert,
    188     CompletionCallback* callback) {
    189   // In HandleCertificateRequest(), we always tear down existing stream
    190   // requests to force a new connection.  So we shouldn't have one here.
    191   DCHECK(!stream_request_.get());
    192   DCHECK(!stream_.get());
    193   DCHECK_EQ(STATE_NONE, next_state_);
    194 
    195   ssl_config_.client_cert = client_cert;
    196   session_->ssl_client_auth_cache()->Add(
    197       response_.cert_request_info->host_and_port, client_cert);
    198   ssl_config_.send_client_cert = true;
    199   // Reset the other member variables.
    200   // Note: this is necessary only with SSL renegotiation.
    201   ResetStateForRestart();
    202   next_state_ = STATE_CREATE_STREAM;
    203   int rv = DoLoop(OK);
    204   if (rv == ERR_IO_PENDING)
    205     user_callback_ = callback;
    206   return rv;
    207 }
    208 
    209 int HttpNetworkTransaction::RestartWithAuth(
    210     const string16& username,
    211     const string16& password,
    212     CompletionCallback* callback) {
    213   HttpAuth::Target target = pending_auth_target_;
    214   if (target == HttpAuth::AUTH_NONE) {
    215     NOTREACHED();
    216     return ERR_UNEXPECTED;
    217   }
    218   pending_auth_target_ = HttpAuth::AUTH_NONE;
    219 
    220   auth_controllers_[target]->ResetAuth(username, password);
    221 
    222   DCHECK(user_callback_ == NULL);
    223 
    224   int rv = OK;
    225   if (target == HttpAuth::AUTH_PROXY && establishing_tunnel_) {
    226     // In this case, we've gathered credentials for use with proxy
    227     // authentication of a tunnel.
    228     DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
    229     DCHECK(stream_request_ != NULL);
    230     auth_controllers_[target] = NULL;
    231     ResetStateForRestart();
    232     rv = stream_request_->RestartTunnelWithProxyAuth(username, password);
    233   } else {
    234     // In this case, we've gathered credentials for the server or the proxy
    235     // but it is not during the tunneling phase.
    236     DCHECK(stream_request_ == NULL);
    237     PrepareForAuthRestart(target);
    238     rv = DoLoop(OK);
    239   }
    240 
    241   if (rv == ERR_IO_PENDING)
    242     user_callback_ = callback;
    243   return rv;
    244 }
    245 
    246 void HttpNetworkTransaction::PrepareForAuthRestart(HttpAuth::Target target) {
    247   DCHECK(HaveAuth(target));
    248   DCHECK(!stream_request_.get());
    249 
    250   bool keep_alive = false;
    251   // Even if the server says the connection is keep-alive, we have to be
    252   // able to find the end of each response in order to reuse the connection.
    253   if (GetResponseHeaders()->IsKeepAlive() &&
    254       stream_->CanFindEndOfResponse()) {
    255     // If the response body hasn't been completely read, we need to drain
    256     // it first.
    257     if (!stream_->IsResponseBodyComplete()) {
    258       next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART;
    259       read_buf_ = new IOBuffer(kDrainBodyBufferSize);  // A bit bucket.
    260       read_buf_len_ = kDrainBodyBufferSize;
    261       return;
    262     }
    263     keep_alive = true;
    264   }
    265 
    266   // We don't need to drain the response body, so we act as if we had drained
    267   // the response body.
    268   DidDrainBodyForAuthRestart(keep_alive);
    269 }
    270 
    271 void HttpNetworkTransaction::DidDrainBodyForAuthRestart(bool keep_alive) {
    272   DCHECK(!stream_request_.get());
    273 
    274   if (stream_.get()) {
    275     HttpStream* new_stream = NULL;
    276     if (keep_alive && stream_->IsConnectionReusable()) {
    277       // We should call connection_->set_idle_time(), but this doesn't occur
    278       // often enough to be worth the trouble.
    279       stream_->SetConnectionReused();
    280       new_stream = stream_->RenewStreamForAuth();
    281     }
    282 
    283     if (!new_stream) {
    284       // Close the stream and mark it as not_reusable.  Even in the
    285       // keep_alive case, we've determined that the stream_ is not
    286       // reusable if new_stream is NULL.
    287       stream_->Close(true);
    288       next_state_ = STATE_CREATE_STREAM;
    289     } else {
    290       next_state_ = STATE_INIT_STREAM;
    291     }
    292     stream_.reset(new_stream);
    293   }
    294 
    295   // Reset the other member variables.
    296   ResetStateForAuthRestart();
    297 }
    298 
    299 bool HttpNetworkTransaction::IsReadyToRestartForAuth() {
    300   return pending_auth_target_ != HttpAuth::AUTH_NONE &&
    301       HaveAuth(pending_auth_target_);
    302 }
    303 
    304 int HttpNetworkTransaction::Read(IOBuffer* buf, int buf_len,
    305                                  CompletionCallback* callback) {
    306   DCHECK(buf);
    307   DCHECK_LT(0, buf_len);
    308 
    309   State next_state = STATE_NONE;
    310 
    311   scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders());
    312   if (headers_valid_ && headers.get() && stream_request_.get()) {
    313     // We're trying to read the body of the response but we're still trying
    314     // to establish an SSL tunnel through an HTTP proxy.  We can't read these
    315     // bytes when establishing a tunnel because they might be controlled by
    316     // an active network attacker.  We don't worry about this for HTTP
    317     // because an active network attacker can already control HTTP sessions.
    318     // We reach this case when the user cancels a 407 proxy auth prompt.  We
    319     // also don't worry about this for an HTTPS Proxy, because the
    320     // communication with the proxy is secure.
    321     // See http://crbug.com/8473.
    322     DCHECK(proxy_info_.is_http() || proxy_info_.is_https());
    323     DCHECK_EQ(headers->response_code(), 407);
    324     LOG(WARNING) << "Blocked proxy response with status "
    325                  << headers->response_code() << " to CONNECT request for "
    326                  << GetHostAndPort(request_->url) << ".";
    327     return ERR_TUNNEL_CONNECTION_FAILED;
    328   }
    329 
    330   // Are we using SPDY or HTTP?
    331   next_state = STATE_READ_BODY;
    332 
    333   read_buf_ = buf;
    334   read_buf_len_ = buf_len;
    335 
    336   next_state_ = next_state;
    337   int rv = DoLoop(OK);
    338   if (rv == ERR_IO_PENDING)
    339     user_callback_ = callback;
    340   return rv;
    341 }
    342 
    343 const HttpResponseInfo* HttpNetworkTransaction::GetResponseInfo() const {
    344   return ((headers_valid_ && response_.headers) || response_.ssl_info.cert ||
    345           response_.cert_request_info) ? &response_ : NULL;
    346 }
    347 
    348 LoadState HttpNetworkTransaction::GetLoadState() const {
    349   // TODO(wtc): Define a new LoadState value for the
    350   // STATE_INIT_CONNECTION_COMPLETE state, which delays the HTTP request.
    351   switch (next_state_) {
    352     case STATE_CREATE_STREAM_COMPLETE:
    353       return stream_request_->GetLoadState();
    354     case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE:
    355     case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE:
    356     case STATE_SEND_REQUEST_COMPLETE:
    357       return LOAD_STATE_SENDING_REQUEST;
    358     case STATE_READ_HEADERS_COMPLETE:
    359       return LOAD_STATE_WAITING_FOR_RESPONSE;
    360     case STATE_READ_BODY_COMPLETE:
    361       return LOAD_STATE_READING_RESPONSE;
    362     default:
    363       return LOAD_STATE_IDLE;
    364   }
    365 }
    366 
    367 uint64 HttpNetworkTransaction::GetUploadProgress() const {
    368   if (!stream_.get())
    369     return 0;
    370 
    371   return stream_->GetUploadProgress();
    372 }
    373 
    374 void HttpNetworkTransaction::OnStreamReady(const SSLConfig& used_ssl_config,
    375                                            const ProxyInfo& used_proxy_info,
    376                                            HttpStream* stream) {
    377   DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
    378   DCHECK(stream_request_.get());
    379 
    380   stream_.reset(stream);
    381   ssl_config_ = used_ssl_config;
    382   proxy_info_ = used_proxy_info;
    383   response_.was_npn_negotiated = stream_request_->was_npn_negotiated();
    384   response_.was_fetched_via_spdy = stream_request_->using_spdy();
    385   response_.was_fetched_via_proxy = !proxy_info_.is_direct();
    386 
    387   OnIOComplete(OK);
    388 }
    389 
    390 void HttpNetworkTransaction::OnStreamFailed(int result,
    391                                             const SSLConfig& used_ssl_config) {
    392   DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
    393   DCHECK_NE(OK, result);
    394   DCHECK(stream_request_.get());
    395   DCHECK(!stream_.get());
    396   ssl_config_ = used_ssl_config;
    397 
    398   OnIOComplete(result);
    399 }
    400 
    401 void HttpNetworkTransaction::OnCertificateError(
    402     int result,
    403     const SSLConfig& used_ssl_config,
    404     const SSLInfo& ssl_info) {
    405   DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
    406   DCHECK_NE(OK, result);
    407   DCHECK(stream_request_.get());
    408   DCHECK(!stream_.get());
    409 
    410   response_.ssl_info = ssl_info;
    411   ssl_config_ = used_ssl_config;
    412 
    413   // TODO(mbelshe):  For now, we're going to pass the error through, and that
    414   // will close the stream_request in all cases.  This means that we're always
    415   // going to restart an entire STATE_CREATE_STREAM, even if the connection is
    416   // good and the user chooses to ignore the error.  This is not ideal, but not
    417   // the end of the world either.
    418 
    419   OnIOComplete(result);
    420 }
    421 
    422 void HttpNetworkTransaction::OnNeedsProxyAuth(
    423     const HttpResponseInfo& proxy_response,
    424     const SSLConfig& used_ssl_config,
    425     const ProxyInfo& used_proxy_info,
    426     HttpAuthController* auth_controller) {
    427   DCHECK(stream_request_.get());
    428   DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
    429 
    430   establishing_tunnel_ = true;
    431   response_.headers = proxy_response.headers;
    432   response_.auth_challenge = proxy_response.auth_challenge;
    433   headers_valid_ = true;
    434   ssl_config_ = used_ssl_config;
    435   proxy_info_ = used_proxy_info;
    436 
    437   auth_controllers_[HttpAuth::AUTH_PROXY] = auth_controller;
    438   pending_auth_target_ = HttpAuth::AUTH_PROXY;
    439 
    440   DoCallback(OK);
    441 }
    442 
    443 void HttpNetworkTransaction::OnNeedsClientAuth(
    444     const SSLConfig& used_ssl_config,
    445     SSLCertRequestInfo* cert_info) {
    446   DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
    447 
    448   ssl_config_ = used_ssl_config;
    449   response_.cert_request_info = cert_info;
    450   OnIOComplete(ERR_SSL_CLIENT_AUTH_CERT_NEEDED);
    451 }
    452 
    453 void HttpNetworkTransaction::OnHttpsProxyTunnelResponse(
    454     const HttpResponseInfo& response_info,
    455     const SSLConfig& used_ssl_config,
    456     const ProxyInfo& used_proxy_info,
    457     HttpStream* stream) {
    458   DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
    459 
    460   headers_valid_ = true;
    461   response_ = response_info;
    462   ssl_config_ = used_ssl_config;
    463   proxy_info_ = used_proxy_info;
    464   stream_.reset(stream);
    465   stream_request_.reset();  // we're done with the stream request
    466   OnIOComplete(ERR_HTTPS_PROXY_TUNNEL_RESPONSE);
    467 }
    468 
    469 bool HttpNetworkTransaction::is_https_request() const {
    470   return request_->url.SchemeIs("https");
    471 }
    472 
    473 void HttpNetworkTransaction::DoCallback(int rv) {
    474   DCHECK_NE(rv, ERR_IO_PENDING);
    475   DCHECK(user_callback_);
    476 
    477   // Since Run may result in Read being called, clear user_callback_ up front.
    478   CompletionCallback* c = user_callback_;
    479   user_callback_ = NULL;
    480   c->Run(rv);
    481 }
    482 
    483 void HttpNetworkTransaction::OnIOComplete(int result) {
    484   int rv = DoLoop(result);
    485   if (rv != ERR_IO_PENDING)
    486     DoCallback(rv);
    487 }
    488 
    489 int HttpNetworkTransaction::DoLoop(int result) {
    490   DCHECK(next_state_ != STATE_NONE);
    491 
    492   int rv = result;
    493   do {
    494     State state = next_state_;
    495     next_state_ = STATE_NONE;
    496     switch (state) {
    497       case STATE_CREATE_STREAM:
    498         DCHECK_EQ(OK, rv);
    499         rv = DoCreateStream();
    500         break;
    501       case STATE_CREATE_STREAM_COMPLETE:
    502         rv = DoCreateStreamComplete(rv);
    503         break;
    504       case STATE_INIT_STREAM:
    505         DCHECK_EQ(OK, rv);
    506         rv = DoInitStream();
    507         break;
    508       case STATE_INIT_STREAM_COMPLETE:
    509         rv = DoInitStreamComplete(rv);
    510         break;
    511       case STATE_GENERATE_PROXY_AUTH_TOKEN:
    512         DCHECK_EQ(OK, rv);
    513         rv = DoGenerateProxyAuthToken();
    514         break;
    515       case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE:
    516         rv = DoGenerateProxyAuthTokenComplete(rv);
    517         break;
    518       case STATE_GENERATE_SERVER_AUTH_TOKEN:
    519         DCHECK_EQ(OK, rv);
    520         rv = DoGenerateServerAuthToken();
    521         break;
    522       case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE:
    523         rv = DoGenerateServerAuthTokenComplete(rv);
    524         break;
    525       case STATE_BUILD_REQUEST:
    526         DCHECK_EQ(OK, rv);
    527         net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST, NULL);
    528         rv = DoBuildRequest();
    529         break;
    530       case STATE_BUILD_REQUEST_COMPLETE:
    531         rv = DoBuildRequestComplete(rv);
    532         break;
    533       case STATE_SEND_REQUEST:
    534         DCHECK_EQ(OK, rv);
    535         rv = DoSendRequest();
    536         break;
    537       case STATE_SEND_REQUEST_COMPLETE:
    538         rv = DoSendRequestComplete(rv);
    539         net_log_.EndEventWithNetErrorCode(
    540             NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST, rv);
    541         break;
    542       case STATE_READ_HEADERS:
    543         DCHECK_EQ(OK, rv);
    544         net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_READ_HEADERS, NULL);
    545         rv = DoReadHeaders();
    546         break;
    547       case STATE_READ_HEADERS_COMPLETE:
    548         rv = DoReadHeadersComplete(rv);
    549         net_log_.EndEventWithNetErrorCode(
    550             NetLog::TYPE_HTTP_TRANSACTION_READ_HEADERS, rv);
    551         break;
    552       case STATE_READ_BODY:
    553         DCHECK_EQ(OK, rv);
    554         net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_READ_BODY, NULL);
    555         rv = DoReadBody();
    556         break;
    557       case STATE_READ_BODY_COMPLETE:
    558         rv = DoReadBodyComplete(rv);
    559         net_log_.EndEventWithNetErrorCode(
    560             NetLog::TYPE_HTTP_TRANSACTION_READ_BODY, rv);
    561         break;
    562       case STATE_DRAIN_BODY_FOR_AUTH_RESTART:
    563         DCHECK_EQ(OK, rv);
    564         net_log_.BeginEvent(
    565             NetLog::TYPE_HTTP_TRANSACTION_DRAIN_BODY_FOR_AUTH_RESTART, NULL);
    566         rv = DoDrainBodyForAuthRestart();
    567         break;
    568       case STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE:
    569         rv = DoDrainBodyForAuthRestartComplete(rv);
    570         net_log_.EndEventWithNetErrorCode(
    571             NetLog::TYPE_HTTP_TRANSACTION_DRAIN_BODY_FOR_AUTH_RESTART, rv);
    572         break;
    573       default:
    574         NOTREACHED() << "bad state";
    575         rv = ERR_FAILED;
    576         break;
    577     }
    578   } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE);
    579 
    580   return rv;
    581 }
    582 
    583 int HttpNetworkTransaction::DoCreateStream() {
    584   next_state_ = STATE_CREATE_STREAM_COMPLETE;
    585 
    586   stream_request_.reset(
    587       session_->http_stream_factory()->RequestStream(
    588           *request_,
    589           ssl_config_,
    590           this,
    591           net_log_));
    592   DCHECK(stream_request_.get());
    593   return ERR_IO_PENDING;
    594 }
    595 
    596 int HttpNetworkTransaction::DoCreateStreamComplete(int result) {
    597   if (result == OK) {
    598     next_state_ = STATE_INIT_STREAM;
    599     DCHECK(stream_.get());
    600   } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
    601     result = HandleCertificateRequest(result);
    602   } else if (result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) {
    603     // Return OK and let the caller read the proxy's error page
    604     next_state_ = STATE_NONE;
    605     return OK;
    606   }
    607 
    608   // Handle possible handshake errors that may have occurred if the stream
    609   // used SSL for one or more of the layers.
    610   result = HandleSSLHandshakeError(result);
    611 
    612   // At this point we are done with the stream_request_.
    613   stream_request_.reset();
    614   return result;
    615 }
    616 
    617 int HttpNetworkTransaction::DoInitStream() {
    618   DCHECK(stream_.get());
    619   next_state_ = STATE_INIT_STREAM_COMPLETE;
    620   return stream_->InitializeStream(request_, net_log_, &io_callback_);
    621 }
    622 
    623 int HttpNetworkTransaction::DoInitStreamComplete(int result) {
    624   if (result == OK) {
    625     next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN;
    626   } else {
    627     if (result < 0)
    628       result = HandleIOError(result);
    629 
    630     // The stream initialization failed, so this stream will never be useful.
    631     stream_.reset();
    632   }
    633 
    634   return result;
    635 }
    636 
    637 int HttpNetworkTransaction::DoGenerateProxyAuthToken() {
    638   next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE;
    639   if (!ShouldApplyProxyAuth())
    640     return OK;
    641   HttpAuth::Target target = HttpAuth::AUTH_PROXY;
    642   if (!auth_controllers_[target].get())
    643     auth_controllers_[target] =
    644         new HttpAuthController(target,
    645                                AuthURL(target),
    646                                session_->http_auth_cache(),
    647                                session_->http_auth_handler_factory());
    648   return auth_controllers_[target]->MaybeGenerateAuthToken(request_,
    649                                                            &io_callback_,
    650                                                            net_log_);
    651 }
    652 
    653 int HttpNetworkTransaction::DoGenerateProxyAuthTokenComplete(int rv) {
    654   DCHECK_NE(ERR_IO_PENDING, rv);
    655   if (rv == OK)
    656     next_state_ = STATE_GENERATE_SERVER_AUTH_TOKEN;
    657   return rv;
    658 }
    659 
    660 int HttpNetworkTransaction::DoGenerateServerAuthToken() {
    661   next_state_ = STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE;
    662   HttpAuth::Target target = HttpAuth::AUTH_SERVER;
    663   if (!auth_controllers_[target].get())
    664     auth_controllers_[target] =
    665         new HttpAuthController(target,
    666                                AuthURL(target),
    667                                session_->http_auth_cache(),
    668                                session_->http_auth_handler_factory());
    669   if (!ShouldApplyServerAuth())
    670     return OK;
    671   return auth_controllers_[target]->MaybeGenerateAuthToken(request_,
    672                                                            &io_callback_,
    673                                                            net_log_);
    674 }
    675 
    676 int HttpNetworkTransaction::DoGenerateServerAuthTokenComplete(int rv) {
    677   DCHECK_NE(ERR_IO_PENDING, rv);
    678   if (rv == OK)
    679     next_state_ = STATE_BUILD_REQUEST;
    680   return rv;
    681 }
    682 
    683 void HttpNetworkTransaction::BuildRequestHeaders(bool using_proxy) {
    684   request_headers_.SetHeader(HttpRequestHeaders::kHost,
    685                              GetHostAndOptionalPort(request_->url));
    686 
    687   // For compat with HTTP/1.0 servers and proxies:
    688   if (using_proxy) {
    689     request_headers_.SetHeader(HttpRequestHeaders::kProxyConnection,
    690                                "keep-alive");
    691   } else {
    692     request_headers_.SetHeader(HttpRequestHeaders::kConnection, "keep-alive");
    693   }
    694 
    695   // Our consumer should have made sure that this is a safe referrer.  See for
    696   // instance WebCore::FrameLoader::HideReferrer.
    697   if (request_->referrer.is_valid()) {
    698     request_headers_.SetHeader(HttpRequestHeaders::kReferer,
    699                                request_->referrer.spec());
    700   }
    701 
    702   // Add a content length header?
    703   if (request_body_.get()) {
    704     if (request_body_->is_chunked()) {
    705       request_headers_.SetHeader(
    706           HttpRequestHeaders::kTransferEncoding, "chunked");
    707     } else {
    708       request_headers_.SetHeader(
    709           HttpRequestHeaders::kContentLength,
    710           base::Uint64ToString(request_body_->size()));
    711     }
    712   } else if (request_->method == "POST" || request_->method == "PUT" ||
    713              request_->method == "HEAD") {
    714     // An empty POST/PUT request still needs a content length.  As for HEAD,
    715     // IE and Safari also add a content length header.  Presumably it is to
    716     // support sending a HEAD request to an URL that only expects to be sent a
    717     // POST or some other method that normally would have a message body.
    718     request_headers_.SetHeader(HttpRequestHeaders::kContentLength, "0");
    719   }
    720 
    721   // Honor load flags that impact proxy caches.
    722   if (request_->load_flags & LOAD_BYPASS_CACHE) {
    723     request_headers_.SetHeader(HttpRequestHeaders::kPragma, "no-cache");
    724     request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "no-cache");
    725   } else if (request_->load_flags & LOAD_VALIDATE_CACHE) {
    726     request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "max-age=0");
    727   }
    728 
    729   if (ShouldApplyProxyAuth() && HaveAuth(HttpAuth::AUTH_PROXY))
    730     auth_controllers_[HttpAuth::AUTH_PROXY]->AddAuthorizationHeader(
    731         &request_headers_);
    732   if (ShouldApplyServerAuth() && HaveAuth(HttpAuth::AUTH_SERVER))
    733     auth_controllers_[HttpAuth::AUTH_SERVER]->AddAuthorizationHeader(
    734         &request_headers_);
    735 
    736   // Headers that will be stripped from request_->extra_headers to prevent,
    737   // e.g., plugins from overriding headers that are controlled using other
    738   // means. Otherwise a plugin could set a referrer although sending the
    739   // referrer is inhibited.
    740   // TODO(jochen): check whether also other headers should be stripped.
    741   static const char* const kExtraHeadersToBeStripped[] = {
    742     "Referer"
    743   };
    744 
    745   HttpRequestHeaders stripped_extra_headers;
    746   stripped_extra_headers.CopyFrom(request_->extra_headers);
    747   for (size_t i = 0; i < arraysize(kExtraHeadersToBeStripped); ++i)
    748     stripped_extra_headers.RemoveHeader(kExtraHeadersToBeStripped[i]);
    749   request_headers_.MergeFrom(stripped_extra_headers);
    750 }
    751 
    752 int HttpNetworkTransaction::DoBuildRequest() {
    753   next_state_ = STATE_BUILD_REQUEST_COMPLETE;
    754   delegate_callback_->AddRef();  // balanced in DoSendRequestComplete
    755 
    756   request_body_.reset(NULL);
    757   if (request_->upload_data) {
    758     int error_code;
    759     request_body_.reset(
    760         UploadDataStream::Create(request_->upload_data, &error_code));
    761     if (!request_body_.get())
    762       return error_code;
    763   }
    764 
    765   headers_valid_ = false;
    766 
    767   // This is constructed lazily (instead of within our Start method), so that
    768   // we have proxy info available.
    769   if (request_headers_.IsEmpty()) {
    770     bool using_proxy = (proxy_info_.is_http() || proxy_info_.is_https()) &&
    771                         !is_https_request();
    772     BuildRequestHeaders(using_proxy);
    773   }
    774 
    775   if (session_->network_delegate()) {
    776     return session_->network_delegate()->NotifyBeforeSendHeaders(
    777         request_->request_id, delegate_callback_, &request_headers_);
    778   }
    779 
    780   return OK;
    781 }
    782 
    783 int HttpNetworkTransaction::DoBuildRequestComplete(int result) {
    784   delegate_callback_->Release();  // balanced in DoBuildRequest
    785 
    786   if (result == OK)
    787     next_state_ = STATE_SEND_REQUEST;
    788   return result;
    789 }
    790 
    791 int HttpNetworkTransaction::DoSendRequest() {
    792   next_state_ = STATE_SEND_REQUEST_COMPLETE;
    793 
    794   return stream_->SendRequest(
    795       request_headers_, request_body_.release(), &response_, &io_callback_);
    796 }
    797 
    798 int HttpNetworkTransaction::DoSendRequestComplete(int result) {
    799   if (result < 0)
    800     return HandleIOError(result);
    801   next_state_ = STATE_READ_HEADERS;
    802   return OK;
    803 }
    804 
    805 int HttpNetworkTransaction::DoReadHeaders() {
    806   next_state_ = STATE_READ_HEADERS_COMPLETE;
    807   return stream_->ReadResponseHeaders(&io_callback_);
    808 }
    809 
    810 int HttpNetworkTransaction::HandleConnectionClosedBeforeEndOfHeaders() {
    811   if (!response_.headers && !stream_->IsConnectionReused()) {
    812     // The connection was closed before any data was sent. Likely an error
    813     // rather than empty HTTP/0.9 response.
    814     return ERR_EMPTY_RESPONSE;
    815   }
    816 
    817   return OK;
    818 }
    819 
    820 int HttpNetworkTransaction::DoReadHeadersComplete(int result) {
    821   // We can get a certificate error or ERR_SSL_CLIENT_AUTH_CERT_NEEDED here
    822   // due to SSL renegotiation.
    823   if (IsCertificateError(result)) {
    824     // We don't handle a certificate error during SSL renegotiation, so we
    825     // have to return an error that's not in the certificate error range
    826     // (-2xx).
    827     LOG(ERROR) << "Got a server certificate with error " << result
    828                << " during SSL renegotiation";
    829     result = ERR_CERT_ERROR_IN_SSL_RENEGOTIATION;
    830   } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
    831     // TODO(wtc): Need a test case for this code path!
    832     DCHECK(stream_.get());
    833     DCHECK(is_https_request());
    834     response_.cert_request_info = new SSLCertRequestInfo;
    835     stream_->GetSSLCertRequestInfo(response_.cert_request_info);
    836     result = HandleCertificateRequest(result);
    837     if (result == OK)
    838       return result;
    839   }
    840 
    841   if (result < 0 && result != ERR_CONNECTION_CLOSED)
    842     return HandleIOError(result);
    843 
    844   if (result == ERR_CONNECTION_CLOSED && ShouldResendRequest(result)) {
    845     ResetConnectionAndRequestForResend();
    846     return OK;
    847   }
    848 
    849   // After we call RestartWithAuth a new response_time will be recorded, and
    850   // we need to be cautious about incorrectly logging the duration across the
    851   // authentication activity.
    852   if (result == OK)
    853     LogTransactionConnectedMetrics();
    854 
    855   if (result == ERR_CONNECTION_CLOSED) {
    856     // For now, if we get at least some data, we do the best we can to make
    857     // sense of it and send it back up the stack.
    858     int rv = HandleConnectionClosedBeforeEndOfHeaders();
    859     if (rv != OK)
    860       return rv;
    861   }
    862 
    863   if (net_log_.IsLoggingAllEvents()) {
    864     net_log_.AddEvent(
    865         NetLog::TYPE_HTTP_TRANSACTION_READ_RESPONSE_HEADERS,
    866         make_scoped_refptr(new NetLogHttpResponseParameter(response_.headers)));
    867   }
    868 
    869   if (response_.headers->GetParsedHttpVersion() < HttpVersion(1, 0)) {
    870     // HTTP/0.9 doesn't support the PUT method, so lack of response headers
    871     // indicates a buggy server.  See:
    872     // https://bugzilla.mozilla.org/show_bug.cgi?id=193921
    873     if (request_->method == "PUT")
    874       return ERR_METHOD_NOT_SUPPORTED;
    875   }
    876 
    877   // Check for an intermediate 100 Continue response.  An origin server is
    878   // allowed to send this response even if we didn't ask for it, so we just
    879   // need to skip over it.
    880   // We treat any other 1xx in this same way (although in practice getting
    881   // a 1xx that isn't a 100 is rare).
    882   if (response_.headers->response_code() / 100 == 1) {
    883     response_.headers = new HttpResponseHeaders("");
    884     next_state_ = STATE_READ_HEADERS;
    885     return OK;
    886   }
    887 
    888   HostPortPair endpoint = HostPortPair(request_->url.HostNoBrackets(),
    889                                        request_->url.EffectiveIntPort());
    890   ProcessAlternateProtocol(session_->http_stream_factory(),
    891                            session_->mutable_alternate_protocols(),
    892                            *response_.headers,
    893                            endpoint);
    894 
    895   int rv = HandleAuthChallenge();
    896   if (rv != OK)
    897     return rv;
    898 
    899   if (is_https_request())
    900     stream_->GetSSLInfo(&response_.ssl_info);
    901 
    902   headers_valid_ = true;
    903   return OK;
    904 }
    905 
    906 int HttpNetworkTransaction::DoReadBody() {
    907   DCHECK(read_buf_);
    908   DCHECK_GT(read_buf_len_, 0);
    909   DCHECK(stream_ != NULL);
    910 
    911   next_state_ = STATE_READ_BODY_COMPLETE;
    912   return stream_->ReadResponseBody(read_buf_, read_buf_len_, &io_callback_);
    913 }
    914 
    915 int HttpNetworkTransaction::DoReadBodyComplete(int result) {
    916   // We are done with the Read call.
    917   bool done = false;
    918   if (result <= 0) {
    919     DCHECK_NE(ERR_IO_PENDING, result);
    920     done = true;
    921   }
    922 
    923   bool keep_alive = false;
    924   if (stream_->IsResponseBodyComplete()) {
    925     // Note: Just because IsResponseBodyComplete is true, we're not
    926     // necessarily "done".  We're only "done" when it is the last
    927     // read on this HttpNetworkTransaction, which will be signified
    928     // by a zero-length read.
    929     // TODO(mbelshe): The keepalive property is really a property of
    930     //    the stream.  No need to compute it here just to pass back
    931     //    to the stream's Close function.
    932     if (stream_->CanFindEndOfResponse())
    933       keep_alive = GetResponseHeaders()->IsKeepAlive();
    934   }
    935 
    936   // Clean up connection if we are done.
    937   if (done) {
    938     LogTransactionMetrics();
    939     stream_->Close(!keep_alive);
    940     // Note: we don't reset the stream here.  We've closed it, but we still
    941     // need it around so that callers can call methods such as
    942     // GetUploadProgress() and have them be meaningful.
    943     // TODO(mbelshe): This means we closed the stream here, and we close it
    944     // again in ~HttpNetworkTransaction.  Clean that up.
    945 
    946     // The next Read call will return 0 (EOF).
    947   }
    948 
    949   // Clear these to avoid leaving around old state.
    950   read_buf_ = NULL;
    951   read_buf_len_ = 0;
    952 
    953   return result;
    954 }
    955 
    956 int HttpNetworkTransaction::DoDrainBodyForAuthRestart() {
    957   // This method differs from DoReadBody only in the next_state_.  So we just
    958   // call DoReadBody and override the next_state_.  Perhaps there is a more
    959   // elegant way for these two methods to share code.
    960   int rv = DoReadBody();
    961   DCHECK(next_state_ == STATE_READ_BODY_COMPLETE);
    962   next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE;
    963   return rv;
    964 }
    965 
    966 // TODO(wtc): This method and the DoReadBodyComplete method are almost
    967 // the same.  Figure out a good way for these two methods to share code.
    968 int HttpNetworkTransaction::DoDrainBodyForAuthRestartComplete(int result) {
    969   // keep_alive defaults to true because the very reason we're draining the
    970   // response body is to reuse the connection for auth restart.
    971   bool done = false, keep_alive = true;
    972   if (result < 0) {
    973     // Error or closed connection while reading the socket.
    974     done = true;
    975     keep_alive = false;
    976   } else if (stream_->IsResponseBodyComplete()) {
    977     done = true;
    978   }
    979 
    980   if (done) {
    981     DidDrainBodyForAuthRestart(keep_alive);
    982   } else {
    983     // Keep draining.
    984     next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART;
    985   }
    986 
    987   return OK;
    988 }
    989 
    990 void HttpNetworkTransaction::LogTransactionConnectedMetrics() {
    991   if (logged_response_time_)
    992     return;
    993 
    994   logged_response_time_ = true;
    995 
    996   base::TimeDelta total_duration = response_.response_time - start_time_;
    997 
    998   UMA_HISTOGRAM_CLIPPED_TIMES(
    999       "Net.Transaction_Connected_Under_10",
   1000       total_duration,
   1001       base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10),
   1002       100);
   1003 
   1004   bool reused_socket = stream_->IsConnectionReused();
   1005   if (!reused_socket) {
   1006     UMA_HISTOGRAM_CLIPPED_TIMES(
   1007         "Net.Transaction_Connected_New",
   1008         total_duration,
   1009         base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10),
   1010         100);
   1011 
   1012   static bool use_conn_impact_histogram(
   1013       base::FieldTrialList::Find("ConnCountImpact") &&
   1014       !base::FieldTrialList::Find("ConnCountImpact")->group_name().empty());
   1015   if (use_conn_impact_histogram) {
   1016     UMA_HISTOGRAM_CLIPPED_TIMES(
   1017         base::FieldTrial::MakeName("Net.Transaction_Connected_New",
   1018             "ConnCountImpact"),
   1019         total_duration,
   1020         base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10),
   1021         100);
   1022     }
   1023   }
   1024 
   1025   static bool use_spdy_histogram(base::FieldTrialList::Find("SpdyImpact") &&
   1026       !base::FieldTrialList::Find("SpdyImpact")->group_name().empty());
   1027   if (use_spdy_histogram && response_.was_npn_negotiated) {
   1028     UMA_HISTOGRAM_CLIPPED_TIMES(
   1029       base::FieldTrial::MakeName("Net.Transaction_Connected_Under_10",
   1030                                  "SpdyImpact"),
   1031         total_duration, base::TimeDelta::FromMilliseconds(1),
   1032         base::TimeDelta::FromMinutes(10), 100);
   1033 
   1034     if (!reused_socket) {
   1035       UMA_HISTOGRAM_CLIPPED_TIMES(
   1036           base::FieldTrial::MakeName("Net.Transaction_Connected_New",
   1037                                      "SpdyImpact"),
   1038           total_duration, base::TimeDelta::FromMilliseconds(1),
   1039           base::TimeDelta::FromMinutes(10), 100);
   1040     }
   1041   }
   1042 
   1043   // Currently, non-zero priority requests are frame or sub-frame resource
   1044   // types.  This will change when we also prioritize certain subresources like
   1045   // css, js, etc.
   1046   if (request_->priority) {
   1047     UMA_HISTOGRAM_CLIPPED_TIMES(
   1048         "Net.Priority_High_Latency",
   1049         total_duration,
   1050         base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10),
   1051         100);
   1052   } else {
   1053     UMA_HISTOGRAM_CLIPPED_TIMES(
   1054         "Net.Priority_Low_Latency",
   1055         total_duration,
   1056         base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10),
   1057         100);
   1058   }
   1059 }
   1060 
   1061 void HttpNetworkTransaction::LogTransactionMetrics() const {
   1062   base::TimeDelta duration = base::Time::Now() -
   1063                              response_.request_time;
   1064   if (60 < duration.InMinutes())
   1065     return;
   1066 
   1067   base::TimeDelta total_duration = base::Time::Now() - start_time_;
   1068 
   1069   UMA_HISTOGRAM_LONG_TIMES("Net.Transaction_Latency", duration);
   1070   UMA_HISTOGRAM_CLIPPED_TIMES("Net.Transaction_Latency_Under_10", duration,
   1071                               base::TimeDelta::FromMilliseconds(1),
   1072                               base::TimeDelta::FromMinutes(10),
   1073                               100);
   1074   UMA_HISTOGRAM_CLIPPED_TIMES("Net.Transaction_Latency_Total_Under_10",
   1075                               total_duration,
   1076                               base::TimeDelta::FromMilliseconds(1),
   1077                               base::TimeDelta::FromMinutes(10), 100);
   1078   if (!stream_->IsConnectionReused()) {
   1079     UMA_HISTOGRAM_CLIPPED_TIMES(
   1080         "Net.Transaction_Latency_Total_New_Connection_Under_10",
   1081         total_duration, base::TimeDelta::FromMilliseconds(1),
   1082         base::TimeDelta::FromMinutes(10), 100);
   1083   }
   1084 }
   1085 
   1086 int HttpNetworkTransaction::HandleCertificateRequest(int error) {
   1087   // There are two paths through which the server can request a certificate
   1088   // from us.  The first is during the initial handshake, the second is
   1089   // during SSL renegotiation.
   1090   //
   1091   // In both cases, we want to close the connection before proceeding.
   1092   // We do this for two reasons:
   1093   //   First, we don't want to keep the connection to the server hung for a
   1094   //   long time while the user selects a certificate.
   1095   //   Second, even if we did keep the connection open, NSS has a bug where
   1096   //   restarting the handshake for ClientAuth is currently broken.
   1097   DCHECK_EQ(error, ERR_SSL_CLIENT_AUTH_CERT_NEEDED);
   1098 
   1099   if (stream_.get()) {
   1100     // Since we already have a stream, we're being called as part of SSL
   1101     // renegotiation.
   1102     DCHECK(!stream_request_.get());
   1103     stream_->Close(true);
   1104     stream_.reset();
   1105   }
   1106 
   1107   // The server is asking for a client certificate during the initial
   1108   // handshake.
   1109   stream_request_.reset();
   1110 
   1111   // If the user selected one of the certificates in client_certs or declined
   1112   // to provide one for this server before, use the past decision
   1113   // automatically.
   1114   scoped_refptr<X509Certificate> client_cert;
   1115   bool found_cached_cert = session_->ssl_client_auth_cache()->Lookup(
   1116       response_.cert_request_info->host_and_port, &client_cert);
   1117   if (!found_cached_cert)
   1118     return error;
   1119 
   1120   // Check that the certificate selected is still a certificate the server
   1121   // is likely to accept, based on the criteria supplied in the
   1122   // CertificateRequest message.
   1123   if (client_cert) {
   1124     const std::vector<scoped_refptr<X509Certificate> >& client_certs =
   1125         response_.cert_request_info->client_certs;
   1126     bool cert_still_valid = false;
   1127     for (size_t i = 0; i < client_certs.size(); ++i) {
   1128       if (client_cert->Equals(client_certs[i])) {
   1129         cert_still_valid = true;
   1130         break;
   1131       }
   1132     }
   1133 
   1134     if (!cert_still_valid)
   1135       return error;
   1136   }
   1137 
   1138   // TODO(davidben): Add a unit test which covers this path; we need to be
   1139   // able to send a legitimate certificate and also bypass/clear the
   1140   // SSL session cache.
   1141   ssl_config_.client_cert = client_cert;
   1142   ssl_config_.send_client_cert = true;
   1143   next_state_ = STATE_CREATE_STREAM;
   1144   // Reset the other member variables.
   1145   // Note: this is necessary only with SSL renegotiation.
   1146   ResetStateForRestart();
   1147   return OK;
   1148 }
   1149 
   1150 // TODO(rch): This does not correctly handle errors when an SSL proxy is
   1151 // being used, as all of the errors are handled as if they were generated
   1152 // by the endpoint host, request_->url, rather than considering if they were
   1153 // generated by the SSL proxy. http://crbug.com/69329
   1154 int HttpNetworkTransaction::HandleSSLHandshakeError(int error) {
   1155   DCHECK(request_);
   1156   if (ssl_config_.send_client_cert &&
   1157       (error == ERR_SSL_PROTOCOL_ERROR || IsClientCertificateError(error))) {
   1158     session_->ssl_client_auth_cache()->Remove(
   1159         GetHostAndPort(request_->url));
   1160   }
   1161 
   1162   switch (error) {
   1163     case ERR_SSL_PROTOCOL_ERROR:
   1164     case ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
   1165     case ERR_SSL_DECOMPRESSION_FAILURE_ALERT:
   1166     case ERR_SSL_BAD_RECORD_MAC_ALERT:
   1167       if (ssl_config_.tls1_enabled) {
   1168         // This could be a TLS-intolerant server, an SSL 3.0 server that
   1169         // chose a TLS-only cipher suite or a server with buggy DEFLATE
   1170         // support. Turn off TLS 1.0, DEFLATE support and retry.
   1171         session_->http_stream_factory()->AddTLSIntolerantServer(
   1172             HostPortPair::FromURL(request_->url));
   1173         ResetConnectionAndRequestForResend();
   1174         error = OK;
   1175       }
   1176       break;
   1177   }
   1178   return error;
   1179 }
   1180 
   1181 // This method determines whether it is safe to resend the request after an
   1182 // IO error.  It can only be called in response to request header or body
   1183 // write errors or response header read errors.  It should not be used in
   1184 // other cases, such as a Connect error.
   1185 int HttpNetworkTransaction::HandleIOError(int error) {
   1186   // SSL errors may happen at any time during the stream and indicate issues
   1187   // with the underlying connection. Because the peer may request
   1188   // renegotiation at any time, check and handle any possible SSL handshake
   1189   // related errors. In addition to renegotiation, TLS False/Snap Start may
   1190   // cause SSL handshake errors to be delayed until the first or second Write
   1191   // (Snap Start) or the first Read (False & Snap Start) on the underlying
   1192   // connection.
   1193   error = HandleSSLHandshakeError(error);
   1194 
   1195   switch (error) {
   1196     // If we try to reuse a connection that the server is in the process of
   1197     // closing, we may end up successfully writing out our request (or a
   1198     // portion of our request) only to find a connection error when we try to
   1199     // read from (or finish writing to) the socket.
   1200     case ERR_CONNECTION_RESET:
   1201     case ERR_CONNECTION_CLOSED:
   1202     case ERR_CONNECTION_ABORTED:
   1203       if (ShouldResendRequest(error)) {
   1204         ResetConnectionAndRequestForResend();
   1205         error = OK;
   1206       }
   1207       break;
   1208   }
   1209   return error;
   1210 }
   1211 
   1212 void HttpNetworkTransaction::ResetStateForRestart() {
   1213   ResetStateForAuthRestart();
   1214   stream_.reset();
   1215 }
   1216 
   1217 void HttpNetworkTransaction::ResetStateForAuthRestart() {
   1218   pending_auth_target_ = HttpAuth::AUTH_NONE;
   1219   read_buf_ = NULL;
   1220   read_buf_len_ = 0;
   1221   headers_valid_ = false;
   1222   request_headers_.Clear();
   1223   response_ = HttpResponseInfo();
   1224   establishing_tunnel_ = false;
   1225 }
   1226 
   1227 HttpResponseHeaders* HttpNetworkTransaction::GetResponseHeaders() const {
   1228   return response_.headers;
   1229 }
   1230 
   1231 bool HttpNetworkTransaction::ShouldResendRequest(int error) const {
   1232   bool connection_is_proven = stream_->IsConnectionReused();
   1233   bool has_received_headers = GetResponseHeaders() != NULL;
   1234 
   1235   // NOTE: we resend a request only if we reused a keep-alive connection.
   1236   // This automatically prevents an infinite resend loop because we'll run
   1237   // out of the cached keep-alive connections eventually.
   1238   if (connection_is_proven && !has_received_headers)
   1239     return true;
   1240   return false;
   1241 }
   1242 
   1243 void HttpNetworkTransaction::ResetConnectionAndRequestForResend() {
   1244   if (stream_.get()) {
   1245     stream_->Close(true);
   1246     stream_.reset();
   1247   }
   1248 
   1249   // We need to clear request_headers_ because it contains the real request
   1250   // headers, but we may need to resend the CONNECT request first to recreate
   1251   // the SSL tunnel.
   1252   request_headers_.Clear();
   1253   next_state_ = STATE_CREATE_STREAM;  // Resend the request.
   1254 }
   1255 
   1256 bool HttpNetworkTransaction::ShouldApplyProxyAuth() const {
   1257   return !is_https_request() &&
   1258       (proxy_info_.is_https() || proxy_info_.is_http());
   1259 }
   1260 
   1261 bool HttpNetworkTransaction::ShouldApplyServerAuth() const {
   1262   return !(request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA);
   1263 }
   1264 
   1265 int HttpNetworkTransaction::HandleAuthChallenge() {
   1266   scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders());
   1267   DCHECK(headers);
   1268 
   1269   int status = headers->response_code();
   1270   if (status != 401 && status != 407)
   1271     return OK;
   1272   HttpAuth::Target target = status == 407 ?
   1273                             HttpAuth::AUTH_PROXY : HttpAuth::AUTH_SERVER;
   1274   if (target == HttpAuth::AUTH_PROXY && proxy_info_.is_direct())
   1275     return ERR_UNEXPECTED_PROXY_AUTH;
   1276 
   1277   // This case can trigger when an HTTPS server responds with a 407 status
   1278   // code through a non-authenticating proxy.
   1279   if (!auth_controllers_[target].get())
   1280     return ERR_UNEXPECTED_PROXY_AUTH;
   1281 
   1282   int rv = auth_controllers_[target]->HandleAuthChallenge(
   1283       headers, (request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA) != 0, false,
   1284       net_log_);
   1285   if (auth_controllers_[target]->HaveAuthHandler())
   1286       pending_auth_target_ = target;
   1287 
   1288   scoped_refptr<AuthChallengeInfo> auth_info =
   1289       auth_controllers_[target]->auth_info();
   1290   if (auth_info.get())
   1291       response_.auth_challenge = auth_info;
   1292 
   1293   return rv;
   1294 }
   1295 
   1296 bool HttpNetworkTransaction::HaveAuth(HttpAuth::Target target) const {
   1297   return auth_controllers_[target].get() &&
   1298       auth_controllers_[target]->HaveAuth();
   1299 }
   1300 
   1301 GURL HttpNetworkTransaction::AuthURL(HttpAuth::Target target) const {
   1302   switch (target) {
   1303     case HttpAuth::AUTH_PROXY: {
   1304       if (!proxy_info_.proxy_server().is_valid() ||
   1305           proxy_info_.proxy_server().is_direct()) {
   1306         return GURL();  // There is no proxy server.
   1307       }
   1308       const char* scheme = proxy_info_.is_https() ? "https://" : "http://";
   1309       return GURL(scheme +
   1310                   proxy_info_.proxy_server().host_port_pair().ToString());
   1311     }
   1312     case HttpAuth::AUTH_SERVER:
   1313       return request_->url;
   1314     default:
   1315      return GURL();
   1316   }
   1317 }
   1318 
   1319 #define STATE_CASE(s) \
   1320   case s: \
   1321     description = base::StringPrintf("%s (0x%08X)", #s, s); \
   1322     break
   1323 
   1324 std::string HttpNetworkTransaction::DescribeState(State state) {
   1325   std::string description;
   1326   switch (state) {
   1327     STATE_CASE(STATE_CREATE_STREAM);
   1328     STATE_CASE(STATE_CREATE_STREAM_COMPLETE);
   1329     STATE_CASE(STATE_BUILD_REQUEST);
   1330     STATE_CASE(STATE_BUILD_REQUEST_COMPLETE);
   1331     STATE_CASE(STATE_SEND_REQUEST);
   1332     STATE_CASE(STATE_SEND_REQUEST_COMPLETE);
   1333     STATE_CASE(STATE_READ_HEADERS);
   1334     STATE_CASE(STATE_READ_HEADERS_COMPLETE);
   1335     STATE_CASE(STATE_READ_BODY);
   1336     STATE_CASE(STATE_READ_BODY_COMPLETE);
   1337     STATE_CASE(STATE_DRAIN_BODY_FOR_AUTH_RESTART);
   1338     STATE_CASE(STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE);
   1339     STATE_CASE(STATE_NONE);
   1340     default:
   1341       description = base::StringPrintf("Unknown state 0x%08X (%u)", state,
   1342                                        state);
   1343       break;
   1344   }
   1345   return description;
   1346 }
   1347 
   1348 #undef STATE_CASE
   1349 
   1350 }  // namespace net
   1351