search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Supervised user whitelists: Cleanup
[chromium-blink-merge.git] / net / spdy / spdy_proxy_client_socket.cc
blob544b9a1ab50cef8919f643dc544c8596bcba7454
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/spdy/spdy_proxy_client_socket.h"
6
7 #include <algorithm> // min
8
9 #include "base/bind.h"
10 #include "base/bind_helpers.h"
11 #include "base/callback_helpers.h"
12 #include "base/logging.h"
13 #include "base/strings/string_util.h"
14 #include "base/values.h"
15 #include "net/base/auth.h"
16 #include "net/base/io_buffer.h"
17 #include "net/base/net_util.h"
18 #include "net/http/http_auth_cache.h"
19 #include "net/http/http_auth_handler_factory.h"
20 #include "net/http/http_request_info.h"
21 #include "net/http/http_response_headers.h"
22 #include "net/http/proxy_connect_redirect_http_stream.h"
23 #include "net/spdy/spdy_http_utils.h"
24 #include "url/gurl.h"
25
26 namespace net {
27
28 SpdyProxyClientSocket::SpdyProxyClientSocket(
29 const base::WeakPtr<SpdyStream>& spdy_stream,
30 const std::string& user_agent,
31 const HostPortPair& endpoint,
32 const HostPortPair& proxy_server,
33 const BoundNetLog& source_net_log,
34 HttpAuthCache* auth_cache,
35 HttpAuthHandlerFactory* auth_handler_factory)
36 : next_state_(STATE_DISCONNECTED),
37 spdy_stream_(spdy_stream),
38 endpoint_(endpoint),
39 auth_(new HttpAuthController(HttpAuth::AUTH_PROXY,
40 GURL("https://" + proxy_server.ToString()),
41 auth_cache,
42 auth_handler_factory)),
43 user_agent_(user_agent),
44 user_buffer_len_(0),
45 write_buffer_len_(0),
46 was_ever_used_(false),
47 redirect_has_load_timing_info_(false),
48 net_log_(BoundNetLog::Make(spdy_stream->net_log().net_log(),
49 NetLog::SOURCE_PROXY_CLIENT_SOCKET)),
50 weak_factory_(this),
51 write_callback_weak_factory_(this) {
52 request_.method = "CONNECT";
53 request_.url = GURL("https://" + endpoint.ToString());
54 net_log_.BeginEvent(NetLog::TYPE_SOCKET_ALIVE,
55 source_net_log.source().ToEventParametersCallback());
56 net_log_.AddEvent(
57 NetLog::TYPE_HTTP2_PROXY_CLIENT_SESSION,
58 spdy_stream->net_log().source().ToEventParametersCallback());
59
60 spdy_stream_->SetDelegate(this);
61 was_ever_used_ = spdy_stream_->WasEverUsed();
62 }
63
64 SpdyProxyClientSocket::~SpdyProxyClientSocket() {
65 Disconnect();
66 net_log_.EndEvent(NetLog::TYPE_SOCKET_ALIVE);
67 }
68
69 const HttpResponseInfo* SpdyProxyClientSocket::GetConnectResponseInfo() const {
70 return response_.headers.get() ? &response_ : NULL;
71 }
72
73 const scoped_refptr<HttpAuthController>&
74 SpdyProxyClientSocket::GetAuthController() const {
75 return auth_;
76 }
77
78 int SpdyProxyClientSocket::RestartWithAuth(const CompletionCallback& callback) {
79 // A SPDY Stream can only handle a single request, so the underlying
80 // stream may not be reused and a new SpdyProxyClientSocket must be
81 // created (possibly on top of the same SPDY Session).
82 next_state_ = STATE_DISCONNECTED;
83 return OK;
84 }
85
86 bool SpdyProxyClientSocket::IsUsingSpdy() const {
87 return true;
88 }
89
90 NextProto SpdyProxyClientSocket::GetProtocolNegotiated() const {
91 // Save the negotiated protocol
92 SSLInfo ssl_info;
93 bool was_npn_negotiated;
94 NextProto protocol_negotiated;
95 spdy_stream_->GetSSLInfo(&ssl_info, &was_npn_negotiated,
96 &protocol_negotiated);
97 return protocol_negotiated;
98 }
99
100 HttpStream* SpdyProxyClientSocket::CreateConnectResponseStream() {
101 return new ProxyConnectRedirectHttpStream(
102 redirect_has_load_timing_info_ ? &redirect_load_timing_info_ : NULL);
103 }
104
105 // Sends a SYN_STREAM frame to the proxy with a CONNECT request
106 // for the specified endpoint. Waits for the server to send back
107 // a SYN_REPLY frame. OK will be returned if the status is 200.
108 // ERR_TUNNEL_CONNECTION_FAILED will be returned for any other status.
109 // In any of these cases, Read() may be called to retrieve the HTTP
110 // response body. Any other return values should be considered fatal.
111 // TODO(rch): handle 407 proxy auth requested correctly, perhaps
112 // by creating a new stream for the subsequent request.
113 // TODO(rch): create a more appropriate error code to disambiguate
114 // the HTTPS Proxy tunnel failure from an HTTP Proxy tunnel failure.
115 int SpdyProxyClientSocket::Connect(const CompletionCallback& callback) {
116 DCHECK(read_callback_.is_null());
117 if (next_state_ == STATE_OPEN)
118 return OK;
119
120 DCHECK_EQ(STATE_DISCONNECTED, next_state_);
121 next_state_ = STATE_GENERATE_AUTH_TOKEN;
122
123 int rv = DoLoop(OK);
124 if (rv == ERR_IO_PENDING)
125 read_callback_ = callback;
126 return rv;
127 }
128
129 void SpdyProxyClientSocket::Disconnect() {
130 read_buffer_queue_.Clear();
131 user_buffer_ = NULL;
132 user_buffer_len_ = 0;
133 read_callback_.Reset();
134
135 write_buffer_len_ = 0;
136 write_callback_.Reset();
137 write_callback_weak_factory_.InvalidateWeakPtrs();
138
139 next_state_ = STATE_DISCONNECTED;
140
141 if (spdy_stream_.get()) {
142 // This will cause OnClose to be invoked, which takes care of
143 // cleaning up all the internal state.
144 spdy_stream_->Cancel();
145 DCHECK(!spdy_stream_.get());
146 }
147 }
148
149 bool SpdyProxyClientSocket::IsConnected() const {
150 return next_state_ == STATE_OPEN;
151 }
152
153 bool SpdyProxyClientSocket::IsConnectedAndIdle() const {
154 return IsConnected() && read_buffer_queue_.IsEmpty() &&
155 spdy_stream_->IsOpen();
156 }
157
158 const BoundNetLog& SpdyProxyClientSocket::NetLog() const {
159 return net_log_;
160 }
161
162 void SpdyProxyClientSocket::SetSubresourceSpeculation() {
163 // TODO(rch): what should this implementation be?
164 }
165
166 void SpdyProxyClientSocket::SetOmniboxSpeculation() {
167 // TODO(rch): what should this implementation be?
168 }
169
170 bool SpdyProxyClientSocket::WasEverUsed() const {
171 return was_ever_used_ || (spdy_stream_.get() && spdy_stream_->WasEverUsed());
172 }
173
174 bool SpdyProxyClientSocket::UsingTCPFastOpen() const {
175 return false;
176 }
177
178 bool SpdyProxyClientSocket::WasNpnNegotiated() const {
179 return false;
180 }
181
182 NextProto SpdyProxyClientSocket::GetNegotiatedProtocol() const {
183 return kProtoUnknown;
184 }
185
186 bool SpdyProxyClientSocket::GetSSLInfo(SSLInfo* ssl_info) {
187 bool was_npn_negotiated;
188 NextProto protocol_negotiated;
189 return spdy_stream_->GetSSLInfo(ssl_info, &was_npn_negotiated,
190 &protocol_negotiated);
191 }
192
193 int SpdyProxyClientSocket::Read(IOBuffer* buf, int buf_len,
194 const CompletionCallback& callback) {
195 DCHECK(read_callback_.is_null());
196 DCHECK(!user_buffer_.get());
197
198 if (next_state_ == STATE_DISCONNECTED)
199 return ERR_SOCKET_NOT_CONNECTED;
200
201 if (next_state_ == STATE_CLOSED && read_buffer_queue_.IsEmpty()) {
202 return 0;
203 }
204
205 DCHECK(next_state_ == STATE_OPEN || next_state_ == STATE_CLOSED);
206 DCHECK(buf);
207 size_t result = PopulateUserReadBuffer(buf->data(), buf_len);
208 if (result == 0) {
209 user_buffer_ = buf;
210 user_buffer_len_ = static_cast<size_t>(buf_len);
211 DCHECK(!callback.is_null());
212 read_callback_ = callback;
213 return ERR_IO_PENDING;
214 }
215 user_buffer_ = NULL;
216 return result;
217 }
218
219 size_t SpdyProxyClientSocket::PopulateUserReadBuffer(char* data, size_t len) {
220 return read_buffer_queue_.Dequeue(data, len);
221 }
222
223 int SpdyProxyClientSocket::Write(IOBuffer* buf, int buf_len,
224 const CompletionCallback& callback) {
225 DCHECK(write_callback_.is_null());
226 if (next_state_ != STATE_OPEN)
227 return ERR_SOCKET_NOT_CONNECTED;
228
229 DCHECK(spdy_stream_.get());
230 spdy_stream_->SendData(buf, buf_len, MORE_DATA_TO_SEND);
231 net_log_.AddByteTransferEvent(NetLog::TYPE_SOCKET_BYTES_SENT,
232 buf_len, buf->data());
233 write_callback_ = callback;
234 write_buffer_len_ = buf_len;
235 return ERR_IO_PENDING;
236 }
237
238 int SpdyProxyClientSocket::SetReceiveBufferSize(int32 size) {
239 // Since this StreamSocket sits on top of a shared SpdySession, it
240 // is not safe for callers to change this underlying socket.
241 return ERR_NOT_IMPLEMENTED;
242 }
243
244 int SpdyProxyClientSocket::SetSendBufferSize(int32 size) {
245 // Since this StreamSocket sits on top of a shared SpdySession, it
246 // is not safe for callers to change this underlying socket.
247 return ERR_NOT_IMPLEMENTED;
248 }
249
250 int SpdyProxyClientSocket::GetPeerAddress(IPEndPoint* address) const {
251 if (!IsConnected())
252 return ERR_SOCKET_NOT_CONNECTED;
253 return spdy_stream_->GetPeerAddress(address);
254 }
255
256 int SpdyProxyClientSocket::GetLocalAddress(IPEndPoint* address) const {
257 if (!IsConnected())
258 return ERR_SOCKET_NOT_CONNECTED;
259 return spdy_stream_->GetLocalAddress(address);
260 }
261
262 void SpdyProxyClientSocket::LogBlockedTunnelResponse() const {
263 ProxyClientSocket::LogBlockedTunnelResponse(
264 response_.headers->response_code(),
265 /* is_https_proxy = */ true);
266 }
267
268 void SpdyProxyClientSocket::RunCallback(const CompletionCallback& callback,
269 int result) const {
270 callback.Run(result);
271 }
272
273 void SpdyProxyClientSocket::OnIOComplete(int result) {
274 DCHECK_NE(STATE_DISCONNECTED, next_state_);
275 int rv = DoLoop(result);
276 if (rv != ERR_IO_PENDING) {
277 CompletionCallback c = read_callback_;
278 read_callback_.Reset();
279 c.Run(rv);
280 }
281 }
282
283 int SpdyProxyClientSocket::DoLoop(int last_io_result) {
284 DCHECK_NE(next_state_, STATE_DISCONNECTED);
285 int rv = last_io_result;
286 do {
287 State state = next_state_;
288 next_state_ = STATE_DISCONNECTED;
289 switch (state) {
290 case STATE_GENERATE_AUTH_TOKEN:
291 DCHECK_EQ(OK, rv);
292 rv = DoGenerateAuthToken();
293 break;
294 case STATE_GENERATE_AUTH_TOKEN_COMPLETE:
295 rv = DoGenerateAuthTokenComplete(rv);
296 break;
297 case STATE_SEND_REQUEST:
298 DCHECK_EQ(OK, rv);
299 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_TUNNEL_SEND_REQUEST);
300 rv = DoSendRequest();
301 break;
302 case STATE_SEND_REQUEST_COMPLETE:
303 net_log_.EndEventWithNetErrorCode(
304 NetLog::TYPE_HTTP_TRANSACTION_TUNNEL_SEND_REQUEST, rv);
305 rv = DoSendRequestComplete(rv);
306 if (rv >= 0 || rv == ERR_IO_PENDING) {
307 // Emit extra event so can use the same events as
308 // HttpProxyClientSocket.
309 net_log_.BeginEvent(
310 NetLog::TYPE_HTTP_TRANSACTION_TUNNEL_READ_HEADERS);
311 }
312 break;
313 case STATE_READ_REPLY_COMPLETE:
314 rv = DoReadReplyComplete(rv);
315 net_log_.EndEventWithNetErrorCode(
316 NetLog::TYPE_HTTP_TRANSACTION_TUNNEL_READ_HEADERS, rv);
317 break;
318 default:
319 NOTREACHED() << "bad state";
320 rv = ERR_UNEXPECTED;
321 break;
322 }
323 } while (rv != ERR_IO_PENDING && next_state_ != STATE_DISCONNECTED &&
324 next_state_ != STATE_OPEN);
325 return rv;
326 }
327
328 int SpdyProxyClientSocket::DoGenerateAuthToken() {
329 next_state_ = STATE_GENERATE_AUTH_TOKEN_COMPLETE;
330 return auth_->MaybeGenerateAuthToken(
331 &request_,
332 base::Bind(&SpdyProxyClientSocket::OnIOComplete,
333 weak_factory_.GetWeakPtr()),
334 net_log_);
335 }
336
337 int SpdyProxyClientSocket::DoGenerateAuthTokenComplete(int result) {
338 DCHECK_NE(ERR_IO_PENDING, result);
339 if (result == OK)
340 next_state_ = STATE_SEND_REQUEST;
341 return result;
342 }
343
344 int SpdyProxyClientSocket::DoSendRequest() {
345 next_state_ = STATE_SEND_REQUEST_COMPLETE;
346
347 // Add Proxy-Authentication header if necessary.
348 HttpRequestHeaders authorization_headers;
349 if (auth_->HaveAuth()) {
350 auth_->AddAuthorizationHeader(&authorization_headers);
351 }
352
353 std::string request_line;
354 BuildTunnelRequest(endpoint_, authorization_headers, user_agent_,
355 &request_line, &request_.extra_headers);
356
357 net_log_.AddEvent(
358 NetLog::TYPE_HTTP_TRANSACTION_SEND_TUNNEL_HEADERS,
359 base::Bind(&HttpRequestHeaders::NetLogCallback,
360 base::Unretained(&request_.extra_headers), &request_line));
361
362 scoped_ptr<SpdyHeaderBlock> headers(new SpdyHeaderBlock());
363 CreateSpdyHeadersFromHttpRequest(request_, request_.extra_headers,
364 spdy_stream_->GetProtocolVersion(), true,
365 headers.get());
366
367 return spdy_stream_->SendRequestHeaders(headers.Pass(), MORE_DATA_TO_SEND);
368 }
369
370 int SpdyProxyClientSocket::DoSendRequestComplete(int result) {
371 if (result < 0)
372 return result;
373
374 // Wait for SYN_REPLY frame from the server
375 next_state_ = STATE_READ_REPLY_COMPLETE;
376 return ERR_IO_PENDING;
377 }
378
379 int SpdyProxyClientSocket::DoReadReplyComplete(int result) {
380 // We enter this method directly from DoSendRequestComplete, since
381 // we are notified by a callback when the SYN_REPLY frame arrives
382
383 if (result < 0)
384 return result;
385
386 // Require the "HTTP/1.x" status line for SSL CONNECT.
387 if (response_.headers->GetParsedHttpVersion() < HttpVersion(1, 0))
388 return ERR_TUNNEL_CONNECTION_FAILED;
389
390 net_log_.AddEvent(
391 NetLog::TYPE_HTTP_TRANSACTION_READ_TUNNEL_RESPONSE_HEADERS,
392 base::Bind(&HttpResponseHeaders::NetLogCallback, response_.headers));
393
394 switch (response_.headers->response_code()) {
395 case 200: // OK
396 next_state_ = STATE_OPEN;
397 return OK;
398
399 case 302: // Found / Moved Temporarily
400 // Try to return a sanitized response so we can follow auth redirects.
401 // If we can't, fail the tunnel connection.
402 if (!SanitizeProxyRedirect(&response_)) {
403 LogBlockedTunnelResponse();
404 return ERR_TUNNEL_CONNECTION_FAILED;
405 }
406
407 redirect_has_load_timing_info_ =
408 spdy_stream_->GetLoadTimingInfo(&redirect_load_timing_info_);
409 // Note that this triggers a RST_STREAM_CANCEL.
410 spdy_stream_->DetachDelegate();
411 next_state_ = STATE_DISCONNECTED;
412 return ERR_HTTPS_PROXY_TUNNEL_RESPONSE;
413
414 case 407: // Proxy Authentication Required
415 next_state_ = STATE_OPEN;
416 if (!SanitizeProxyAuth(&response_)) {
417 LogBlockedTunnelResponse();
418 return ERR_TUNNEL_CONNECTION_FAILED;
419 }
420 return HandleProxyAuthChallenge(auth_.get(), &response_, net_log_);
421
422 default:
423 // Ignore response to avoid letting the proxy impersonate the target
424 // server. (See http://crbug.com/137891.)
425 LogBlockedTunnelResponse();
426 return ERR_TUNNEL_CONNECTION_FAILED;
427 }
428 }
429
430 // SpdyStream::Delegate methods:
431 // Called when SYN frame has been sent.
432 // Returns true if no more data to be sent after SYN frame.
433 void SpdyProxyClientSocket::OnRequestHeadersSent() {
434 DCHECK_EQ(next_state_, STATE_SEND_REQUEST_COMPLETE);
435
436 OnIOComplete(OK);
437 }
438
439 SpdyResponseHeadersStatus SpdyProxyClientSocket::OnResponseHeadersUpdated(
440 const SpdyHeaderBlock& response_headers) {
441 // If we've already received the reply, existing headers are too late.
442 // TODO(mbelshe): figure out a way to make HEADERS frames useful after the
443 // initial response.
444 if (next_state_ != STATE_READ_REPLY_COMPLETE)
445 return RESPONSE_HEADERS_ARE_COMPLETE;
446
447 // Save the response
448 if (!SpdyHeadersToHttpResponse(
449 response_headers, spdy_stream_->GetProtocolVersion(), &response_))
450 return RESPONSE_HEADERS_ARE_INCOMPLETE;
451
452 OnIOComplete(OK);
453 return RESPONSE_HEADERS_ARE_COMPLETE;
454 }
455
456 // Called when data is received or on EOF (if |buffer| is NULL).
457 void SpdyProxyClientSocket::OnDataReceived(scoped_ptr<SpdyBuffer> buffer) {
458 if (buffer) {
459 net_log_.AddByteTransferEvent(NetLog::TYPE_SOCKET_BYTES_RECEIVED,
460 buffer->GetRemainingSize(),
461 buffer->GetRemainingData());
462 read_buffer_queue_.Enqueue(buffer.Pass());
463 } else {
464 net_log_.AddByteTransferEvent(NetLog::TYPE_SOCKET_BYTES_RECEIVED, 0, NULL);
465 }
466
467 if (!read_callback_.is_null()) {
468 int rv = PopulateUserReadBuffer(user_buffer_->data(), user_buffer_len_);
469 CompletionCallback c = read_callback_;
470 read_callback_.Reset();
471 user_buffer_ = NULL;
472 user_buffer_len_ = 0;
473 c.Run(rv);
474 }
475 }
476
477 void SpdyProxyClientSocket::OnDataSent() {
478 DCHECK(!write_callback_.is_null());
479
480 int rv = write_buffer_len_;
481 write_buffer_len_ = 0;
482
483 // Proxy write callbacks result in deep callback chains. Post to allow the
484 // stream's write callback chain to unwind (see crbug.com/355511).
485 base::MessageLoop::current()->PostTask(
486 FROM_HERE,
487 base::Bind(&SpdyProxyClientSocket::RunCallback,
488 write_callback_weak_factory_.GetWeakPtr(),
489 ResetAndReturn(&write_callback_),
490 rv));
491 }
492
493 void SpdyProxyClientSocket::OnClose(int status) {
494 was_ever_used_ = spdy_stream_->WasEverUsed();
495 spdy_stream_.reset();
496
497 bool connecting = next_state_ != STATE_DISCONNECTED &&
498 next_state_ < STATE_OPEN;
499 if (next_state_ == STATE_OPEN)
500 next_state_ = STATE_CLOSED;
501 else
502 next_state_ = STATE_DISCONNECTED;
503
504 base::WeakPtr<SpdyProxyClientSocket> weak_ptr = weak_factory_.GetWeakPtr();
505 CompletionCallback write_callback = write_callback_;
506 write_callback_.Reset();
507 write_buffer_len_ = 0;
508
509 // If we're in the middle of connecting, we need to make sure
510 // we invoke the connect callback.
511 if (connecting) {
512 DCHECK(!read_callback_.is_null());
513 CompletionCallback read_callback = read_callback_;
514 read_callback_.Reset();
515 read_callback.Run(status);
516 } else if (!read_callback_.is_null()) {
517 // If we have a read_callback_, the we need to make sure we call it back.
518 OnDataReceived(scoped_ptr<SpdyBuffer>());
519 }
520 // This may have been deleted by read_callback_, so check first.
521 if (weak_ptr.get() && !write_callback.is_null())
522 write_callback.Run(ERR_CONNECTION_CLOSED);
523 }
524
525 } // namespace net