1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/proxy_resolution/proxy_config.h"
6
7 #include <memory>
8 #include <utility>
9
10 #include "base/check_op.h"
11 #include "base/notreached.h"
12 #include "base/strings/string_tokenizer.h"
13 #include "base/strings/string_util.h"
14 #include "base/values.h"
15 #include "net/base/proxy_server.h"
16 #include "net/base/proxy_string_util.h"
17 #include "net/proxy_resolution/proxy_info.h"
18
19 namespace net {
20
21 namespace {
22
23 // If |proxies| is non-empty, sets it in |dict| under the key |name|.
AddProxyListToValue(const char * name,const ProxyList & proxies,base::Value::Dict * dict)24 void AddProxyListToValue(const char* name,
25 const ProxyList& proxies,
26 base::Value::Dict* dict) {
27 if (!proxies.IsEmpty())
28 dict->Set(name, proxies.ToValue());
29 }
30
31 // Split the |uri_list| on commas and add each entry to |proxy_list| in turn.
AddProxyURIListToProxyList(std::string uri_list,ProxyList * proxy_list,ProxyServer::Scheme default_scheme)32 void AddProxyURIListToProxyList(std::string uri_list,
33 ProxyList* proxy_list,
34 ProxyServer::Scheme default_scheme) {
35 base::StringTokenizer proxy_uri_list(uri_list, ",");
36 while (proxy_uri_list.GetNext()) {
37 proxy_list->AddProxyServer(
38 ProxyUriToProxyServer(proxy_uri_list.token(), default_scheme));
39 }
40 }
41
42 } // namespace
43
44 ProxyConfig::ProxyRules::ProxyRules() = default;
45
46 ProxyConfig::ProxyRules::ProxyRules(const ProxyRules& other) = default;
47
48 ProxyConfig::ProxyRules::~ProxyRules() = default;
49
Apply(const GURL & url,ProxyInfo * result) const50 void ProxyConfig::ProxyRules::Apply(const GURL& url, ProxyInfo* result) const {
51 if (empty()) {
52 result->UseDirect();
53 return;
54 }
55
56 // If restricted to Network Service's proxy list, the URL has already been
57 // matched by this point.
58 if (bypass_rules.Matches(url, reverse_bypass) &&
59 !restrict_to_network_service_proxy_allow_list) {
60 result->UseDirectWithBypassedProxy();
61 return;
62 }
63
64 switch (type) {
65 case ProxyRules::Type::PROXY_LIST: {
66 result->UseProxyList(single_proxies);
67 return;
68 }
69 case ProxyRules::Type::PROXY_LIST_PER_SCHEME: {
70 const ProxyList* entry = MapUrlSchemeToProxyList(url.scheme());
71 if (entry) {
72 result->UseProxyList(*entry);
73 } else {
74 // We failed to find a matching proxy server for the current URL
75 // scheme. Default to direct.
76 result->UseDirect();
77 }
78 return;
79 }
80 default: {
81 result->UseDirect();
82 NOTREACHED();
83 return;
84 }
85 }
86 }
87
ParseFromString(const std::string & proxy_rules)88 void ProxyConfig::ProxyRules::ParseFromString(const std::string& proxy_rules) {
89 // Reset.
90 type = Type::EMPTY;
91 single_proxies = ProxyList();
92 proxies_for_http = ProxyList();
93 proxies_for_https = ProxyList();
94 proxies_for_ftp = ProxyList();
95 fallback_proxies = ProxyList();
96
97 base::StringTokenizer proxy_server_list(proxy_rules, ";");
98 while (proxy_server_list.GetNext()) {
99 base::StringTokenizer proxy_server_for_scheme(
100 proxy_server_list.token_begin(), proxy_server_list.token_end(), "=");
101
102 while (proxy_server_for_scheme.GetNext()) {
103 std::string url_scheme = proxy_server_for_scheme.token();
104
105 // If we fail to get the proxy server here, it means that
106 // this is a regular proxy server configuration, i.e. proxies
107 // are not configured per protocol.
108 if (!proxy_server_for_scheme.GetNext()) {
109 if (type == Type::PROXY_LIST_PER_SCHEME)
110 continue; // Unexpected.
111 AddProxyURIListToProxyList(url_scheme,
112 &single_proxies,
113 ProxyServer::SCHEME_HTTP);
114 type = Type::PROXY_LIST;
115 return;
116 }
117
118 // Trim whitespace off the url scheme.
119 base::TrimWhitespaceASCII(url_scheme, base::TRIM_ALL, &url_scheme);
120
121 // Add it to the per-scheme mappings (if supported scheme).
122 type = Type::PROXY_LIST_PER_SCHEME;
123 ProxyList* entry = MapUrlSchemeToProxyListNoFallback(url_scheme);
124 ProxyServer::Scheme default_scheme = ProxyServer::SCHEME_HTTP;
125
126 // socks=XXX is inconsistent with the other formats, since "socks"
127 // is not a URL scheme. Rather this means "for everything else, send
128 // it to the SOCKS proxy server XXX".
129 if (url_scheme == "socks") {
130 DCHECK(!entry);
131 entry = &fallback_proxies;
132 // Note that here 'socks' is understood to be SOCKS4, even though
133 // 'socks' maps to SOCKS5 in ProxyServer::GetSchemeFromURIInternal.
134 default_scheme = ProxyServer::SCHEME_SOCKS4;
135 }
136
137 if (entry) {
138 AddProxyURIListToProxyList(proxy_server_for_scheme.token(),
139 entry,
140 default_scheme);
141 }
142 }
143 }
144 }
145
MapUrlSchemeToProxyList(const std::string & url_scheme) const146 const ProxyList* ProxyConfig::ProxyRules::MapUrlSchemeToProxyList(
147 const std::string& url_scheme) const {
148 const ProxyList* proxy_server_list = const_cast<ProxyRules*>(this)->
149 MapUrlSchemeToProxyListNoFallback(url_scheme);
150 if (proxy_server_list && !proxy_server_list->IsEmpty())
151 return proxy_server_list;
152 if (url_scheme == "ws" || url_scheme == "wss")
153 return GetProxyListForWebSocketScheme();
154 if (!fallback_proxies.IsEmpty())
155 return &fallback_proxies;
156 return nullptr; // No mapping for this scheme. Use direct.
157 }
158
Equals(const ProxyRules & other) const159 bool ProxyConfig::ProxyRules::Equals(const ProxyRules& other) const {
160 return type == other.type && single_proxies.Equals(other.single_proxies) &&
161 proxies_for_http.Equals(other.proxies_for_http) &&
162 proxies_for_https.Equals(other.proxies_for_https) &&
163 proxies_for_ftp.Equals(other.proxies_for_ftp) &&
164 fallback_proxies.Equals(other.fallback_proxies) &&
165 bypass_rules == other.bypass_rules &&
166 restrict_to_network_service_proxy_allow_list ==
167 other.restrict_to_network_service_proxy_allow_list &&
168 reverse_bypass == other.reverse_bypass;
169 }
170
MapUrlSchemeToProxyListNoFallback(const std::string & scheme)171 ProxyList* ProxyConfig::ProxyRules::MapUrlSchemeToProxyListNoFallback(
172 const std::string& scheme) {
173 DCHECK_EQ(Type::PROXY_LIST_PER_SCHEME, type);
174 if (scheme == "http")
175 return &proxies_for_http;
176 if (scheme == "https")
177 return &proxies_for_https;
178 if (scheme == "ftp")
179 return &proxies_for_ftp;
180 return nullptr; // No mapping for this scheme.
181 }
182
GetProxyListForWebSocketScheme() const183 const ProxyList* ProxyConfig::ProxyRules::GetProxyListForWebSocketScheme()
184 const {
185 // Follow the recommendation from RFC 6455 section 4.1.3:
186 //
187 // NOTE: Implementations that do not expose explicit UI for
188 // selecting a proxy for WebSocket connections separate from other
189 // proxies are encouraged to use a SOCKS5 [RFC1928] proxy for
190 // WebSocket connections, if available, or failing that, to prefer
191 // the proxy configured for HTTPS connections over the proxy
192 // configured for HTTP connections.
193 //
194 // This interpretation is a bit different from the RFC, in
195 // that it favors both SOCKSv4 and SOCKSv5.
196 //
197 // When the net::ProxyRules came from system proxy settings,
198 // "fallback_proxies" will be empty, or a a single SOCKS
199 // proxy, making this ordering match the RFC.
200 //
201 // However for other configurations it is possible for
202 // "fallback_proxies" to be a list of any ProxyServer,
203 // including non-SOCKS. In this case "fallback_proxies" is
204 // still prioritized over proxies_for_http and
205 // proxies_for_https.
206 if (!fallback_proxies.IsEmpty())
207 return &fallback_proxies;
208 if (!proxies_for_https.IsEmpty())
209 return &proxies_for_https;
210 if (!proxies_for_http.IsEmpty())
211 return &proxies_for_http;
212 return nullptr;
213 }
214
215 ProxyConfig::ProxyConfig() = default;
216
217 ProxyConfig::ProxyConfig(const ProxyConfig& config) = default;
218
219 ProxyConfig::~ProxyConfig() = default;
220
221 ProxyConfig& ProxyConfig::operator=(const ProxyConfig& config) = default;
222
Equals(const ProxyConfig & other) const223 bool ProxyConfig::Equals(const ProxyConfig& other) const {
224 return auto_detect_ == other.auto_detect_ && pac_url_ == other.pac_url_ &&
225 pac_mandatory_ == other.pac_mandatory_ &&
226 from_system_ == other.from_system_ &&
227 proxy_rules_.Equals(other.proxy_rules());
228 }
229
HasAutomaticSettings() const230 bool ProxyConfig::HasAutomaticSettings() const {
231 return auto_detect_ || has_pac_url();
232 }
233
ClearAutomaticSettings()234 void ProxyConfig::ClearAutomaticSettings() {
235 auto_detect_ = false;
236 pac_url_ = GURL();
237 }
238
ToValue() const239 base::Value ProxyConfig::ToValue() const {
240 base::Value::Dict dict;
241
242 // Output the automatic settings.
243 if (auto_detect_)
244 dict.Set("auto_detect", auto_detect_);
245 if (has_pac_url()) {
246 dict.Set("pac_url", pac_url_.possibly_invalid_spec());
247 if (pac_mandatory_)
248 dict.Set("pac_mandatory", pac_mandatory_);
249 }
250 if (from_system_) {
251 dict.Set("from_system", from_system_);
252 }
253
254 // Output the manual settings.
255 if (proxy_rules_.type != ProxyRules::Type::EMPTY) {
256 switch (proxy_rules_.type) {
257 case ProxyRules::Type::PROXY_LIST:
258 AddProxyListToValue("single_proxy", proxy_rules_.single_proxies, &dict);
259 break;
260 case ProxyRules::Type::PROXY_LIST_PER_SCHEME: {
261 base::Value::Dict dict2;
262 AddProxyListToValue("http", proxy_rules_.proxies_for_http, &dict2);
263 AddProxyListToValue("https", proxy_rules_.proxies_for_https, &dict2);
264 AddProxyListToValue("ftp", proxy_rules_.proxies_for_ftp, &dict2);
265 AddProxyListToValue("fallback", proxy_rules_.fallback_proxies, &dict2);
266 dict.Set("proxy_per_scheme", std::move(dict2));
267 break;
268 }
269 default:
270 NOTREACHED();
271 }
272
273 // Output the bypass rules.
274 const ProxyBypassRules& bypass = proxy_rules_.bypass_rules;
275 if (!bypass.rules().empty()) {
276 if (proxy_rules_.reverse_bypass)
277 dict.Set("reverse_bypass", true);
278
279 base::Value::List list;
280
281 for (const auto& bypass_rule : bypass.rules())
282 list.Append(bypass_rule->ToString());
283
284 dict.Set("bypass_list", std::move(list));
285 }
286 }
287
288 if (proxy_rules_.restrict_to_network_service_proxy_allow_list) {
289 dict.Set("restrict_to_network_service_proxy_allow_list", true);
290 }
291
292 return base::Value(std::move(dict));
293 }
294
295 } // namespace net
296