1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 // 5 // TODO(ukai): code is similar with http_network_transaction.cc. We should 6 // think about ways to share code, if possible. 7 8 #include "net/socket_stream/socket_stream.h" 9 10 #include <set> 11 #include <string> 12 #include <vector> 13 14 #include "base/bind.h" 15 #include "base/bind_helpers.h" 16 #include "base/compiler_specific.h" 17 #include "base/logging.h" 18 #include "base/message_loop/message_loop.h" 19 #include "base/strings/string_util.h" 20 #include "base/strings/stringprintf.h" 21 #include "base/strings/utf_string_conversions.h" 22 #include "net/base/auth.h" 23 #include "net/base/io_buffer.h" 24 #include "net/base/net_errors.h" 25 #include "net/base/net_util.h" 26 #include "net/dns/host_resolver.h" 27 #include "net/http/http_auth_controller.h" 28 #include "net/http/http_network_session.h" 29 #include "net/http/http_request_headers.h" 30 #include "net/http/http_request_info.h" 31 #include "net/http/http_response_headers.h" 32 #include "net/http/http_stream_factory.h" 33 #include "net/http/http_transaction_factory.h" 34 #include "net/http/http_util.h" 35 #include "net/socket/client_socket_factory.h" 36 #include "net/socket/socks5_client_socket.h" 37 #include "net/socket/socks_client_socket.h" 38 #include "net/socket/ssl_client_socket.h" 39 #include "net/socket/tcp_client_socket.h" 40 #include "net/socket_stream/socket_stream_metrics.h" 41 #include "net/ssl/ssl_cert_request_info.h" 42 #include "net/ssl/ssl_info.h" 43 #include "net/url_request/url_request.h" 44 #include "net/url_request/url_request_context.h" 45 46 static const int kMaxPendingSendAllowed = 32768; // 32 kilobytes. 47 static const int kReadBufferSize = 4096; 48 49 namespace net { 50 51 int SocketStream::Delegate::OnStartOpenConnection( 52 SocketStream* socket, const CompletionCallback& callback) { 53 return OK; 54 } 55 56 void SocketStream::Delegate::OnAuthRequired(SocketStream* socket, 57 AuthChallengeInfo* auth_info) { 58 // By default, no credential is available and close the connection. 59 socket->Close(); 60 } 61 62 void SocketStream::Delegate::OnSSLCertificateError( 63 SocketStream* socket, 64 const SSLInfo& ssl_info, 65 bool fatal) { 66 socket->CancelWithSSLError(ssl_info); 67 } 68 69 bool SocketStream::Delegate::CanGetCookies(SocketStream* socket, 70 const GURL& url) { 71 return true; 72 } 73 74 bool SocketStream::Delegate::CanSetCookie(SocketStream* request, 75 const GURL& url, 76 const std::string& cookie_line, 77 CookieOptions* options) { 78 return true; 79 } 80 81 SocketStream::ResponseHeaders::ResponseHeaders() : IOBuffer() {} 82 83 void SocketStream::ResponseHeaders::Realloc(size_t new_size) { 84 headers_.reset(static_cast<char*>(realloc(headers_.release(), new_size))); 85 } 86 87 SocketStream::ResponseHeaders::~ResponseHeaders() { data_ = NULL; } 88 89 SocketStream::SocketStream(const GURL& url, Delegate* delegate) 90 : delegate_(delegate), 91 url_(url), 92 max_pending_send_allowed_(kMaxPendingSendAllowed), 93 context_(NULL), 94 next_state_(STATE_NONE), 95 factory_(ClientSocketFactory::GetDefaultFactory()), 96 proxy_mode_(kDirectConnection), 97 proxy_url_(url), 98 pac_request_(NULL), 99 privacy_mode_(kPrivacyModeDisabled), 100 // Unretained() is required; without it, Bind() creates a circular 101 // dependency and the SocketStream object will not be freed. 102 io_callback_(base::Bind(&SocketStream::OnIOCompleted, 103 base::Unretained(this))), 104 read_buf_(NULL), 105 current_write_buf_(NULL), 106 waiting_for_write_completion_(false), 107 closing_(false), 108 server_closed_(false), 109 metrics_(new SocketStreamMetrics(url)) { 110 DCHECK(base::MessageLoop::current()) 111 << "The current base::MessageLoop must exist"; 112 DCHECK_EQ(base::MessageLoop::TYPE_IO, base::MessageLoop::current()->type()) 113 << "The current base::MessageLoop must be TYPE_IO"; 114 DCHECK(delegate_); 115 } 116 117 SocketStream::UserData* SocketStream::GetUserData( 118 const void* key) const { 119 UserDataMap::const_iterator found = user_data_.find(key); 120 if (found != user_data_.end()) 121 return found->second.get(); 122 return NULL; 123 } 124 125 void SocketStream::SetUserData(const void* key, UserData* data) { 126 user_data_[key] = linked_ptr<UserData>(data); 127 } 128 129 bool SocketStream::is_secure() const { 130 return url_.SchemeIs("wss"); 131 } 132 133 void SocketStream::set_context(URLRequestContext* context) { 134 const URLRequestContext* prev_context = context_; 135 136 context_ = context; 137 138 if (prev_context != context) { 139 if (prev_context && pac_request_) { 140 prev_context->proxy_service()->CancelPacRequest(pac_request_); 141 pac_request_ = NULL; 142 } 143 144 net_log_.EndEvent(NetLog::TYPE_REQUEST_ALIVE); 145 net_log_ = BoundNetLog(); 146 147 if (context) { 148 net_log_ = BoundNetLog::Make( 149 context->net_log(), 150 NetLog::SOURCE_SOCKET_STREAM); 151 152 net_log_.BeginEvent(NetLog::TYPE_REQUEST_ALIVE); 153 } 154 } 155 } 156 157 void SocketStream::CheckPrivacyMode() { 158 if (context_ && context_->network_delegate()) { 159 bool enable = context_->network_delegate()->CanEnablePrivacyMode(url_, 160 url_); 161 privacy_mode_ = enable ? kPrivacyModeEnabled : kPrivacyModeDisabled; 162 // Disable Channel ID if privacy mode is enabled. 163 if (enable) 164 server_ssl_config_.channel_id_enabled = false; 165 } 166 } 167 168 void SocketStream::Connect() { 169 DCHECK(base::MessageLoop::current()) 170 << "The current base::MessageLoop must exist"; 171 DCHECK_EQ(base::MessageLoop::TYPE_IO, base::MessageLoop::current()->type()) 172 << "The current base::MessageLoop must be TYPE_IO"; 173 if (context_) { 174 context_->ssl_config_service()->GetSSLConfig(&server_ssl_config_); 175 proxy_ssl_config_ = server_ssl_config_; 176 } 177 CheckPrivacyMode(); 178 179 DCHECK_EQ(next_state_, STATE_NONE); 180 181 AddRef(); // Released in Finish() 182 // Open a connection asynchronously, so that delegate won't be called 183 // back before returning Connect(). 184 next_state_ = STATE_BEFORE_CONNECT; 185 net_log_.BeginEvent( 186 NetLog::TYPE_SOCKET_STREAM_CONNECT, 187 NetLog::StringCallback("url", &url_.possibly_invalid_spec())); 188 base::MessageLoop::current()->PostTask( 189 FROM_HERE, base::Bind(&SocketStream::DoLoop, this, OK)); 190 } 191 192 size_t SocketStream::GetTotalSizeOfPendingWriteBufs() const { 193 size_t total_size = 0; 194 for (PendingDataQueue::const_iterator iter = pending_write_bufs_.begin(); 195 iter != pending_write_bufs_.end(); 196 ++iter) 197 total_size += (*iter)->size(); 198 return total_size; 199 } 200 201 bool SocketStream::SendData(const char* data, int len) { 202 DCHECK(base::MessageLoop::current()) 203 << "The current base::MessageLoop must exist"; 204 DCHECK_EQ(base::MessageLoop::TYPE_IO, base::MessageLoop::current()->type()) 205 << "The current base::MessageLoop must be TYPE_IO"; 206 DCHECK_GT(len, 0); 207 208 if (!socket_.get() || !socket_->IsConnected() || next_state_ == STATE_NONE) 209 return false; 210 211 int total_buffered_bytes = len; 212 if (current_write_buf_.get()) { 213 // Since 214 // - the purpose of this check is to limit the amount of buffer used by 215 // this instance. 216 // - the DrainableIOBuffer doesn't release consumed memory. 217 // we need to use not BytesRemaining() but size() here. 218 total_buffered_bytes += current_write_buf_->size(); 219 } 220 total_buffered_bytes += GetTotalSizeOfPendingWriteBufs(); 221 if (total_buffered_bytes > max_pending_send_allowed_) 222 return false; 223 224 // TODO(tyoshino): Split data into smaller chunks e.g. 8KiB to free consumed 225 // buffer progressively 226 pending_write_bufs_.push_back(make_scoped_refptr( 227 new IOBufferWithSize(len))); 228 memcpy(pending_write_bufs_.back()->data(), data, len); 229 230 // If current_write_buf_ is not NULL, it means that a) there's ongoing write 231 // operation or b) the connection is being closed. If a), the buffer we just 232 // pushed will be automatically handled when the completion callback runs 233 // the loop, and therefore we don't need to enqueue DoLoop(). If b), it's ok 234 // to do nothing. If current_write_buf_ is NULL, to make sure DoLoop() is 235 // ran soon, enequeue it. 236 if (!current_write_buf_.get()) { 237 // Send pending data asynchronously, so that delegate won't be called 238 // back before returning from SendData(). 239 base::MessageLoop::current()->PostTask( 240 FROM_HERE, base::Bind(&SocketStream::DoLoop, this, OK)); 241 } 242 243 return true; 244 } 245 246 void SocketStream::Close() { 247 DCHECK(base::MessageLoop::current()) 248 << "The current base::MessageLoop must exist"; 249 DCHECK_EQ(base::MessageLoop::TYPE_IO, base::MessageLoop::current()->type()) 250 << "The current base::MessageLoop must be TYPE_IO"; 251 // If next_state_ is STATE_NONE, the socket was not opened, or already 252 // closed. So, return immediately. 253 // Otherwise, it might call Finish() more than once, so breaks balance 254 // of AddRef() and Release() in Connect() and Finish(), respectively. 255 if (next_state_ == STATE_NONE) 256 return; 257 base::MessageLoop::current()->PostTask( 258 FROM_HERE, base::Bind(&SocketStream::DoClose, this)); 259 } 260 261 void SocketStream::RestartWithAuth(const AuthCredentials& credentials) { 262 DCHECK(base::MessageLoop::current()) 263 << "The current base::MessageLoop must exist"; 264 DCHECK_EQ(base::MessageLoop::TYPE_IO, base::MessageLoop::current()->type()) 265 << "The current base::MessageLoop must be TYPE_IO"; 266 DCHECK(proxy_auth_controller_.get()); 267 if (!socket_.get()) { 268 DVLOG(1) << "Socket is closed before restarting with auth."; 269 return; 270 } 271 272 proxy_auth_controller_->ResetAuth(credentials); 273 274 base::MessageLoop::current()->PostTask( 275 FROM_HERE, base::Bind(&SocketStream::DoRestartWithAuth, this)); 276 } 277 278 void SocketStream::DetachDelegate() { 279 if (!delegate_) 280 return; 281 delegate_ = NULL; 282 // Prevent the rest of the function from executing if we are being called from 283 // within Finish(). 284 if (next_state_ == STATE_NONE) 285 return; 286 net_log_.AddEvent(NetLog::TYPE_CANCELLED); 287 // We don't need to send pending data when client detach the delegate. 288 pending_write_bufs_.clear(); 289 Close(); 290 } 291 292 const ProxyServer& SocketStream::proxy_server() const { 293 return proxy_info_.proxy_server(); 294 } 295 296 void SocketStream::SetClientSocketFactory( 297 ClientSocketFactory* factory) { 298 DCHECK(factory); 299 factory_ = factory; 300 } 301 302 void SocketStream::CancelWithError(int error) { 303 base::MessageLoop::current()->PostTask( 304 FROM_HERE, base::Bind(&SocketStream::DoLoop, this, error)); 305 } 306 307 void SocketStream::CancelWithSSLError(const SSLInfo& ssl_info) { 308 CancelWithError(MapCertStatusToNetError(ssl_info.cert_status)); 309 } 310 311 void SocketStream::ContinueDespiteError() { 312 base::MessageLoop::current()->PostTask( 313 FROM_HERE, base::Bind(&SocketStream::DoLoop, this, OK)); 314 } 315 316 SocketStream::~SocketStream() { 317 set_context(NULL); 318 DCHECK(!delegate_); 319 DCHECK(!pac_request_); 320 } 321 322 SocketStream::RequestHeaders::~RequestHeaders() { data_ = NULL; } 323 324 void SocketStream::set_addresses(const AddressList& addresses) { 325 addresses_ = addresses; 326 } 327 328 void SocketStream::DoClose() { 329 closing_ = true; 330 // If next_state_ is STATE_TCP_CONNECT, it's waiting other socket 331 // establishing connection. If next_state_ is STATE_AUTH_REQUIRED, it's 332 // waiting for restarting. In these states, we'll close the SocketStream 333 // now. 334 if (next_state_ == STATE_TCP_CONNECT || next_state_ == STATE_AUTH_REQUIRED) { 335 DoLoop(ERR_ABORTED); 336 return; 337 } 338 // If next_state_ is STATE_READ_WRITE, we'll run DoLoop and close 339 // the SocketStream. 340 // If it's writing now, we should defer the closing after the current 341 // writing is completed. 342 if (next_state_ == STATE_READ_WRITE && !current_write_buf_.get()) 343 DoLoop(ERR_ABORTED); 344 345 // In other next_state_, we'll wait for callback of other APIs, such as 346 // ResolveProxy(). 347 } 348 349 void SocketStream::Finish(int result) { 350 DCHECK(base::MessageLoop::current()) 351 << "The current base::MessageLoop must exist"; 352 DCHECK_EQ(base::MessageLoop::TYPE_IO, base::MessageLoop::current()->type()) 353 << "The current base::MessageLoop must be TYPE_IO"; 354 DCHECK_LE(result, OK); 355 if (result == OK) 356 result = ERR_CONNECTION_CLOSED; 357 DCHECK_EQ(next_state_, STATE_NONE); 358 DVLOG(1) << "Finish result=" << ErrorToString(result); 359 360 metrics_->OnClose(); 361 362 if (result != ERR_CONNECTION_CLOSED && delegate_) 363 delegate_->OnError(this, result); 364 if (result != ERR_PROTOCOL_SWITCHED && delegate_) 365 delegate_->OnClose(this); 366 delegate_ = NULL; 367 368 Release(); 369 } 370 371 int SocketStream::DidEstablishConnection() { 372 if (!socket_.get() || !socket_->IsConnected()) { 373 next_state_ = STATE_CLOSE; 374 return ERR_CONNECTION_FAILED; 375 } 376 next_state_ = STATE_READ_WRITE; 377 metrics_->OnConnected(); 378 379 net_log_.EndEvent(NetLog::TYPE_SOCKET_STREAM_CONNECT); 380 if (delegate_) 381 delegate_->OnConnected(this, max_pending_send_allowed_); 382 383 return OK; 384 } 385 386 int SocketStream::DidReceiveData(int result) { 387 DCHECK(read_buf_.get()); 388 DCHECK_GT(result, 0); 389 net_log_.AddEvent(NetLog::TYPE_SOCKET_STREAM_RECEIVED); 390 int len = result; 391 metrics_->OnRead(len); 392 if (delegate_) { 393 // Notify recevied data to delegate. 394 delegate_->OnReceivedData(this, read_buf_->data(), len); 395 } 396 read_buf_ = NULL; 397 return OK; 398 } 399 400 void SocketStream::DidSendData(int result) { 401 DCHECK_GT(result, 0); 402 DCHECK(current_write_buf_.get()); 403 net_log_.AddEvent(NetLog::TYPE_SOCKET_STREAM_SENT); 404 405 int bytes_sent = result; 406 407 metrics_->OnWrite(bytes_sent); 408 409 current_write_buf_->DidConsume(result); 410 411 if (current_write_buf_->BytesRemaining()) 412 return; 413 414 size_t bytes_freed = current_write_buf_->size(); 415 416 current_write_buf_ = NULL; 417 418 // We freed current_write_buf_ and this instance is now able to accept more 419 // data via SendData() (note that DidConsume() doesn't free consumed memory). 420 // We can tell that to delegate_ by calling OnSentData(). 421 if (delegate_) 422 delegate_->OnSentData(this, bytes_freed); 423 } 424 425 void SocketStream::OnIOCompleted(int result) { 426 DoLoop(result); 427 } 428 429 void SocketStream::OnReadCompleted(int result) { 430 if (result == 0) { 431 // 0 indicates end-of-file, so socket was closed. 432 // Don't close the socket if it's still writing. 433 server_closed_ = true; 434 } else if (result > 0 && read_buf_.get()) { 435 result = DidReceiveData(result); 436 } 437 DoLoop(result); 438 } 439 440 void SocketStream::OnWriteCompleted(int result) { 441 waiting_for_write_completion_ = false; 442 if (result > 0) { 443 DidSendData(result); 444 result = OK; 445 } 446 DoLoop(result); 447 } 448 449 void SocketStream::DoLoop(int result) { 450 // If context was not set, close immediately. 451 if (!context_) 452 next_state_ = STATE_CLOSE; 453 454 if (next_state_ == STATE_NONE) 455 return; 456 457 do { 458 State state = next_state_; 459 next_state_ = STATE_NONE; 460 switch (state) { 461 case STATE_BEFORE_CONNECT: 462 DCHECK_EQ(OK, result); 463 result = DoBeforeConnect(); 464 break; 465 case STATE_BEFORE_CONNECT_COMPLETE: 466 result = DoBeforeConnectComplete(result); 467 break; 468 case STATE_RESOLVE_PROXY: 469 DCHECK_EQ(OK, result); 470 result = DoResolveProxy(); 471 break; 472 case STATE_RESOLVE_PROXY_COMPLETE: 473 result = DoResolveProxyComplete(result); 474 break; 475 case STATE_RESOLVE_HOST: 476 DCHECK_EQ(OK, result); 477 result = DoResolveHost(); 478 break; 479 case STATE_RESOLVE_HOST_COMPLETE: 480 result = DoResolveHostComplete(result); 481 break; 482 case STATE_RESOLVE_PROTOCOL: 483 result = DoResolveProtocol(result); 484 break; 485 case STATE_RESOLVE_PROTOCOL_COMPLETE: 486 result = DoResolveProtocolComplete(result); 487 break; 488 case STATE_TCP_CONNECT: 489 result = DoTcpConnect(result); 490 break; 491 case STATE_TCP_CONNECT_COMPLETE: 492 result = DoTcpConnectComplete(result); 493 break; 494 case STATE_GENERATE_PROXY_AUTH_TOKEN: 495 result = DoGenerateProxyAuthToken(); 496 break; 497 case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE: 498 result = DoGenerateProxyAuthTokenComplete(result); 499 break; 500 case STATE_WRITE_TUNNEL_HEADERS: 501 DCHECK_EQ(OK, result); 502 result = DoWriteTunnelHeaders(); 503 break; 504 case STATE_WRITE_TUNNEL_HEADERS_COMPLETE: 505 result = DoWriteTunnelHeadersComplete(result); 506 break; 507 case STATE_READ_TUNNEL_HEADERS: 508 DCHECK_EQ(OK, result); 509 result = DoReadTunnelHeaders(); 510 break; 511 case STATE_READ_TUNNEL_HEADERS_COMPLETE: 512 result = DoReadTunnelHeadersComplete(result); 513 break; 514 case STATE_SOCKS_CONNECT: 515 DCHECK_EQ(OK, result); 516 result = DoSOCKSConnect(); 517 break; 518 case STATE_SOCKS_CONNECT_COMPLETE: 519 result = DoSOCKSConnectComplete(result); 520 break; 521 case STATE_SECURE_PROXY_CONNECT: 522 DCHECK_EQ(OK, result); 523 result = DoSecureProxyConnect(); 524 break; 525 case STATE_SECURE_PROXY_CONNECT_COMPLETE: 526 result = DoSecureProxyConnectComplete(result); 527 break; 528 case STATE_SECURE_PROXY_HANDLE_CERT_ERROR: 529 result = DoSecureProxyHandleCertError(result); 530 break; 531 case STATE_SECURE_PROXY_HANDLE_CERT_ERROR_COMPLETE: 532 result = DoSecureProxyHandleCertErrorComplete(result); 533 break; 534 case STATE_SSL_CONNECT: 535 DCHECK_EQ(OK, result); 536 result = DoSSLConnect(); 537 break; 538 case STATE_SSL_CONNECT_COMPLETE: 539 result = DoSSLConnectComplete(result); 540 break; 541 case STATE_SSL_HANDLE_CERT_ERROR: 542 result = DoSSLHandleCertError(result); 543 break; 544 case STATE_SSL_HANDLE_CERT_ERROR_COMPLETE: 545 result = DoSSLHandleCertErrorComplete(result); 546 break; 547 case STATE_READ_WRITE: 548 result = DoReadWrite(result); 549 break; 550 case STATE_AUTH_REQUIRED: 551 // It might be called when DoClose is called while waiting in 552 // STATE_AUTH_REQUIRED. 553 Finish(result); 554 return; 555 case STATE_CLOSE: 556 DCHECK_LE(result, OK); 557 Finish(result); 558 return; 559 default: 560 NOTREACHED() << "bad state " << state; 561 Finish(result); 562 return; 563 } 564 if (state == STATE_RESOLVE_PROTOCOL && result == ERR_PROTOCOL_SWITCHED) 565 continue; 566 // If the connection is not established yet and had actual errors, 567 // record the error. In next iteration, it will close the connection. 568 if (state != STATE_READ_WRITE && result < ERR_IO_PENDING) { 569 net_log_.EndEventWithNetErrorCode( 570 NetLog::TYPE_SOCKET_STREAM_CONNECT, result); 571 } 572 } while (result != ERR_IO_PENDING); 573 } 574 575 int SocketStream::DoBeforeConnect() { 576 next_state_ = STATE_BEFORE_CONNECT_COMPLETE; 577 if (!context_ || !context_->network_delegate()) 578 return OK; 579 580 int result = context_->network_delegate()->NotifyBeforeSocketStreamConnect( 581 this, io_callback_); 582 if (result != OK && result != ERR_IO_PENDING) 583 next_state_ = STATE_CLOSE; 584 585 return result; 586 } 587 588 int SocketStream::DoBeforeConnectComplete(int result) { 589 DCHECK_NE(ERR_IO_PENDING, result); 590 591 if (result == OK) 592 next_state_ = STATE_RESOLVE_PROXY; 593 else 594 next_state_ = STATE_CLOSE; 595 596 return result; 597 } 598 599 int SocketStream::DoResolveProxy() { 600 DCHECK(context_); 601 DCHECK(!pac_request_); 602 next_state_ = STATE_RESOLVE_PROXY_COMPLETE; 603 604 if (!proxy_url_.is_valid()) { 605 next_state_ = STATE_CLOSE; 606 return ERR_INVALID_ARGUMENT; 607 } 608 609 // TODO(toyoshim): Check server advertisement of SPDY through the HTTP 610 // Alternate-Protocol header, then switch to SPDY if SPDY is available. 611 // Usually we already have a session to the SPDY server because JavaScript 612 // running WebSocket itself would be served by SPDY. But, in some situation 613 // (E.g. Used by Chrome Extensions or used for cross origin connection), this 614 // connection might be the first one. At that time, we should check 615 // Alternate-Protocol header here for ws:// or TLS NPN extension for wss:// . 616 617 return context_->proxy_service()->ResolveProxy( 618 proxy_url_, &proxy_info_, io_callback_, &pac_request_, net_log_); 619 } 620 621 int SocketStream::DoResolveProxyComplete(int result) { 622 pac_request_ = NULL; 623 if (result != OK) { 624 DVLOG(1) << "Failed to resolve proxy: " << result; 625 if (delegate_) 626 delegate_->OnError(this, result); 627 proxy_info_.UseDirect(); 628 } 629 if (proxy_info_.is_direct()) { 630 // If proxy was not found for original URL (i.e. websocket URL), 631 // try again with https URL, like Safari implementation. 632 // Note that we don't want to use http proxy, because we'll use tunnel 633 // proxy using CONNECT method, which is used by https proxy. 634 if (!proxy_url_.SchemeIs("https")) { 635 const std::string scheme = "https"; 636 GURL::Replacements repl; 637 repl.SetSchemeStr(scheme); 638 proxy_url_ = url_.ReplaceComponents(repl); 639 DVLOG(1) << "Try https proxy: " << proxy_url_; 640 next_state_ = STATE_RESOLVE_PROXY; 641 return OK; 642 } 643 } 644 645 if (proxy_info_.is_empty()) { 646 // No proxies/direct to choose from. This happens when we don't support any 647 // of the proxies in the returned list. 648 return ERR_NO_SUPPORTED_PROXIES; 649 } 650 651 next_state_ = STATE_RESOLVE_HOST; 652 return OK; 653 } 654 655 int SocketStream::DoResolveHost() { 656 next_state_ = STATE_RESOLVE_HOST_COMPLETE; 657 658 DCHECK(!proxy_info_.is_empty()); 659 if (proxy_info_.is_direct()) 660 proxy_mode_ = kDirectConnection; 661 else if (proxy_info_.proxy_server().is_socks()) 662 proxy_mode_ = kSOCKSProxy; 663 else 664 proxy_mode_ = kTunnelProxy; 665 666 // Determine the host and port to connect to. 667 HostPortPair host_port_pair; 668 if (proxy_mode_ != kDirectConnection) { 669 host_port_pair = proxy_info_.proxy_server().host_port_pair(); 670 } else { 671 host_port_pair = HostPortPair::FromURL(url_); 672 } 673 674 HostResolver::RequestInfo resolve_info(host_port_pair); 675 676 DCHECK(context_->host_resolver()); 677 resolver_.reset(new SingleRequestHostResolver(context_->host_resolver())); 678 return resolver_->Resolve( 679 resolve_info, &addresses_, base::Bind(&SocketStream::OnIOCompleted, this), 680 net_log_); 681 } 682 683 int SocketStream::DoResolveHostComplete(int result) { 684 if (result == OK) 685 next_state_ = STATE_RESOLVE_PROTOCOL; 686 else 687 next_state_ = STATE_CLOSE; 688 // TODO(ukai): if error occured, reconsider proxy after error. 689 return result; 690 } 691 692 int SocketStream::DoResolveProtocol(int result) { 693 DCHECK_EQ(OK, result); 694 695 if (!delegate_) { 696 next_state_ = STATE_CLOSE; 697 return result; 698 } 699 700 next_state_ = STATE_RESOLVE_PROTOCOL_COMPLETE; 701 result = delegate_->OnStartOpenConnection(this, io_callback_); 702 if (result == ERR_IO_PENDING) 703 metrics_->OnWaitConnection(); 704 else if (result != OK && result != ERR_PROTOCOL_SWITCHED) 705 next_state_ = STATE_CLOSE; 706 return result; 707 } 708 709 int SocketStream::DoResolveProtocolComplete(int result) { 710 DCHECK_NE(ERR_IO_PENDING, result); 711 712 if (result == ERR_PROTOCOL_SWITCHED) { 713 next_state_ = STATE_CLOSE; 714 metrics_->OnCountWireProtocolType( 715 SocketStreamMetrics::WIRE_PROTOCOL_SPDY); 716 } else if (result == OK) { 717 next_state_ = STATE_TCP_CONNECT; 718 metrics_->OnCountWireProtocolType( 719 SocketStreamMetrics::WIRE_PROTOCOL_WEBSOCKET); 720 } else { 721 next_state_ = STATE_CLOSE; 722 } 723 return result; 724 } 725 726 int SocketStream::DoTcpConnect(int result) { 727 if (result != OK) { 728 next_state_ = STATE_CLOSE; 729 return result; 730 } 731 next_state_ = STATE_TCP_CONNECT_COMPLETE; 732 DCHECK(factory_); 733 socket_.reset(factory_->CreateTransportClientSocket(addresses_, 734 net_log_.net_log(), 735 net_log_.source())); 736 metrics_->OnStartConnection(); 737 return socket_->Connect(io_callback_); 738 } 739 740 int SocketStream::DoTcpConnectComplete(int result) { 741 // TODO(ukai): if error occured, reconsider proxy after error. 742 if (result != OK) { 743 next_state_ = STATE_CLOSE; 744 return result; 745 } 746 747 if (proxy_mode_ == kTunnelProxy) { 748 if (proxy_info_.is_https()) 749 next_state_ = STATE_SECURE_PROXY_CONNECT; 750 else 751 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN; 752 } else if (proxy_mode_ == kSOCKSProxy) { 753 next_state_ = STATE_SOCKS_CONNECT; 754 } else if (is_secure()) { 755 next_state_ = STATE_SSL_CONNECT; 756 } else { 757 result = DidEstablishConnection(); 758 } 759 return result; 760 } 761 762 int SocketStream::DoGenerateProxyAuthToken() { 763 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE; 764 if (!proxy_auth_controller_.get()) { 765 DCHECK(context_); 766 DCHECK(context_->http_transaction_factory()); 767 DCHECK(context_->http_transaction_factory()->GetSession()); 768 HttpNetworkSession* session = 769 context_->http_transaction_factory()->GetSession(); 770 const char* scheme = proxy_info_.is_https() ? "https://" : "http://"; 771 GURL auth_url(scheme + 772 proxy_info_.proxy_server().host_port_pair().ToString()); 773 proxy_auth_controller_ = 774 new HttpAuthController(HttpAuth::AUTH_PROXY, 775 auth_url, 776 session->http_auth_cache(), 777 session->http_auth_handler_factory()); 778 } 779 HttpRequestInfo request_info; 780 request_info.url = url_; 781 request_info.method = "CONNECT"; 782 return proxy_auth_controller_->MaybeGenerateAuthToken( 783 &request_info, io_callback_, net_log_); 784 } 785 786 int SocketStream::DoGenerateProxyAuthTokenComplete(int result) { 787 if (result != OK) { 788 next_state_ = STATE_CLOSE; 789 return result; 790 } 791 792 next_state_ = STATE_WRITE_TUNNEL_HEADERS; 793 return result; 794 } 795 796 int SocketStream::DoWriteTunnelHeaders() { 797 DCHECK_EQ(kTunnelProxy, proxy_mode_); 798 799 next_state_ = STATE_WRITE_TUNNEL_HEADERS_COMPLETE; 800 801 if (!tunnel_request_headers_.get()) { 802 metrics_->OnCountConnectionType(SocketStreamMetrics::TUNNEL_CONNECTION); 803 tunnel_request_headers_ = new RequestHeaders(); 804 tunnel_request_headers_bytes_sent_ = 0; 805 } 806 if (tunnel_request_headers_->headers_.empty()) { 807 HttpRequestHeaders request_headers; 808 request_headers.SetHeader("Host", GetHostAndOptionalPort(url_)); 809 request_headers.SetHeader("Proxy-Connection", "keep-alive"); 810 if (proxy_auth_controller_.get() && proxy_auth_controller_->HaveAuth()) 811 proxy_auth_controller_->AddAuthorizationHeader(&request_headers); 812 tunnel_request_headers_->headers_ = base::StringPrintf( 813 "CONNECT %s HTTP/1.1\r\n" 814 "%s", 815 GetHostAndPort(url_).c_str(), 816 request_headers.ToString().c_str()); 817 } 818 tunnel_request_headers_->SetDataOffset(tunnel_request_headers_bytes_sent_); 819 int buf_len = static_cast<int>(tunnel_request_headers_->headers_.size() - 820 tunnel_request_headers_bytes_sent_); 821 DCHECK_GT(buf_len, 0); 822 return socket_->Write(tunnel_request_headers_.get(), buf_len, io_callback_); 823 } 824 825 int SocketStream::DoWriteTunnelHeadersComplete(int result) { 826 DCHECK_EQ(kTunnelProxy, proxy_mode_); 827 828 if (result < 0) { 829 next_state_ = STATE_CLOSE; 830 return result; 831 } 832 833 tunnel_request_headers_bytes_sent_ += result; 834 if (tunnel_request_headers_bytes_sent_ < 835 tunnel_request_headers_->headers_.size()) { 836 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN; 837 } else { 838 // Handling a cert error or a client cert request requires reconnection. 839 // DoWriteTunnelHeaders() will be called again. 840 // Thus |tunnel_request_headers_bytes_sent_| should be reset to 0 for 841 // sending |tunnel_request_headers_| correctly. 842 tunnel_request_headers_bytes_sent_ = 0; 843 next_state_ = STATE_READ_TUNNEL_HEADERS; 844 } 845 return OK; 846 } 847 848 int SocketStream::DoReadTunnelHeaders() { 849 DCHECK_EQ(kTunnelProxy, proxy_mode_); 850 851 next_state_ = STATE_READ_TUNNEL_HEADERS_COMPLETE; 852 853 if (!tunnel_response_headers_.get()) { 854 tunnel_response_headers_ = new ResponseHeaders(); 855 tunnel_response_headers_capacity_ = kMaxTunnelResponseHeadersSize; 856 tunnel_response_headers_->Realloc(tunnel_response_headers_capacity_); 857 tunnel_response_headers_len_ = 0; 858 } 859 860 int buf_len = tunnel_response_headers_capacity_ - 861 tunnel_response_headers_len_; 862 tunnel_response_headers_->SetDataOffset(tunnel_response_headers_len_); 863 CHECK(tunnel_response_headers_->data()); 864 865 return socket_->Read(tunnel_response_headers_.get(), buf_len, io_callback_); 866 } 867 868 int SocketStream::DoReadTunnelHeadersComplete(int result) { 869 DCHECK_EQ(kTunnelProxy, proxy_mode_); 870 871 if (result < 0) { 872 next_state_ = STATE_CLOSE; 873 return result; 874 } 875 876 if (result == 0) { 877 // 0 indicates end-of-file, so socket was closed. 878 next_state_ = STATE_CLOSE; 879 return ERR_CONNECTION_CLOSED; 880 } 881 882 tunnel_response_headers_len_ += result; 883 DCHECK(tunnel_response_headers_len_ <= tunnel_response_headers_capacity_); 884 885 int eoh = HttpUtil::LocateEndOfHeaders( 886 tunnel_response_headers_->headers(), tunnel_response_headers_len_, 0); 887 if (eoh == -1) { 888 if (tunnel_response_headers_len_ >= kMaxTunnelResponseHeadersSize) { 889 next_state_ = STATE_CLOSE; 890 return ERR_RESPONSE_HEADERS_TOO_BIG; 891 } 892 893 next_state_ = STATE_READ_TUNNEL_HEADERS; 894 return OK; 895 } 896 // DidReadResponseHeaders 897 scoped_refptr<HttpResponseHeaders> headers; 898 headers = new HttpResponseHeaders( 899 HttpUtil::AssembleRawHeaders(tunnel_response_headers_->headers(), eoh)); 900 if (headers->GetParsedHttpVersion() < HttpVersion(1, 0)) { 901 // Require the "HTTP/1.x" status line. 902 next_state_ = STATE_CLOSE; 903 return ERR_TUNNEL_CONNECTION_FAILED; 904 } 905 switch (headers->response_code()) { 906 case 200: // OK 907 if (is_secure()) { 908 DCHECK_EQ(eoh, tunnel_response_headers_len_); 909 next_state_ = STATE_SSL_CONNECT; 910 } else { 911 result = DidEstablishConnection(); 912 if (result < 0) { 913 next_state_ = STATE_CLOSE; 914 return result; 915 } 916 if ((eoh < tunnel_response_headers_len_) && delegate_) 917 delegate_->OnReceivedData( 918 this, tunnel_response_headers_->headers() + eoh, 919 tunnel_response_headers_len_ - eoh); 920 } 921 return OK; 922 case 407: // Proxy Authentication Required. 923 if (proxy_mode_ != kTunnelProxy) 924 return ERR_UNEXPECTED_PROXY_AUTH; 925 926 result = proxy_auth_controller_->HandleAuthChallenge( 927 headers, false, true, net_log_); 928 if (result != OK) 929 return result; 930 DCHECK(!proxy_info_.is_empty()); 931 next_state_ = STATE_AUTH_REQUIRED; 932 if (proxy_auth_controller_->HaveAuth()) { 933 base::MessageLoop::current()->PostTask( 934 FROM_HERE, base::Bind(&SocketStream::DoRestartWithAuth, this)); 935 return ERR_IO_PENDING; 936 } 937 if (delegate_) { 938 // Wait until RestartWithAuth or Close is called. 939 base::MessageLoop::current()->PostTask( 940 FROM_HERE, base::Bind(&SocketStream::DoAuthRequired, this)); 941 return ERR_IO_PENDING; 942 } 943 break; 944 default: 945 break; 946 } 947 next_state_ = STATE_CLOSE; 948 return ERR_TUNNEL_CONNECTION_FAILED; 949 } 950 951 int SocketStream::DoSOCKSConnect() { 952 DCHECK_EQ(kSOCKSProxy, proxy_mode_); 953 954 next_state_ = STATE_SOCKS_CONNECT_COMPLETE; 955 956 StreamSocket* s = socket_.release(); 957 HostResolver::RequestInfo req_info(HostPortPair::FromURL(url_)); 958 959 DCHECK(!proxy_info_.is_empty()); 960 if (proxy_info_.proxy_server().scheme() == ProxyServer::SCHEME_SOCKS5) 961 s = new SOCKS5ClientSocket(s, req_info); 962 else 963 s = new SOCKSClientSocket(s, req_info, context_->host_resolver()); 964 socket_.reset(s); 965 metrics_->OnCountConnectionType(SocketStreamMetrics::SOCKS_CONNECTION); 966 return socket_->Connect(io_callback_); 967 } 968 969 int SocketStream::DoSOCKSConnectComplete(int result) { 970 DCHECK_EQ(kSOCKSProxy, proxy_mode_); 971 972 if (result == OK) { 973 if (is_secure()) 974 next_state_ = STATE_SSL_CONNECT; 975 else 976 result = DidEstablishConnection(); 977 } else { 978 next_state_ = STATE_CLOSE; 979 } 980 return result; 981 } 982 983 int SocketStream::DoSecureProxyConnect() { 984 DCHECK(factory_); 985 SSLClientSocketContext ssl_context; 986 ssl_context.cert_verifier = context_->cert_verifier(); 987 ssl_context.transport_security_state = context_->transport_security_state(); 988 ssl_context.server_bound_cert_service = context_->server_bound_cert_service(); 989 socket_.reset(factory_->CreateSSLClientSocket( 990 socket_.release(), 991 proxy_info_.proxy_server().host_port_pair(), 992 proxy_ssl_config_, 993 ssl_context)); 994 next_state_ = STATE_SECURE_PROXY_CONNECT_COMPLETE; 995 metrics_->OnCountConnectionType(SocketStreamMetrics::SECURE_PROXY_CONNECTION); 996 return socket_->Connect(io_callback_); 997 } 998 999 int SocketStream::DoSecureProxyConnectComplete(int result) { 1000 DCHECK_EQ(STATE_NONE, next_state_); 1001 // Reconnect with client authentication. 1002 if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) 1003 return HandleCertificateRequest(result, &proxy_ssl_config_); 1004 1005 if (IsCertificateError(result)) 1006 next_state_ = STATE_SECURE_PROXY_HANDLE_CERT_ERROR; 1007 else if (result == OK) 1008 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN; 1009 else 1010 next_state_ = STATE_CLOSE; 1011 return result; 1012 } 1013 1014 int SocketStream::DoSecureProxyHandleCertError(int result) { 1015 DCHECK_EQ(STATE_NONE, next_state_); 1016 DCHECK(IsCertificateError(result)); 1017 result = HandleCertificateError(result); 1018 if (result == ERR_IO_PENDING) 1019 next_state_ = STATE_SECURE_PROXY_HANDLE_CERT_ERROR_COMPLETE; 1020 else 1021 next_state_ = STATE_CLOSE; 1022 return result; 1023 } 1024 1025 int SocketStream::DoSecureProxyHandleCertErrorComplete(int result) { 1026 DCHECK_EQ(STATE_NONE, next_state_); 1027 if (result == OK) { 1028 if (!socket_->IsConnectedAndIdle()) 1029 return AllowCertErrorForReconnection(&proxy_ssl_config_); 1030 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN; 1031 } else { 1032 next_state_ = STATE_CLOSE; 1033 } 1034 return result; 1035 } 1036 1037 int SocketStream::DoSSLConnect() { 1038 DCHECK(factory_); 1039 SSLClientSocketContext ssl_context; 1040 ssl_context.cert_verifier = context_->cert_verifier(); 1041 ssl_context.transport_security_state = context_->transport_security_state(); 1042 ssl_context.server_bound_cert_service = context_->server_bound_cert_service(); 1043 socket_.reset(factory_->CreateSSLClientSocket(socket_.release(), 1044 HostPortPair::FromURL(url_), 1045 server_ssl_config_, 1046 ssl_context)); 1047 next_state_ = STATE_SSL_CONNECT_COMPLETE; 1048 metrics_->OnCountConnectionType(SocketStreamMetrics::SSL_CONNECTION); 1049 return socket_->Connect(io_callback_); 1050 } 1051 1052 int SocketStream::DoSSLConnectComplete(int result) { 1053 DCHECK_EQ(STATE_NONE, next_state_); 1054 // Reconnect with client authentication. 1055 if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) 1056 return HandleCertificateRequest(result, &server_ssl_config_); 1057 1058 if (IsCertificateError(result)) 1059 next_state_ = STATE_SSL_HANDLE_CERT_ERROR; 1060 else if (result == OK) 1061 result = DidEstablishConnection(); 1062 else 1063 next_state_ = STATE_CLOSE; 1064 return result; 1065 } 1066 1067 int SocketStream::DoSSLHandleCertError(int result) { 1068 DCHECK_EQ(STATE_NONE, next_state_); 1069 DCHECK(IsCertificateError(result)); 1070 result = HandleCertificateError(result); 1071 if (result == OK || result == ERR_IO_PENDING) 1072 next_state_ = STATE_SSL_HANDLE_CERT_ERROR_COMPLETE; 1073 else 1074 next_state_ = STATE_CLOSE; 1075 return result; 1076 } 1077 1078 int SocketStream::DoSSLHandleCertErrorComplete(int result) { 1079 DCHECK_EQ(STATE_NONE, next_state_); 1080 // TODO(toyoshim): Upgrade to SPDY through TLS NPN extension if possible. 1081 // If we use HTTPS and this is the first connection to the SPDY server, 1082 // we should take care of TLS NPN extension here. 1083 1084 if (result == OK) { 1085 if (!socket_->IsConnectedAndIdle()) 1086 return AllowCertErrorForReconnection(&server_ssl_config_); 1087 result = DidEstablishConnection(); 1088 } else { 1089 next_state_ = STATE_CLOSE; 1090 } 1091 return result; 1092 } 1093 1094 int SocketStream::DoReadWrite(int result) { 1095 if (result < OK) { 1096 next_state_ = STATE_CLOSE; 1097 return result; 1098 } 1099 if (!socket_.get() || !socket_->IsConnected()) { 1100 next_state_ = STATE_CLOSE; 1101 return ERR_CONNECTION_CLOSED; 1102 } 1103 1104 // If client has requested close(), and there's nothing to write, then 1105 // let's close the socket. 1106 // We don't care about receiving data after the socket is closed. 1107 if (closing_ && !current_write_buf_.get() && pending_write_bufs_.empty()) { 1108 socket_->Disconnect(); 1109 next_state_ = STATE_CLOSE; 1110 return OK; 1111 } 1112 1113 next_state_ = STATE_READ_WRITE; 1114 1115 // If server already closed the socket, we don't try to read. 1116 if (!server_closed_) { 1117 if (!read_buf_.get()) { 1118 // No read pending and server didn't close the socket. 1119 read_buf_ = new IOBuffer(kReadBufferSize); 1120 result = socket_->Read( 1121 read_buf_.get(), 1122 kReadBufferSize, 1123 base::Bind(&SocketStream::OnReadCompleted, base::Unretained(this))); 1124 if (result > 0) { 1125 return DidReceiveData(result); 1126 } else if (result == 0) { 1127 // 0 indicates end-of-file, so socket was closed. 1128 next_state_ = STATE_CLOSE; 1129 server_closed_ = true; 1130 return ERR_CONNECTION_CLOSED; 1131 } 1132 // If read is pending, try write as well. 1133 // Otherwise, return the result and do next loop (to close the 1134 // connection). 1135 if (result != ERR_IO_PENDING) { 1136 next_state_ = STATE_CLOSE; 1137 server_closed_ = true; 1138 return result; 1139 } 1140 } 1141 // Read is pending. 1142 DCHECK(read_buf_.get()); 1143 } 1144 1145 if (waiting_for_write_completion_) 1146 return ERR_IO_PENDING; 1147 1148 if (!current_write_buf_.get()) { 1149 if (pending_write_bufs_.empty()) { 1150 // Nothing buffered for send. 1151 return ERR_IO_PENDING; 1152 } 1153 1154 current_write_buf_ = new DrainableIOBuffer( 1155 pending_write_bufs_.front().get(), pending_write_bufs_.front()->size()); 1156 pending_write_bufs_.pop_front(); 1157 } 1158 1159 result = socket_->Write( 1160 current_write_buf_.get(), 1161 current_write_buf_->BytesRemaining(), 1162 base::Bind(&SocketStream::OnWriteCompleted, base::Unretained(this))); 1163 1164 if (result == ERR_IO_PENDING) { 1165 waiting_for_write_completion_ = true; 1166 } else if (result < 0) { 1167 // Shortcut. Enter STATE_CLOSE now by changing next_state_ here than by 1168 // calling DoReadWrite() again with the error code. 1169 next_state_ = STATE_CLOSE; 1170 } else if (result > 0) { 1171 // Write is not pending. Return OK and do next loop. 1172 DidSendData(result); 1173 result = OK; 1174 } 1175 1176 return result; 1177 } 1178 1179 GURL SocketStream::ProxyAuthOrigin() const { 1180 DCHECK(!proxy_info_.is_empty()); 1181 return GURL("http://" + 1182 proxy_info_.proxy_server().host_port_pair().ToString()); 1183 } 1184 1185 int SocketStream::HandleCertificateRequest(int result, SSLConfig* ssl_config) { 1186 if (ssl_config->send_client_cert) { 1187 // We already have performed SSL client authentication once and failed. 1188 return result; 1189 } 1190 1191 DCHECK(socket_.get()); 1192 scoped_refptr<SSLCertRequestInfo> cert_request_info = new SSLCertRequestInfo; 1193 SSLClientSocket* ssl_socket = 1194 static_cast<SSLClientSocket*>(socket_.get()); 1195 ssl_socket->GetSSLCertRequestInfo(cert_request_info.get()); 1196 1197 HttpTransactionFactory* factory = context_->http_transaction_factory(); 1198 if (!factory) 1199 return result; 1200 scoped_refptr<HttpNetworkSession> session = factory->GetSession(); 1201 if (!session.get()) 1202 return result; 1203 1204 // If the user selected one of the certificates in client_certs or declined 1205 // to provide one for this server before, use the past decision 1206 // automatically. 1207 scoped_refptr<X509Certificate> client_cert; 1208 if (!session->ssl_client_auth_cache()->Lookup( 1209 cert_request_info->host_and_port, &client_cert)) { 1210 return result; 1211 } 1212 1213 // Note: |client_cert| may be NULL, indicating that the caller 1214 // wishes to proceed anonymously (eg: continue the handshake 1215 // without sending a client cert) 1216 // 1217 // Check that the certificate selected is still a certificate the server 1218 // is likely to accept, based on the criteria supplied in the 1219 // CertificateRequest message. 1220 const std::vector<std::string>& cert_authorities = 1221 cert_request_info->cert_authorities; 1222 if (client_cert.get() && !cert_authorities.empty() && 1223 !client_cert->IsIssuedByEncoded(cert_authorities)) { 1224 return result; 1225 } 1226 1227 ssl_config->send_client_cert = true; 1228 ssl_config->client_cert = client_cert; 1229 next_state_ = STATE_TCP_CONNECT; 1230 return OK; 1231 } 1232 1233 int SocketStream::AllowCertErrorForReconnection(SSLConfig* ssl_config) { 1234 DCHECK(ssl_config); 1235 // The SSL handshake didn't finish, or the server closed the SSL connection. 1236 // So, we should restart establishing connection with the certificate in 1237 // allowed bad certificates in |ssl_config|. 1238 // See also net/http/http_network_transaction.cc HandleCertificateError() and 1239 // RestartIgnoringLastError(). 1240 SSLClientSocket* ssl_socket = static_cast<SSLClientSocket*>(socket_.get()); 1241 SSLInfo ssl_info; 1242 ssl_socket->GetSSLInfo(&ssl_info); 1243 if (ssl_info.cert.get() == NULL || 1244 ssl_config->IsAllowedBadCert(ssl_info.cert.get(), NULL)) { 1245 // If we already have the certificate in the set of allowed bad 1246 // certificates, we did try it and failed again, so we should not 1247 // retry again: the connection should fail at last. 1248 next_state_ = STATE_CLOSE; 1249 return ERR_UNEXPECTED; 1250 } 1251 // Add the bad certificate to the set of allowed certificates in the 1252 // SSL config object. 1253 SSLConfig::CertAndStatus bad_cert; 1254 if (!X509Certificate::GetDEREncoded(ssl_info.cert->os_cert_handle(), 1255 &bad_cert.der_cert)) { 1256 next_state_ = STATE_CLOSE; 1257 return ERR_UNEXPECTED; 1258 } 1259 bad_cert.cert_status = ssl_info.cert_status; 1260 ssl_config->allowed_bad_certs.push_back(bad_cert); 1261 // Restart connection ignoring the bad certificate. 1262 socket_->Disconnect(); 1263 socket_.reset(); 1264 next_state_ = STATE_TCP_CONNECT; 1265 return OK; 1266 } 1267 1268 void SocketStream::DoAuthRequired() { 1269 if (delegate_ && proxy_auth_controller_.get()) 1270 delegate_->OnAuthRequired(this, proxy_auth_controller_->auth_info().get()); 1271 else 1272 DoLoop(ERR_UNEXPECTED); 1273 } 1274 1275 void SocketStream::DoRestartWithAuth() { 1276 DCHECK_EQ(next_state_, STATE_AUTH_REQUIRED); 1277 tunnel_request_headers_ = NULL; 1278 tunnel_request_headers_bytes_sent_ = 0; 1279 tunnel_response_headers_ = NULL; 1280 tunnel_response_headers_capacity_ = 0; 1281 tunnel_response_headers_len_ = 0; 1282 1283 next_state_ = STATE_TCP_CONNECT; 1284 DoLoop(OK); 1285 } 1286 1287 int SocketStream::HandleCertificateError(int result) { 1288 DCHECK(IsCertificateError(result)); 1289 SSLClientSocket* ssl_socket = static_cast<SSLClientSocket*>(socket_.get()); 1290 DCHECK(ssl_socket); 1291 1292 if (!context_) 1293 return result; 1294 1295 if (SSLClientSocket::IgnoreCertError(result, LOAD_IGNORE_ALL_CERT_ERRORS)) { 1296 const HttpNetworkSession::Params* session_params = 1297 context_->GetNetworkSessionParams(); 1298 if (session_params && session_params->ignore_certificate_errors) 1299 return OK; 1300 } 1301 1302 if (!delegate_) 1303 return result; 1304 1305 SSLInfo ssl_info; 1306 ssl_socket->GetSSLInfo(&ssl_info); 1307 1308 TransportSecurityState::DomainState domain_state; 1309 const bool fatal = context_->transport_security_state() && 1310 context_->transport_security_state()->GetDomainState(url_.host(), 1311 SSLConfigService::IsSNIAvailable(context_->ssl_config_service()), 1312 &domain_state) && 1313 domain_state.ShouldSSLErrorsBeFatal(); 1314 1315 delegate_->OnSSLCertificateError(this, ssl_info, fatal); 1316 return ERR_IO_PENDING; 1317 } 1318 1319 } // namespace net 1320