• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/http/http_stream_factory_impl_job.h"
6 
7 #include <algorithm>
8 #include <string>
9 
10 #include "base/bind.h"
11 #include "base/bind_helpers.h"
12 #include "base/logging.h"
13 #include "base/stl_util.h"
14 #include "base/strings/string_util.h"
15 #include "base/strings/stringprintf.h"
16 #include "base/values.h"
17 #include "build/build_config.h"
18 #include "net/base/connection_type_histograms.h"
19 #include "net/base/net_log.h"
20 #include "net/base/net_util.h"
21 #include "net/http/http_basic_stream.h"
22 #include "net/http/http_network_session.h"
23 #include "net/http/http_proxy_client_socket.h"
24 #include "net/http/http_proxy_client_socket_pool.h"
25 #include "net/http/http_request_info.h"
26 #include "net/http/http_server_properties.h"
27 #include "net/http/http_stream_factory.h"
28 #include "net/http/http_stream_factory_impl_request.h"
29 #include "net/quic/quic_http_stream.h"
30 #include "net/socket/client_socket_handle.h"
31 #include "net/socket/client_socket_pool.h"
32 #include "net/socket/client_socket_pool_manager.h"
33 #include "net/socket/socks_client_socket_pool.h"
34 #include "net/socket/ssl_client_socket.h"
35 #include "net/socket/ssl_client_socket_pool.h"
36 #include "net/spdy/spdy_http_stream.h"
37 #include "net/spdy/spdy_session.h"
38 #include "net/spdy/spdy_session_pool.h"
39 #include "net/ssl/ssl_cert_request_info.h"
40 
41 namespace net {
42 
43 // Returns parameters associated with the start of a HTTP stream job.
NetLogHttpStreamJobCallback(const GURL * original_url,const GURL * url,RequestPriority priority,NetLog::LogLevel)44 base::Value* NetLogHttpStreamJobCallback(const GURL* original_url,
45                                          const GURL* url,
46                                          RequestPriority priority,
47                                          NetLog::LogLevel /* log_level */) {
48   base::DictionaryValue* dict = new base::DictionaryValue();
49   dict->SetString("original_url", original_url->GetOrigin().spec());
50   dict->SetString("url", url->GetOrigin().spec());
51   dict->SetString("priority", RequestPriorityToString(priority));
52   return dict;
53 }
54 
55 // Returns parameters associated with the Proto (with NPN negotiation) of a HTTP
56 // stream.
NetLogHttpStreamProtoCallback(const SSLClientSocket::NextProtoStatus status,const std::string * proto,NetLog::LogLevel)57 base::Value* NetLogHttpStreamProtoCallback(
58     const SSLClientSocket::NextProtoStatus status,
59     const std::string* proto,
60     NetLog::LogLevel /* log_level */) {
61   base::DictionaryValue* dict = new base::DictionaryValue();
62 
63   dict->SetString("next_proto_status",
64                   SSLClientSocket::NextProtoStatusToString(status));
65   dict->SetString("proto", *proto);
66   return dict;
67 }
68 
Job(HttpStreamFactoryImpl * stream_factory,HttpNetworkSession * session,const HttpRequestInfo & request_info,RequestPriority priority,const SSLConfig & server_ssl_config,const SSLConfig & proxy_ssl_config,NetLog * net_log)69 HttpStreamFactoryImpl::Job::Job(HttpStreamFactoryImpl* stream_factory,
70                                 HttpNetworkSession* session,
71                                 const HttpRequestInfo& request_info,
72                                 RequestPriority priority,
73                                 const SSLConfig& server_ssl_config,
74                                 const SSLConfig& proxy_ssl_config,
75                                 NetLog* net_log)
76     : request_(NULL),
77       request_info_(request_info),
78       priority_(priority),
79       server_ssl_config_(server_ssl_config),
80       proxy_ssl_config_(proxy_ssl_config),
81       net_log_(BoundNetLog::Make(net_log, NetLog::SOURCE_HTTP_STREAM_JOB)),
82       io_callback_(base::Bind(&Job::OnIOComplete, base::Unretained(this))),
83       connection_(new ClientSocketHandle),
84       session_(session),
85       stream_factory_(stream_factory),
86       next_state_(STATE_NONE),
87       pac_request_(NULL),
88       blocking_job_(NULL),
89       waiting_job_(NULL),
90       using_ssl_(false),
91       using_spdy_(false),
92       using_quic_(false),
93       quic_request_(session_->quic_stream_factory()),
94       using_existing_quic_session_(false),
95       spdy_certificate_error_(OK),
96       establishing_tunnel_(false),
97       was_npn_negotiated_(false),
98       protocol_negotiated_(kProtoUnknown),
99       num_streams_(0),
100       spdy_session_direct_(false),
101       job_status_(STATUS_RUNNING),
102       other_job_status_(STATUS_RUNNING),
103       ptr_factory_(this) {
104   DCHECK(stream_factory);
105   DCHECK(session);
106 }
107 
~Job()108 HttpStreamFactoryImpl::Job::~Job() {
109   net_log_.EndEvent(NetLog::TYPE_HTTP_STREAM_JOB);
110 
111   // When we're in a partially constructed state, waiting for the user to
112   // provide certificate handling information or authentication, we can't reuse
113   // this stream at all.
114   if (next_state_ == STATE_WAITING_USER_ACTION) {
115     connection_->socket()->Disconnect();
116     connection_.reset();
117   }
118 
119   if (pac_request_)
120     session_->proxy_service()->CancelPacRequest(pac_request_);
121 
122   // The stream could be in a partial state.  It is not reusable.
123   if (stream_.get() && next_state_ != STATE_DONE)
124     stream_->Close(true /* not reusable */);
125 }
126 
Start(Request * request)127 void HttpStreamFactoryImpl::Job::Start(Request* request) {
128   DCHECK(request);
129   request_ = request;
130   StartInternal();
131 }
132 
Preconnect(int num_streams)133 int HttpStreamFactoryImpl::Job::Preconnect(int num_streams) {
134   DCHECK_GT(num_streams, 0);
135   HostPortPair origin_server =
136       HostPortPair(request_info_.url.HostNoBrackets(),
137                    request_info_.url.EffectiveIntPort());
138   base::WeakPtr<HttpServerProperties> http_server_properties =
139       session_->http_server_properties();
140   if (http_server_properties &&
141       http_server_properties->SupportsSpdy(origin_server)) {
142     num_streams_ = 1;
143   } else {
144     num_streams_ = num_streams;
145   }
146   return StartInternal();
147 }
148 
RestartTunnelWithProxyAuth(const AuthCredentials & credentials)149 int HttpStreamFactoryImpl::Job::RestartTunnelWithProxyAuth(
150     const AuthCredentials& credentials) {
151   DCHECK(establishing_tunnel_);
152   next_state_ = STATE_RESTART_TUNNEL_AUTH;
153   stream_.reset();
154   return RunLoop(OK);
155 }
156 
GetLoadState() const157 LoadState HttpStreamFactoryImpl::Job::GetLoadState() const {
158   switch (next_state_) {
159     case STATE_RESOLVE_PROXY_COMPLETE:
160       return session_->proxy_service()->GetLoadState(pac_request_);
161     case STATE_INIT_CONNECTION_COMPLETE:
162     case STATE_CREATE_STREAM_COMPLETE:
163       return using_quic_ ? LOAD_STATE_CONNECTING : connection_->GetLoadState();
164     default:
165       return LOAD_STATE_IDLE;
166   }
167 }
168 
MarkAsAlternate(const GURL & original_url,AlternateProtocolInfo alternate)169 void HttpStreamFactoryImpl::Job::MarkAsAlternate(
170     const GURL& original_url,
171     AlternateProtocolInfo alternate) {
172   DCHECK(!original_url_.get());
173   original_url_.reset(new GURL(original_url));
174   if (alternate.protocol == QUIC) {
175     DCHECK(session_->params().enable_quic);
176     using_quic_ = true;
177   }
178 }
179 
WaitFor(Job * job)180 void HttpStreamFactoryImpl::Job::WaitFor(Job* job) {
181   DCHECK_EQ(STATE_NONE, next_state_);
182   DCHECK_EQ(STATE_NONE, job->next_state_);
183   DCHECK(!blocking_job_);
184   DCHECK(!job->waiting_job_);
185   blocking_job_ = job;
186   job->waiting_job_ = this;
187 }
188 
Resume(Job * job)189 void HttpStreamFactoryImpl::Job::Resume(Job* job) {
190   DCHECK_EQ(blocking_job_, job);
191   blocking_job_ = NULL;
192 
193   // We know we're blocked if the next_state_ is STATE_WAIT_FOR_JOB_COMPLETE.
194   // Unblock |this|.
195   if (next_state_ == STATE_WAIT_FOR_JOB_COMPLETE) {
196     base::MessageLoop::current()->PostTask(
197         FROM_HERE,
198         base::Bind(&HttpStreamFactoryImpl::Job::OnIOComplete,
199                    ptr_factory_.GetWeakPtr(), OK));
200   }
201 }
202 
Orphan(const Request * request)203 void HttpStreamFactoryImpl::Job::Orphan(const Request* request) {
204   DCHECK_EQ(request_, request);
205   request_ = NULL;
206   if (blocking_job_) {
207     // We've been orphaned, but there's a job we're blocked on. Don't bother
208     // racing, just cancel ourself.
209     DCHECK(blocking_job_->waiting_job_);
210     blocking_job_->waiting_job_ = NULL;
211     blocking_job_ = NULL;
212     if (stream_factory_->for_websockets_ &&
213         connection_ && connection_->socket()) {
214       connection_->socket()->Disconnect();
215     }
216     stream_factory_->OnOrphanedJobComplete(this);
217   } else if (stream_factory_->for_websockets_) {
218     // We cancel this job because a WebSocketHandshakeStream can't be created
219     // without a WebSocketHandshakeStreamBase::CreateHelper which is stored in
220     // the Request class and isn't accessible from this job.
221     if (connection_ && connection_->socket()) {
222       connection_->socket()->Disconnect();
223     }
224     stream_factory_->OnOrphanedJobComplete(this);
225   }
226 }
227 
SetPriority(RequestPriority priority)228 void HttpStreamFactoryImpl::Job::SetPriority(RequestPriority priority) {
229   priority_ = priority;
230   // TODO(akalin): Propagate this to |connection_| and maybe the
231   // preconnect state.
232 }
233 
was_npn_negotiated() const234 bool HttpStreamFactoryImpl::Job::was_npn_negotiated() const {
235   return was_npn_negotiated_;
236 }
237 
protocol_negotiated() const238 NextProto HttpStreamFactoryImpl::Job::protocol_negotiated() const {
239   return protocol_negotiated_;
240 }
241 
using_spdy() const242 bool HttpStreamFactoryImpl::Job::using_spdy() const {
243   return using_spdy_;
244 }
245 
server_ssl_config() const246 const SSLConfig& HttpStreamFactoryImpl::Job::server_ssl_config() const {
247   return server_ssl_config_;
248 }
249 
proxy_ssl_config() const250 const SSLConfig& HttpStreamFactoryImpl::Job::proxy_ssl_config() const {
251   return proxy_ssl_config_;
252 }
253 
proxy_info() const254 const ProxyInfo& HttpStreamFactoryImpl::Job::proxy_info() const {
255   return proxy_info_;
256 }
257 
GetSSLInfo()258 void HttpStreamFactoryImpl::Job::GetSSLInfo() {
259   DCHECK(using_ssl_);
260   DCHECK(!establishing_tunnel_);
261   DCHECK(connection_.get() && connection_->socket());
262   SSLClientSocket* ssl_socket =
263       static_cast<SSLClientSocket*>(connection_->socket());
264   ssl_socket->GetSSLInfo(&ssl_info_);
265 }
266 
GetSpdySessionKey() const267 SpdySessionKey HttpStreamFactoryImpl::Job::GetSpdySessionKey() const {
268   // In the case that we're using an HTTPS proxy for an HTTP url,
269   // we look for a SPDY session *to* the proxy, instead of to the
270   // origin server.
271   PrivacyMode privacy_mode = request_info_.privacy_mode;
272   if (IsHttpsProxyAndHttpUrl()) {
273     return SpdySessionKey(proxy_info_.proxy_server().host_port_pair(),
274                           ProxyServer::Direct(),
275                           privacy_mode);
276   } else {
277     return SpdySessionKey(origin_,
278                           proxy_info_.proxy_server(),
279                           privacy_mode);
280   }
281 }
282 
CanUseExistingSpdySession() const283 bool HttpStreamFactoryImpl::Job::CanUseExistingSpdySession() const {
284   // We need to make sure that if a spdy session was created for
285   // https://somehost/ that we don't use that session for http://somehost:443/.
286   // The only time we can use an existing session is if the request URL is
287   // https (the normal case) or if we're connection to a SPDY proxy, or
288   // if we're running with force_spdy_always_.  crbug.com/133176
289   // TODO(ricea): Add "wss" back to this list when SPDY WebSocket support is
290   // working.
291   return request_info_.url.SchemeIs("https") ||
292          proxy_info_.proxy_server().is_https() ||
293          session_->params().force_spdy_always;
294 }
295 
OnStreamReadyCallback()296 void HttpStreamFactoryImpl::Job::OnStreamReadyCallback() {
297   DCHECK(stream_.get());
298   DCHECK(!IsPreconnecting());
299   DCHECK(!stream_factory_->for_websockets_);
300   if (IsOrphaned()) {
301     stream_factory_->OnOrphanedJobComplete(this);
302   } else {
303     request_->Complete(was_npn_negotiated(),
304                        protocol_negotiated(),
305                        using_spdy(),
306                        net_log_);
307     request_->OnStreamReady(this, server_ssl_config_, proxy_info_,
308                             stream_.release());
309   }
310   // |this| may be deleted after this call.
311 }
312 
OnWebSocketHandshakeStreamReadyCallback()313 void HttpStreamFactoryImpl::Job::OnWebSocketHandshakeStreamReadyCallback() {
314   DCHECK(websocket_stream_);
315   DCHECK(!IsPreconnecting());
316   DCHECK(stream_factory_->for_websockets_);
317   // An orphaned WebSocket job will be closed immediately and
318   // never be ready.
319   DCHECK(!IsOrphaned());
320   request_->Complete(was_npn_negotiated(),
321                      protocol_negotiated(),
322                      using_spdy(),
323                      net_log_);
324   request_->OnWebSocketHandshakeStreamReady(this,
325                                             server_ssl_config_,
326                                             proxy_info_,
327                                             websocket_stream_.release());
328   // |this| may be deleted after this call.
329 }
330 
OnNewSpdySessionReadyCallback()331 void HttpStreamFactoryImpl::Job::OnNewSpdySessionReadyCallback() {
332   DCHECK(stream_.get());
333   DCHECK(!IsPreconnecting());
334   DCHECK(using_spdy());
335   // Note: an event loop iteration has passed, so |new_spdy_session_| may be
336   // NULL at this point if the SpdySession closed immediately after creation.
337   base::WeakPtr<SpdySession> spdy_session = new_spdy_session_;
338   new_spdy_session_.reset();
339 
340   // TODO(jgraettinger): Notify the factory, and let that notify |request_|,
341   // rather than notifying |request_| directly.
342   if (IsOrphaned()) {
343     if (spdy_session) {
344       stream_factory_->OnNewSpdySessionReady(
345           spdy_session, spdy_session_direct_, server_ssl_config_, proxy_info_,
346           was_npn_negotiated(), protocol_negotiated(), using_spdy(), net_log_);
347     }
348     stream_factory_->OnOrphanedJobComplete(this);
349   } else {
350     request_->OnNewSpdySessionReady(
351         this, stream_.Pass(), spdy_session, spdy_session_direct_);
352   }
353   // |this| may be deleted after this call.
354 }
355 
OnStreamFailedCallback(int result)356 void HttpStreamFactoryImpl::Job::OnStreamFailedCallback(int result) {
357   DCHECK(!IsPreconnecting());
358   if (IsOrphaned())
359     stream_factory_->OnOrphanedJobComplete(this);
360   else
361     request_->OnStreamFailed(this, result, server_ssl_config_);
362   // |this| may be deleted after this call.
363 }
364 
OnCertificateErrorCallback(int result,const SSLInfo & ssl_info)365 void HttpStreamFactoryImpl::Job::OnCertificateErrorCallback(
366     int result, const SSLInfo& ssl_info) {
367   DCHECK(!IsPreconnecting());
368   if (IsOrphaned())
369     stream_factory_->OnOrphanedJobComplete(this);
370   else
371     request_->OnCertificateError(this, result, server_ssl_config_, ssl_info);
372   // |this| may be deleted after this call.
373 }
374 
OnNeedsProxyAuthCallback(const HttpResponseInfo & response,HttpAuthController * auth_controller)375 void HttpStreamFactoryImpl::Job::OnNeedsProxyAuthCallback(
376     const HttpResponseInfo& response,
377     HttpAuthController* auth_controller) {
378   DCHECK(!IsPreconnecting());
379   if (IsOrphaned())
380     stream_factory_->OnOrphanedJobComplete(this);
381   else
382     request_->OnNeedsProxyAuth(
383         this, response, server_ssl_config_, proxy_info_, auth_controller);
384   // |this| may be deleted after this call.
385 }
386 
OnNeedsClientAuthCallback(SSLCertRequestInfo * cert_info)387 void HttpStreamFactoryImpl::Job::OnNeedsClientAuthCallback(
388     SSLCertRequestInfo* cert_info) {
389   DCHECK(!IsPreconnecting());
390   if (IsOrphaned())
391     stream_factory_->OnOrphanedJobComplete(this);
392   else
393     request_->OnNeedsClientAuth(this, server_ssl_config_, cert_info);
394   // |this| may be deleted after this call.
395 }
396 
OnHttpsProxyTunnelResponseCallback(const HttpResponseInfo & response_info,HttpStream * stream)397 void HttpStreamFactoryImpl::Job::OnHttpsProxyTunnelResponseCallback(
398     const HttpResponseInfo& response_info,
399     HttpStream* stream) {
400   DCHECK(!IsPreconnecting());
401   if (IsOrphaned())
402     stream_factory_->OnOrphanedJobComplete(this);
403   else
404     request_->OnHttpsProxyTunnelResponse(
405         this, response_info, server_ssl_config_, proxy_info_, stream);
406   // |this| may be deleted after this call.
407 }
408 
OnPreconnectsComplete()409 void HttpStreamFactoryImpl::Job::OnPreconnectsComplete() {
410   DCHECK(!request_);
411   if (new_spdy_session_.get()) {
412     stream_factory_->OnNewSpdySessionReady(new_spdy_session_,
413                                            spdy_session_direct_,
414                                            server_ssl_config_,
415                                            proxy_info_,
416                                            was_npn_negotiated(),
417                                            protocol_negotiated(),
418                                            using_spdy(),
419                                            net_log_);
420   }
421   stream_factory_->OnPreconnectsComplete(this);
422   // |this| may be deleted after this call.
423 }
424 
425 // static
OnHostResolution(SpdySessionPool * spdy_session_pool,const SpdySessionKey & spdy_session_key,const AddressList & addresses,const BoundNetLog & net_log)426 int HttpStreamFactoryImpl::Job::OnHostResolution(
427     SpdySessionPool* spdy_session_pool,
428     const SpdySessionKey& spdy_session_key,
429     const AddressList& addresses,
430     const BoundNetLog& net_log) {
431   // It is OK to dereference spdy_session_pool, because the
432   // ClientSocketPoolManager will be destroyed in the same callback that
433   // destroys the SpdySessionPool.
434   return
435       spdy_session_pool->FindAvailableSession(spdy_session_key, net_log) ?
436       ERR_SPDY_SESSION_ALREADY_EXISTS : OK;
437 }
438 
OnIOComplete(int result)439 void HttpStreamFactoryImpl::Job::OnIOComplete(int result) {
440   RunLoop(result);
441 }
442 
RunLoop(int result)443 int HttpStreamFactoryImpl::Job::RunLoop(int result) {
444   result = DoLoop(result);
445 
446   if (result == ERR_IO_PENDING)
447     return result;
448 
449   // If there was an error, we should have already resumed the |waiting_job_|,
450   // if there was one.
451   DCHECK(result == OK || waiting_job_ == NULL);
452 
453   if (IsPreconnecting()) {
454     base::MessageLoop::current()->PostTask(
455         FROM_HERE,
456         base::Bind(&HttpStreamFactoryImpl::Job::OnPreconnectsComplete,
457                    ptr_factory_.GetWeakPtr()));
458     return ERR_IO_PENDING;
459   }
460 
461   if (IsCertificateError(result)) {
462     // Retrieve SSL information from the socket.
463     GetSSLInfo();
464 
465     next_state_ = STATE_WAITING_USER_ACTION;
466     base::MessageLoop::current()->PostTask(
467         FROM_HERE,
468         base::Bind(&HttpStreamFactoryImpl::Job::OnCertificateErrorCallback,
469                    ptr_factory_.GetWeakPtr(), result, ssl_info_));
470     return ERR_IO_PENDING;
471   }
472 
473   switch (result) {
474     case ERR_PROXY_AUTH_REQUESTED: {
475       UMA_HISTOGRAM_BOOLEAN("Net.ProxyAuthRequested.HasConnection",
476                             connection_.get() != NULL);
477       if (!connection_.get())
478         return ERR_PROXY_AUTH_REQUESTED_WITH_NO_CONNECTION;
479       CHECK(connection_->socket());
480       CHECK(establishing_tunnel_);
481 
482       next_state_ = STATE_WAITING_USER_ACTION;
483       ProxyClientSocket* proxy_socket =
484           static_cast<ProxyClientSocket*>(connection_->socket());
485       base::MessageLoop::current()->PostTask(
486           FROM_HERE,
487           base::Bind(&Job::OnNeedsProxyAuthCallback, ptr_factory_.GetWeakPtr(),
488                      *proxy_socket->GetConnectResponseInfo(),
489                      proxy_socket->GetAuthController()));
490       return ERR_IO_PENDING;
491     }
492 
493     case ERR_SSL_CLIENT_AUTH_CERT_NEEDED:
494       base::MessageLoop::current()->PostTask(
495           FROM_HERE,
496           base::Bind(&Job::OnNeedsClientAuthCallback, ptr_factory_.GetWeakPtr(),
497                      connection_->ssl_error_response_info().cert_request_info));
498       return ERR_IO_PENDING;
499 
500     case ERR_HTTPS_PROXY_TUNNEL_RESPONSE: {
501       DCHECK(connection_.get());
502       DCHECK(connection_->socket());
503       DCHECK(establishing_tunnel_);
504 
505       ProxyClientSocket* proxy_socket =
506           static_cast<ProxyClientSocket*>(connection_->socket());
507       base::MessageLoop::current()->PostTask(
508           FROM_HERE,
509           base::Bind(&Job::OnHttpsProxyTunnelResponseCallback,
510                      ptr_factory_.GetWeakPtr(),
511                      *proxy_socket->GetConnectResponseInfo(),
512                      proxy_socket->CreateConnectResponseStream()));
513       return ERR_IO_PENDING;
514     }
515 
516     case OK:
517       job_status_ = STATUS_SUCCEEDED;
518       MaybeMarkAlternateProtocolBroken();
519       next_state_ = STATE_DONE;
520       if (new_spdy_session_.get()) {
521         base::MessageLoop::current()->PostTask(
522             FROM_HERE,
523             base::Bind(&Job::OnNewSpdySessionReadyCallback,
524                        ptr_factory_.GetWeakPtr()));
525       } else if (stream_factory_->for_websockets_) {
526         DCHECK(websocket_stream_);
527         base::MessageLoop::current()->PostTask(
528             FROM_HERE,
529             base::Bind(&Job::OnWebSocketHandshakeStreamReadyCallback,
530                        ptr_factory_.GetWeakPtr()));
531       } else {
532         DCHECK(stream_.get());
533         base::MessageLoop::current()->PostTask(
534             FROM_HERE,
535             base::Bind(&Job::OnStreamReadyCallback, ptr_factory_.GetWeakPtr()));
536       }
537       return ERR_IO_PENDING;
538 
539     default:
540       if (job_status_ != STATUS_BROKEN) {
541         DCHECK_EQ(STATUS_RUNNING, job_status_);
542         job_status_ = STATUS_FAILED;
543         MaybeMarkAlternateProtocolBroken();
544       }
545       base::MessageLoop::current()->PostTask(
546           FROM_HERE,
547           base::Bind(&Job::OnStreamFailedCallback, ptr_factory_.GetWeakPtr(),
548                      result));
549       return ERR_IO_PENDING;
550   }
551 }
552 
DoLoop(int result)553 int HttpStreamFactoryImpl::Job::DoLoop(int result) {
554   DCHECK_NE(next_state_, STATE_NONE);
555   int rv = result;
556   do {
557     State state = next_state_;
558     next_state_ = STATE_NONE;
559     switch (state) {
560       case STATE_START:
561         DCHECK_EQ(OK, rv);
562         rv = DoStart();
563         break;
564       case STATE_RESOLVE_PROXY:
565         DCHECK_EQ(OK, rv);
566         rv = DoResolveProxy();
567         break;
568       case STATE_RESOLVE_PROXY_COMPLETE:
569         rv = DoResolveProxyComplete(rv);
570         break;
571       case STATE_WAIT_FOR_JOB:
572         DCHECK_EQ(OK, rv);
573         rv = DoWaitForJob();
574         break;
575       case STATE_WAIT_FOR_JOB_COMPLETE:
576         rv = DoWaitForJobComplete(rv);
577         break;
578       case STATE_INIT_CONNECTION:
579         DCHECK_EQ(OK, rv);
580         rv = DoInitConnection();
581         break;
582       case STATE_INIT_CONNECTION_COMPLETE:
583         rv = DoInitConnectionComplete(rv);
584         break;
585       case STATE_WAITING_USER_ACTION:
586         rv = DoWaitingUserAction(rv);
587         break;
588       case STATE_RESTART_TUNNEL_AUTH:
589         DCHECK_EQ(OK, rv);
590         rv = DoRestartTunnelAuth();
591         break;
592       case STATE_RESTART_TUNNEL_AUTH_COMPLETE:
593         rv = DoRestartTunnelAuthComplete(rv);
594         break;
595       case STATE_CREATE_STREAM:
596         DCHECK_EQ(OK, rv);
597         rv = DoCreateStream();
598         break;
599       case STATE_CREATE_STREAM_COMPLETE:
600         rv = DoCreateStreamComplete(rv);
601         break;
602       default:
603         NOTREACHED() << "bad state";
604         rv = ERR_FAILED;
605         break;
606     }
607   } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE);
608   return rv;
609 }
610 
StartInternal()611 int HttpStreamFactoryImpl::Job::StartInternal() {
612   CHECK_EQ(STATE_NONE, next_state_);
613   next_state_ = STATE_START;
614   int rv = RunLoop(OK);
615   DCHECK_EQ(ERR_IO_PENDING, rv);
616   return rv;
617 }
618 
DoStart()619 int HttpStreamFactoryImpl::Job::DoStart() {
620   int port = request_info_.url.EffectiveIntPort();
621   origin_ = HostPortPair(request_info_.url.HostNoBrackets(), port);
622   origin_url_ = stream_factory_->ApplyHostMappingRules(
623       request_info_.url, &origin_);
624 
625   net_log_.BeginEvent(NetLog::TYPE_HTTP_STREAM_JOB,
626                       base::Bind(&NetLogHttpStreamJobCallback,
627                                  &request_info_.url, &origin_url_,
628                                  priority_));
629 
630   // Don't connect to restricted ports.
631   bool is_port_allowed = IsPortAllowedByDefault(port);
632   if (request_info_.url.SchemeIs("ftp")) {
633     // Never share connection with other jobs for FTP requests.
634     DCHECK(!waiting_job_);
635 
636     is_port_allowed = IsPortAllowedByFtp(port);
637   }
638   if (!is_port_allowed && !IsPortAllowedByOverride(port)) {
639     if (waiting_job_) {
640       waiting_job_->Resume(this);
641       waiting_job_ = NULL;
642     }
643     return ERR_UNSAFE_PORT;
644   }
645 
646   next_state_ = STATE_RESOLVE_PROXY;
647   return OK;
648 }
649 
DoResolveProxy()650 int HttpStreamFactoryImpl::Job::DoResolveProxy() {
651   DCHECK(!pac_request_);
652   DCHECK(session_);
653 
654   next_state_ = STATE_RESOLVE_PROXY_COMPLETE;
655 
656   if (request_info_.load_flags & LOAD_BYPASS_PROXY) {
657     proxy_info_.UseDirect();
658     return OK;
659   }
660 
661   return session_->proxy_service()->ResolveProxy(
662       request_info_.url, request_info_.load_flags, &proxy_info_, io_callback_,
663       &pac_request_, session_->network_delegate(), net_log_);
664 }
665 
DoResolveProxyComplete(int result)666 int HttpStreamFactoryImpl::Job::DoResolveProxyComplete(int result) {
667   pac_request_ = NULL;
668 
669   if (result == OK) {
670     // Remove unsupported proxies from the list.
671     proxy_info_.RemoveProxiesWithoutScheme(
672         ProxyServer::SCHEME_DIRECT | ProxyServer::SCHEME_QUIC |
673         ProxyServer::SCHEME_HTTP | ProxyServer::SCHEME_HTTPS |
674         ProxyServer::SCHEME_SOCKS4 | ProxyServer::SCHEME_SOCKS5);
675 
676     if (proxy_info_.is_empty()) {
677       // No proxies/direct to choose from. This happens when we don't support
678       // any of the proxies in the returned list.
679       result = ERR_NO_SUPPORTED_PROXIES;
680     } else if (using_quic_ &&
681                (!proxy_info_.is_quic() && !proxy_info_.is_direct())) {
682       // QUIC can not be spoken to non-QUIC proxies.  This error should not be
683       // user visible, because the non-alternate job should be resumed.
684       result = ERR_NO_SUPPORTED_PROXIES;
685     }
686   }
687 
688   if (result != OK) {
689     if (waiting_job_) {
690       waiting_job_->Resume(this);
691       waiting_job_ = NULL;
692     }
693     return result;
694   }
695 
696   if (blocking_job_)
697     next_state_ = STATE_WAIT_FOR_JOB;
698   else
699     next_state_ = STATE_INIT_CONNECTION;
700   return OK;
701 }
702 
ShouldForceSpdySSL() const703 bool HttpStreamFactoryImpl::Job::ShouldForceSpdySSL() const {
704   bool rv = session_->params().force_spdy_always &&
705       session_->params().force_spdy_over_ssl;
706   return rv && !session_->HasSpdyExclusion(origin_);
707 }
708 
ShouldForceSpdyWithoutSSL() const709 bool HttpStreamFactoryImpl::Job::ShouldForceSpdyWithoutSSL() const {
710   bool rv = session_->params().force_spdy_always &&
711       !session_->params().force_spdy_over_ssl;
712   return rv && !session_->HasSpdyExclusion(origin_);
713 }
714 
ShouldForceQuic() const715 bool HttpStreamFactoryImpl::Job::ShouldForceQuic() const {
716   return session_->params().enable_quic &&
717     session_->params().origin_to_force_quic_on.Equals(origin_) &&
718     proxy_info_.is_direct();
719 }
720 
DoWaitForJob()721 int HttpStreamFactoryImpl::Job::DoWaitForJob() {
722   DCHECK(blocking_job_);
723   next_state_ = STATE_WAIT_FOR_JOB_COMPLETE;
724   return ERR_IO_PENDING;
725 }
726 
DoWaitForJobComplete(int result)727 int HttpStreamFactoryImpl::Job::DoWaitForJobComplete(int result) {
728   DCHECK(!blocking_job_);
729   DCHECK_EQ(OK, result);
730   next_state_ = STATE_INIT_CONNECTION;
731   return OK;
732 }
733 
DoInitConnection()734 int HttpStreamFactoryImpl::Job::DoInitConnection() {
735   DCHECK(!blocking_job_);
736   DCHECK(!connection_->is_initialized());
737   DCHECK(proxy_info_.proxy_server().is_valid());
738   next_state_ = STATE_INIT_CONNECTION_COMPLETE;
739 
740   using_ssl_ = request_info_.url.SchemeIs("https") ||
741       request_info_.url.SchemeIs("wss") || ShouldForceSpdySSL();
742   using_spdy_ = false;
743 
744   if (ShouldForceQuic())
745     using_quic_ = true;
746 
747   if (proxy_info_.is_quic())
748     using_quic_ = true;
749 
750   if (using_quic_) {
751     DCHECK(session_->params().enable_quic);
752     if (proxy_info_.is_quic() && !request_info_.url.SchemeIs("http")) {
753       NOTREACHED();
754       // TODO(rch): support QUIC proxies for HTTPS urls.
755       return ERR_NOT_IMPLEMENTED;
756     }
757     HostPortPair destination = proxy_info_.is_quic() ?
758         proxy_info_.proxy_server().host_port_pair() : origin_;
759     next_state_ = STATE_INIT_CONNECTION_COMPLETE;
760     bool secure_quic = using_ssl_ || proxy_info_.is_quic();
761     int rv = quic_request_.Request(
762         destination, secure_quic, request_info_.privacy_mode,
763         request_info_.method, net_log_, io_callback_);
764     if (rv == OK) {
765       using_existing_quic_session_ = true;
766     } else {
767       // OK, there's no available QUIC session. Let |waiting_job_| resume
768       // if it's paused.
769       if (waiting_job_) {
770         waiting_job_->Resume(this);
771         waiting_job_ = NULL;
772       }
773     }
774     return rv;
775   }
776 
777   // Check first if we have a spdy session for this group.  If so, then go
778   // straight to using that.
779   SpdySessionKey spdy_session_key = GetSpdySessionKey();
780   base::WeakPtr<SpdySession> spdy_session =
781       session_->spdy_session_pool()->FindAvailableSession(
782           spdy_session_key, net_log_);
783   if (spdy_session && CanUseExistingSpdySession()) {
784     // If we're preconnecting, but we already have a SpdySession, we don't
785     // actually need to preconnect any sockets, so we're done.
786     if (IsPreconnecting())
787       return OK;
788     using_spdy_ = true;
789     next_state_ = STATE_CREATE_STREAM;
790     existing_spdy_session_ = spdy_session;
791     return OK;
792   } else if (request_ && !request_->HasSpdySessionKey() &&
793              (using_ssl_ || ShouldForceSpdyWithoutSSL())) {
794     // Update the spdy session key for the request that launched this job.
795     request_->SetSpdySessionKey(spdy_session_key);
796   }
797 
798   // OK, there's no available SPDY session. Let |waiting_job_| resume if it's
799   // paused.
800 
801   if (waiting_job_) {
802     waiting_job_->Resume(this);
803     waiting_job_ = NULL;
804   }
805 
806   if (proxy_info_.is_http() || proxy_info_.is_https())
807     establishing_tunnel_ = using_ssl_;
808 
809   bool want_spdy_over_npn = original_url_ != NULL;
810 
811   if (proxy_info_.is_https()) {
812     InitSSLConfig(proxy_info_.proxy_server().host_port_pair(),
813                   &proxy_ssl_config_,
814                   true /* is a proxy server */);
815     // Disable revocation checking for HTTPS proxies since the revocation
816     // requests are probably going to need to go through the proxy too.
817     proxy_ssl_config_.rev_checking_enabled = false;
818   }
819   if (using_ssl_) {
820     InitSSLConfig(origin_, &server_ssl_config_,
821                   false /* not a proxy server */);
822   }
823 
824   if (IsPreconnecting()) {
825     DCHECK(!stream_factory_->for_websockets_);
826     return PreconnectSocketsForHttpRequest(
827         origin_url_,
828         request_info_.extra_headers,
829         request_info_.load_flags,
830         priority_,
831         session_,
832         proxy_info_,
833         ShouldForceSpdySSL(),
834         want_spdy_over_npn,
835         server_ssl_config_,
836         proxy_ssl_config_,
837         request_info_.privacy_mode,
838         net_log_,
839         num_streams_);
840   }
841 
842   // If we can't use a SPDY session, don't both checking for one after
843   // the hostname is resolved.
844   OnHostResolutionCallback resolution_callback = CanUseExistingSpdySession() ?
845       base::Bind(&Job::OnHostResolution, session_->spdy_session_pool(),
846                  GetSpdySessionKey()) :
847       OnHostResolutionCallback();
848   if (stream_factory_->for_websockets_) {
849     // TODO(ricea): Re-enable NPN when WebSockets over SPDY is supported.
850     SSLConfig websocket_server_ssl_config = server_ssl_config_;
851     websocket_server_ssl_config.next_protos.clear();
852     return InitSocketHandleForWebSocketRequest(
853         origin_url_, request_info_.extra_headers, request_info_.load_flags,
854         priority_, session_, proxy_info_, ShouldForceSpdySSL(),
855         want_spdy_over_npn, websocket_server_ssl_config, proxy_ssl_config_,
856         request_info_.privacy_mode, net_log_,
857         connection_.get(), resolution_callback, io_callback_);
858   }
859 
860   return InitSocketHandleForHttpRequest(
861       origin_url_, request_info_.extra_headers, request_info_.load_flags,
862       priority_, session_, proxy_info_, ShouldForceSpdySSL(),
863       want_spdy_over_npn, server_ssl_config_, proxy_ssl_config_,
864       request_info_.privacy_mode, net_log_,
865       connection_.get(), resolution_callback, io_callback_);
866 }
867 
DoInitConnectionComplete(int result)868 int HttpStreamFactoryImpl::Job::DoInitConnectionComplete(int result) {
869   if (IsPreconnecting()) {
870     if (using_quic_)
871       return result;
872     DCHECK_EQ(OK, result);
873     return OK;
874   }
875 
876   if (result == ERR_SPDY_SESSION_ALREADY_EXISTS) {
877     // We found a SPDY connection after resolving the host.  This is
878     // probably an IP pooled connection.
879     SpdySessionKey spdy_session_key = GetSpdySessionKey();
880     existing_spdy_session_ =
881         session_->spdy_session_pool()->FindAvailableSession(
882             spdy_session_key, net_log_);
883     if (existing_spdy_session_) {
884       using_spdy_ = true;
885       next_state_ = STATE_CREATE_STREAM;
886     } else {
887       // It is possible that the spdy session no longer exists.
888       ReturnToStateInitConnection(true /* close connection */);
889     }
890     return OK;
891   }
892 
893   // TODO(willchan): Make this a bit more exact. Maybe there are recoverable
894   // errors, such as ignoring certificate errors for Alternate-Protocol.
895   if (result < 0 && waiting_job_) {
896     waiting_job_->Resume(this);
897     waiting_job_ = NULL;
898   }
899 
900   // |result| may be the result of any of the stacked pools. The following
901   // logic is used when determining how to interpret an error.
902   // If |result| < 0:
903   //   and connection_->socket() != NULL, then the SSL handshake ran and it
904   //     is a potentially recoverable error.
905   //   and connection_->socket == NULL and connection_->is_ssl_error() is true,
906   //     then the SSL handshake ran with an unrecoverable error.
907   //   otherwise, the error came from one of the other pools.
908   bool ssl_started = using_ssl_ && (result == OK || connection_->socket() ||
909                                     connection_->is_ssl_error());
910 
911   if (ssl_started && (result == OK || IsCertificateError(result))) {
912     if (using_quic_ && result == OK) {
913       was_npn_negotiated_ = true;
914       NextProto protocol_negotiated =
915           SSLClientSocket::NextProtoFromString("quic/1+spdy/3");
916       protocol_negotiated_ = protocol_negotiated;
917     } else {
918       SSLClientSocket* ssl_socket =
919           static_cast<SSLClientSocket*>(connection_->socket());
920       if (ssl_socket->WasNpnNegotiated()) {
921         was_npn_negotiated_ = true;
922         std::string proto;
923         SSLClientSocket::NextProtoStatus status =
924             ssl_socket->GetNextProto(&proto);
925         NextProto protocol_negotiated =
926             SSLClientSocket::NextProtoFromString(proto);
927         protocol_negotiated_ = protocol_negotiated;
928         net_log_.AddEvent(
929             NetLog::TYPE_HTTP_STREAM_REQUEST_PROTO,
930             base::Bind(&NetLogHttpStreamProtoCallback,
931                        status, &proto));
932         if (ssl_socket->was_spdy_negotiated())
933           SwitchToSpdyMode();
934       }
935       if (ShouldForceSpdySSL())
936         SwitchToSpdyMode();
937     }
938   } else if (proxy_info_.is_https() && connection_->socket() &&
939         result == OK) {
940     ProxyClientSocket* proxy_socket =
941       static_cast<ProxyClientSocket*>(connection_->socket());
942     if (proxy_socket->IsUsingSpdy()) {
943       was_npn_negotiated_ = true;
944       protocol_negotiated_ = proxy_socket->GetProtocolNegotiated();
945       SwitchToSpdyMode();
946     }
947   }
948 
949   // We may be using spdy without SSL
950   if (ShouldForceSpdyWithoutSSL())
951     SwitchToSpdyMode();
952 
953   if (result == ERR_PROXY_AUTH_REQUESTED ||
954       result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) {
955     DCHECK(!ssl_started);
956     // Other state (i.e. |using_ssl_|) suggests that |connection_| will have an
957     // SSL socket, but there was an error before that could happen.  This
958     // puts the in progress HttpProxy socket into |connection_| in order to
959     // complete the auth (or read the response body).  The tunnel restart code
960     // is careful to remove it before returning control to the rest of this
961     // class.
962     connection_.reset(connection_->release_pending_http_proxy_connection());
963     return result;
964   }
965 
966   if (!ssl_started && result < 0 && original_url_.get()) {
967     job_status_ = STATUS_BROKEN;
968     MaybeMarkAlternateProtocolBroken();
969     return result;
970   }
971 
972   if (using_quic_) {
973     if (result < 0) {
974       job_status_ = STATUS_BROKEN;
975       MaybeMarkAlternateProtocolBroken();
976       return result;
977     }
978     stream_ = quic_request_.ReleaseStream();
979     next_state_ = STATE_NONE;
980     return OK;
981   }
982 
983   if (result < 0 && !ssl_started)
984     return ReconsiderProxyAfterError(result);
985   establishing_tunnel_ = false;
986 
987   if (connection_->socket()) {
988     LogHttpConnectedMetrics(*connection_);
989 
990     // We officially have a new connection.  Record the type.
991     if (!connection_->is_reused()) {
992       ConnectionType type = using_spdy_ ? CONNECTION_SPDY : CONNECTION_HTTP;
993       UpdateConnectionTypeHistograms(type);
994     }
995   }
996 
997   // Handle SSL errors below.
998   if (using_ssl_) {
999     DCHECK(ssl_started);
1000     if (IsCertificateError(result)) {
1001       if (using_spdy_ && original_url_.get() &&
1002           original_url_->SchemeIs("http")) {
1003         // We ignore certificate errors for http over spdy.
1004         spdy_certificate_error_ = result;
1005         result = OK;
1006       } else {
1007         result = HandleCertificateError(result);
1008         if (result == OK && !connection_->socket()->IsConnectedAndIdle()) {
1009           ReturnToStateInitConnection(true /* close connection */);
1010           return result;
1011         }
1012       }
1013     }
1014     if (result < 0)
1015       return result;
1016   }
1017 
1018   next_state_ = STATE_CREATE_STREAM;
1019   return OK;
1020 }
1021 
DoWaitingUserAction(int result)1022 int HttpStreamFactoryImpl::Job::DoWaitingUserAction(int result) {
1023   // This state indicates that the stream request is in a partially
1024   // completed state, and we've called back to the delegate for more
1025   // information.
1026 
1027   // We're always waiting here for the delegate to call us back.
1028   return ERR_IO_PENDING;
1029 }
1030 
SetSpdyHttpStream(base::WeakPtr<SpdySession> session,bool direct)1031 int HttpStreamFactoryImpl::Job::SetSpdyHttpStream(
1032     base::WeakPtr<SpdySession> session, bool direct) {
1033   // TODO(ricea): Restore the code for WebSockets over SPDY once it's
1034   // implemented.
1035   if (stream_factory_->for_websockets_)
1036     return ERR_NOT_IMPLEMENTED;
1037 
1038   // TODO(willchan): Delete this code, because eventually, the
1039   // HttpStreamFactoryImpl will be creating all the SpdyHttpStreams, since it
1040   // will know when SpdySessions become available.
1041 
1042   bool use_relative_url = direct || request_info_.url.SchemeIs("https");
1043   stream_.reset(new SpdyHttpStream(session, use_relative_url));
1044   return OK;
1045 }
1046 
DoCreateStream()1047 int HttpStreamFactoryImpl::Job::DoCreateStream() {
1048   DCHECK(connection_->socket() || existing_spdy_session_.get() || using_quic_);
1049 
1050   next_state_ = STATE_CREATE_STREAM_COMPLETE;
1051 
1052   // We only set the socket motivation if we're the first to use
1053   // this socket.  Is there a race for two SPDY requests?  We really
1054   // need to plumb this through to the connect level.
1055   if (connection_->socket() && !connection_->is_reused())
1056     SetSocketMotivation();
1057 
1058   if (!using_spdy_) {
1059     // We may get ftp scheme when fetching ftp resources through proxy.
1060     bool using_proxy = (proxy_info_.is_http() || proxy_info_.is_https()) &&
1061                        (request_info_.url.SchemeIs("http") ||
1062                         request_info_.url.SchemeIs("ftp"));
1063     if (stream_factory_->for_websockets_) {
1064       DCHECK(request_);
1065       DCHECK(request_->websocket_handshake_stream_create_helper());
1066       websocket_stream_.reset(
1067           request_->websocket_handshake_stream_create_helper()
1068               ->CreateBasicStream(connection_.Pass(), using_proxy));
1069     } else {
1070       stream_.reset(new HttpBasicStream(connection_.release(), using_proxy));
1071     }
1072     return OK;
1073   }
1074 
1075   CHECK(!stream_.get());
1076 
1077   bool direct = true;
1078   const ProxyServer& proxy_server = proxy_info_.proxy_server();
1079   PrivacyMode privacy_mode = request_info_.privacy_mode;
1080   if (IsHttpsProxyAndHttpUrl())
1081     direct = false;
1082 
1083   if (existing_spdy_session_.get()) {
1084     // We picked up an existing session, so we don't need our socket.
1085     if (connection_->socket())
1086       connection_->socket()->Disconnect();
1087     connection_->Reset();
1088 
1089     int set_result = SetSpdyHttpStream(existing_spdy_session_, direct);
1090     existing_spdy_session_.reset();
1091     return set_result;
1092   }
1093 
1094   SpdySessionKey spdy_session_key(origin_, proxy_server, privacy_mode);
1095   if (IsHttpsProxyAndHttpUrl()) {
1096     // If we don't have a direct SPDY session, and we're using an HTTPS
1097     // proxy, then we might have a SPDY session to the proxy.
1098     // We never use privacy mode for connection to proxy server.
1099     spdy_session_key = SpdySessionKey(proxy_server.host_port_pair(),
1100                                       ProxyServer::Direct(),
1101                                       PRIVACY_MODE_DISABLED);
1102   }
1103 
1104   SpdySessionPool* spdy_pool = session_->spdy_session_pool();
1105   base::WeakPtr<SpdySession> spdy_session =
1106       spdy_pool->FindAvailableSession(spdy_session_key, net_log_);
1107 
1108   if (spdy_session) {
1109     return SetSpdyHttpStream(spdy_session, direct);
1110   }
1111 
1112   spdy_session =
1113       spdy_pool->CreateAvailableSessionFromSocket(spdy_session_key,
1114                                                   connection_.Pass(),
1115                                                   net_log_,
1116                                                   spdy_certificate_error_,
1117                                                   using_ssl_);
1118   if (!spdy_session->HasAcceptableTransportSecurity()) {
1119     spdy_session->CloseSessionOnError(
1120         ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY, "");
1121     return ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY;
1122   }
1123 
1124   new_spdy_session_ = spdy_session;
1125   spdy_session_direct_ = direct;
1126   const HostPortPair& host_port_pair = spdy_session_key.host_port_pair();
1127   base::WeakPtr<HttpServerProperties> http_server_properties =
1128       session_->http_server_properties();
1129   if (http_server_properties)
1130     http_server_properties->SetSupportsSpdy(host_port_pair, true);
1131 
1132   // Create a SpdyHttpStream attached to the session;
1133   // OnNewSpdySessionReadyCallback is not called until an event loop
1134   // iteration later, so if the SpdySession is closed between then, allow
1135   // reuse state from the underlying socket, sampled by SpdyHttpStream,
1136   // bubble up to the request.
1137   return SetSpdyHttpStream(new_spdy_session_, spdy_session_direct_);
1138 }
1139 
DoCreateStreamComplete(int result)1140 int HttpStreamFactoryImpl::Job::DoCreateStreamComplete(int result) {
1141   if (result < 0)
1142     return result;
1143 
1144   session_->proxy_service()->ReportSuccess(proxy_info_,
1145                                            session_->network_delegate());
1146   next_state_ = STATE_NONE;
1147   return OK;
1148 }
1149 
DoRestartTunnelAuth()1150 int HttpStreamFactoryImpl::Job::DoRestartTunnelAuth() {
1151   next_state_ = STATE_RESTART_TUNNEL_AUTH_COMPLETE;
1152   ProxyClientSocket* proxy_socket =
1153       static_cast<ProxyClientSocket*>(connection_->socket());
1154   return proxy_socket->RestartWithAuth(io_callback_);
1155 }
1156 
DoRestartTunnelAuthComplete(int result)1157 int HttpStreamFactoryImpl::Job::DoRestartTunnelAuthComplete(int result) {
1158   if (result == ERR_PROXY_AUTH_REQUESTED)
1159     return result;
1160 
1161   if (result == OK) {
1162     // Now that we've got the HttpProxyClientSocket connected.  We have
1163     // to release it as an idle socket into the pool and start the connection
1164     // process from the beginning.  Trying to pass it in with the
1165     // SSLSocketParams might cause a deadlock since params are dispatched
1166     // interchangeably.  This request won't necessarily get this http proxy
1167     // socket, but there will be forward progress.
1168     establishing_tunnel_ = false;
1169     ReturnToStateInitConnection(false /* do not close connection */);
1170     return OK;
1171   }
1172 
1173   return ReconsiderProxyAfterError(result);
1174 }
1175 
ReturnToStateInitConnection(bool close_connection)1176 void HttpStreamFactoryImpl::Job::ReturnToStateInitConnection(
1177     bool close_connection) {
1178   if (close_connection && connection_->socket())
1179     connection_->socket()->Disconnect();
1180   connection_->Reset();
1181 
1182   if (request_)
1183     request_->RemoveRequestFromSpdySessionRequestMap();
1184 
1185   next_state_ = STATE_INIT_CONNECTION;
1186 }
1187 
SetSocketMotivation()1188 void HttpStreamFactoryImpl::Job::SetSocketMotivation() {
1189   if (request_info_.motivation == HttpRequestInfo::PRECONNECT_MOTIVATED)
1190     connection_->socket()->SetSubresourceSpeculation();
1191   else if (request_info_.motivation == HttpRequestInfo::OMNIBOX_MOTIVATED)
1192     connection_->socket()->SetOmniboxSpeculation();
1193   // TODO(mbelshe): Add other motivations (like EARLY_LOAD_MOTIVATED).
1194 }
1195 
IsHttpsProxyAndHttpUrl() const1196 bool HttpStreamFactoryImpl::Job::IsHttpsProxyAndHttpUrl() const {
1197   if (!proxy_info_.is_https())
1198     return false;
1199   if (original_url_.get()) {
1200     // We currently only support Alternate-Protocol where the original scheme
1201     // is http.
1202     DCHECK(original_url_->SchemeIs("http"));
1203     return original_url_->SchemeIs("http");
1204   }
1205   return request_info_.url.SchemeIs("http");
1206 }
1207 
1208 // Sets several fields of ssl_config for the given origin_server based on the
1209 // proxy info and other factors.
InitSSLConfig(const HostPortPair & origin_server,SSLConfig * ssl_config,bool is_proxy) const1210 void HttpStreamFactoryImpl::Job::InitSSLConfig(
1211     const HostPortPair& origin_server,
1212     SSLConfig* ssl_config,
1213     bool is_proxy) const {
1214   if (proxy_info_.is_https() && ssl_config->send_client_cert) {
1215     // When connecting through an HTTPS proxy, disable TLS False Start so
1216     // that client authentication errors can be distinguished between those
1217     // originating from the proxy server (ERR_PROXY_CONNECTION_FAILED) and
1218     // those originating from the endpoint (ERR_SSL_PROTOCOL_ERROR /
1219     // ERR_BAD_SSL_CLIENT_AUTH_CERT).
1220     // TODO(rch): This assumes that the HTTPS proxy will only request a
1221     // client certificate during the initial handshake.
1222     // http://crbug.com/59292
1223     ssl_config->false_start_enabled = false;
1224   }
1225 
1226   enum {
1227     FALLBACK_NONE = 0,    // SSL version fallback did not occur.
1228     FALLBACK_SSL3 = 1,    // Fell back to SSL 3.0.
1229     FALLBACK_TLS1 = 2,    // Fell back to TLS 1.0.
1230     FALLBACK_TLS1_1 = 3,  // Fell back to TLS 1.1.
1231     FALLBACK_MAX
1232   };
1233 
1234   int fallback = FALLBACK_NONE;
1235   if (ssl_config->version_fallback) {
1236     switch (ssl_config->version_max) {
1237       case SSL_PROTOCOL_VERSION_SSL3:
1238         fallback = FALLBACK_SSL3;
1239         break;
1240       case SSL_PROTOCOL_VERSION_TLS1:
1241         fallback = FALLBACK_TLS1;
1242         break;
1243       case SSL_PROTOCOL_VERSION_TLS1_1:
1244         fallback = FALLBACK_TLS1_1;
1245         break;
1246     }
1247   }
1248   UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLVersionFallback",
1249                             fallback, FALLBACK_MAX);
1250 
1251   // We also wish to measure the amount of fallback connections for a host that
1252   // we know implements TLS up to 1.2. Ideally there would be no fallback here
1253   // but high numbers of SSLv3 would suggest that SSLv3 fallback is being
1254   // caused by network middleware rather than buggy HTTPS servers.
1255   const std::string& host = origin_server.host();
1256   if (!is_proxy &&
1257       host.size() >= 10 &&
1258       host.compare(host.size() - 10, 10, "google.com") == 0 &&
1259       (host.size() == 10 || host[host.size()-11] == '.')) {
1260     UMA_HISTOGRAM_ENUMERATION("Net.GoogleConnectionUsedSSLVersionFallback",
1261                               fallback, FALLBACK_MAX);
1262   }
1263 
1264   if (request_info_.load_flags & LOAD_VERIFY_EV_CERT)
1265     ssl_config->verify_ev_cert = true;
1266 
1267   // Disable Channel ID if privacy mode is enabled.
1268   if (request_info_.privacy_mode == PRIVACY_MODE_ENABLED)
1269     ssl_config->channel_id_enabled = false;
1270 }
1271 
1272 
ReconsiderProxyAfterError(int error)1273 int HttpStreamFactoryImpl::Job::ReconsiderProxyAfterError(int error) {
1274   DCHECK(!pac_request_);
1275   DCHECK(session_);
1276 
1277   // A failure to resolve the hostname or any error related to establishing a
1278   // TCP connection could be grounds for trying a new proxy configuration.
1279   //
1280   // Why do this when a hostname cannot be resolved?  Some URLs only make sense
1281   // to proxy servers.  The hostname in those URLs might fail to resolve if we
1282   // are still using a non-proxy config.  We need to check if a proxy config
1283   // now exists that corresponds to a proxy server that could load the URL.
1284   //
1285   switch (error) {
1286     case ERR_PROXY_CONNECTION_FAILED:
1287     case ERR_NAME_NOT_RESOLVED:
1288     case ERR_INTERNET_DISCONNECTED:
1289     case ERR_ADDRESS_UNREACHABLE:
1290     case ERR_CONNECTION_CLOSED:
1291     case ERR_CONNECTION_TIMED_OUT:
1292     case ERR_CONNECTION_RESET:
1293     case ERR_CONNECTION_REFUSED:
1294     case ERR_CONNECTION_ABORTED:
1295     case ERR_TIMED_OUT:
1296     case ERR_TUNNEL_CONNECTION_FAILED:
1297     case ERR_SOCKS_CONNECTION_FAILED:
1298     // This can happen in the case of trying to talk to a proxy using SSL, and
1299     // ending up talking to a captive portal that supports SSL instead.
1300     case ERR_PROXY_CERTIFICATE_INVALID:
1301     // This can happen when trying to talk SSL to a non-SSL server (Like a
1302     // captive portal).
1303     case ERR_SSL_PROTOCOL_ERROR:
1304       break;
1305     case ERR_SOCKS_CONNECTION_HOST_UNREACHABLE:
1306       // Remap the SOCKS-specific "host unreachable" error to a more
1307       // generic error code (this way consumers like the link doctor
1308       // know to substitute their error page).
1309       //
1310       // Note that if the host resolving was done by the SOCKS5 proxy, we can't
1311       // differentiate between a proxy-side "host not found" versus a proxy-side
1312       // "address unreachable" error, and will report both of these failures as
1313       // ERR_ADDRESS_UNREACHABLE.
1314       return ERR_ADDRESS_UNREACHABLE;
1315     default:
1316       return error;
1317   }
1318 
1319   if (request_info_.load_flags & LOAD_BYPASS_PROXY) {
1320     return error;
1321   }
1322 
1323   if (proxy_info_.is_https() && proxy_ssl_config_.send_client_cert) {
1324     session_->ssl_client_auth_cache()->Remove(
1325         proxy_info_.proxy_server().host_port_pair());
1326   }
1327 
1328   int rv = session_->proxy_service()->ReconsiderProxyAfterError(
1329       request_info_.url, request_info_.load_flags, error, &proxy_info_,
1330       io_callback_, &pac_request_, session_->network_delegate(), net_log_);
1331   if (rv == OK || rv == ERR_IO_PENDING) {
1332     // If the error was during connection setup, there is no socket to
1333     // disconnect.
1334     if (connection_->socket())
1335       connection_->socket()->Disconnect();
1336     connection_->Reset();
1337     if (request_)
1338       request_->RemoveRequestFromSpdySessionRequestMap();
1339     next_state_ = STATE_RESOLVE_PROXY_COMPLETE;
1340   } else {
1341     // If ReconsiderProxyAfterError() failed synchronously, it means
1342     // there was nothing left to fall-back to, so fail the transaction
1343     // with the last connection error we got.
1344     // TODO(eroman): This is a confusing contract, make it more obvious.
1345     rv = error;
1346   }
1347 
1348   return rv;
1349 }
1350 
HandleCertificateError(int error)1351 int HttpStreamFactoryImpl::Job::HandleCertificateError(int error) {
1352   DCHECK(using_ssl_);
1353   DCHECK(IsCertificateError(error));
1354 
1355   SSLClientSocket* ssl_socket =
1356       static_cast<SSLClientSocket*>(connection_->socket());
1357   ssl_socket->GetSSLInfo(&ssl_info_);
1358 
1359   // Add the bad certificate to the set of allowed certificates in the
1360   // SSL config object. This data structure will be consulted after calling
1361   // RestartIgnoringLastError(). And the user will be asked interactively
1362   // before RestartIgnoringLastError() is ever called.
1363   SSLConfig::CertAndStatus bad_cert;
1364 
1365   // |ssl_info_.cert| may be NULL if we failed to create
1366   // X509Certificate for whatever reason, but normally it shouldn't
1367   // happen, unless this code is used inside sandbox.
1368   if (ssl_info_.cert.get() == NULL ||
1369       !X509Certificate::GetDEREncoded(ssl_info_.cert->os_cert_handle(),
1370                                       &bad_cert.der_cert)) {
1371     return error;
1372   }
1373   bad_cert.cert_status = ssl_info_.cert_status;
1374   server_ssl_config_.allowed_bad_certs.push_back(bad_cert);
1375 
1376   int load_flags = request_info_.load_flags;
1377   if (session_->params().ignore_certificate_errors)
1378     load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS;
1379   if (ssl_socket->IgnoreCertError(error, load_flags))
1380     return OK;
1381   return error;
1382 }
1383 
SwitchToSpdyMode()1384 void HttpStreamFactoryImpl::Job::SwitchToSpdyMode() {
1385   if (HttpStreamFactory::spdy_enabled())
1386     using_spdy_ = true;
1387 }
1388 
1389 // static
LogHttpConnectedMetrics(const ClientSocketHandle & handle)1390 void HttpStreamFactoryImpl::Job::LogHttpConnectedMetrics(
1391     const ClientSocketHandle& handle) {
1392   UMA_HISTOGRAM_ENUMERATION("Net.HttpSocketType", handle.reuse_type(),
1393                             ClientSocketHandle::NUM_TYPES);
1394 
1395   switch (handle.reuse_type()) {
1396     case ClientSocketHandle::UNUSED:
1397       UMA_HISTOGRAM_CUSTOM_TIMES("Net.HttpConnectionLatency",
1398                                  handle.setup_time(),
1399                                  base::TimeDelta::FromMilliseconds(1),
1400                                  base::TimeDelta::FromMinutes(10),
1401                                  100);
1402       break;
1403     case ClientSocketHandle::UNUSED_IDLE:
1404       UMA_HISTOGRAM_CUSTOM_TIMES("Net.SocketIdleTimeBeforeNextUse_UnusedSocket",
1405                                  handle.idle_time(),
1406                                  base::TimeDelta::FromMilliseconds(1),
1407                                  base::TimeDelta::FromMinutes(6),
1408                                  100);
1409       break;
1410     case ClientSocketHandle::REUSED_IDLE:
1411       UMA_HISTOGRAM_CUSTOM_TIMES("Net.SocketIdleTimeBeforeNextUse_ReusedSocket",
1412                                  handle.idle_time(),
1413                                  base::TimeDelta::FromMilliseconds(1),
1414                                  base::TimeDelta::FromMinutes(6),
1415                                  100);
1416       break;
1417     default:
1418       NOTREACHED();
1419       break;
1420   }
1421 }
1422 
IsPreconnecting() const1423 bool HttpStreamFactoryImpl::Job::IsPreconnecting() const {
1424   DCHECK_GE(num_streams_, 0);
1425   return num_streams_ > 0;
1426 }
1427 
IsOrphaned() const1428 bool HttpStreamFactoryImpl::Job::IsOrphaned() const {
1429   return !IsPreconnecting() && !request_;
1430 }
1431 
ReportJobSuccededForRequest()1432 void HttpStreamFactoryImpl::Job::ReportJobSuccededForRequest() {
1433   net::AlternateProtocolExperiment alternate_protocol_experiment =
1434       ALTERNATE_PROTOCOL_NOT_PART_OF_EXPERIMENT;
1435   base::WeakPtr<HttpServerProperties> http_server_properties =
1436       session_->http_server_properties();
1437   if (http_server_properties) {
1438     alternate_protocol_experiment =
1439         http_server_properties->GetAlternateProtocolExperiment();
1440   }
1441   if (using_existing_quic_session_) {
1442     // If an existing session was used, then no TCP connection was
1443     // started.
1444     HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_NO_RACE,
1445                                     alternate_protocol_experiment);
1446   } else if (original_url_) {
1447     // This job was the alternate protocol job, and hence won the race.
1448     HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_WON_RACE,
1449                                     alternate_protocol_experiment);
1450   } else {
1451     // This job was the normal job, and hence the alternate protocol job lost
1452     // the race.
1453     HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_LOST_RACE,
1454                                     alternate_protocol_experiment);
1455   }
1456 }
1457 
MarkOtherJobComplete(const Job & job)1458 void HttpStreamFactoryImpl::Job::MarkOtherJobComplete(const Job& job) {
1459   DCHECK_EQ(STATUS_RUNNING, other_job_status_);
1460   other_job_status_ = job.job_status_;
1461   MaybeMarkAlternateProtocolBroken();
1462 }
1463 
MaybeMarkAlternateProtocolBroken()1464 void HttpStreamFactoryImpl::Job::MaybeMarkAlternateProtocolBroken() {
1465   if (job_status_ == STATUS_RUNNING || other_job_status_ == STATUS_RUNNING)
1466     return;
1467 
1468   bool is_alternate_protocol_job = original_url_.get() != NULL;
1469   if (is_alternate_protocol_job) {
1470     if (job_status_ == STATUS_BROKEN && other_job_status_ == STATUS_SUCCEEDED) {
1471       HistogramBrokenAlternateProtocolLocation(
1472           BROKEN_ALTERNATE_PROTOCOL_LOCATION_HTTP_STREAM_FACTORY_IMPL_JOB_ALT);
1473       session_->http_server_properties()->SetBrokenAlternateProtocol(
1474           HostPortPair::FromURL(*original_url_));
1475     }
1476     return;
1477   }
1478 
1479   if (job_status_ == STATUS_SUCCEEDED && other_job_status_ == STATUS_BROKEN) {
1480     HistogramBrokenAlternateProtocolLocation(
1481         BROKEN_ALTERNATE_PROTOCOL_LOCATION_HTTP_STREAM_FACTORY_IMPL_JOB_MAIN);
1482     session_->http_server_properties()->SetBrokenAlternateProtocol(
1483         HostPortPair::FromURL(request_info_.url));
1484   }
1485 }
1486 
1487 }  // namespace net
1488