1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/http/http_stream_factory_impl_job.h" 6 7 #include <algorithm> 8 #include <string> 9 10 #include "base/bind.h" 11 #include "base/bind_helpers.h" 12 #include "base/logging.h" 13 #include "base/stl_util.h" 14 #include "base/strings/string_util.h" 15 #include "base/strings/stringprintf.h" 16 #include "base/values.h" 17 #include "build/build_config.h" 18 #include "net/base/connection_type_histograms.h" 19 #include "net/base/net_log.h" 20 #include "net/base/net_util.h" 21 #include "net/http/http_basic_stream.h" 22 #include "net/http/http_network_session.h" 23 #include "net/http/http_proxy_client_socket.h" 24 #include "net/http/http_proxy_client_socket_pool.h" 25 #include "net/http/http_request_info.h" 26 #include "net/http/http_server_properties.h" 27 #include "net/http/http_stream_factory.h" 28 #include "net/http/http_stream_factory_impl_request.h" 29 #include "net/quic/quic_http_stream.h" 30 #include "net/socket/client_socket_handle.h" 31 #include "net/socket/client_socket_pool.h" 32 #include "net/socket/client_socket_pool_manager.h" 33 #include "net/socket/socks_client_socket_pool.h" 34 #include "net/socket/ssl_client_socket.h" 35 #include "net/socket/ssl_client_socket_pool.h" 36 #include "net/spdy/spdy_http_stream.h" 37 #include "net/spdy/spdy_session.h" 38 #include "net/spdy/spdy_session_pool.h" 39 #include "net/ssl/ssl_cert_request_info.h" 40 41 namespace net { 42 43 // Returns parameters associated with the start of a HTTP stream job. 44 base::Value* NetLogHttpStreamJobCallback(const GURL* original_url, 45 const GURL* url, 46 RequestPriority priority, 47 NetLog::LogLevel /* log_level */) { 48 base::DictionaryValue* dict = new base::DictionaryValue(); 49 dict->SetString("original_url", original_url->GetOrigin().spec()); 50 dict->SetString("url", url->GetOrigin().spec()); 51 dict->SetString("priority", RequestPriorityToString(priority)); 52 return dict; 53 } 54 55 // Returns parameters associated with the Proto (with NPN negotiation) of a HTTP 56 // stream. 57 base::Value* NetLogHttpStreamProtoCallback( 58 const SSLClientSocket::NextProtoStatus status, 59 const std::string* proto, 60 NetLog::LogLevel /* log_level */) { 61 base::DictionaryValue* dict = new base::DictionaryValue(); 62 63 dict->SetString("next_proto_status", 64 SSLClientSocket::NextProtoStatusToString(status)); 65 dict->SetString("proto", *proto); 66 return dict; 67 } 68 69 HttpStreamFactoryImpl::Job::Job(HttpStreamFactoryImpl* stream_factory, 70 HttpNetworkSession* session, 71 const HttpRequestInfo& request_info, 72 RequestPriority priority, 73 const SSLConfig& server_ssl_config, 74 const SSLConfig& proxy_ssl_config, 75 NetLog* net_log) 76 : request_(NULL), 77 request_info_(request_info), 78 priority_(priority), 79 server_ssl_config_(server_ssl_config), 80 proxy_ssl_config_(proxy_ssl_config), 81 net_log_(BoundNetLog::Make(net_log, NetLog::SOURCE_HTTP_STREAM_JOB)), 82 io_callback_(base::Bind(&Job::OnIOComplete, base::Unretained(this))), 83 connection_(new ClientSocketHandle), 84 session_(session), 85 stream_factory_(stream_factory), 86 next_state_(STATE_NONE), 87 pac_request_(NULL), 88 blocking_job_(NULL), 89 waiting_job_(NULL), 90 using_ssl_(false), 91 using_spdy_(false), 92 using_quic_(false), 93 quic_request_(session_->quic_stream_factory()), 94 using_existing_quic_session_(false), 95 spdy_certificate_error_(OK), 96 establishing_tunnel_(false), 97 was_npn_negotiated_(false), 98 protocol_negotiated_(kProtoUnknown), 99 num_streams_(0), 100 spdy_session_direct_(false), 101 job_status_(STATUS_RUNNING), 102 other_job_status_(STATUS_RUNNING), 103 ptr_factory_(this) { 104 DCHECK(stream_factory); 105 DCHECK(session); 106 } 107 108 HttpStreamFactoryImpl::Job::~Job() { 109 net_log_.EndEvent(NetLog::TYPE_HTTP_STREAM_JOB); 110 111 // When we're in a partially constructed state, waiting for the user to 112 // provide certificate handling information or authentication, we can't reuse 113 // this stream at all. 114 if (next_state_ == STATE_WAITING_USER_ACTION) { 115 connection_->socket()->Disconnect(); 116 connection_.reset(); 117 } 118 119 if (pac_request_) 120 session_->proxy_service()->CancelPacRequest(pac_request_); 121 122 // The stream could be in a partial state. It is not reusable. 123 if (stream_.get() && next_state_ != STATE_DONE) 124 stream_->Close(true /* not reusable */); 125 } 126 127 void HttpStreamFactoryImpl::Job::Start(Request* request) { 128 DCHECK(request); 129 request_ = request; 130 StartInternal(); 131 } 132 133 int HttpStreamFactoryImpl::Job::Preconnect(int num_streams) { 134 DCHECK_GT(num_streams, 0); 135 HostPortPair origin_server = 136 HostPortPair(request_info_.url.HostNoBrackets(), 137 request_info_.url.EffectiveIntPort()); 138 base::WeakPtr<HttpServerProperties> http_server_properties = 139 session_->http_server_properties(); 140 if (http_server_properties && 141 http_server_properties->SupportsSpdy(origin_server)) { 142 num_streams_ = 1; 143 } else { 144 num_streams_ = num_streams; 145 } 146 return StartInternal(); 147 } 148 149 int HttpStreamFactoryImpl::Job::RestartTunnelWithProxyAuth( 150 const AuthCredentials& credentials) { 151 DCHECK(establishing_tunnel_); 152 next_state_ = STATE_RESTART_TUNNEL_AUTH; 153 stream_.reset(); 154 return RunLoop(OK); 155 } 156 157 LoadState HttpStreamFactoryImpl::Job::GetLoadState() const { 158 switch (next_state_) { 159 case STATE_RESOLVE_PROXY_COMPLETE: 160 return session_->proxy_service()->GetLoadState(pac_request_); 161 case STATE_INIT_CONNECTION_COMPLETE: 162 case STATE_CREATE_STREAM_COMPLETE: 163 return using_quic_ ? LOAD_STATE_CONNECTING : connection_->GetLoadState(); 164 default: 165 return LOAD_STATE_IDLE; 166 } 167 } 168 169 void HttpStreamFactoryImpl::Job::MarkAsAlternate( 170 const GURL& original_url, 171 AlternateProtocolInfo alternate) { 172 DCHECK(!original_url_.get()); 173 original_url_.reset(new GURL(original_url)); 174 if (alternate.protocol == QUIC) { 175 DCHECK(session_->params().enable_quic); 176 using_quic_ = true; 177 } 178 } 179 180 void HttpStreamFactoryImpl::Job::WaitFor(Job* job) { 181 DCHECK_EQ(STATE_NONE, next_state_); 182 DCHECK_EQ(STATE_NONE, job->next_state_); 183 DCHECK(!blocking_job_); 184 DCHECK(!job->waiting_job_); 185 blocking_job_ = job; 186 job->waiting_job_ = this; 187 } 188 189 void HttpStreamFactoryImpl::Job::Resume(Job* job) { 190 DCHECK_EQ(blocking_job_, job); 191 blocking_job_ = NULL; 192 193 // We know we're blocked if the next_state_ is STATE_WAIT_FOR_JOB_COMPLETE. 194 // Unblock |this|. 195 if (next_state_ == STATE_WAIT_FOR_JOB_COMPLETE) { 196 base::MessageLoop::current()->PostTask( 197 FROM_HERE, 198 base::Bind(&HttpStreamFactoryImpl::Job::OnIOComplete, 199 ptr_factory_.GetWeakPtr(), OK)); 200 } 201 } 202 203 void HttpStreamFactoryImpl::Job::Orphan(const Request* request) { 204 DCHECK_EQ(request_, request); 205 request_ = NULL; 206 if (blocking_job_) { 207 // We've been orphaned, but there's a job we're blocked on. Don't bother 208 // racing, just cancel ourself. 209 DCHECK(blocking_job_->waiting_job_); 210 blocking_job_->waiting_job_ = NULL; 211 blocking_job_ = NULL; 212 if (stream_factory_->for_websockets_ && 213 connection_ && connection_->socket()) { 214 connection_->socket()->Disconnect(); 215 } 216 stream_factory_->OnOrphanedJobComplete(this); 217 } else if (stream_factory_->for_websockets_) { 218 // We cancel this job because a WebSocketHandshakeStream can't be created 219 // without a WebSocketHandshakeStreamBase::CreateHelper which is stored in 220 // the Request class and isn't accessible from this job. 221 if (connection_ && connection_->socket()) { 222 connection_->socket()->Disconnect(); 223 } 224 stream_factory_->OnOrphanedJobComplete(this); 225 } 226 } 227 228 void HttpStreamFactoryImpl::Job::SetPriority(RequestPriority priority) { 229 priority_ = priority; 230 // TODO(akalin): Propagate this to |connection_| and maybe the 231 // preconnect state. 232 } 233 234 bool HttpStreamFactoryImpl::Job::was_npn_negotiated() const { 235 return was_npn_negotiated_; 236 } 237 238 NextProto HttpStreamFactoryImpl::Job::protocol_negotiated() const { 239 return protocol_negotiated_; 240 } 241 242 bool HttpStreamFactoryImpl::Job::using_spdy() const { 243 return using_spdy_; 244 } 245 246 const SSLConfig& HttpStreamFactoryImpl::Job::server_ssl_config() const { 247 return server_ssl_config_; 248 } 249 250 const SSLConfig& HttpStreamFactoryImpl::Job::proxy_ssl_config() const { 251 return proxy_ssl_config_; 252 } 253 254 const ProxyInfo& HttpStreamFactoryImpl::Job::proxy_info() const { 255 return proxy_info_; 256 } 257 258 void HttpStreamFactoryImpl::Job::GetSSLInfo() { 259 DCHECK(using_ssl_); 260 DCHECK(!establishing_tunnel_); 261 DCHECK(connection_.get() && connection_->socket()); 262 SSLClientSocket* ssl_socket = 263 static_cast<SSLClientSocket*>(connection_->socket()); 264 ssl_socket->GetSSLInfo(&ssl_info_); 265 } 266 267 SpdySessionKey HttpStreamFactoryImpl::Job::GetSpdySessionKey() const { 268 // In the case that we're using an HTTPS proxy for an HTTP url, 269 // we look for a SPDY session *to* the proxy, instead of to the 270 // origin server. 271 PrivacyMode privacy_mode = request_info_.privacy_mode; 272 if (IsHttpsProxyAndHttpUrl()) { 273 return SpdySessionKey(proxy_info_.proxy_server().host_port_pair(), 274 ProxyServer::Direct(), 275 privacy_mode); 276 } else { 277 return SpdySessionKey(origin_, 278 proxy_info_.proxy_server(), 279 privacy_mode); 280 } 281 } 282 283 bool HttpStreamFactoryImpl::Job::CanUseExistingSpdySession() const { 284 // We need to make sure that if a spdy session was created for 285 // https://somehost/ that we don't use that session for http://somehost:443/. 286 // The only time we can use an existing session is if the request URL is 287 // https (the normal case) or if we're connection to a SPDY proxy, or 288 // if we're running with force_spdy_always_. crbug.com/133176 289 // TODO(ricea): Add "wss" back to this list when SPDY WebSocket support is 290 // working. 291 return request_info_.url.SchemeIs("https") || 292 proxy_info_.proxy_server().is_https() || 293 session_->params().force_spdy_always; 294 } 295 296 void HttpStreamFactoryImpl::Job::OnStreamReadyCallback() { 297 DCHECK(stream_.get()); 298 DCHECK(!IsPreconnecting()); 299 DCHECK(!stream_factory_->for_websockets_); 300 if (IsOrphaned()) { 301 stream_factory_->OnOrphanedJobComplete(this); 302 } else { 303 request_->Complete(was_npn_negotiated(), 304 protocol_negotiated(), 305 using_spdy(), 306 net_log_); 307 request_->OnStreamReady(this, server_ssl_config_, proxy_info_, 308 stream_.release()); 309 } 310 // |this| may be deleted after this call. 311 } 312 313 void HttpStreamFactoryImpl::Job::OnWebSocketHandshakeStreamReadyCallback() { 314 DCHECK(websocket_stream_); 315 DCHECK(!IsPreconnecting()); 316 DCHECK(stream_factory_->for_websockets_); 317 // An orphaned WebSocket job will be closed immediately and 318 // never be ready. 319 DCHECK(!IsOrphaned()); 320 request_->Complete(was_npn_negotiated(), 321 protocol_negotiated(), 322 using_spdy(), 323 net_log_); 324 request_->OnWebSocketHandshakeStreamReady(this, 325 server_ssl_config_, 326 proxy_info_, 327 websocket_stream_.release()); 328 // |this| may be deleted after this call. 329 } 330 331 void HttpStreamFactoryImpl::Job::OnNewSpdySessionReadyCallback() { 332 DCHECK(stream_.get()); 333 DCHECK(!IsPreconnecting()); 334 DCHECK(using_spdy()); 335 // Note: an event loop iteration has passed, so |new_spdy_session_| may be 336 // NULL at this point if the SpdySession closed immediately after creation. 337 base::WeakPtr<SpdySession> spdy_session = new_spdy_session_; 338 new_spdy_session_.reset(); 339 340 // TODO(jgraettinger): Notify the factory, and let that notify |request_|, 341 // rather than notifying |request_| directly. 342 if (IsOrphaned()) { 343 if (spdy_session) { 344 stream_factory_->OnNewSpdySessionReady( 345 spdy_session, spdy_session_direct_, server_ssl_config_, proxy_info_, 346 was_npn_negotiated(), protocol_negotiated(), using_spdy(), net_log_); 347 } 348 stream_factory_->OnOrphanedJobComplete(this); 349 } else { 350 request_->OnNewSpdySessionReady( 351 this, stream_.Pass(), spdy_session, spdy_session_direct_); 352 } 353 // |this| may be deleted after this call. 354 } 355 356 void HttpStreamFactoryImpl::Job::OnStreamFailedCallback(int result) { 357 DCHECK(!IsPreconnecting()); 358 if (IsOrphaned()) 359 stream_factory_->OnOrphanedJobComplete(this); 360 else 361 request_->OnStreamFailed(this, result, server_ssl_config_); 362 // |this| may be deleted after this call. 363 } 364 365 void HttpStreamFactoryImpl::Job::OnCertificateErrorCallback( 366 int result, const SSLInfo& ssl_info) { 367 DCHECK(!IsPreconnecting()); 368 if (IsOrphaned()) 369 stream_factory_->OnOrphanedJobComplete(this); 370 else 371 request_->OnCertificateError(this, result, server_ssl_config_, ssl_info); 372 // |this| may be deleted after this call. 373 } 374 375 void HttpStreamFactoryImpl::Job::OnNeedsProxyAuthCallback( 376 const HttpResponseInfo& response, 377 HttpAuthController* auth_controller) { 378 DCHECK(!IsPreconnecting()); 379 if (IsOrphaned()) 380 stream_factory_->OnOrphanedJobComplete(this); 381 else 382 request_->OnNeedsProxyAuth( 383 this, response, server_ssl_config_, proxy_info_, auth_controller); 384 // |this| may be deleted after this call. 385 } 386 387 void HttpStreamFactoryImpl::Job::OnNeedsClientAuthCallback( 388 SSLCertRequestInfo* cert_info) { 389 DCHECK(!IsPreconnecting()); 390 if (IsOrphaned()) 391 stream_factory_->OnOrphanedJobComplete(this); 392 else 393 request_->OnNeedsClientAuth(this, server_ssl_config_, cert_info); 394 // |this| may be deleted after this call. 395 } 396 397 void HttpStreamFactoryImpl::Job::OnHttpsProxyTunnelResponseCallback( 398 const HttpResponseInfo& response_info, 399 HttpStream* stream) { 400 DCHECK(!IsPreconnecting()); 401 if (IsOrphaned()) 402 stream_factory_->OnOrphanedJobComplete(this); 403 else 404 request_->OnHttpsProxyTunnelResponse( 405 this, response_info, server_ssl_config_, proxy_info_, stream); 406 // |this| may be deleted after this call. 407 } 408 409 void HttpStreamFactoryImpl::Job::OnPreconnectsComplete() { 410 DCHECK(!request_); 411 if (new_spdy_session_.get()) { 412 stream_factory_->OnNewSpdySessionReady(new_spdy_session_, 413 spdy_session_direct_, 414 server_ssl_config_, 415 proxy_info_, 416 was_npn_negotiated(), 417 protocol_negotiated(), 418 using_spdy(), 419 net_log_); 420 } 421 stream_factory_->OnPreconnectsComplete(this); 422 // |this| may be deleted after this call. 423 } 424 425 // static 426 int HttpStreamFactoryImpl::Job::OnHostResolution( 427 SpdySessionPool* spdy_session_pool, 428 const SpdySessionKey& spdy_session_key, 429 const AddressList& addresses, 430 const BoundNetLog& net_log) { 431 // It is OK to dereference spdy_session_pool, because the 432 // ClientSocketPoolManager will be destroyed in the same callback that 433 // destroys the SpdySessionPool. 434 return 435 spdy_session_pool->FindAvailableSession(spdy_session_key, net_log) ? 436 ERR_SPDY_SESSION_ALREADY_EXISTS : OK; 437 } 438 439 void HttpStreamFactoryImpl::Job::OnIOComplete(int result) { 440 RunLoop(result); 441 } 442 443 int HttpStreamFactoryImpl::Job::RunLoop(int result) { 444 result = DoLoop(result); 445 446 if (result == ERR_IO_PENDING) 447 return result; 448 449 // If there was an error, we should have already resumed the |waiting_job_|, 450 // if there was one. 451 DCHECK(result == OK || waiting_job_ == NULL); 452 453 if (IsPreconnecting()) { 454 base::MessageLoop::current()->PostTask( 455 FROM_HERE, 456 base::Bind(&HttpStreamFactoryImpl::Job::OnPreconnectsComplete, 457 ptr_factory_.GetWeakPtr())); 458 return ERR_IO_PENDING; 459 } 460 461 if (IsCertificateError(result)) { 462 // Retrieve SSL information from the socket. 463 GetSSLInfo(); 464 465 next_state_ = STATE_WAITING_USER_ACTION; 466 base::MessageLoop::current()->PostTask( 467 FROM_HERE, 468 base::Bind(&HttpStreamFactoryImpl::Job::OnCertificateErrorCallback, 469 ptr_factory_.GetWeakPtr(), result, ssl_info_)); 470 return ERR_IO_PENDING; 471 } 472 473 switch (result) { 474 case ERR_PROXY_AUTH_REQUESTED: { 475 UMA_HISTOGRAM_BOOLEAN("Net.ProxyAuthRequested.HasConnection", 476 connection_.get() != NULL); 477 if (!connection_.get()) 478 return ERR_PROXY_AUTH_REQUESTED_WITH_NO_CONNECTION; 479 CHECK(connection_->socket()); 480 CHECK(establishing_tunnel_); 481 482 next_state_ = STATE_WAITING_USER_ACTION; 483 ProxyClientSocket* proxy_socket = 484 static_cast<ProxyClientSocket*>(connection_->socket()); 485 base::MessageLoop::current()->PostTask( 486 FROM_HERE, 487 base::Bind(&Job::OnNeedsProxyAuthCallback, ptr_factory_.GetWeakPtr(), 488 *proxy_socket->GetConnectResponseInfo(), 489 proxy_socket->GetAuthController())); 490 return ERR_IO_PENDING; 491 } 492 493 case ERR_SSL_CLIENT_AUTH_CERT_NEEDED: 494 base::MessageLoop::current()->PostTask( 495 FROM_HERE, 496 base::Bind(&Job::OnNeedsClientAuthCallback, ptr_factory_.GetWeakPtr(), 497 connection_->ssl_error_response_info().cert_request_info)); 498 return ERR_IO_PENDING; 499 500 case ERR_HTTPS_PROXY_TUNNEL_RESPONSE: { 501 DCHECK(connection_.get()); 502 DCHECK(connection_->socket()); 503 DCHECK(establishing_tunnel_); 504 505 ProxyClientSocket* proxy_socket = 506 static_cast<ProxyClientSocket*>(connection_->socket()); 507 base::MessageLoop::current()->PostTask( 508 FROM_HERE, 509 base::Bind(&Job::OnHttpsProxyTunnelResponseCallback, 510 ptr_factory_.GetWeakPtr(), 511 *proxy_socket->GetConnectResponseInfo(), 512 proxy_socket->CreateConnectResponseStream())); 513 return ERR_IO_PENDING; 514 } 515 516 case OK: 517 job_status_ = STATUS_SUCCEEDED; 518 MaybeMarkAlternateProtocolBroken(); 519 next_state_ = STATE_DONE; 520 if (new_spdy_session_.get()) { 521 base::MessageLoop::current()->PostTask( 522 FROM_HERE, 523 base::Bind(&Job::OnNewSpdySessionReadyCallback, 524 ptr_factory_.GetWeakPtr())); 525 } else if (stream_factory_->for_websockets_) { 526 DCHECK(websocket_stream_); 527 base::MessageLoop::current()->PostTask( 528 FROM_HERE, 529 base::Bind(&Job::OnWebSocketHandshakeStreamReadyCallback, 530 ptr_factory_.GetWeakPtr())); 531 } else { 532 DCHECK(stream_.get()); 533 base::MessageLoop::current()->PostTask( 534 FROM_HERE, 535 base::Bind(&Job::OnStreamReadyCallback, ptr_factory_.GetWeakPtr())); 536 } 537 return ERR_IO_PENDING; 538 539 default: 540 if (job_status_ != STATUS_BROKEN) { 541 DCHECK_EQ(STATUS_RUNNING, job_status_); 542 job_status_ = STATUS_FAILED; 543 MaybeMarkAlternateProtocolBroken(); 544 } 545 base::MessageLoop::current()->PostTask( 546 FROM_HERE, 547 base::Bind(&Job::OnStreamFailedCallback, ptr_factory_.GetWeakPtr(), 548 result)); 549 return ERR_IO_PENDING; 550 } 551 } 552 553 int HttpStreamFactoryImpl::Job::DoLoop(int result) { 554 DCHECK_NE(next_state_, STATE_NONE); 555 int rv = result; 556 do { 557 State state = next_state_; 558 next_state_ = STATE_NONE; 559 switch (state) { 560 case STATE_START: 561 DCHECK_EQ(OK, rv); 562 rv = DoStart(); 563 break; 564 case STATE_RESOLVE_PROXY: 565 DCHECK_EQ(OK, rv); 566 rv = DoResolveProxy(); 567 break; 568 case STATE_RESOLVE_PROXY_COMPLETE: 569 rv = DoResolveProxyComplete(rv); 570 break; 571 case STATE_WAIT_FOR_JOB: 572 DCHECK_EQ(OK, rv); 573 rv = DoWaitForJob(); 574 break; 575 case STATE_WAIT_FOR_JOB_COMPLETE: 576 rv = DoWaitForJobComplete(rv); 577 break; 578 case STATE_INIT_CONNECTION: 579 DCHECK_EQ(OK, rv); 580 rv = DoInitConnection(); 581 break; 582 case STATE_INIT_CONNECTION_COMPLETE: 583 rv = DoInitConnectionComplete(rv); 584 break; 585 case STATE_WAITING_USER_ACTION: 586 rv = DoWaitingUserAction(rv); 587 break; 588 case STATE_RESTART_TUNNEL_AUTH: 589 DCHECK_EQ(OK, rv); 590 rv = DoRestartTunnelAuth(); 591 break; 592 case STATE_RESTART_TUNNEL_AUTH_COMPLETE: 593 rv = DoRestartTunnelAuthComplete(rv); 594 break; 595 case STATE_CREATE_STREAM: 596 DCHECK_EQ(OK, rv); 597 rv = DoCreateStream(); 598 break; 599 case STATE_CREATE_STREAM_COMPLETE: 600 rv = DoCreateStreamComplete(rv); 601 break; 602 default: 603 NOTREACHED() << "bad state"; 604 rv = ERR_FAILED; 605 break; 606 } 607 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE); 608 return rv; 609 } 610 611 int HttpStreamFactoryImpl::Job::StartInternal() { 612 CHECK_EQ(STATE_NONE, next_state_); 613 next_state_ = STATE_START; 614 int rv = RunLoop(OK); 615 DCHECK_EQ(ERR_IO_PENDING, rv); 616 return rv; 617 } 618 619 int HttpStreamFactoryImpl::Job::DoStart() { 620 int port = request_info_.url.EffectiveIntPort(); 621 origin_ = HostPortPair(request_info_.url.HostNoBrackets(), port); 622 origin_url_ = stream_factory_->ApplyHostMappingRules( 623 request_info_.url, &origin_); 624 625 net_log_.BeginEvent(NetLog::TYPE_HTTP_STREAM_JOB, 626 base::Bind(&NetLogHttpStreamJobCallback, 627 &request_info_.url, &origin_url_, 628 priority_)); 629 630 // Don't connect to restricted ports. 631 bool is_port_allowed = IsPortAllowedByDefault(port); 632 if (request_info_.url.SchemeIs("ftp")) { 633 // Never share connection with other jobs for FTP requests. 634 DCHECK(!waiting_job_); 635 636 is_port_allowed = IsPortAllowedByFtp(port); 637 } 638 if (!is_port_allowed && !IsPortAllowedByOverride(port)) { 639 if (waiting_job_) { 640 waiting_job_->Resume(this); 641 waiting_job_ = NULL; 642 } 643 return ERR_UNSAFE_PORT; 644 } 645 646 next_state_ = STATE_RESOLVE_PROXY; 647 return OK; 648 } 649 650 int HttpStreamFactoryImpl::Job::DoResolveProxy() { 651 DCHECK(!pac_request_); 652 DCHECK(session_); 653 654 next_state_ = STATE_RESOLVE_PROXY_COMPLETE; 655 656 if (request_info_.load_flags & LOAD_BYPASS_PROXY) { 657 proxy_info_.UseDirect(); 658 return OK; 659 } 660 661 return session_->proxy_service()->ResolveProxy( 662 request_info_.url, request_info_.load_flags, &proxy_info_, io_callback_, 663 &pac_request_, session_->network_delegate(), net_log_); 664 } 665 666 int HttpStreamFactoryImpl::Job::DoResolveProxyComplete(int result) { 667 pac_request_ = NULL; 668 669 if (result == OK) { 670 // Remove unsupported proxies from the list. 671 proxy_info_.RemoveProxiesWithoutScheme( 672 ProxyServer::SCHEME_DIRECT | ProxyServer::SCHEME_QUIC | 673 ProxyServer::SCHEME_HTTP | ProxyServer::SCHEME_HTTPS | 674 ProxyServer::SCHEME_SOCKS4 | ProxyServer::SCHEME_SOCKS5); 675 676 if (proxy_info_.is_empty()) { 677 // No proxies/direct to choose from. This happens when we don't support 678 // any of the proxies in the returned list. 679 result = ERR_NO_SUPPORTED_PROXIES; 680 } else if (using_quic_ && 681 (!proxy_info_.is_quic() && !proxy_info_.is_direct())) { 682 // QUIC can not be spoken to non-QUIC proxies. This error should not be 683 // user visible, because the non-alternate job should be resumed. 684 result = ERR_NO_SUPPORTED_PROXIES; 685 } 686 } 687 688 if (result != OK) { 689 if (waiting_job_) { 690 waiting_job_->Resume(this); 691 waiting_job_ = NULL; 692 } 693 return result; 694 } 695 696 if (blocking_job_) 697 next_state_ = STATE_WAIT_FOR_JOB; 698 else 699 next_state_ = STATE_INIT_CONNECTION; 700 return OK; 701 } 702 703 bool HttpStreamFactoryImpl::Job::ShouldForceSpdySSL() const { 704 bool rv = session_->params().force_spdy_always && 705 session_->params().force_spdy_over_ssl; 706 return rv && !session_->HasSpdyExclusion(origin_); 707 } 708 709 bool HttpStreamFactoryImpl::Job::ShouldForceSpdyWithoutSSL() const { 710 bool rv = session_->params().force_spdy_always && 711 !session_->params().force_spdy_over_ssl; 712 return rv && !session_->HasSpdyExclusion(origin_); 713 } 714 715 bool HttpStreamFactoryImpl::Job::ShouldForceQuic() const { 716 return session_->params().enable_quic && 717 session_->params().origin_to_force_quic_on.Equals(origin_) && 718 proxy_info_.is_direct(); 719 } 720 721 int HttpStreamFactoryImpl::Job::DoWaitForJob() { 722 DCHECK(blocking_job_); 723 next_state_ = STATE_WAIT_FOR_JOB_COMPLETE; 724 return ERR_IO_PENDING; 725 } 726 727 int HttpStreamFactoryImpl::Job::DoWaitForJobComplete(int result) { 728 DCHECK(!blocking_job_); 729 DCHECK_EQ(OK, result); 730 next_state_ = STATE_INIT_CONNECTION; 731 return OK; 732 } 733 734 int HttpStreamFactoryImpl::Job::DoInitConnection() { 735 DCHECK(!blocking_job_); 736 DCHECK(!connection_->is_initialized()); 737 DCHECK(proxy_info_.proxy_server().is_valid()); 738 next_state_ = STATE_INIT_CONNECTION_COMPLETE; 739 740 using_ssl_ = request_info_.url.SchemeIs("https") || 741 request_info_.url.SchemeIs("wss") || ShouldForceSpdySSL(); 742 using_spdy_ = false; 743 744 if (ShouldForceQuic()) 745 using_quic_ = true; 746 747 if (proxy_info_.is_quic()) 748 using_quic_ = true; 749 750 if (using_quic_) { 751 DCHECK(session_->params().enable_quic); 752 if (proxy_info_.is_quic() && !request_info_.url.SchemeIs("http")) { 753 NOTREACHED(); 754 // TODO(rch): support QUIC proxies for HTTPS urls. 755 return ERR_NOT_IMPLEMENTED; 756 } 757 HostPortPair destination = proxy_info_.is_quic() ? 758 proxy_info_.proxy_server().host_port_pair() : origin_; 759 next_state_ = STATE_INIT_CONNECTION_COMPLETE; 760 bool secure_quic = using_ssl_ || proxy_info_.is_quic(); 761 int rv = quic_request_.Request( 762 destination, secure_quic, request_info_.privacy_mode, 763 request_info_.method, net_log_, io_callback_); 764 if (rv == OK) { 765 using_existing_quic_session_ = true; 766 } else { 767 // OK, there's no available QUIC session. Let |waiting_job_| resume 768 // if it's paused. 769 if (waiting_job_) { 770 waiting_job_->Resume(this); 771 waiting_job_ = NULL; 772 } 773 } 774 return rv; 775 } 776 777 // Check first if we have a spdy session for this group. If so, then go 778 // straight to using that. 779 SpdySessionKey spdy_session_key = GetSpdySessionKey(); 780 base::WeakPtr<SpdySession> spdy_session = 781 session_->spdy_session_pool()->FindAvailableSession( 782 spdy_session_key, net_log_); 783 if (spdy_session && CanUseExistingSpdySession()) { 784 // If we're preconnecting, but we already have a SpdySession, we don't 785 // actually need to preconnect any sockets, so we're done. 786 if (IsPreconnecting()) 787 return OK; 788 using_spdy_ = true; 789 next_state_ = STATE_CREATE_STREAM; 790 existing_spdy_session_ = spdy_session; 791 return OK; 792 } else if (request_ && !request_->HasSpdySessionKey() && 793 (using_ssl_ || ShouldForceSpdyWithoutSSL())) { 794 // Update the spdy session key for the request that launched this job. 795 request_->SetSpdySessionKey(spdy_session_key); 796 } 797 798 // OK, there's no available SPDY session. Let |waiting_job_| resume if it's 799 // paused. 800 801 if (waiting_job_) { 802 waiting_job_->Resume(this); 803 waiting_job_ = NULL; 804 } 805 806 if (proxy_info_.is_http() || proxy_info_.is_https()) 807 establishing_tunnel_ = using_ssl_; 808 809 bool want_spdy_over_npn = original_url_ != NULL; 810 811 if (proxy_info_.is_https()) { 812 InitSSLConfig(proxy_info_.proxy_server().host_port_pair(), 813 &proxy_ssl_config_, 814 true /* is a proxy server */); 815 // Disable revocation checking for HTTPS proxies since the revocation 816 // requests are probably going to need to go through the proxy too. 817 proxy_ssl_config_.rev_checking_enabled = false; 818 } 819 if (using_ssl_) { 820 InitSSLConfig(origin_, &server_ssl_config_, 821 false /* not a proxy server */); 822 } 823 824 if (IsPreconnecting()) { 825 DCHECK(!stream_factory_->for_websockets_); 826 return PreconnectSocketsForHttpRequest( 827 origin_url_, 828 request_info_.extra_headers, 829 request_info_.load_flags, 830 priority_, 831 session_, 832 proxy_info_, 833 ShouldForceSpdySSL(), 834 want_spdy_over_npn, 835 server_ssl_config_, 836 proxy_ssl_config_, 837 request_info_.privacy_mode, 838 net_log_, 839 num_streams_); 840 } 841 842 // If we can't use a SPDY session, don't both checking for one after 843 // the hostname is resolved. 844 OnHostResolutionCallback resolution_callback = CanUseExistingSpdySession() ? 845 base::Bind(&Job::OnHostResolution, session_->spdy_session_pool(), 846 GetSpdySessionKey()) : 847 OnHostResolutionCallback(); 848 if (stream_factory_->for_websockets_) { 849 // TODO(ricea): Re-enable NPN when WebSockets over SPDY is supported. 850 SSLConfig websocket_server_ssl_config = server_ssl_config_; 851 websocket_server_ssl_config.next_protos.clear(); 852 return InitSocketHandleForWebSocketRequest( 853 origin_url_, request_info_.extra_headers, request_info_.load_flags, 854 priority_, session_, proxy_info_, ShouldForceSpdySSL(), 855 want_spdy_over_npn, websocket_server_ssl_config, proxy_ssl_config_, 856 request_info_.privacy_mode, net_log_, 857 connection_.get(), resolution_callback, io_callback_); 858 } 859 860 return InitSocketHandleForHttpRequest( 861 origin_url_, request_info_.extra_headers, request_info_.load_flags, 862 priority_, session_, proxy_info_, ShouldForceSpdySSL(), 863 want_spdy_over_npn, server_ssl_config_, proxy_ssl_config_, 864 request_info_.privacy_mode, net_log_, 865 connection_.get(), resolution_callback, io_callback_); 866 } 867 868 int HttpStreamFactoryImpl::Job::DoInitConnectionComplete(int result) { 869 if (IsPreconnecting()) { 870 if (using_quic_) 871 return result; 872 DCHECK_EQ(OK, result); 873 return OK; 874 } 875 876 if (result == ERR_SPDY_SESSION_ALREADY_EXISTS) { 877 // We found a SPDY connection after resolving the host. This is 878 // probably an IP pooled connection. 879 SpdySessionKey spdy_session_key = GetSpdySessionKey(); 880 existing_spdy_session_ = 881 session_->spdy_session_pool()->FindAvailableSession( 882 spdy_session_key, net_log_); 883 if (existing_spdy_session_) { 884 using_spdy_ = true; 885 next_state_ = STATE_CREATE_STREAM; 886 } else { 887 // It is possible that the spdy session no longer exists. 888 ReturnToStateInitConnection(true /* close connection */); 889 } 890 return OK; 891 } 892 893 // TODO(willchan): Make this a bit more exact. Maybe there are recoverable 894 // errors, such as ignoring certificate errors for Alternate-Protocol. 895 if (result < 0 && waiting_job_) { 896 waiting_job_->Resume(this); 897 waiting_job_ = NULL; 898 } 899 900 // |result| may be the result of any of the stacked pools. The following 901 // logic is used when determining how to interpret an error. 902 // If |result| < 0: 903 // and connection_->socket() != NULL, then the SSL handshake ran and it 904 // is a potentially recoverable error. 905 // and connection_->socket == NULL and connection_->is_ssl_error() is true, 906 // then the SSL handshake ran with an unrecoverable error. 907 // otherwise, the error came from one of the other pools. 908 bool ssl_started = using_ssl_ && (result == OK || connection_->socket() || 909 connection_->is_ssl_error()); 910 911 if (ssl_started && (result == OK || IsCertificateError(result))) { 912 if (using_quic_ && result == OK) { 913 was_npn_negotiated_ = true; 914 NextProto protocol_negotiated = 915 SSLClientSocket::NextProtoFromString("quic/1+spdy/3"); 916 protocol_negotiated_ = protocol_negotiated; 917 } else { 918 SSLClientSocket* ssl_socket = 919 static_cast<SSLClientSocket*>(connection_->socket()); 920 if (ssl_socket->WasNpnNegotiated()) { 921 was_npn_negotiated_ = true; 922 std::string proto; 923 SSLClientSocket::NextProtoStatus status = 924 ssl_socket->GetNextProto(&proto); 925 NextProto protocol_negotiated = 926 SSLClientSocket::NextProtoFromString(proto); 927 protocol_negotiated_ = protocol_negotiated; 928 net_log_.AddEvent( 929 NetLog::TYPE_HTTP_STREAM_REQUEST_PROTO, 930 base::Bind(&NetLogHttpStreamProtoCallback, 931 status, &proto)); 932 if (ssl_socket->was_spdy_negotiated()) 933 SwitchToSpdyMode(); 934 } 935 if (ShouldForceSpdySSL()) 936 SwitchToSpdyMode(); 937 } 938 } else if (proxy_info_.is_https() && connection_->socket() && 939 result == OK) { 940 ProxyClientSocket* proxy_socket = 941 static_cast<ProxyClientSocket*>(connection_->socket()); 942 if (proxy_socket->IsUsingSpdy()) { 943 was_npn_negotiated_ = true; 944 protocol_negotiated_ = proxy_socket->GetProtocolNegotiated(); 945 SwitchToSpdyMode(); 946 } 947 } 948 949 // We may be using spdy without SSL 950 if (ShouldForceSpdyWithoutSSL()) 951 SwitchToSpdyMode(); 952 953 if (result == ERR_PROXY_AUTH_REQUESTED || 954 result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) { 955 DCHECK(!ssl_started); 956 // Other state (i.e. |using_ssl_|) suggests that |connection_| will have an 957 // SSL socket, but there was an error before that could happen. This 958 // puts the in progress HttpProxy socket into |connection_| in order to 959 // complete the auth (or read the response body). The tunnel restart code 960 // is careful to remove it before returning control to the rest of this 961 // class. 962 connection_.reset(connection_->release_pending_http_proxy_connection()); 963 return result; 964 } 965 966 if (!ssl_started && result < 0 && original_url_.get()) { 967 job_status_ = STATUS_BROKEN; 968 MaybeMarkAlternateProtocolBroken(); 969 return result; 970 } 971 972 if (using_quic_) { 973 if (result < 0) { 974 job_status_ = STATUS_BROKEN; 975 MaybeMarkAlternateProtocolBroken(); 976 return result; 977 } 978 stream_ = quic_request_.ReleaseStream(); 979 next_state_ = STATE_NONE; 980 return OK; 981 } 982 983 if (result < 0 && !ssl_started) 984 return ReconsiderProxyAfterError(result); 985 establishing_tunnel_ = false; 986 987 if (connection_->socket()) { 988 LogHttpConnectedMetrics(*connection_); 989 990 // We officially have a new connection. Record the type. 991 if (!connection_->is_reused()) { 992 ConnectionType type = using_spdy_ ? CONNECTION_SPDY : CONNECTION_HTTP; 993 UpdateConnectionTypeHistograms(type); 994 } 995 } 996 997 // Handle SSL errors below. 998 if (using_ssl_) { 999 DCHECK(ssl_started); 1000 if (IsCertificateError(result)) { 1001 if (using_spdy_ && original_url_.get() && 1002 original_url_->SchemeIs("http")) { 1003 // We ignore certificate errors for http over spdy. 1004 spdy_certificate_error_ = result; 1005 result = OK; 1006 } else { 1007 result = HandleCertificateError(result); 1008 if (result == OK && !connection_->socket()->IsConnectedAndIdle()) { 1009 ReturnToStateInitConnection(true /* close connection */); 1010 return result; 1011 } 1012 } 1013 } 1014 if (result < 0) 1015 return result; 1016 } 1017 1018 next_state_ = STATE_CREATE_STREAM; 1019 return OK; 1020 } 1021 1022 int HttpStreamFactoryImpl::Job::DoWaitingUserAction(int result) { 1023 // This state indicates that the stream request is in a partially 1024 // completed state, and we've called back to the delegate for more 1025 // information. 1026 1027 // We're always waiting here for the delegate to call us back. 1028 return ERR_IO_PENDING; 1029 } 1030 1031 int HttpStreamFactoryImpl::Job::SetSpdyHttpStream( 1032 base::WeakPtr<SpdySession> session, bool direct) { 1033 // TODO(ricea): Restore the code for WebSockets over SPDY once it's 1034 // implemented. 1035 if (stream_factory_->for_websockets_) 1036 return ERR_NOT_IMPLEMENTED; 1037 1038 // TODO(willchan): Delete this code, because eventually, the 1039 // HttpStreamFactoryImpl will be creating all the SpdyHttpStreams, since it 1040 // will know when SpdySessions become available. 1041 1042 bool use_relative_url = direct || request_info_.url.SchemeIs("https"); 1043 stream_.reset(new SpdyHttpStream(session, use_relative_url)); 1044 return OK; 1045 } 1046 1047 int HttpStreamFactoryImpl::Job::DoCreateStream() { 1048 DCHECK(connection_->socket() || existing_spdy_session_.get() || using_quic_); 1049 1050 next_state_ = STATE_CREATE_STREAM_COMPLETE; 1051 1052 // We only set the socket motivation if we're the first to use 1053 // this socket. Is there a race for two SPDY requests? We really 1054 // need to plumb this through to the connect level. 1055 if (connection_->socket() && !connection_->is_reused()) 1056 SetSocketMotivation(); 1057 1058 if (!using_spdy_) { 1059 // We may get ftp scheme when fetching ftp resources through proxy. 1060 bool using_proxy = (proxy_info_.is_http() || proxy_info_.is_https()) && 1061 (request_info_.url.SchemeIs("http") || 1062 request_info_.url.SchemeIs("ftp")); 1063 if (stream_factory_->for_websockets_) { 1064 DCHECK(request_); 1065 DCHECK(request_->websocket_handshake_stream_create_helper()); 1066 websocket_stream_.reset( 1067 request_->websocket_handshake_stream_create_helper() 1068 ->CreateBasicStream(connection_.Pass(), using_proxy)); 1069 } else { 1070 stream_.reset(new HttpBasicStream(connection_.release(), using_proxy)); 1071 } 1072 return OK; 1073 } 1074 1075 CHECK(!stream_.get()); 1076 1077 bool direct = true; 1078 const ProxyServer& proxy_server = proxy_info_.proxy_server(); 1079 PrivacyMode privacy_mode = request_info_.privacy_mode; 1080 if (IsHttpsProxyAndHttpUrl()) 1081 direct = false; 1082 1083 if (existing_spdy_session_.get()) { 1084 // We picked up an existing session, so we don't need our socket. 1085 if (connection_->socket()) 1086 connection_->socket()->Disconnect(); 1087 connection_->Reset(); 1088 1089 int set_result = SetSpdyHttpStream(existing_spdy_session_, direct); 1090 existing_spdy_session_.reset(); 1091 return set_result; 1092 } 1093 1094 SpdySessionKey spdy_session_key(origin_, proxy_server, privacy_mode); 1095 if (IsHttpsProxyAndHttpUrl()) { 1096 // If we don't have a direct SPDY session, and we're using an HTTPS 1097 // proxy, then we might have a SPDY session to the proxy. 1098 // We never use privacy mode for connection to proxy server. 1099 spdy_session_key = SpdySessionKey(proxy_server.host_port_pair(), 1100 ProxyServer::Direct(), 1101 PRIVACY_MODE_DISABLED); 1102 } 1103 1104 SpdySessionPool* spdy_pool = session_->spdy_session_pool(); 1105 base::WeakPtr<SpdySession> spdy_session = 1106 spdy_pool->FindAvailableSession(spdy_session_key, net_log_); 1107 1108 if (spdy_session) { 1109 return SetSpdyHttpStream(spdy_session, direct); 1110 } 1111 1112 spdy_session = 1113 spdy_pool->CreateAvailableSessionFromSocket(spdy_session_key, 1114 connection_.Pass(), 1115 net_log_, 1116 spdy_certificate_error_, 1117 using_ssl_); 1118 if (!spdy_session->HasAcceptableTransportSecurity()) { 1119 spdy_session->CloseSessionOnError( 1120 ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY, ""); 1121 return ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY; 1122 } 1123 1124 new_spdy_session_ = spdy_session; 1125 spdy_session_direct_ = direct; 1126 const HostPortPair& host_port_pair = spdy_session_key.host_port_pair(); 1127 base::WeakPtr<HttpServerProperties> http_server_properties = 1128 session_->http_server_properties(); 1129 if (http_server_properties) 1130 http_server_properties->SetSupportsSpdy(host_port_pair, true); 1131 1132 // Create a SpdyHttpStream attached to the session; 1133 // OnNewSpdySessionReadyCallback is not called until an event loop 1134 // iteration later, so if the SpdySession is closed between then, allow 1135 // reuse state from the underlying socket, sampled by SpdyHttpStream, 1136 // bubble up to the request. 1137 return SetSpdyHttpStream(new_spdy_session_, spdy_session_direct_); 1138 } 1139 1140 int HttpStreamFactoryImpl::Job::DoCreateStreamComplete(int result) { 1141 if (result < 0) 1142 return result; 1143 1144 session_->proxy_service()->ReportSuccess(proxy_info_, 1145 session_->network_delegate()); 1146 next_state_ = STATE_NONE; 1147 return OK; 1148 } 1149 1150 int HttpStreamFactoryImpl::Job::DoRestartTunnelAuth() { 1151 next_state_ = STATE_RESTART_TUNNEL_AUTH_COMPLETE; 1152 ProxyClientSocket* proxy_socket = 1153 static_cast<ProxyClientSocket*>(connection_->socket()); 1154 return proxy_socket->RestartWithAuth(io_callback_); 1155 } 1156 1157 int HttpStreamFactoryImpl::Job::DoRestartTunnelAuthComplete(int result) { 1158 if (result == ERR_PROXY_AUTH_REQUESTED) 1159 return result; 1160 1161 if (result == OK) { 1162 // Now that we've got the HttpProxyClientSocket connected. We have 1163 // to release it as an idle socket into the pool and start the connection 1164 // process from the beginning. Trying to pass it in with the 1165 // SSLSocketParams might cause a deadlock since params are dispatched 1166 // interchangeably. This request won't necessarily get this http proxy 1167 // socket, but there will be forward progress. 1168 establishing_tunnel_ = false; 1169 ReturnToStateInitConnection(false /* do not close connection */); 1170 return OK; 1171 } 1172 1173 return ReconsiderProxyAfterError(result); 1174 } 1175 1176 void HttpStreamFactoryImpl::Job::ReturnToStateInitConnection( 1177 bool close_connection) { 1178 if (close_connection && connection_->socket()) 1179 connection_->socket()->Disconnect(); 1180 connection_->Reset(); 1181 1182 if (request_) 1183 request_->RemoveRequestFromSpdySessionRequestMap(); 1184 1185 next_state_ = STATE_INIT_CONNECTION; 1186 } 1187 1188 void HttpStreamFactoryImpl::Job::SetSocketMotivation() { 1189 if (request_info_.motivation == HttpRequestInfo::PRECONNECT_MOTIVATED) 1190 connection_->socket()->SetSubresourceSpeculation(); 1191 else if (request_info_.motivation == HttpRequestInfo::OMNIBOX_MOTIVATED) 1192 connection_->socket()->SetOmniboxSpeculation(); 1193 // TODO(mbelshe): Add other motivations (like EARLY_LOAD_MOTIVATED). 1194 } 1195 1196 bool HttpStreamFactoryImpl::Job::IsHttpsProxyAndHttpUrl() const { 1197 if (!proxy_info_.is_https()) 1198 return false; 1199 if (original_url_.get()) { 1200 // We currently only support Alternate-Protocol where the original scheme 1201 // is http. 1202 DCHECK(original_url_->SchemeIs("http")); 1203 return original_url_->SchemeIs("http"); 1204 } 1205 return request_info_.url.SchemeIs("http"); 1206 } 1207 1208 // Sets several fields of ssl_config for the given origin_server based on the 1209 // proxy info and other factors. 1210 void HttpStreamFactoryImpl::Job::InitSSLConfig( 1211 const HostPortPair& origin_server, 1212 SSLConfig* ssl_config, 1213 bool is_proxy) const { 1214 if (proxy_info_.is_https() && ssl_config->send_client_cert) { 1215 // When connecting through an HTTPS proxy, disable TLS False Start so 1216 // that client authentication errors can be distinguished between those 1217 // originating from the proxy server (ERR_PROXY_CONNECTION_FAILED) and 1218 // those originating from the endpoint (ERR_SSL_PROTOCOL_ERROR / 1219 // ERR_BAD_SSL_CLIENT_AUTH_CERT). 1220 // TODO(rch): This assumes that the HTTPS proxy will only request a 1221 // client certificate during the initial handshake. 1222 // http://crbug.com/59292 1223 ssl_config->false_start_enabled = false; 1224 } 1225 1226 enum { 1227 FALLBACK_NONE = 0, // SSL version fallback did not occur. 1228 FALLBACK_SSL3 = 1, // Fell back to SSL 3.0. 1229 FALLBACK_TLS1 = 2, // Fell back to TLS 1.0. 1230 FALLBACK_TLS1_1 = 3, // Fell back to TLS 1.1. 1231 FALLBACK_MAX 1232 }; 1233 1234 int fallback = FALLBACK_NONE; 1235 if (ssl_config->version_fallback) { 1236 switch (ssl_config->version_max) { 1237 case SSL_PROTOCOL_VERSION_SSL3: 1238 fallback = FALLBACK_SSL3; 1239 break; 1240 case SSL_PROTOCOL_VERSION_TLS1: 1241 fallback = FALLBACK_TLS1; 1242 break; 1243 case SSL_PROTOCOL_VERSION_TLS1_1: 1244 fallback = FALLBACK_TLS1_1; 1245 break; 1246 } 1247 } 1248 UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLVersionFallback", 1249 fallback, FALLBACK_MAX); 1250 1251 // We also wish to measure the amount of fallback connections for a host that 1252 // we know implements TLS up to 1.2. Ideally there would be no fallback here 1253 // but high numbers of SSLv3 would suggest that SSLv3 fallback is being 1254 // caused by network middleware rather than buggy HTTPS servers. 1255 const std::string& host = origin_server.host(); 1256 if (!is_proxy && 1257 host.size() >= 10 && 1258 host.compare(host.size() - 10, 10, "google.com") == 0 && 1259 (host.size() == 10 || host[host.size()-11] == '.')) { 1260 UMA_HISTOGRAM_ENUMERATION("Net.GoogleConnectionUsedSSLVersionFallback", 1261 fallback, FALLBACK_MAX); 1262 } 1263 1264 if (request_info_.load_flags & LOAD_VERIFY_EV_CERT) 1265 ssl_config->verify_ev_cert = true; 1266 1267 // Disable Channel ID if privacy mode is enabled. 1268 if (request_info_.privacy_mode == PRIVACY_MODE_ENABLED) 1269 ssl_config->channel_id_enabled = false; 1270 } 1271 1272 1273 int HttpStreamFactoryImpl::Job::ReconsiderProxyAfterError(int error) { 1274 DCHECK(!pac_request_); 1275 DCHECK(session_); 1276 1277 // A failure to resolve the hostname or any error related to establishing a 1278 // TCP connection could be grounds for trying a new proxy configuration. 1279 // 1280 // Why do this when a hostname cannot be resolved? Some URLs only make sense 1281 // to proxy servers. The hostname in those URLs might fail to resolve if we 1282 // are still using a non-proxy config. We need to check if a proxy config 1283 // now exists that corresponds to a proxy server that could load the URL. 1284 // 1285 switch (error) { 1286 case ERR_PROXY_CONNECTION_FAILED: 1287 case ERR_NAME_NOT_RESOLVED: 1288 case ERR_INTERNET_DISCONNECTED: 1289 case ERR_ADDRESS_UNREACHABLE: 1290 case ERR_CONNECTION_CLOSED: 1291 case ERR_CONNECTION_TIMED_OUT: 1292 case ERR_CONNECTION_RESET: 1293 case ERR_CONNECTION_REFUSED: 1294 case ERR_CONNECTION_ABORTED: 1295 case ERR_TIMED_OUT: 1296 case ERR_TUNNEL_CONNECTION_FAILED: 1297 case ERR_SOCKS_CONNECTION_FAILED: 1298 // This can happen in the case of trying to talk to a proxy using SSL, and 1299 // ending up talking to a captive portal that supports SSL instead. 1300 case ERR_PROXY_CERTIFICATE_INVALID: 1301 // This can happen when trying to talk SSL to a non-SSL server (Like a 1302 // captive portal). 1303 case ERR_SSL_PROTOCOL_ERROR: 1304 break; 1305 case ERR_SOCKS_CONNECTION_HOST_UNREACHABLE: 1306 // Remap the SOCKS-specific "host unreachable" error to a more 1307 // generic error code (this way consumers like the link doctor 1308 // know to substitute their error page). 1309 // 1310 // Note that if the host resolving was done by the SOCKS5 proxy, we can't 1311 // differentiate between a proxy-side "host not found" versus a proxy-side 1312 // "address unreachable" error, and will report both of these failures as 1313 // ERR_ADDRESS_UNREACHABLE. 1314 return ERR_ADDRESS_UNREACHABLE; 1315 default: 1316 return error; 1317 } 1318 1319 if (request_info_.load_flags & LOAD_BYPASS_PROXY) { 1320 return error; 1321 } 1322 1323 if (proxy_info_.is_https() && proxy_ssl_config_.send_client_cert) { 1324 session_->ssl_client_auth_cache()->Remove( 1325 proxy_info_.proxy_server().host_port_pair()); 1326 } 1327 1328 int rv = session_->proxy_service()->ReconsiderProxyAfterError( 1329 request_info_.url, request_info_.load_flags, error, &proxy_info_, 1330 io_callback_, &pac_request_, session_->network_delegate(), net_log_); 1331 if (rv == OK || rv == ERR_IO_PENDING) { 1332 // If the error was during connection setup, there is no socket to 1333 // disconnect. 1334 if (connection_->socket()) 1335 connection_->socket()->Disconnect(); 1336 connection_->Reset(); 1337 if (request_) 1338 request_->RemoveRequestFromSpdySessionRequestMap(); 1339 next_state_ = STATE_RESOLVE_PROXY_COMPLETE; 1340 } else { 1341 // If ReconsiderProxyAfterError() failed synchronously, it means 1342 // there was nothing left to fall-back to, so fail the transaction 1343 // with the last connection error we got. 1344 // TODO(eroman): This is a confusing contract, make it more obvious. 1345 rv = error; 1346 } 1347 1348 return rv; 1349 } 1350 1351 int HttpStreamFactoryImpl::Job::HandleCertificateError(int error) { 1352 DCHECK(using_ssl_); 1353 DCHECK(IsCertificateError(error)); 1354 1355 SSLClientSocket* ssl_socket = 1356 static_cast<SSLClientSocket*>(connection_->socket()); 1357 ssl_socket->GetSSLInfo(&ssl_info_); 1358 1359 // Add the bad certificate to the set of allowed certificates in the 1360 // SSL config object. This data structure will be consulted after calling 1361 // RestartIgnoringLastError(). And the user will be asked interactively 1362 // before RestartIgnoringLastError() is ever called. 1363 SSLConfig::CertAndStatus bad_cert; 1364 1365 // |ssl_info_.cert| may be NULL if we failed to create 1366 // X509Certificate for whatever reason, but normally it shouldn't 1367 // happen, unless this code is used inside sandbox. 1368 if (ssl_info_.cert.get() == NULL || 1369 !X509Certificate::GetDEREncoded(ssl_info_.cert->os_cert_handle(), 1370 &bad_cert.der_cert)) { 1371 return error; 1372 } 1373 bad_cert.cert_status = ssl_info_.cert_status; 1374 server_ssl_config_.allowed_bad_certs.push_back(bad_cert); 1375 1376 int load_flags = request_info_.load_flags; 1377 if (session_->params().ignore_certificate_errors) 1378 load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS; 1379 if (ssl_socket->IgnoreCertError(error, load_flags)) 1380 return OK; 1381 return error; 1382 } 1383 1384 void HttpStreamFactoryImpl::Job::SwitchToSpdyMode() { 1385 if (HttpStreamFactory::spdy_enabled()) 1386 using_spdy_ = true; 1387 } 1388 1389 // static 1390 void HttpStreamFactoryImpl::Job::LogHttpConnectedMetrics( 1391 const ClientSocketHandle& handle) { 1392 UMA_HISTOGRAM_ENUMERATION("Net.HttpSocketType", handle.reuse_type(), 1393 ClientSocketHandle::NUM_TYPES); 1394 1395 switch (handle.reuse_type()) { 1396 case ClientSocketHandle::UNUSED: 1397 UMA_HISTOGRAM_CUSTOM_TIMES("Net.HttpConnectionLatency", 1398 handle.setup_time(), 1399 base::TimeDelta::FromMilliseconds(1), 1400 base::TimeDelta::FromMinutes(10), 1401 100); 1402 break; 1403 case ClientSocketHandle::UNUSED_IDLE: 1404 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SocketIdleTimeBeforeNextUse_UnusedSocket", 1405 handle.idle_time(), 1406 base::TimeDelta::FromMilliseconds(1), 1407 base::TimeDelta::FromMinutes(6), 1408 100); 1409 break; 1410 case ClientSocketHandle::REUSED_IDLE: 1411 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SocketIdleTimeBeforeNextUse_ReusedSocket", 1412 handle.idle_time(), 1413 base::TimeDelta::FromMilliseconds(1), 1414 base::TimeDelta::FromMinutes(6), 1415 100); 1416 break; 1417 default: 1418 NOTREACHED(); 1419 break; 1420 } 1421 } 1422 1423 bool HttpStreamFactoryImpl::Job::IsPreconnecting() const { 1424 DCHECK_GE(num_streams_, 0); 1425 return num_streams_ > 0; 1426 } 1427 1428 bool HttpStreamFactoryImpl::Job::IsOrphaned() const { 1429 return !IsPreconnecting() && !request_; 1430 } 1431 1432 void HttpStreamFactoryImpl::Job::ReportJobSuccededForRequest() { 1433 net::AlternateProtocolExperiment alternate_protocol_experiment = 1434 ALTERNATE_PROTOCOL_NOT_PART_OF_EXPERIMENT; 1435 base::WeakPtr<HttpServerProperties> http_server_properties = 1436 session_->http_server_properties(); 1437 if (http_server_properties) { 1438 alternate_protocol_experiment = 1439 http_server_properties->GetAlternateProtocolExperiment(); 1440 } 1441 if (using_existing_quic_session_) { 1442 // If an existing session was used, then no TCP connection was 1443 // started. 1444 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_NO_RACE, 1445 alternate_protocol_experiment); 1446 } else if (original_url_) { 1447 // This job was the alternate protocol job, and hence won the race. 1448 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_WON_RACE, 1449 alternate_protocol_experiment); 1450 } else { 1451 // This job was the normal job, and hence the alternate protocol job lost 1452 // the race. 1453 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_LOST_RACE, 1454 alternate_protocol_experiment); 1455 } 1456 } 1457 1458 void HttpStreamFactoryImpl::Job::MarkOtherJobComplete(const Job& job) { 1459 DCHECK_EQ(STATUS_RUNNING, other_job_status_); 1460 other_job_status_ = job.job_status_; 1461 MaybeMarkAlternateProtocolBroken(); 1462 } 1463 1464 void HttpStreamFactoryImpl::Job::MaybeMarkAlternateProtocolBroken() { 1465 if (job_status_ == STATUS_RUNNING || other_job_status_ == STATUS_RUNNING) 1466 return; 1467 1468 bool is_alternate_protocol_job = original_url_.get() != NULL; 1469 if (is_alternate_protocol_job) { 1470 if (job_status_ == STATUS_BROKEN && other_job_status_ == STATUS_SUCCEEDED) { 1471 HistogramBrokenAlternateProtocolLocation( 1472 BROKEN_ALTERNATE_PROTOCOL_LOCATION_HTTP_STREAM_FACTORY_IMPL_JOB_ALT); 1473 session_->http_server_properties()->SetBrokenAlternateProtocol( 1474 HostPortPair::FromURL(*original_url_)); 1475 } 1476 return; 1477 } 1478 1479 if (job_status_ == STATUS_SUCCEEDED && other_job_status_ == STATUS_BROKEN) { 1480 HistogramBrokenAlternateProtocolLocation( 1481 BROKEN_ALTERNATE_PROTOCOL_LOCATION_HTTP_STREAM_FACTORY_IMPL_JOB_MAIN); 1482 session_->http_server_properties()->SetBrokenAlternateProtocol( 1483 HostPortPair::FromURL(request_info_.url)); 1484 } 1485 } 1486 1487 } // namespace net 1488