search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Supervised user whitelists: Cleanup
[chromium-blink-merge.git] / net / http / http_proxy_client_socket_pool.cc
blobff5fdf9f843f9611ed29807837c9a720543a5394
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/http_proxy_client_socket_pool.h"
6
7 #include <algorithm>
8
9 #include "base/compiler_specific.h"
10 #include "base/profiler/scoped_tracker.h"
11 #include "base/time/time.h"
12 #include "base/values.h"
13 #include "net/base/load_flags.h"
14 #include "net/base/net_errors.h"
15 #include "net/base/proxy_delegate.h"
16 #include "net/http/http_network_session.h"
17 #include "net/http/http_proxy_client_socket.h"
18 #include "net/socket/client_socket_factory.h"
19 #include "net/socket/client_socket_handle.h"
20 #include "net/socket/client_socket_pool_base.h"
21 #include "net/socket/ssl_client_socket.h"
22 #include "net/socket/ssl_client_socket_pool.h"
23 #include "net/socket/transport_client_socket_pool.h"
24 #include "net/spdy/spdy_proxy_client_socket.h"
25 #include "net/spdy/spdy_session.h"
26 #include "net/spdy/spdy_session_pool.h"
27 #include "net/spdy/spdy_stream.h"
28 #include "net/ssl/ssl_cert_request_info.h"
29 #include "url/gurl.h"
30
31 namespace net {
32
33 HttpProxySocketParams::HttpProxySocketParams(
34 const scoped_refptr<TransportSocketParams>& transport_params,
35 const scoped_refptr<SSLSocketParams>& ssl_params,
36 const std::string& user_agent,
37 const HostPortPair& endpoint,
38 HttpAuthCache* http_auth_cache,
39 HttpAuthHandlerFactory* http_auth_handler_factory,
40 SpdySessionPool* spdy_session_pool,
41 bool tunnel,
42 ProxyDelegate* proxy_delegate)
43 : transport_params_(transport_params),
44 ssl_params_(ssl_params),
45 spdy_session_pool_(spdy_session_pool),
46 user_agent_(user_agent),
47 endpoint_(endpoint),
48 http_auth_cache_(tunnel ? http_auth_cache : NULL),
49 http_auth_handler_factory_(tunnel ? http_auth_handler_factory : NULL),
50 tunnel_(tunnel),
51 proxy_delegate_(proxy_delegate) {
52 DCHECK((transport_params.get() == NULL && ssl_params.get() != NULL) ||
53 (transport_params.get() != NULL && ssl_params.get() == NULL));
54 if (transport_params_.get()) {
55 ignore_limits_ = transport_params->ignore_limits();
56 } else {
57 ignore_limits_ = ssl_params->ignore_limits();
58 }
59 }
60
61 const HostResolver::RequestInfo& HttpProxySocketParams::destination() const {
62 if (transport_params_.get() == NULL) {
63 return ssl_params_->GetDirectConnectionParams()->destination();
64 } else {
65 return transport_params_->destination();
66 }
67 }
68
69 HttpProxySocketParams::~HttpProxySocketParams() {}
70
71 // HttpProxyConnectJobs will time out after this many seconds. Note this is on
72 // top of the timeout for the transport socket.
73 // TODO(kundaji): Proxy connect timeout should be independent of platform and be
74 // based on proxy. Bug http://crbug.com/407446.
75 #if defined(OS_ANDROID) || defined(OS_IOS)
76 static const int kHttpProxyConnectJobTimeoutInSeconds = 10;
77 #else
78 static const int kHttpProxyConnectJobTimeoutInSeconds = 30;
79 #endif
80
81 HttpProxyConnectJob::HttpProxyConnectJob(
82 const std::string& group_name,
83 RequestPriority priority,
84 const scoped_refptr<HttpProxySocketParams>& params,
85 const base::TimeDelta& timeout_duration,
86 TransportClientSocketPool* transport_pool,
87 SSLClientSocketPool* ssl_pool,
88 Delegate* delegate,
89 NetLog* net_log)
90 : ConnectJob(group_name, timeout_duration, priority, delegate,
91 BoundNetLog::Make(net_log, NetLog::SOURCE_CONNECT_JOB)),
92 params_(params),
93 transport_pool_(transport_pool),
94 ssl_pool_(ssl_pool),
95 using_spdy_(false),
96 protocol_negotiated_(kProtoUnknown),
97 weak_ptr_factory_(this) {
98 callback_= base::Bind(&HttpProxyConnectJob::OnIOComplete,
99 weak_ptr_factory_.GetWeakPtr());
100 }
101
102 HttpProxyConnectJob::~HttpProxyConnectJob() {}
103
104 LoadState HttpProxyConnectJob::GetLoadState() const {
105 switch (next_state_) {
106 case STATE_TCP_CONNECT:
107 case STATE_TCP_CONNECT_COMPLETE:
108 case STATE_SSL_CONNECT:
109 case STATE_SSL_CONNECT_COMPLETE:
110 return transport_socket_handle_->GetLoadState();
111 case STATE_HTTP_PROXY_CONNECT:
112 case STATE_HTTP_PROXY_CONNECT_COMPLETE:
113 case STATE_SPDY_PROXY_CREATE_STREAM:
114 case STATE_SPDY_PROXY_CREATE_STREAM_COMPLETE:
115 return LOAD_STATE_ESTABLISHING_PROXY_TUNNEL;
116 default:
117 NOTREACHED();
118 return LOAD_STATE_IDLE;
119 }
120 }
121
122 void HttpProxyConnectJob::GetAdditionalErrorState(ClientSocketHandle * handle) {
123 if (error_response_info_.cert_request_info.get()) {
124 handle->set_ssl_error_response_info(error_response_info_);
125 handle->set_is_ssl_error(true);
126 }
127 }
128
129 void HttpProxyConnectJob::OnIOComplete(int result) {
130 // TODO(pkasting): Remove ScopedTracker below once crbug.com/455884 is fixed.
131 tracked_objects::ScopedTracker tracking_profile(
132 FROM_HERE_WITH_EXPLICIT_FUNCTION(
133 "455884 HttpProxyConnectJob::OnIOComplete"));
134 int rv = DoLoop(result);
135 if (rv != ERR_IO_PENDING) {
136 NotifyProxyDelegateOfCompletion(rv);
137 NotifyDelegateOfCompletion(rv); // Deletes |this|
138 }
139 }
140
141 int HttpProxyConnectJob::DoLoop(int result) {
142 DCHECK_NE(next_state_, STATE_NONE);
143
144 int rv = result;
145 do {
146 State state = next_state_;
147 next_state_ = STATE_NONE;
148 switch (state) {
149 case STATE_TCP_CONNECT:
150 DCHECK_EQ(OK, rv);
151 rv = DoTransportConnect();
152 break;
153 case STATE_TCP_CONNECT_COMPLETE:
154 rv = DoTransportConnectComplete(rv);
155 break;
156 case STATE_SSL_CONNECT:
157 DCHECK_EQ(OK, rv);
158 rv = DoSSLConnect();
159 break;
160 case STATE_SSL_CONNECT_COMPLETE:
161 rv = DoSSLConnectComplete(rv);
162 break;
163 case STATE_HTTP_PROXY_CONNECT:
164 DCHECK_EQ(OK, rv);
165 rv = DoHttpProxyConnect();
166 break;
167 case STATE_HTTP_PROXY_CONNECT_COMPLETE:
168 rv = DoHttpProxyConnectComplete(rv);
169 break;
170 case STATE_SPDY_PROXY_CREATE_STREAM:
171 DCHECK_EQ(OK, rv);
172 rv = DoSpdyProxyCreateStream();
173 break;
174 case STATE_SPDY_PROXY_CREATE_STREAM_COMPLETE:
175 rv = DoSpdyProxyCreateStreamComplete(rv);
176 break;
177 default:
178 NOTREACHED() << "bad state";
179 rv = ERR_FAILED;
180 break;
181 }
182 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE);
183
184 return rv;
185 }
186
187 int HttpProxyConnectJob::DoTransportConnect() {
188 next_state_ = STATE_TCP_CONNECT_COMPLETE;
189 transport_socket_handle_.reset(new ClientSocketHandle());
190 return transport_socket_handle_->Init(group_name(),
191 params_->transport_params(),
192 priority(),
193 callback_,
194 transport_pool_,
195 net_log());
196 }
197
198 int HttpProxyConnectJob::DoTransportConnectComplete(int result) {
199 if (result != OK)
200 return ERR_PROXY_CONNECTION_FAILED;
201
202 // Reset the timer to just the length of time allowed for HttpProxy handshake
203 // so that a fast TCP connection plus a slow HttpProxy failure doesn't take
204 // longer to timeout than it should.
205 ResetTimer(base::TimeDelta::FromSeconds(
206 kHttpProxyConnectJobTimeoutInSeconds));
207
208 next_state_ = STATE_HTTP_PROXY_CONNECT;
209 return result;
210 }
211
212 int HttpProxyConnectJob::DoSSLConnect() {
213 if (params_->tunnel()) {
214 SpdySessionKey key(params_->destination().host_port_pair(),
215 ProxyServer::Direct(),
216 PRIVACY_MODE_DISABLED);
217 if (params_->spdy_session_pool()->FindAvailableSession(key, net_log())) {
218 using_spdy_ = true;
219 next_state_ = STATE_SPDY_PROXY_CREATE_STREAM;
220 return OK;
221 }
222 }
223 next_state_ = STATE_SSL_CONNECT_COMPLETE;
224 transport_socket_handle_.reset(new ClientSocketHandle());
225 return transport_socket_handle_->Init(
226 group_name(), params_->ssl_params(), priority(), callback_,
227 ssl_pool_, net_log());
228 }
229
230 int HttpProxyConnectJob::DoSSLConnectComplete(int result) {
231 if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
232 error_response_info_ = transport_socket_handle_->ssl_error_response_info();
233 DCHECK(error_response_info_.cert_request_info.get());
234 error_response_info_.cert_request_info->is_proxy = true;
235 return result;
236 }
237 if (IsCertificateError(result)) {
238 if (params_->ssl_params()->load_flags() & LOAD_IGNORE_ALL_CERT_ERRORS) {
239 result = OK;
240 } else {
241 // TODO(rch): allow the user to deal with proxy cert errors in the
242 // same way as server cert errors.
243 transport_socket_handle_->socket()->Disconnect();
244 return ERR_PROXY_CERTIFICATE_INVALID;
245 }
246 }
247 // A SPDY session to the proxy completed prior to resolving the proxy
248 // hostname. Surface this error, and allow the delegate to retry.
249 // See crbug.com/334413.
250 if (result == ERR_SPDY_SESSION_ALREADY_EXISTS) {
251 DCHECK(!transport_socket_handle_->socket());
252 return ERR_SPDY_SESSION_ALREADY_EXISTS;
253 }
254 if (result < 0) {
255 if (transport_socket_handle_->socket())
256 transport_socket_handle_->socket()->Disconnect();
257 return ERR_PROXY_CONNECTION_FAILED;
258 }
259
260 SSLClientSocket* ssl =
261 static_cast<SSLClientSocket*>(transport_socket_handle_->socket());
262 using_spdy_ = ssl->was_spdy_negotiated();
263 protocol_negotiated_ = ssl->GetNegotiatedProtocol();
264
265 // Reset the timer to just the length of time allowed for HttpProxy handshake
266 // so that a fast SSL connection plus a slow HttpProxy failure doesn't take
267 // longer to timeout than it should.
268 ResetTimer(base::TimeDelta::FromSeconds(
269 kHttpProxyConnectJobTimeoutInSeconds));
270 // TODO(rch): If we ever decide to implement a "trusted" SPDY proxy
271 // (one that we speak SPDY over SSL to, but to which we send HTTPS
272 // request directly instead of through CONNECT tunnels, then we
273 // need to add a predicate to this if statement so we fall through
274 // to the else case. (HttpProxyClientSocket currently acts as
275 // a "trusted" SPDY proxy).
276 if (using_spdy_ && params_->tunnel()) {
277 next_state_ = STATE_SPDY_PROXY_CREATE_STREAM;
278 } else {
279 next_state_ = STATE_HTTP_PROXY_CONNECT;
280 }
281 return result;
282 }
283
284 int HttpProxyConnectJob::DoHttpProxyConnect() {
285 next_state_ = STATE_HTTP_PROXY_CONNECT_COMPLETE;
286 const HostResolver::RequestInfo& tcp_destination = params_->destination();
287 const HostPortPair& proxy_server = tcp_destination.host_port_pair();
288
289 // Add a HttpProxy connection on top of the tcp socket.
290 transport_socket_.reset(
291 new HttpProxyClientSocket(transport_socket_handle_.release(),
292 params_->user_agent(),
293 params_->endpoint(),
294 proxy_server,
295 params_->http_auth_cache(),
296 params_->http_auth_handler_factory(),
297 params_->tunnel(),
298 using_spdy_,
299 protocol_negotiated_,
300 params_->proxy_delegate(),
301 params_->ssl_params().get() != NULL));
302 return transport_socket_->Connect(callback_);
303 }
304
305 int HttpProxyConnectJob::DoHttpProxyConnectComplete(int result) {
306 if (result == OK || result == ERR_PROXY_AUTH_REQUESTED ||
307 result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) {
308 SetSocket(transport_socket_.Pass());
309 }
310
311 if (result == ERR_HTTP_1_1_REQUIRED)
312 return ERR_PROXY_HTTP_1_1_REQUIRED;
313
314 return result;
315 }
316
317 int HttpProxyConnectJob::DoSpdyProxyCreateStream() {
318 DCHECK(using_spdy_);
319 DCHECK(params_->tunnel());
320 SpdySessionKey key(params_->destination().host_port_pair(),
321 ProxyServer::Direct(),
322 PRIVACY_MODE_DISABLED);
323 SpdySessionPool* spdy_pool = params_->spdy_session_pool();
324 base::WeakPtr<SpdySession> spdy_session =
325 spdy_pool->FindAvailableSession(key, net_log());
326 // It's possible that a session to the proxy has recently been created
327 if (spdy_session) {
328 if (transport_socket_handle_.get()) {
329 if (transport_socket_handle_->socket())
330 transport_socket_handle_->socket()->Disconnect();
331 transport_socket_handle_->Reset();
332 }
333 } else {
334 // Create a session direct to the proxy itself
335 spdy_session =
336 spdy_pool->CreateAvailableSessionFromSocket(
337 key, transport_socket_handle_.Pass(),
338 net_log(), OK, /*using_ssl_*/ true);
339 DCHECK(spdy_session);
340 }
341
342 next_state_ = STATE_SPDY_PROXY_CREATE_STREAM_COMPLETE;
343 return spdy_stream_request_.StartRequest(
344 SPDY_BIDIRECTIONAL_STREAM, spdy_session,
345 GURL("https://" + params_->endpoint().ToString()), priority(),
346 spdy_session->net_log(), callback_);
347 }
348
349 int HttpProxyConnectJob::DoSpdyProxyCreateStreamComplete(int result) {
350 if (result < 0)
351 return result;
352
353 next_state_ = STATE_HTTP_PROXY_CONNECT_COMPLETE;
354 base::WeakPtr<SpdyStream> stream = spdy_stream_request_.ReleaseStream();
355 DCHECK(stream.get());
356 // |transport_socket_| will set itself as |stream|'s delegate.
357 transport_socket_.reset(
358 new SpdyProxyClientSocket(stream,
359 params_->user_agent(),
360 params_->endpoint(),
361 params_->destination().host_port_pair(),
362 net_log(),
363 params_->http_auth_cache(),
364 params_->http_auth_handler_factory()));
365 return transport_socket_->Connect(callback_);
366 }
367
368 void HttpProxyConnectJob::NotifyProxyDelegateOfCompletion(int result) {
369 if (!params_->proxy_delegate())
370 return;
371
372 const HostPortPair& proxy_server = params_->destination().host_port_pair();
373 params_->proxy_delegate()->OnTunnelConnectCompleted(params_->endpoint(),
374 proxy_server,
375 result);
376 }
377
378 int HttpProxyConnectJob::ConnectInternal() {
379 if (params_->transport_params().get()) {
380 next_state_ = STATE_TCP_CONNECT;
381 } else {
382 next_state_ = STATE_SSL_CONNECT;
383 }
384
385 int rv = DoLoop(OK);
386 if (rv != ERR_IO_PENDING) {
387 NotifyProxyDelegateOfCompletion(rv);
388 }
389
390 return rv;
391 }
392
393 HttpProxyClientSocketPool::
394 HttpProxyConnectJobFactory::HttpProxyConnectJobFactory(
395 TransportClientSocketPool* transport_pool,
396 SSLClientSocketPool* ssl_pool,
397 NetLog* net_log)
398 : transport_pool_(transport_pool),
399 ssl_pool_(ssl_pool),
400 net_log_(net_log) {
401 base::TimeDelta max_pool_timeout = base::TimeDelta();
402
403 // TODO(kundaji): Proxy connect timeout should be independent of platform and be
404 // based on proxy. Bug http://crbug.com/407446.
405 #if (defined(OS_ANDROID) || defined(OS_IOS))
406 #else
407 if (transport_pool_)
408 max_pool_timeout = transport_pool_->ConnectionTimeout();
409 if (ssl_pool_)
410 max_pool_timeout = std::max(max_pool_timeout,
411 ssl_pool_->ConnectionTimeout());
412 #endif
413 timeout_ = max_pool_timeout +
414 base::TimeDelta::FromSeconds(kHttpProxyConnectJobTimeoutInSeconds);
415 }
416
417
418 scoped_ptr<ConnectJob>
419 HttpProxyClientSocketPool::HttpProxyConnectJobFactory::NewConnectJob(
420 const std::string& group_name,
421 const PoolBase::Request& request,
422 ConnectJob::Delegate* delegate) const {
423 return scoped_ptr<ConnectJob>(new HttpProxyConnectJob(group_name,
424 request.priority(),
425 request.params(),
426 ConnectionTimeout(),
427 transport_pool_,
428 ssl_pool_,
429 delegate,
430 net_log_));
431 }
432
433 base::TimeDelta
434 HttpProxyClientSocketPool::HttpProxyConnectJobFactory::ConnectionTimeout(
435 ) const {
436 return timeout_;
437 }
438
439 HttpProxyClientSocketPool::HttpProxyClientSocketPool(
440 int max_sockets,
441 int max_sockets_per_group,
442 TransportClientSocketPool* transport_pool,
443 SSLClientSocketPool* ssl_pool,
444 NetLog* net_log)
445 : transport_pool_(transport_pool),
446 ssl_pool_(ssl_pool),
447 base_(this,
448 max_sockets,
449 max_sockets_per_group,
450 ClientSocketPool::unused_idle_socket_timeout(),
451 ClientSocketPool::used_idle_socket_timeout(),
452 new HttpProxyConnectJobFactory(transport_pool, ssl_pool, net_log)) {
453 // We should always have a |transport_pool_| except in unit tests.
454 if (transport_pool_)
455 base_.AddLowerLayeredPool(transport_pool_);
456 if (ssl_pool_)
457 base_.AddLowerLayeredPool(ssl_pool_);
458 }
459
460 HttpProxyClientSocketPool::~HttpProxyClientSocketPool() {
461 }
462
463 int HttpProxyClientSocketPool::RequestSocket(
464 const std::string& group_name, const void* socket_params,
465 RequestPriority priority, ClientSocketHandle* handle,
466 const CompletionCallback& callback, const BoundNetLog& net_log) {
467 const scoped_refptr<HttpProxySocketParams>* casted_socket_params =
468 static_cast<const scoped_refptr<HttpProxySocketParams>*>(socket_params);
469
470 return base_.RequestSocket(group_name, *casted_socket_params, priority,
471 handle, callback, net_log);
472 }
473
474 void HttpProxyClientSocketPool::RequestSockets(
475 const std::string& group_name,
476 const void* params,
477 int num_sockets,
478 const BoundNetLog& net_log) {
479 const scoped_refptr<HttpProxySocketParams>* casted_params =
480 static_cast<const scoped_refptr<HttpProxySocketParams>*>(params);
481
482 base_.RequestSockets(group_name, *casted_params, num_sockets, net_log);
483 }
484
485 void HttpProxyClientSocketPool::CancelRequest(
486 const std::string& group_name,
487 ClientSocketHandle* handle) {
488 base_.CancelRequest(group_name, handle);
489 }
490
491 void HttpProxyClientSocketPool::ReleaseSocket(const std::string& group_name,
492 scoped_ptr<StreamSocket> socket,
493 int id) {
494 base_.ReleaseSocket(group_name, socket.Pass(), id);
495 }
496
497 void HttpProxyClientSocketPool::FlushWithError(int error) {
498 base_.FlushWithError(error);
499 }
500
501 void HttpProxyClientSocketPool::CloseIdleSockets() {
502 base_.CloseIdleSockets();
503 }
504
505 int HttpProxyClientSocketPool::IdleSocketCount() const {
506 return base_.idle_socket_count();
507 }
508
509 int HttpProxyClientSocketPool::IdleSocketCountInGroup(
510 const std::string& group_name) const {
511 return base_.IdleSocketCountInGroup(group_name);
512 }
513
514 LoadState HttpProxyClientSocketPool::GetLoadState(
515 const std::string& group_name, const ClientSocketHandle* handle) const {
516 return base_.GetLoadState(group_name, handle);
517 }
518
519 base::DictionaryValue* HttpProxyClientSocketPool::GetInfoAsValue(
520 const std::string& name,
521 const std::string& type,
522 bool include_nested_pools) const {
523 base::DictionaryValue* dict = base_.GetInfoAsValue(name, type);
524 if (include_nested_pools) {
525 base::ListValue* list = new base::ListValue();
526 if (transport_pool_) {
527 list->Append(transport_pool_->GetInfoAsValue("transport_socket_pool",
528 "transport_socket_pool",
529 true));
530 }
531 if (ssl_pool_) {
532 list->Append(ssl_pool_->GetInfoAsValue("ssl_socket_pool",
533 "ssl_socket_pool",
534 true));
535 }
536 dict->Set("nested_pools", list);
537 }
538 return dict;
539 }
540
541 base::TimeDelta HttpProxyClientSocketPool::ConnectionTimeout() const {
542 return base_.ConnectionTimeout();
543 }
544
545 bool HttpProxyClientSocketPool::IsStalled() const {
546 return base_.IsStalled();
547 }
548
549 void HttpProxyClientSocketPool::AddHigherLayeredPool(
550 HigherLayeredPool* higher_pool) {
551 base_.AddHigherLayeredPool(higher_pool);
552 }
553
554 void HttpProxyClientSocketPool::RemoveHigherLayeredPool(
555 HigherLayeredPool* higher_pool) {
556 base_.RemoveHigherLayeredPool(higher_pool);
557 }
558
559 bool HttpProxyClientSocketPool::CloseOneIdleConnection() {
560 if (base_.CloseOneIdleSocket())
561 return true;
562 return base_.CloseOneIdleConnectionInHigherLayeredPool();
563 }
564
565 } // namespace net