1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/http_stream_factory_impl_job.h"
6
7 #include <algorithm>
8 #include <string>
9
10 #include "base/bind.h"
11 #include "base/bind_helpers.h"
12 #include "base/logging.h"
13 #include "base/stl_util.h"
14 #include "base/strings/string_util.h"
15 #include "base/strings/stringprintf.h"
16 #include "base/values.h"
17 #include "build/build_config.h"
18 #include "net/base/connection_type_histograms.h"
19 #include "net/base/net_log.h"
20 #include "net/base/net_util.h"
21 #include "net/http/http_basic_stream.h"
22 #include "net/http/http_network_session.h"
23 #include "net/http/http_proxy_client_socket.h"
24 #include "net/http/http_proxy_client_socket_pool.h"
25 #include "net/http/http_request_info.h"
26 #include "net/http/http_server_properties.h"
27 #include "net/http/http_stream_factory.h"
28 #include "net/http/http_stream_factory_impl_request.h"
29 #include "net/quic/quic_http_stream.h"
30 #include "net/socket/client_socket_handle.h"
31 #include "net/socket/client_socket_pool.h"
32 #include "net/socket/client_socket_pool_manager.h"
33 #include "net/socket/socks_client_socket_pool.h"
34 #include "net/socket/ssl_client_socket.h"
35 #include "net/socket/ssl_client_socket_pool.h"
36 #include "net/spdy/spdy_http_stream.h"
37 #include "net/spdy/spdy_session.h"
38 #include "net/spdy/spdy_session_pool.h"
39 #include "net/ssl/ssl_cert_request_info.h"
40
41 namespace net {
42
43 // Returns parameters associated with the start of a HTTP stream job.
NetLogHttpStreamJobCallback(const GURL * original_url,const GURL * url,RequestPriority priority,NetLog::LogLevel)44 base::Value* NetLogHttpStreamJobCallback(const GURL* original_url,
45 const GURL* url,
46 RequestPriority priority,
47 NetLog::LogLevel /* log_level */) {
48 base::DictionaryValue* dict = new base::DictionaryValue();
49 dict->SetString("original_url", original_url->GetOrigin().spec());
50 dict->SetString("url", url->GetOrigin().spec());
51 dict->SetString("priority", RequestPriorityToString(priority));
52 return dict;
53 }
54
55 // Returns parameters associated with the Proto (with NPN negotiation) of a HTTP
56 // stream.
NetLogHttpStreamProtoCallback(const SSLClientSocket::NextProtoStatus status,const std::string * proto,NetLog::LogLevel)57 base::Value* NetLogHttpStreamProtoCallback(
58 const SSLClientSocket::NextProtoStatus status,
59 const std::string* proto,
60 NetLog::LogLevel /* log_level */) {
61 base::DictionaryValue* dict = new base::DictionaryValue();
62
63 dict->SetString("next_proto_status",
64 SSLClientSocket::NextProtoStatusToString(status));
65 dict->SetString("proto", *proto);
66 return dict;
67 }
68
Job(HttpStreamFactoryImpl * stream_factory,HttpNetworkSession * session,const HttpRequestInfo & request_info,RequestPriority priority,const SSLConfig & server_ssl_config,const SSLConfig & proxy_ssl_config,NetLog * net_log)69 HttpStreamFactoryImpl::Job::Job(HttpStreamFactoryImpl* stream_factory,
70 HttpNetworkSession* session,
71 const HttpRequestInfo& request_info,
72 RequestPriority priority,
73 const SSLConfig& server_ssl_config,
74 const SSLConfig& proxy_ssl_config,
75 NetLog* net_log)
76 : request_(NULL),
77 request_info_(request_info),
78 priority_(priority),
79 server_ssl_config_(server_ssl_config),
80 proxy_ssl_config_(proxy_ssl_config),
81 net_log_(BoundNetLog::Make(net_log, NetLog::SOURCE_HTTP_STREAM_JOB)),
82 io_callback_(base::Bind(&Job::OnIOComplete, base::Unretained(this))),
83 connection_(new ClientSocketHandle),
84 session_(session),
85 stream_factory_(stream_factory),
86 next_state_(STATE_NONE),
87 pac_request_(NULL),
88 blocking_job_(NULL),
89 waiting_job_(NULL),
90 using_ssl_(false),
91 using_spdy_(false),
92 using_quic_(false),
93 quic_request_(session_->quic_stream_factory()),
94 using_existing_quic_session_(false),
95 spdy_certificate_error_(OK),
96 establishing_tunnel_(false),
97 was_npn_negotiated_(false),
98 protocol_negotiated_(kProtoUnknown),
99 num_streams_(0),
100 spdy_session_direct_(false),
101 job_status_(STATUS_RUNNING),
102 other_job_status_(STATUS_RUNNING),
103 ptr_factory_(this) {
104 DCHECK(stream_factory);
105 DCHECK(session);
106 }
107
~Job()108 HttpStreamFactoryImpl::Job::~Job() {
109 net_log_.EndEvent(NetLog::TYPE_HTTP_STREAM_JOB);
110
111 // When we're in a partially constructed state, waiting for the user to
112 // provide certificate handling information or authentication, we can't reuse
113 // this stream at all.
114 if (next_state_ == STATE_WAITING_USER_ACTION) {
115 connection_->socket()->Disconnect();
116 connection_.reset();
117 }
118
119 if (pac_request_)
120 session_->proxy_service()->CancelPacRequest(pac_request_);
121
122 // The stream could be in a partial state. It is not reusable.
123 if (stream_.get() && next_state_ != STATE_DONE)
124 stream_->Close(true /* not reusable */);
125 }
126
Start(Request * request)127 void HttpStreamFactoryImpl::Job::Start(Request* request) {
128 DCHECK(request);
129 request_ = request;
130 StartInternal();
131 }
132
Preconnect(int num_streams)133 int HttpStreamFactoryImpl::Job::Preconnect(int num_streams) {
134 DCHECK_GT(num_streams, 0);
135 HostPortPair origin_server =
136 HostPortPair(request_info_.url.HostNoBrackets(),
137 request_info_.url.EffectiveIntPort());
138 base::WeakPtr<HttpServerProperties> http_server_properties =
139 session_->http_server_properties();
140 if (http_server_properties &&
141 http_server_properties->SupportsSpdy(origin_server)) {
142 num_streams_ = 1;
143 } else {
144 num_streams_ = num_streams;
145 }
146 return StartInternal();
147 }
148
RestartTunnelWithProxyAuth(const AuthCredentials & credentials)149 int HttpStreamFactoryImpl::Job::RestartTunnelWithProxyAuth(
150 const AuthCredentials& credentials) {
151 DCHECK(establishing_tunnel_);
152 next_state_ = STATE_RESTART_TUNNEL_AUTH;
153 stream_.reset();
154 return RunLoop(OK);
155 }
156
GetLoadState() const157 LoadState HttpStreamFactoryImpl::Job::GetLoadState() const {
158 switch (next_state_) {
159 case STATE_RESOLVE_PROXY_COMPLETE:
160 return session_->proxy_service()->GetLoadState(pac_request_);
161 case STATE_INIT_CONNECTION_COMPLETE:
162 case STATE_CREATE_STREAM_COMPLETE:
163 return using_quic_ ? LOAD_STATE_CONNECTING : connection_->GetLoadState();
164 default:
165 return LOAD_STATE_IDLE;
166 }
167 }
168
MarkAsAlternate(const GURL & original_url,AlternateProtocolInfo alternate)169 void HttpStreamFactoryImpl::Job::MarkAsAlternate(
170 const GURL& original_url,
171 AlternateProtocolInfo alternate) {
172 DCHECK(!original_url_.get());
173 original_url_.reset(new GURL(original_url));
174 if (alternate.protocol == QUIC) {
175 DCHECK(session_->params().enable_quic);
176 using_quic_ = true;
177 }
178 }
179
WaitFor(Job * job)180 void HttpStreamFactoryImpl::Job::WaitFor(Job* job) {
181 DCHECK_EQ(STATE_NONE, next_state_);
182 DCHECK_EQ(STATE_NONE, job->next_state_);
183 DCHECK(!blocking_job_);
184 DCHECK(!job->waiting_job_);
185 blocking_job_ = job;
186 job->waiting_job_ = this;
187 }
188
Resume(Job * job)189 void HttpStreamFactoryImpl::Job::Resume(Job* job) {
190 DCHECK_EQ(blocking_job_, job);
191 blocking_job_ = NULL;
192
193 // We know we're blocked if the next_state_ is STATE_WAIT_FOR_JOB_COMPLETE.
194 // Unblock |this|.
195 if (next_state_ == STATE_WAIT_FOR_JOB_COMPLETE) {
196 base::MessageLoop::current()->PostTask(
197 FROM_HERE,
198 base::Bind(&HttpStreamFactoryImpl::Job::OnIOComplete,
199 ptr_factory_.GetWeakPtr(), OK));
200 }
201 }
202
Orphan(const Request * request)203 void HttpStreamFactoryImpl::Job::Orphan(const Request* request) {
204 DCHECK_EQ(request_, request);
205 request_ = NULL;
206 if (blocking_job_) {
207 // We've been orphaned, but there's a job we're blocked on. Don't bother
208 // racing, just cancel ourself.
209 DCHECK(blocking_job_->waiting_job_);
210 blocking_job_->waiting_job_ = NULL;
211 blocking_job_ = NULL;
212 if (stream_factory_->for_websockets_ &&
213 connection_ && connection_->socket()) {
214 connection_->socket()->Disconnect();
215 }
216 stream_factory_->OnOrphanedJobComplete(this);
217 } else if (stream_factory_->for_websockets_) {
218 // We cancel this job because a WebSocketHandshakeStream can't be created
219 // without a WebSocketHandshakeStreamBase::CreateHelper which is stored in
220 // the Request class and isn't accessible from this job.
221 if (connection_ && connection_->socket()) {
222 connection_->socket()->Disconnect();
223 }
224 stream_factory_->OnOrphanedJobComplete(this);
225 }
226 }
227
SetPriority(RequestPriority priority)228 void HttpStreamFactoryImpl::Job::SetPriority(RequestPriority priority) {
229 priority_ = priority;
230 // TODO(akalin): Propagate this to |connection_| and maybe the
231 // preconnect state.
232 }
233
was_npn_negotiated() const234 bool HttpStreamFactoryImpl::Job::was_npn_negotiated() const {
235 return was_npn_negotiated_;
236 }
237
protocol_negotiated() const238 NextProto HttpStreamFactoryImpl::Job::protocol_negotiated() const {
239 return protocol_negotiated_;
240 }
241
using_spdy() const242 bool HttpStreamFactoryImpl::Job::using_spdy() const {
243 return using_spdy_;
244 }
245
server_ssl_config() const246 const SSLConfig& HttpStreamFactoryImpl::Job::server_ssl_config() const {
247 return server_ssl_config_;
248 }
249
proxy_ssl_config() const250 const SSLConfig& HttpStreamFactoryImpl::Job::proxy_ssl_config() const {
251 return proxy_ssl_config_;
252 }
253
proxy_info() const254 const ProxyInfo& HttpStreamFactoryImpl::Job::proxy_info() const {
255 return proxy_info_;
256 }
257
GetSSLInfo()258 void HttpStreamFactoryImpl::Job::GetSSLInfo() {
259 DCHECK(using_ssl_);
260 DCHECK(!establishing_tunnel_);
261 DCHECK(connection_.get() && connection_->socket());
262 SSLClientSocket* ssl_socket =
263 static_cast<SSLClientSocket*>(connection_->socket());
264 ssl_socket->GetSSLInfo(&ssl_info_);
265 }
266
GetSpdySessionKey() const267 SpdySessionKey HttpStreamFactoryImpl::Job::GetSpdySessionKey() const {
268 // In the case that we're using an HTTPS proxy for an HTTP url,
269 // we look for a SPDY session *to* the proxy, instead of to the
270 // origin server.
271 PrivacyMode privacy_mode = request_info_.privacy_mode;
272 if (IsHttpsProxyAndHttpUrl()) {
273 return SpdySessionKey(proxy_info_.proxy_server().host_port_pair(),
274 ProxyServer::Direct(),
275 privacy_mode);
276 } else {
277 return SpdySessionKey(origin_,
278 proxy_info_.proxy_server(),
279 privacy_mode);
280 }
281 }
282
CanUseExistingSpdySession() const283 bool HttpStreamFactoryImpl::Job::CanUseExistingSpdySession() const {
284 // We need to make sure that if a spdy session was created for
285 // https://somehost/ that we don't use that session for http://somehost:443/.
286 // The only time we can use an existing session is if the request URL is
287 // https (the normal case) or if we're connection to a SPDY proxy, or
288 // if we're running with force_spdy_always_. crbug.com/133176
289 // TODO(ricea): Add "wss" back to this list when SPDY WebSocket support is
290 // working.
291 return request_info_.url.SchemeIs("https") ||
292 proxy_info_.proxy_server().is_https() ||
293 session_->params().force_spdy_always;
294 }
295
OnStreamReadyCallback()296 void HttpStreamFactoryImpl::Job::OnStreamReadyCallback() {
297 DCHECK(stream_.get());
298 DCHECK(!IsPreconnecting());
299 DCHECK(!stream_factory_->for_websockets_);
300 if (IsOrphaned()) {
301 stream_factory_->OnOrphanedJobComplete(this);
302 } else {
303 request_->Complete(was_npn_negotiated(),
304 protocol_negotiated(),
305 using_spdy(),
306 net_log_);
307 request_->OnStreamReady(this, server_ssl_config_, proxy_info_,
308 stream_.release());
309 }
310 // |this| may be deleted after this call.
311 }
312
OnWebSocketHandshakeStreamReadyCallback()313 void HttpStreamFactoryImpl::Job::OnWebSocketHandshakeStreamReadyCallback() {
314 DCHECK(websocket_stream_);
315 DCHECK(!IsPreconnecting());
316 DCHECK(stream_factory_->for_websockets_);
317 // An orphaned WebSocket job will be closed immediately and
318 // never be ready.
319 DCHECK(!IsOrphaned());
320 request_->Complete(was_npn_negotiated(),
321 protocol_negotiated(),
322 using_spdy(),
323 net_log_);
324 request_->OnWebSocketHandshakeStreamReady(this,
325 server_ssl_config_,
326 proxy_info_,
327 websocket_stream_.release());
328 // |this| may be deleted after this call.
329 }
330
OnNewSpdySessionReadyCallback()331 void HttpStreamFactoryImpl::Job::OnNewSpdySessionReadyCallback() {
332 DCHECK(stream_.get());
333 DCHECK(!IsPreconnecting());
334 DCHECK(using_spdy());
335 // Note: an event loop iteration has passed, so |new_spdy_session_| may be
336 // NULL at this point if the SpdySession closed immediately after creation.
337 base::WeakPtr<SpdySession> spdy_session = new_spdy_session_;
338 new_spdy_session_.reset();
339
340 // TODO(jgraettinger): Notify the factory, and let that notify |request_|,
341 // rather than notifying |request_| directly.
342 if (IsOrphaned()) {
343 if (spdy_session) {
344 stream_factory_->OnNewSpdySessionReady(
345 spdy_session, spdy_session_direct_, server_ssl_config_, proxy_info_,
346 was_npn_negotiated(), protocol_negotiated(), using_spdy(), net_log_);
347 }
348 stream_factory_->OnOrphanedJobComplete(this);
349 } else {
350 request_->OnNewSpdySessionReady(
351 this, stream_.Pass(), spdy_session, spdy_session_direct_);
352 }
353 // |this| may be deleted after this call.
354 }
355
OnStreamFailedCallback(int result)356 void HttpStreamFactoryImpl::Job::OnStreamFailedCallback(int result) {
357 DCHECK(!IsPreconnecting());
358 if (IsOrphaned())
359 stream_factory_->OnOrphanedJobComplete(this);
360 else
361 request_->OnStreamFailed(this, result, server_ssl_config_);
362 // |this| may be deleted after this call.
363 }
364
OnCertificateErrorCallback(int result,const SSLInfo & ssl_info)365 void HttpStreamFactoryImpl::Job::OnCertificateErrorCallback(
366 int result, const SSLInfo& ssl_info) {
367 DCHECK(!IsPreconnecting());
368 if (IsOrphaned())
369 stream_factory_->OnOrphanedJobComplete(this);
370 else
371 request_->OnCertificateError(this, result, server_ssl_config_, ssl_info);
372 // |this| may be deleted after this call.
373 }
374
OnNeedsProxyAuthCallback(const HttpResponseInfo & response,HttpAuthController * auth_controller)375 void HttpStreamFactoryImpl::Job::OnNeedsProxyAuthCallback(
376 const HttpResponseInfo& response,
377 HttpAuthController* auth_controller) {
378 DCHECK(!IsPreconnecting());
379 if (IsOrphaned())
380 stream_factory_->OnOrphanedJobComplete(this);
381 else
382 request_->OnNeedsProxyAuth(
383 this, response, server_ssl_config_, proxy_info_, auth_controller);
384 // |this| may be deleted after this call.
385 }
386
OnNeedsClientAuthCallback(SSLCertRequestInfo * cert_info)387 void HttpStreamFactoryImpl::Job::OnNeedsClientAuthCallback(
388 SSLCertRequestInfo* cert_info) {
389 DCHECK(!IsPreconnecting());
390 if (IsOrphaned())
391 stream_factory_->OnOrphanedJobComplete(this);
392 else
393 request_->OnNeedsClientAuth(this, server_ssl_config_, cert_info);
394 // |this| may be deleted after this call.
395 }
396
OnHttpsProxyTunnelResponseCallback(const HttpResponseInfo & response_info,HttpStream * stream)397 void HttpStreamFactoryImpl::Job::OnHttpsProxyTunnelResponseCallback(
398 const HttpResponseInfo& response_info,
399 HttpStream* stream) {
400 DCHECK(!IsPreconnecting());
401 if (IsOrphaned())
402 stream_factory_->OnOrphanedJobComplete(this);
403 else
404 request_->OnHttpsProxyTunnelResponse(
405 this, response_info, server_ssl_config_, proxy_info_, stream);
406 // |this| may be deleted after this call.
407 }
408
OnPreconnectsComplete()409 void HttpStreamFactoryImpl::Job::OnPreconnectsComplete() {
410 DCHECK(!request_);
411 if (new_spdy_session_.get()) {
412 stream_factory_->OnNewSpdySessionReady(new_spdy_session_,
413 spdy_session_direct_,
414 server_ssl_config_,
415 proxy_info_,
416 was_npn_negotiated(),
417 protocol_negotiated(),
418 using_spdy(),
419 net_log_);
420 }
421 stream_factory_->OnPreconnectsComplete(this);
422 // |this| may be deleted after this call.
423 }
424
425 // static
OnHostResolution(SpdySessionPool * spdy_session_pool,const SpdySessionKey & spdy_session_key,const AddressList & addresses,const BoundNetLog & net_log)426 int HttpStreamFactoryImpl::Job::OnHostResolution(
427 SpdySessionPool* spdy_session_pool,
428 const SpdySessionKey& spdy_session_key,
429 const AddressList& addresses,
430 const BoundNetLog& net_log) {
431 // It is OK to dereference spdy_session_pool, because the
432 // ClientSocketPoolManager will be destroyed in the same callback that
433 // destroys the SpdySessionPool.
434 return
435 spdy_session_pool->FindAvailableSession(spdy_session_key, net_log) ?
436 ERR_SPDY_SESSION_ALREADY_EXISTS : OK;
437 }
438
OnIOComplete(int result)439 void HttpStreamFactoryImpl::Job::OnIOComplete(int result) {
440 RunLoop(result);
441 }
442
RunLoop(int result)443 int HttpStreamFactoryImpl::Job::RunLoop(int result) {
444 result = DoLoop(result);
445
446 if (result == ERR_IO_PENDING)
447 return result;
448
449 // If there was an error, we should have already resumed the |waiting_job_|,
450 // if there was one.
451 DCHECK(result == OK || waiting_job_ == NULL);
452
453 if (IsPreconnecting()) {
454 base::MessageLoop::current()->PostTask(
455 FROM_HERE,
456 base::Bind(&HttpStreamFactoryImpl::Job::OnPreconnectsComplete,
457 ptr_factory_.GetWeakPtr()));
458 return ERR_IO_PENDING;
459 }
460
461 if (IsCertificateError(result)) {
462 // Retrieve SSL information from the socket.
463 GetSSLInfo();
464
465 next_state_ = STATE_WAITING_USER_ACTION;
466 base::MessageLoop::current()->PostTask(
467 FROM_HERE,
468 base::Bind(&HttpStreamFactoryImpl::Job::OnCertificateErrorCallback,
469 ptr_factory_.GetWeakPtr(), result, ssl_info_));
470 return ERR_IO_PENDING;
471 }
472
473 switch (result) {
474 case ERR_PROXY_AUTH_REQUESTED: {
475 UMA_HISTOGRAM_BOOLEAN("Net.ProxyAuthRequested.HasConnection",
476 connection_.get() != NULL);
477 if (!connection_.get())
478 return ERR_PROXY_AUTH_REQUESTED_WITH_NO_CONNECTION;
479 CHECK(connection_->socket());
480 CHECK(establishing_tunnel_);
481
482 next_state_ = STATE_WAITING_USER_ACTION;
483 ProxyClientSocket* proxy_socket =
484 static_cast<ProxyClientSocket*>(connection_->socket());
485 base::MessageLoop::current()->PostTask(
486 FROM_HERE,
487 base::Bind(&Job::OnNeedsProxyAuthCallback, ptr_factory_.GetWeakPtr(),
488 *proxy_socket->GetConnectResponseInfo(),
489 proxy_socket->GetAuthController()));
490 return ERR_IO_PENDING;
491 }
492
493 case ERR_SSL_CLIENT_AUTH_CERT_NEEDED:
494 base::MessageLoop::current()->PostTask(
495 FROM_HERE,
496 base::Bind(&Job::OnNeedsClientAuthCallback, ptr_factory_.GetWeakPtr(),
497 connection_->ssl_error_response_info().cert_request_info));
498 return ERR_IO_PENDING;
499
500 case ERR_HTTPS_PROXY_TUNNEL_RESPONSE: {
501 DCHECK(connection_.get());
502 DCHECK(connection_->socket());
503 DCHECK(establishing_tunnel_);
504
505 ProxyClientSocket* proxy_socket =
506 static_cast<ProxyClientSocket*>(connection_->socket());
507 base::MessageLoop::current()->PostTask(
508 FROM_HERE,
509 base::Bind(&Job::OnHttpsProxyTunnelResponseCallback,
510 ptr_factory_.GetWeakPtr(),
511 *proxy_socket->GetConnectResponseInfo(),
512 proxy_socket->CreateConnectResponseStream()));
513 return ERR_IO_PENDING;
514 }
515
516 case OK:
517 job_status_ = STATUS_SUCCEEDED;
518 MaybeMarkAlternateProtocolBroken();
519 next_state_ = STATE_DONE;
520 if (new_spdy_session_.get()) {
521 base::MessageLoop::current()->PostTask(
522 FROM_HERE,
523 base::Bind(&Job::OnNewSpdySessionReadyCallback,
524 ptr_factory_.GetWeakPtr()));
525 } else if (stream_factory_->for_websockets_) {
526 DCHECK(websocket_stream_);
527 base::MessageLoop::current()->PostTask(
528 FROM_HERE,
529 base::Bind(&Job::OnWebSocketHandshakeStreamReadyCallback,
530 ptr_factory_.GetWeakPtr()));
531 } else {
532 DCHECK(stream_.get());
533 base::MessageLoop::current()->PostTask(
534 FROM_HERE,
535 base::Bind(&Job::OnStreamReadyCallback, ptr_factory_.GetWeakPtr()));
536 }
537 return ERR_IO_PENDING;
538
539 default:
540 if (job_status_ != STATUS_BROKEN) {
541 DCHECK_EQ(STATUS_RUNNING, job_status_);
542 job_status_ = STATUS_FAILED;
543 MaybeMarkAlternateProtocolBroken();
544 }
545 base::MessageLoop::current()->PostTask(
546 FROM_HERE,
547 base::Bind(&Job::OnStreamFailedCallback, ptr_factory_.GetWeakPtr(),
548 result));
549 return ERR_IO_PENDING;
550 }
551 }
552
DoLoop(int result)553 int HttpStreamFactoryImpl::Job::DoLoop(int result) {
554 DCHECK_NE(next_state_, STATE_NONE);
555 int rv = result;
556 do {
557 State state = next_state_;
558 next_state_ = STATE_NONE;
559 switch (state) {
560 case STATE_START:
561 DCHECK_EQ(OK, rv);
562 rv = DoStart();
563 break;
564 case STATE_RESOLVE_PROXY:
565 DCHECK_EQ(OK, rv);
566 rv = DoResolveProxy();
567 break;
568 case STATE_RESOLVE_PROXY_COMPLETE:
569 rv = DoResolveProxyComplete(rv);
570 break;
571 case STATE_WAIT_FOR_JOB:
572 DCHECK_EQ(OK, rv);
573 rv = DoWaitForJob();
574 break;
575 case STATE_WAIT_FOR_JOB_COMPLETE:
576 rv = DoWaitForJobComplete(rv);
577 break;
578 case STATE_INIT_CONNECTION:
579 DCHECK_EQ(OK, rv);
580 rv = DoInitConnection();
581 break;
582 case STATE_INIT_CONNECTION_COMPLETE:
583 rv = DoInitConnectionComplete(rv);
584 break;
585 case STATE_WAITING_USER_ACTION:
586 rv = DoWaitingUserAction(rv);
587 break;
588 case STATE_RESTART_TUNNEL_AUTH:
589 DCHECK_EQ(OK, rv);
590 rv = DoRestartTunnelAuth();
591 break;
592 case STATE_RESTART_TUNNEL_AUTH_COMPLETE:
593 rv = DoRestartTunnelAuthComplete(rv);
594 break;
595 case STATE_CREATE_STREAM:
596 DCHECK_EQ(OK, rv);
597 rv = DoCreateStream();
598 break;
599 case STATE_CREATE_STREAM_COMPLETE:
600 rv = DoCreateStreamComplete(rv);
601 break;
602 default:
603 NOTREACHED() << "bad state";
604 rv = ERR_FAILED;
605 break;
606 }
607 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE);
608 return rv;
609 }
610
StartInternal()611 int HttpStreamFactoryImpl::Job::StartInternal() {
612 CHECK_EQ(STATE_NONE, next_state_);
613 next_state_ = STATE_START;
614 int rv = RunLoop(OK);
615 DCHECK_EQ(ERR_IO_PENDING, rv);
616 return rv;
617 }
618
DoStart()619 int HttpStreamFactoryImpl::Job::DoStart() {
620 int port = request_info_.url.EffectiveIntPort();
621 origin_ = HostPortPair(request_info_.url.HostNoBrackets(), port);
622 origin_url_ = stream_factory_->ApplyHostMappingRules(
623 request_info_.url, &origin_);
624
625 net_log_.BeginEvent(NetLog::TYPE_HTTP_STREAM_JOB,
626 base::Bind(&NetLogHttpStreamJobCallback,
627 &request_info_.url, &origin_url_,
628 priority_));
629
630 // Don't connect to restricted ports.
631 bool is_port_allowed = IsPortAllowedByDefault(port);
632 if (request_info_.url.SchemeIs("ftp")) {
633 // Never share connection with other jobs for FTP requests.
634 DCHECK(!waiting_job_);
635
636 is_port_allowed = IsPortAllowedByFtp(port);
637 }
638 if (!is_port_allowed && !IsPortAllowedByOverride(port)) {
639 if (waiting_job_) {
640 waiting_job_->Resume(this);
641 waiting_job_ = NULL;
642 }
643 return ERR_UNSAFE_PORT;
644 }
645
646 next_state_ = STATE_RESOLVE_PROXY;
647 return OK;
648 }
649
DoResolveProxy()650 int HttpStreamFactoryImpl::Job::DoResolveProxy() {
651 DCHECK(!pac_request_);
652 DCHECK(session_);
653
654 next_state_ = STATE_RESOLVE_PROXY_COMPLETE;
655
656 if (request_info_.load_flags & LOAD_BYPASS_PROXY) {
657 proxy_info_.UseDirect();
658 return OK;
659 }
660
661 return session_->proxy_service()->ResolveProxy(
662 request_info_.url, request_info_.load_flags, &proxy_info_, io_callback_,
663 &pac_request_, session_->network_delegate(), net_log_);
664 }
665
DoResolveProxyComplete(int result)666 int HttpStreamFactoryImpl::Job::DoResolveProxyComplete(int result) {
667 pac_request_ = NULL;
668
669 if (result == OK) {
670 // Remove unsupported proxies from the list.
671 proxy_info_.RemoveProxiesWithoutScheme(
672 ProxyServer::SCHEME_DIRECT | ProxyServer::SCHEME_QUIC |
673 ProxyServer::SCHEME_HTTP | ProxyServer::SCHEME_HTTPS |
674 ProxyServer::SCHEME_SOCKS4 | ProxyServer::SCHEME_SOCKS5);
675
676 if (proxy_info_.is_empty()) {
677 // No proxies/direct to choose from. This happens when we don't support
678 // any of the proxies in the returned list.
679 result = ERR_NO_SUPPORTED_PROXIES;
680 } else if (using_quic_ &&
681 (!proxy_info_.is_quic() && !proxy_info_.is_direct())) {
682 // QUIC can not be spoken to non-QUIC proxies. This error should not be
683 // user visible, because the non-alternate job should be resumed.
684 result = ERR_NO_SUPPORTED_PROXIES;
685 }
686 }
687
688 if (result != OK) {
689 if (waiting_job_) {
690 waiting_job_->Resume(this);
691 waiting_job_ = NULL;
692 }
693 return result;
694 }
695
696 if (blocking_job_)
697 next_state_ = STATE_WAIT_FOR_JOB;
698 else
699 next_state_ = STATE_INIT_CONNECTION;
700 return OK;
701 }
702
ShouldForceSpdySSL() const703 bool HttpStreamFactoryImpl::Job::ShouldForceSpdySSL() const {
704 bool rv = session_->params().force_spdy_always &&
705 session_->params().force_spdy_over_ssl;
706 return rv && !session_->HasSpdyExclusion(origin_);
707 }
708
ShouldForceSpdyWithoutSSL() const709 bool HttpStreamFactoryImpl::Job::ShouldForceSpdyWithoutSSL() const {
710 bool rv = session_->params().force_spdy_always &&
711 !session_->params().force_spdy_over_ssl;
712 return rv && !session_->HasSpdyExclusion(origin_);
713 }
714
ShouldForceQuic() const715 bool HttpStreamFactoryImpl::Job::ShouldForceQuic() const {
716 return session_->params().enable_quic &&
717 session_->params().origin_to_force_quic_on.Equals(origin_) &&
718 proxy_info_.is_direct();
719 }
720
DoWaitForJob()721 int HttpStreamFactoryImpl::Job::DoWaitForJob() {
722 DCHECK(blocking_job_);
723 next_state_ = STATE_WAIT_FOR_JOB_COMPLETE;
724 return ERR_IO_PENDING;
725 }
726
DoWaitForJobComplete(int result)727 int HttpStreamFactoryImpl::Job::DoWaitForJobComplete(int result) {
728 DCHECK(!blocking_job_);
729 DCHECK_EQ(OK, result);
730 next_state_ = STATE_INIT_CONNECTION;
731 return OK;
732 }
733
DoInitConnection()734 int HttpStreamFactoryImpl::Job::DoInitConnection() {
735 DCHECK(!blocking_job_);
736 DCHECK(!connection_->is_initialized());
737 DCHECK(proxy_info_.proxy_server().is_valid());
738 next_state_ = STATE_INIT_CONNECTION_COMPLETE;
739
740 using_ssl_ = request_info_.url.SchemeIs("https") ||
741 request_info_.url.SchemeIs("wss") || ShouldForceSpdySSL();
742 using_spdy_ = false;
743
744 if (ShouldForceQuic())
745 using_quic_ = true;
746
747 if (proxy_info_.is_quic())
748 using_quic_ = true;
749
750 if (using_quic_) {
751 DCHECK(session_->params().enable_quic);
752 if (proxy_info_.is_quic() && !request_info_.url.SchemeIs("http")) {
753 NOTREACHED();
754 // TODO(rch): support QUIC proxies for HTTPS urls.
755 return ERR_NOT_IMPLEMENTED;
756 }
757 HostPortPair destination = proxy_info_.is_quic() ?
758 proxy_info_.proxy_server().host_port_pair() : origin_;
759 next_state_ = STATE_INIT_CONNECTION_COMPLETE;
760 bool secure_quic = using_ssl_ || proxy_info_.is_quic();
761 int rv = quic_request_.Request(
762 destination, secure_quic, request_info_.privacy_mode,
763 request_info_.method, net_log_, io_callback_);
764 if (rv == OK) {
765 using_existing_quic_session_ = true;
766 } else {
767 // OK, there's no available QUIC session. Let |waiting_job_| resume
768 // if it's paused.
769 if (waiting_job_) {
770 waiting_job_->Resume(this);
771 waiting_job_ = NULL;
772 }
773 }
774 return rv;
775 }
776
777 // Check first if we have a spdy session for this group. If so, then go
778 // straight to using that.
779 SpdySessionKey spdy_session_key = GetSpdySessionKey();
780 base::WeakPtr<SpdySession> spdy_session =
781 session_->spdy_session_pool()->FindAvailableSession(
782 spdy_session_key, net_log_);
783 if (spdy_session && CanUseExistingSpdySession()) {
784 // If we're preconnecting, but we already have a SpdySession, we don't
785 // actually need to preconnect any sockets, so we're done.
786 if (IsPreconnecting())
787 return OK;
788 using_spdy_ = true;
789 next_state_ = STATE_CREATE_STREAM;
790 existing_spdy_session_ = spdy_session;
791 return OK;
792 } else if (request_ && !request_->HasSpdySessionKey() &&
793 (using_ssl_ || ShouldForceSpdyWithoutSSL())) {
794 // Update the spdy session key for the request that launched this job.
795 request_->SetSpdySessionKey(spdy_session_key);
796 }
797
798 // OK, there's no available SPDY session. Let |waiting_job_| resume if it's
799 // paused.
800
801 if (waiting_job_) {
802 waiting_job_->Resume(this);
803 waiting_job_ = NULL;
804 }
805
806 if (proxy_info_.is_http() || proxy_info_.is_https())
807 establishing_tunnel_ = using_ssl_;
808
809 bool want_spdy_over_npn = original_url_ != NULL;
810
811 if (proxy_info_.is_https()) {
812 InitSSLConfig(proxy_info_.proxy_server().host_port_pair(),
813 &proxy_ssl_config_,
814 true /* is a proxy server */);
815 // Disable revocation checking for HTTPS proxies since the revocation
816 // requests are probably going to need to go through the proxy too.
817 proxy_ssl_config_.rev_checking_enabled = false;
818 }
819 if (using_ssl_) {
820 InitSSLConfig(origin_, &server_ssl_config_,
821 false /* not a proxy server */);
822 }
823
824 if (IsPreconnecting()) {
825 DCHECK(!stream_factory_->for_websockets_);
826 return PreconnectSocketsForHttpRequest(
827 origin_url_,
828 request_info_.extra_headers,
829 request_info_.load_flags,
830 priority_,
831 session_,
832 proxy_info_,
833 ShouldForceSpdySSL(),
834 want_spdy_over_npn,
835 server_ssl_config_,
836 proxy_ssl_config_,
837 request_info_.privacy_mode,
838 net_log_,
839 num_streams_);
840 }
841
842 // If we can't use a SPDY session, don't both checking for one after
843 // the hostname is resolved.
844 OnHostResolutionCallback resolution_callback = CanUseExistingSpdySession() ?
845 base::Bind(&Job::OnHostResolution, session_->spdy_session_pool(),
846 GetSpdySessionKey()) :
847 OnHostResolutionCallback();
848 if (stream_factory_->for_websockets_) {
849 // TODO(ricea): Re-enable NPN when WebSockets over SPDY is supported.
850 SSLConfig websocket_server_ssl_config = server_ssl_config_;
851 websocket_server_ssl_config.next_protos.clear();
852 return InitSocketHandleForWebSocketRequest(
853 origin_url_, request_info_.extra_headers, request_info_.load_flags,
854 priority_, session_, proxy_info_, ShouldForceSpdySSL(),
855 want_spdy_over_npn, websocket_server_ssl_config, proxy_ssl_config_,
856 request_info_.privacy_mode, net_log_,
857 connection_.get(), resolution_callback, io_callback_);
858 }
859
860 return InitSocketHandleForHttpRequest(
861 origin_url_, request_info_.extra_headers, request_info_.load_flags,
862 priority_, session_, proxy_info_, ShouldForceSpdySSL(),
863 want_spdy_over_npn, server_ssl_config_, proxy_ssl_config_,
864 request_info_.privacy_mode, net_log_,
865 connection_.get(), resolution_callback, io_callback_);
866 }
867
DoInitConnectionComplete(int result)868 int HttpStreamFactoryImpl::Job::DoInitConnectionComplete(int result) {
869 if (IsPreconnecting()) {
870 if (using_quic_)
871 return result;
872 DCHECK_EQ(OK, result);
873 return OK;
874 }
875
876 if (result == ERR_SPDY_SESSION_ALREADY_EXISTS) {
877 // We found a SPDY connection after resolving the host. This is
878 // probably an IP pooled connection.
879 SpdySessionKey spdy_session_key = GetSpdySessionKey();
880 existing_spdy_session_ =
881 session_->spdy_session_pool()->FindAvailableSession(
882 spdy_session_key, net_log_);
883 if (existing_spdy_session_) {
884 using_spdy_ = true;
885 next_state_ = STATE_CREATE_STREAM;
886 } else {
887 // It is possible that the spdy session no longer exists.
888 ReturnToStateInitConnection(true /* close connection */);
889 }
890 return OK;
891 }
892
893 // TODO(willchan): Make this a bit more exact. Maybe there are recoverable
894 // errors, such as ignoring certificate errors for Alternate-Protocol.
895 if (result < 0 && waiting_job_) {
896 waiting_job_->Resume(this);
897 waiting_job_ = NULL;
898 }
899
900 // |result| may be the result of any of the stacked pools. The following
901 // logic is used when determining how to interpret an error.
902 // If |result| < 0:
903 // and connection_->socket() != NULL, then the SSL handshake ran and it
904 // is a potentially recoverable error.
905 // and connection_->socket == NULL and connection_->is_ssl_error() is true,
906 // then the SSL handshake ran with an unrecoverable error.
907 // otherwise, the error came from one of the other pools.
908 bool ssl_started = using_ssl_ && (result == OK || connection_->socket() ||
909 connection_->is_ssl_error());
910
911 if (ssl_started && (result == OK || IsCertificateError(result))) {
912 if (using_quic_ && result == OK) {
913 was_npn_negotiated_ = true;
914 NextProto protocol_negotiated =
915 SSLClientSocket::NextProtoFromString("quic/1+spdy/3");
916 protocol_negotiated_ = protocol_negotiated;
917 } else {
918 SSLClientSocket* ssl_socket =
919 static_cast<SSLClientSocket*>(connection_->socket());
920 if (ssl_socket->WasNpnNegotiated()) {
921 was_npn_negotiated_ = true;
922 std::string proto;
923 SSLClientSocket::NextProtoStatus status =
924 ssl_socket->GetNextProto(&proto);
925 NextProto protocol_negotiated =
926 SSLClientSocket::NextProtoFromString(proto);
927 protocol_negotiated_ = protocol_negotiated;
928 net_log_.AddEvent(
929 NetLog::TYPE_HTTP_STREAM_REQUEST_PROTO,
930 base::Bind(&NetLogHttpStreamProtoCallback,
931 status, &proto));
932 if (ssl_socket->was_spdy_negotiated())
933 SwitchToSpdyMode();
934 }
935 if (ShouldForceSpdySSL())
936 SwitchToSpdyMode();
937 }
938 } else if (proxy_info_.is_https() && connection_->socket() &&
939 result == OK) {
940 ProxyClientSocket* proxy_socket =
941 static_cast<ProxyClientSocket*>(connection_->socket());
942 if (proxy_socket->IsUsingSpdy()) {
943 was_npn_negotiated_ = true;
944 protocol_negotiated_ = proxy_socket->GetProtocolNegotiated();
945 SwitchToSpdyMode();
946 }
947 }
948
949 // We may be using spdy without SSL
950 if (ShouldForceSpdyWithoutSSL())
951 SwitchToSpdyMode();
952
953 if (result == ERR_PROXY_AUTH_REQUESTED ||
954 result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) {
955 DCHECK(!ssl_started);
956 // Other state (i.e. |using_ssl_|) suggests that |connection_| will have an
957 // SSL socket, but there was an error before that could happen. This
958 // puts the in progress HttpProxy socket into |connection_| in order to
959 // complete the auth (or read the response body). The tunnel restart code
960 // is careful to remove it before returning control to the rest of this
961 // class.
962 connection_.reset(connection_->release_pending_http_proxy_connection());
963 return result;
964 }
965
966 if (!ssl_started && result < 0 && original_url_.get()) {
967 job_status_ = STATUS_BROKEN;
968 MaybeMarkAlternateProtocolBroken();
969 return result;
970 }
971
972 if (using_quic_) {
973 if (result < 0) {
974 job_status_ = STATUS_BROKEN;
975 MaybeMarkAlternateProtocolBroken();
976 return result;
977 }
978 stream_ = quic_request_.ReleaseStream();
979 next_state_ = STATE_NONE;
980 return OK;
981 }
982
983 if (result < 0 && !ssl_started)
984 return ReconsiderProxyAfterError(result);
985 establishing_tunnel_ = false;
986
987 if (connection_->socket()) {
988 LogHttpConnectedMetrics(*connection_);
989
990 // We officially have a new connection. Record the type.
991 if (!connection_->is_reused()) {
992 ConnectionType type = using_spdy_ ? CONNECTION_SPDY : CONNECTION_HTTP;
993 UpdateConnectionTypeHistograms(type);
994 }
995 }
996
997 // Handle SSL errors below.
998 if (using_ssl_) {
999 DCHECK(ssl_started);
1000 if (IsCertificateError(result)) {
1001 if (using_spdy_ && original_url_.get() &&
1002 original_url_->SchemeIs("http")) {
1003 // We ignore certificate errors for http over spdy.
1004 spdy_certificate_error_ = result;
1005 result = OK;
1006 } else {
1007 result = HandleCertificateError(result);
1008 if (result == OK && !connection_->socket()->IsConnectedAndIdle()) {
1009 ReturnToStateInitConnection(true /* close connection */);
1010 return result;
1011 }
1012 }
1013 }
1014 if (result < 0)
1015 return result;
1016 }
1017
1018 next_state_ = STATE_CREATE_STREAM;
1019 return OK;
1020 }
1021
DoWaitingUserAction(int result)1022 int HttpStreamFactoryImpl::Job::DoWaitingUserAction(int result) {
1023 // This state indicates that the stream request is in a partially
1024 // completed state, and we've called back to the delegate for more
1025 // information.
1026
1027 // We're always waiting here for the delegate to call us back.
1028 return ERR_IO_PENDING;
1029 }
1030
SetSpdyHttpStream(base::WeakPtr<SpdySession> session,bool direct)1031 int HttpStreamFactoryImpl::Job::SetSpdyHttpStream(
1032 base::WeakPtr<SpdySession> session, bool direct) {
1033 // TODO(ricea): Restore the code for WebSockets over SPDY once it's
1034 // implemented.
1035 if (stream_factory_->for_websockets_)
1036 return ERR_NOT_IMPLEMENTED;
1037
1038 // TODO(willchan): Delete this code, because eventually, the
1039 // HttpStreamFactoryImpl will be creating all the SpdyHttpStreams, since it
1040 // will know when SpdySessions become available.
1041
1042 bool use_relative_url = direct || request_info_.url.SchemeIs("https");
1043 stream_.reset(new SpdyHttpStream(session, use_relative_url));
1044 return OK;
1045 }
1046
DoCreateStream()1047 int HttpStreamFactoryImpl::Job::DoCreateStream() {
1048 DCHECK(connection_->socket() || existing_spdy_session_.get() || using_quic_);
1049
1050 next_state_ = STATE_CREATE_STREAM_COMPLETE;
1051
1052 // We only set the socket motivation if we're the first to use
1053 // this socket. Is there a race for two SPDY requests? We really
1054 // need to plumb this through to the connect level.
1055 if (connection_->socket() && !connection_->is_reused())
1056 SetSocketMotivation();
1057
1058 if (!using_spdy_) {
1059 // We may get ftp scheme when fetching ftp resources through proxy.
1060 bool using_proxy = (proxy_info_.is_http() || proxy_info_.is_https()) &&
1061 (request_info_.url.SchemeIs("http") ||
1062 request_info_.url.SchemeIs("ftp"));
1063 if (stream_factory_->for_websockets_) {
1064 DCHECK(request_);
1065 DCHECK(request_->websocket_handshake_stream_create_helper());
1066 websocket_stream_.reset(
1067 request_->websocket_handshake_stream_create_helper()
1068 ->CreateBasicStream(connection_.Pass(), using_proxy));
1069 } else {
1070 stream_.reset(new HttpBasicStream(connection_.release(), using_proxy));
1071 }
1072 return OK;
1073 }
1074
1075 CHECK(!stream_.get());
1076
1077 bool direct = true;
1078 const ProxyServer& proxy_server = proxy_info_.proxy_server();
1079 PrivacyMode privacy_mode = request_info_.privacy_mode;
1080 if (IsHttpsProxyAndHttpUrl())
1081 direct = false;
1082
1083 if (existing_spdy_session_.get()) {
1084 // We picked up an existing session, so we don't need our socket.
1085 if (connection_->socket())
1086 connection_->socket()->Disconnect();
1087 connection_->Reset();
1088
1089 int set_result = SetSpdyHttpStream(existing_spdy_session_, direct);
1090 existing_spdy_session_.reset();
1091 return set_result;
1092 }
1093
1094 SpdySessionKey spdy_session_key(origin_, proxy_server, privacy_mode);
1095 if (IsHttpsProxyAndHttpUrl()) {
1096 // If we don't have a direct SPDY session, and we're using an HTTPS
1097 // proxy, then we might have a SPDY session to the proxy.
1098 // We never use privacy mode for connection to proxy server.
1099 spdy_session_key = SpdySessionKey(proxy_server.host_port_pair(),
1100 ProxyServer::Direct(),
1101 PRIVACY_MODE_DISABLED);
1102 }
1103
1104 SpdySessionPool* spdy_pool = session_->spdy_session_pool();
1105 base::WeakPtr<SpdySession> spdy_session =
1106 spdy_pool->FindAvailableSession(spdy_session_key, net_log_);
1107
1108 if (spdy_session) {
1109 return SetSpdyHttpStream(spdy_session, direct);
1110 }
1111
1112 spdy_session =
1113 spdy_pool->CreateAvailableSessionFromSocket(spdy_session_key,
1114 connection_.Pass(),
1115 net_log_,
1116 spdy_certificate_error_,
1117 using_ssl_);
1118 if (!spdy_session->HasAcceptableTransportSecurity()) {
1119 spdy_session->CloseSessionOnError(
1120 ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY, "");
1121 return ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY;
1122 }
1123
1124 new_spdy_session_ = spdy_session;
1125 spdy_session_direct_ = direct;
1126 const HostPortPair& host_port_pair = spdy_session_key.host_port_pair();
1127 base::WeakPtr<HttpServerProperties> http_server_properties =
1128 session_->http_server_properties();
1129 if (http_server_properties)
1130 http_server_properties->SetSupportsSpdy(host_port_pair, true);
1131
1132 // Create a SpdyHttpStream attached to the session;
1133 // OnNewSpdySessionReadyCallback is not called until an event loop
1134 // iteration later, so if the SpdySession is closed between then, allow
1135 // reuse state from the underlying socket, sampled by SpdyHttpStream,
1136 // bubble up to the request.
1137 return SetSpdyHttpStream(new_spdy_session_, spdy_session_direct_);
1138 }
1139
DoCreateStreamComplete(int result)1140 int HttpStreamFactoryImpl::Job::DoCreateStreamComplete(int result) {
1141 if (result < 0)
1142 return result;
1143
1144 session_->proxy_service()->ReportSuccess(proxy_info_,
1145 session_->network_delegate());
1146 next_state_ = STATE_NONE;
1147 return OK;
1148 }
1149
DoRestartTunnelAuth()1150 int HttpStreamFactoryImpl::Job::DoRestartTunnelAuth() {
1151 next_state_ = STATE_RESTART_TUNNEL_AUTH_COMPLETE;
1152 ProxyClientSocket* proxy_socket =
1153 static_cast<ProxyClientSocket*>(connection_->socket());
1154 return proxy_socket->RestartWithAuth(io_callback_);
1155 }
1156
DoRestartTunnelAuthComplete(int result)1157 int HttpStreamFactoryImpl::Job::DoRestartTunnelAuthComplete(int result) {
1158 if (result == ERR_PROXY_AUTH_REQUESTED)
1159 return result;
1160
1161 if (result == OK) {
1162 // Now that we've got the HttpProxyClientSocket connected. We have
1163 // to release it as an idle socket into the pool and start the connection
1164 // process from the beginning. Trying to pass it in with the
1165 // SSLSocketParams might cause a deadlock since params are dispatched
1166 // interchangeably. This request won't necessarily get this http proxy
1167 // socket, but there will be forward progress.
1168 establishing_tunnel_ = false;
1169 ReturnToStateInitConnection(false /* do not close connection */);
1170 return OK;
1171 }
1172
1173 return ReconsiderProxyAfterError(result);
1174 }
1175
ReturnToStateInitConnection(bool close_connection)1176 void HttpStreamFactoryImpl::Job::ReturnToStateInitConnection(
1177 bool close_connection) {
1178 if (close_connection && connection_->socket())
1179 connection_->socket()->Disconnect();
1180 connection_->Reset();
1181
1182 if (request_)
1183 request_->RemoveRequestFromSpdySessionRequestMap();
1184
1185 next_state_ = STATE_INIT_CONNECTION;
1186 }
1187
SetSocketMotivation()1188 void HttpStreamFactoryImpl::Job::SetSocketMotivation() {
1189 if (request_info_.motivation == HttpRequestInfo::PRECONNECT_MOTIVATED)
1190 connection_->socket()->SetSubresourceSpeculation();
1191 else if (request_info_.motivation == HttpRequestInfo::OMNIBOX_MOTIVATED)
1192 connection_->socket()->SetOmniboxSpeculation();
1193 // TODO(mbelshe): Add other motivations (like EARLY_LOAD_MOTIVATED).
1194 }
1195
IsHttpsProxyAndHttpUrl() const1196 bool HttpStreamFactoryImpl::Job::IsHttpsProxyAndHttpUrl() const {
1197 if (!proxy_info_.is_https())
1198 return false;
1199 if (original_url_.get()) {
1200 // We currently only support Alternate-Protocol where the original scheme
1201 // is http.
1202 DCHECK(original_url_->SchemeIs("http"));
1203 return original_url_->SchemeIs("http");
1204 }
1205 return request_info_.url.SchemeIs("http");
1206 }
1207
1208 // Sets several fields of ssl_config for the given origin_server based on the
1209 // proxy info and other factors.
InitSSLConfig(const HostPortPair & origin_server,SSLConfig * ssl_config,bool is_proxy) const1210 void HttpStreamFactoryImpl::Job::InitSSLConfig(
1211 const HostPortPair& origin_server,
1212 SSLConfig* ssl_config,
1213 bool is_proxy) const {
1214 if (proxy_info_.is_https() && ssl_config->send_client_cert) {
1215 // When connecting through an HTTPS proxy, disable TLS False Start so
1216 // that client authentication errors can be distinguished between those
1217 // originating from the proxy server (ERR_PROXY_CONNECTION_FAILED) and
1218 // those originating from the endpoint (ERR_SSL_PROTOCOL_ERROR /
1219 // ERR_BAD_SSL_CLIENT_AUTH_CERT).
1220 // TODO(rch): This assumes that the HTTPS proxy will only request a
1221 // client certificate during the initial handshake.
1222 // http://crbug.com/59292
1223 ssl_config->false_start_enabled = false;
1224 }
1225
1226 enum {
1227 FALLBACK_NONE = 0, // SSL version fallback did not occur.
1228 FALLBACK_SSL3 = 1, // Fell back to SSL 3.0.
1229 FALLBACK_TLS1 = 2, // Fell back to TLS 1.0.
1230 FALLBACK_TLS1_1 = 3, // Fell back to TLS 1.1.
1231 FALLBACK_MAX
1232 };
1233
1234 int fallback = FALLBACK_NONE;
1235 if (ssl_config->version_fallback) {
1236 switch (ssl_config->version_max) {
1237 case SSL_PROTOCOL_VERSION_SSL3:
1238 fallback = FALLBACK_SSL3;
1239 break;
1240 case SSL_PROTOCOL_VERSION_TLS1:
1241 fallback = FALLBACK_TLS1;
1242 break;
1243 case SSL_PROTOCOL_VERSION_TLS1_1:
1244 fallback = FALLBACK_TLS1_1;
1245 break;
1246 }
1247 }
1248 UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLVersionFallback",
1249 fallback, FALLBACK_MAX);
1250
1251 // We also wish to measure the amount of fallback connections for a host that
1252 // we know implements TLS up to 1.2. Ideally there would be no fallback here
1253 // but high numbers of SSLv3 would suggest that SSLv3 fallback is being
1254 // caused by network middleware rather than buggy HTTPS servers.
1255 const std::string& host = origin_server.host();
1256 if (!is_proxy &&
1257 host.size() >= 10 &&
1258 host.compare(host.size() - 10, 10, "google.com") == 0 &&
1259 (host.size() == 10 || host[host.size()-11] == '.')) {
1260 UMA_HISTOGRAM_ENUMERATION("Net.GoogleConnectionUsedSSLVersionFallback",
1261 fallback, FALLBACK_MAX);
1262 }
1263
1264 if (request_info_.load_flags & LOAD_VERIFY_EV_CERT)
1265 ssl_config->verify_ev_cert = true;
1266
1267 // Disable Channel ID if privacy mode is enabled.
1268 if (request_info_.privacy_mode == PRIVACY_MODE_ENABLED)
1269 ssl_config->channel_id_enabled = false;
1270 }
1271
1272
ReconsiderProxyAfterError(int error)1273 int HttpStreamFactoryImpl::Job::ReconsiderProxyAfterError(int error) {
1274 DCHECK(!pac_request_);
1275 DCHECK(session_);
1276
1277 // A failure to resolve the hostname or any error related to establishing a
1278 // TCP connection could be grounds for trying a new proxy configuration.
1279 //
1280 // Why do this when a hostname cannot be resolved? Some URLs only make sense
1281 // to proxy servers. The hostname in those URLs might fail to resolve if we
1282 // are still using a non-proxy config. We need to check if a proxy config
1283 // now exists that corresponds to a proxy server that could load the URL.
1284 //
1285 switch (error) {
1286 case ERR_PROXY_CONNECTION_FAILED:
1287 case ERR_NAME_NOT_RESOLVED:
1288 case ERR_INTERNET_DISCONNECTED:
1289 case ERR_ADDRESS_UNREACHABLE:
1290 case ERR_CONNECTION_CLOSED:
1291 case ERR_CONNECTION_TIMED_OUT:
1292 case ERR_CONNECTION_RESET:
1293 case ERR_CONNECTION_REFUSED:
1294 case ERR_CONNECTION_ABORTED:
1295 case ERR_TIMED_OUT:
1296 case ERR_TUNNEL_CONNECTION_FAILED:
1297 case ERR_SOCKS_CONNECTION_FAILED:
1298 // This can happen in the case of trying to talk to a proxy using SSL, and
1299 // ending up talking to a captive portal that supports SSL instead.
1300 case ERR_PROXY_CERTIFICATE_INVALID:
1301 // This can happen when trying to talk SSL to a non-SSL server (Like a
1302 // captive portal).
1303 case ERR_SSL_PROTOCOL_ERROR:
1304 break;
1305 case ERR_SOCKS_CONNECTION_HOST_UNREACHABLE:
1306 // Remap the SOCKS-specific "host unreachable" error to a more
1307 // generic error code (this way consumers like the link doctor
1308 // know to substitute their error page).
1309 //
1310 // Note that if the host resolving was done by the SOCKS5 proxy, we can't
1311 // differentiate between a proxy-side "host not found" versus a proxy-side
1312 // "address unreachable" error, and will report both of these failures as
1313 // ERR_ADDRESS_UNREACHABLE.
1314 return ERR_ADDRESS_UNREACHABLE;
1315 default:
1316 return error;
1317 }
1318
1319 if (request_info_.load_flags & LOAD_BYPASS_PROXY) {
1320 return error;
1321 }
1322
1323 if (proxy_info_.is_https() && proxy_ssl_config_.send_client_cert) {
1324 session_->ssl_client_auth_cache()->Remove(
1325 proxy_info_.proxy_server().host_port_pair());
1326 }
1327
1328 int rv = session_->proxy_service()->ReconsiderProxyAfterError(
1329 request_info_.url, request_info_.load_flags, error, &proxy_info_,
1330 io_callback_, &pac_request_, session_->network_delegate(), net_log_);
1331 if (rv == OK || rv == ERR_IO_PENDING) {
1332 // If the error was during connection setup, there is no socket to
1333 // disconnect.
1334 if (connection_->socket())
1335 connection_->socket()->Disconnect();
1336 connection_->Reset();
1337 if (request_)
1338 request_->RemoveRequestFromSpdySessionRequestMap();
1339 next_state_ = STATE_RESOLVE_PROXY_COMPLETE;
1340 } else {
1341 // If ReconsiderProxyAfterError() failed synchronously, it means
1342 // there was nothing left to fall-back to, so fail the transaction
1343 // with the last connection error we got.
1344 // TODO(eroman): This is a confusing contract, make it more obvious.
1345 rv = error;
1346 }
1347
1348 return rv;
1349 }
1350
HandleCertificateError(int error)1351 int HttpStreamFactoryImpl::Job::HandleCertificateError(int error) {
1352 DCHECK(using_ssl_);
1353 DCHECK(IsCertificateError(error));
1354
1355 SSLClientSocket* ssl_socket =
1356 static_cast<SSLClientSocket*>(connection_->socket());
1357 ssl_socket->GetSSLInfo(&ssl_info_);
1358
1359 // Add the bad certificate to the set of allowed certificates in the
1360 // SSL config object. This data structure will be consulted after calling
1361 // RestartIgnoringLastError(). And the user will be asked interactively
1362 // before RestartIgnoringLastError() is ever called.
1363 SSLConfig::CertAndStatus bad_cert;
1364
1365 // |ssl_info_.cert| may be NULL if we failed to create
1366 // X509Certificate for whatever reason, but normally it shouldn't
1367 // happen, unless this code is used inside sandbox.
1368 if (ssl_info_.cert.get() == NULL ||
1369 !X509Certificate::GetDEREncoded(ssl_info_.cert->os_cert_handle(),
1370 &bad_cert.der_cert)) {
1371 return error;
1372 }
1373 bad_cert.cert_status = ssl_info_.cert_status;
1374 server_ssl_config_.allowed_bad_certs.push_back(bad_cert);
1375
1376 int load_flags = request_info_.load_flags;
1377 if (session_->params().ignore_certificate_errors)
1378 load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS;
1379 if (ssl_socket->IgnoreCertError(error, load_flags))
1380 return OK;
1381 return error;
1382 }
1383
SwitchToSpdyMode()1384 void HttpStreamFactoryImpl::Job::SwitchToSpdyMode() {
1385 if (HttpStreamFactory::spdy_enabled())
1386 using_spdy_ = true;
1387 }
1388
1389 // static
LogHttpConnectedMetrics(const ClientSocketHandle & handle)1390 void HttpStreamFactoryImpl::Job::LogHttpConnectedMetrics(
1391 const ClientSocketHandle& handle) {
1392 UMA_HISTOGRAM_ENUMERATION("Net.HttpSocketType", handle.reuse_type(),
1393 ClientSocketHandle::NUM_TYPES);
1394
1395 switch (handle.reuse_type()) {
1396 case ClientSocketHandle::UNUSED:
1397 UMA_HISTOGRAM_CUSTOM_TIMES("Net.HttpConnectionLatency",
1398 handle.setup_time(),
1399 base::TimeDelta::FromMilliseconds(1),
1400 base::TimeDelta::FromMinutes(10),
1401 100);
1402 break;
1403 case ClientSocketHandle::UNUSED_IDLE:
1404 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SocketIdleTimeBeforeNextUse_UnusedSocket",
1405 handle.idle_time(),
1406 base::TimeDelta::FromMilliseconds(1),
1407 base::TimeDelta::FromMinutes(6),
1408 100);
1409 break;
1410 case ClientSocketHandle::REUSED_IDLE:
1411 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SocketIdleTimeBeforeNextUse_ReusedSocket",
1412 handle.idle_time(),
1413 base::TimeDelta::FromMilliseconds(1),
1414 base::TimeDelta::FromMinutes(6),
1415 100);
1416 break;
1417 default:
1418 NOTREACHED();
1419 break;
1420 }
1421 }
1422
IsPreconnecting() const1423 bool HttpStreamFactoryImpl::Job::IsPreconnecting() const {
1424 DCHECK_GE(num_streams_, 0);
1425 return num_streams_ > 0;
1426 }
1427
IsOrphaned() const1428 bool HttpStreamFactoryImpl::Job::IsOrphaned() const {
1429 return !IsPreconnecting() && !request_;
1430 }
1431
ReportJobSuccededForRequest()1432 void HttpStreamFactoryImpl::Job::ReportJobSuccededForRequest() {
1433 net::AlternateProtocolExperiment alternate_protocol_experiment =
1434 ALTERNATE_PROTOCOL_NOT_PART_OF_EXPERIMENT;
1435 base::WeakPtr<HttpServerProperties> http_server_properties =
1436 session_->http_server_properties();
1437 if (http_server_properties) {
1438 alternate_protocol_experiment =
1439 http_server_properties->GetAlternateProtocolExperiment();
1440 }
1441 if (using_existing_quic_session_) {
1442 // If an existing session was used, then no TCP connection was
1443 // started.
1444 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_NO_RACE,
1445 alternate_protocol_experiment);
1446 } else if (original_url_) {
1447 // This job was the alternate protocol job, and hence won the race.
1448 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_WON_RACE,
1449 alternate_protocol_experiment);
1450 } else {
1451 // This job was the normal job, and hence the alternate protocol job lost
1452 // the race.
1453 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_LOST_RACE,
1454 alternate_protocol_experiment);
1455 }
1456 }
1457
MarkOtherJobComplete(const Job & job)1458 void HttpStreamFactoryImpl::Job::MarkOtherJobComplete(const Job& job) {
1459 DCHECK_EQ(STATUS_RUNNING, other_job_status_);
1460 other_job_status_ = job.job_status_;
1461 MaybeMarkAlternateProtocolBroken();
1462 }
1463
MaybeMarkAlternateProtocolBroken()1464 void HttpStreamFactoryImpl::Job::MaybeMarkAlternateProtocolBroken() {
1465 if (job_status_ == STATUS_RUNNING || other_job_status_ == STATUS_RUNNING)
1466 return;
1467
1468 bool is_alternate_protocol_job = original_url_.get() != NULL;
1469 if (is_alternate_protocol_job) {
1470 if (job_status_ == STATUS_BROKEN && other_job_status_ == STATUS_SUCCEEDED) {
1471 HistogramBrokenAlternateProtocolLocation(
1472 BROKEN_ALTERNATE_PROTOCOL_LOCATION_HTTP_STREAM_FACTORY_IMPL_JOB_ALT);
1473 session_->http_server_properties()->SetBrokenAlternateProtocol(
1474 HostPortPair::FromURL(*original_url_));
1475 }
1476 return;
1477 }
1478
1479 if (job_status_ == STATUS_SUCCEEDED && other_job_status_ == STATUS_BROKEN) {
1480 HistogramBrokenAlternateProtocolLocation(
1481 BROKEN_ALTERNATE_PROTOCOL_LOCATION_HTTP_STREAM_FACTORY_IMPL_JOB_MAIN);
1482 session_->http_server_properties()->SetBrokenAlternateProtocol(
1483 HostPortPair::FromURL(request_info_.url));
1484 }
1485 }
1486
1487 } // namespace net
1488