1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/http/http_response_info.h"
7 #include "base/logging.h"
8 #include "base/pickle.h"
9 #include "base/time/time.h"
10 #include "net/base/auth.h"
11 #include "net/base/io_buffer.h"
12 #include "net/base/net_errors.h"
13 #include "net/cert/signed_certificate_timestamp.h"
14 #include "net/cert/x509_certificate.h"
15 #include "net/http/http_response_headers.h"
16 #include "net/ssl/ssl_cert_request_info.h"
24 X509Certificate::PickleType
GetPickleTypeForVersion(int version
) {
27 return X509Certificate::PICKLETYPE_SINGLE_CERTIFICATE
;
29 return X509Certificate::PICKLETYPE_CERTIFICATE_CHAIN_V2
;
32 return X509Certificate::PICKLETYPE_CERTIFICATE_CHAIN_V3
;
38 // These values can be bit-wise combined to form the flags field of the
39 // serialized HttpResponseInfo.
41 // The version of the response info used when persisting response info.
42 RESPONSE_INFO_VERSION
= 3,
44 // The minimum version supported for deserializing response info.
45 RESPONSE_INFO_MINIMUM_VERSION
= 1,
47 // We reserve up to 8 bits for the version number.
48 RESPONSE_INFO_VERSION_MASK
= 0xFF,
50 // This bit is set if the response info has a cert at the end.
51 // Version 1 serialized only the end-entity certificate, while subsequent
52 // versions include the available certificate chain.
53 RESPONSE_INFO_HAS_CERT
= 1 << 8,
55 // This bit is set if the response info has a security-bits field (security
56 // strength, in bits, of the SSL connection) at the end.
57 RESPONSE_INFO_HAS_SECURITY_BITS
= 1 << 9,
59 // This bit is set if the response info has a cert status at the end.
60 RESPONSE_INFO_HAS_CERT_STATUS
= 1 << 10,
62 // This bit is set if the response info has vary header data.
63 RESPONSE_INFO_HAS_VARY_DATA
= 1 << 11,
65 // This bit is set if the request was cancelled before completion.
66 RESPONSE_INFO_TRUNCATED
= 1 << 12,
68 // This bit is set if the response was received via SPDY.
69 RESPONSE_INFO_WAS_SPDY
= 1 << 13,
71 // This bit is set if the request has NPN negotiated.
72 RESPONSE_INFO_WAS_NPN
= 1 << 14,
74 // This bit is set if the request was fetched via an explicit proxy.
75 RESPONSE_INFO_WAS_PROXY
= 1 << 15,
77 // This bit is set if the response info has an SSL connection status field.
78 // This contains the ciphersuite used to fetch the resource as well as the
79 // protocol version, compression method and whether SSLv3 fallback was used.
80 RESPONSE_INFO_HAS_SSL_CONNECTION_STATUS
= 1 << 16,
82 // This bit is set if the response info has protocol version.
83 RESPONSE_INFO_HAS_NPN_NEGOTIATED_PROTOCOL
= 1 << 17,
85 // This bit is set if the response info has connection info.
86 RESPONSE_INFO_HAS_CONNECTION_INFO
= 1 << 18,
88 // This bit is set if the request has http authentication.
89 RESPONSE_INFO_USE_HTTP_AUTHENTICATION
= 1 << 19,
91 // This bit is set if ssl_info has SCTs.
92 RESPONSE_INFO_HAS_SIGNED_CERTIFICATE_TIMESTAMPS
= 1 << 20,
94 // TODO(darin): Add other bits to indicate alternate request methods.
95 // For now, we don't support storing those.
98 HttpResponseInfo::HttpResponseInfo()
100 server_data_unavailable(false),
101 network_accessed(false),
102 was_fetched_via_spdy(false),
103 was_npn_negotiated(false),
104 was_fetched_via_proxy(false),
105 did_use_http_auth(false),
106 connection_info(CONNECTION_INFO_UNKNOWN
) {
109 HttpResponseInfo::HttpResponseInfo(const HttpResponseInfo
& rhs
)
110 : was_cached(rhs
.was_cached
),
111 server_data_unavailable(rhs
.server_data_unavailable
),
112 network_accessed(rhs
.network_accessed
),
113 was_fetched_via_spdy(rhs
.was_fetched_via_spdy
),
114 was_npn_negotiated(rhs
.was_npn_negotiated
),
115 was_fetched_via_proxy(rhs
.was_fetched_via_proxy
),
116 proxy_server(rhs
.proxy_server
),
117 did_use_http_auth(rhs
.did_use_http_auth
),
118 socket_address(rhs
.socket_address
),
119 npn_negotiated_protocol(rhs
.npn_negotiated_protocol
),
120 connection_info(rhs
.connection_info
),
121 request_time(rhs
.request_time
),
122 response_time(rhs
.response_time
),
123 auth_challenge(rhs
.auth_challenge
),
124 cert_request_info(rhs
.cert_request_info
),
125 ssl_info(rhs
.ssl_info
),
126 headers(rhs
.headers
),
127 vary_data(rhs
.vary_data
),
128 metadata(rhs
.metadata
) {
131 HttpResponseInfo::~HttpResponseInfo() {
134 HttpResponseInfo
& HttpResponseInfo::operator=(const HttpResponseInfo
& rhs
) {
135 was_cached
= rhs
.was_cached
;
136 server_data_unavailable
= rhs
.server_data_unavailable
;
137 network_accessed
= rhs
.network_accessed
;
138 was_fetched_via_spdy
= rhs
.was_fetched_via_spdy
;
139 proxy_server
= rhs
.proxy_server
;
140 was_npn_negotiated
= rhs
.was_npn_negotiated
;
141 was_fetched_via_proxy
= rhs
.was_fetched_via_proxy
;
142 did_use_http_auth
= rhs
.did_use_http_auth
;
143 socket_address
= rhs
.socket_address
;
144 npn_negotiated_protocol
= rhs
.npn_negotiated_protocol
;
145 connection_info
= rhs
.connection_info
;
146 request_time
= rhs
.request_time
;
147 response_time
= rhs
.response_time
;
148 auth_challenge
= rhs
.auth_challenge
;
149 cert_request_info
= rhs
.cert_request_info
;
150 ssl_info
= rhs
.ssl_info
;
151 headers
= rhs
.headers
;
152 vary_data
= rhs
.vary_data
;
153 metadata
= rhs
.metadata
;
157 bool HttpResponseInfo::InitFromPickle(const Pickle
& pickle
,
158 bool* response_truncated
) {
159 PickleIterator
iter(pickle
);
161 // Read flags and verify version
163 if (!pickle
.ReadInt(&iter
, &flags
))
165 int version
= flags
& RESPONSE_INFO_VERSION_MASK
;
166 if (version
< RESPONSE_INFO_MINIMUM_VERSION
||
167 version
> RESPONSE_INFO_VERSION
) {
168 DLOG(ERROR
) << "unexpected response info version: " << version
;
174 if (!pickle
.ReadInt64(&iter
, &time_val
))
176 request_time
= Time::FromInternalValue(time_val
);
177 was_cached
= true; // Set status to show cache resurrection.
179 // Read response-time
180 if (!pickle
.ReadInt64(&iter
, &time_val
))
182 response_time
= Time::FromInternalValue(time_val
);
184 // Read response-headers
185 headers
= new HttpResponseHeaders(pickle
, &iter
);
186 if (headers
->response_code() == -1)
190 if (flags
& RESPONSE_INFO_HAS_CERT
) {
191 X509Certificate::PickleType type
= GetPickleTypeForVersion(version
);
192 ssl_info
.cert
= X509Certificate::CreateFromPickle(pickle
, &iter
, type
);
193 if (!ssl_info
.cert
.get())
196 if (flags
& RESPONSE_INFO_HAS_CERT_STATUS
) {
197 CertStatus cert_status
;
198 if (!pickle
.ReadUInt32(&iter
, &cert_status
))
200 ssl_info
.cert_status
= cert_status
;
202 if (flags
& RESPONSE_INFO_HAS_SECURITY_BITS
) {
204 if (!pickle
.ReadInt(&iter
, &security_bits
))
206 ssl_info
.security_bits
= security_bits
;
209 if (flags
& RESPONSE_INFO_HAS_SSL_CONNECTION_STATUS
) {
210 int connection_status
;
211 if (!pickle
.ReadInt(&iter
, &connection_status
))
213 ssl_info
.connection_status
= connection_status
;
216 if (flags
& RESPONSE_INFO_HAS_SIGNED_CERTIFICATE_TIMESTAMPS
) {
218 if (!pickle
.ReadInt(&iter
, &num_scts
))
220 for (int i
= 0; i
< num_scts
; ++i
) {
221 scoped_refptr
<ct::SignedCertificateTimestamp
> sct(
222 ct::SignedCertificateTimestamp::CreateFromPickle(&iter
));
224 if (!sct
.get() || !pickle
.ReadUInt16(&iter
, &status
))
226 ssl_info
.signed_certificate_timestamps
.push_back(
227 SignedCertificateTimestampAndStatus(
228 sct
, static_cast<ct::SCTVerifyStatus
>(status
)));
233 if (flags
& RESPONSE_INFO_HAS_VARY_DATA
) {
234 if (!vary_data
.InitFromPickle(pickle
, &iter
))
238 // Read socket_address.
239 std::string socket_address_host
;
240 if (pickle
.ReadString(&iter
, &socket_address_host
)) {
241 // If the host was written, we always expect the port to follow.
242 uint16 socket_address_port
;
243 if (!pickle
.ReadUInt16(&iter
, &socket_address_port
))
245 socket_address
= HostPortPair(socket_address_host
, socket_address_port
);
246 } else if (version
> 1) {
247 // socket_address was not always present in version 1 of the response
248 // info, so we don't fail if it can't be read.
252 // Read protocol-version.
253 if (flags
& RESPONSE_INFO_HAS_NPN_NEGOTIATED_PROTOCOL
) {
254 if (!pickle
.ReadString(&iter
, &npn_negotiated_protocol
))
258 // Read connection info.
259 if (flags
& RESPONSE_INFO_HAS_CONNECTION_INFO
) {
261 if (!pickle
.ReadInt(&iter
, &value
))
264 if (value
> static_cast<int>(CONNECTION_INFO_UNKNOWN
) &&
265 value
< static_cast<int>(NUM_OF_CONNECTION_INFOS
)) {
266 connection_info
= static_cast<ConnectionInfo
>(value
);
270 was_fetched_via_spdy
= (flags
& RESPONSE_INFO_WAS_SPDY
) != 0;
272 was_npn_negotiated
= (flags
& RESPONSE_INFO_WAS_NPN
) != 0;
274 was_fetched_via_proxy
= (flags
& RESPONSE_INFO_WAS_PROXY
) != 0;
276 *response_truncated
= (flags
& RESPONSE_INFO_TRUNCATED
) != 0;
278 did_use_http_auth
= (flags
& RESPONSE_INFO_USE_HTTP_AUTHENTICATION
) != 0;
283 void HttpResponseInfo::Persist(Pickle
* pickle
,
284 bool skip_transient_headers
,
285 bool response_truncated
) const {
286 int flags
= RESPONSE_INFO_VERSION
;
287 if (ssl_info
.is_valid()) {
288 flags
|= RESPONSE_INFO_HAS_CERT
;
289 flags
|= RESPONSE_INFO_HAS_CERT_STATUS
;
290 if (ssl_info
.security_bits
!= -1)
291 flags
|= RESPONSE_INFO_HAS_SECURITY_BITS
;
292 if (ssl_info
.connection_status
!= 0)
293 flags
|= RESPONSE_INFO_HAS_SSL_CONNECTION_STATUS
;
295 if (vary_data
.is_valid())
296 flags
|= RESPONSE_INFO_HAS_VARY_DATA
;
297 if (response_truncated
)
298 flags
|= RESPONSE_INFO_TRUNCATED
;
299 if (was_fetched_via_spdy
)
300 flags
|= RESPONSE_INFO_WAS_SPDY
;
301 if (was_npn_negotiated
) {
302 flags
|= RESPONSE_INFO_WAS_NPN
;
303 flags
|= RESPONSE_INFO_HAS_NPN_NEGOTIATED_PROTOCOL
;
305 if (was_fetched_via_proxy
)
306 flags
|= RESPONSE_INFO_WAS_PROXY
;
307 if (connection_info
!= CONNECTION_INFO_UNKNOWN
)
308 flags
|= RESPONSE_INFO_HAS_CONNECTION_INFO
;
309 if (did_use_http_auth
)
310 flags
|= RESPONSE_INFO_USE_HTTP_AUTHENTICATION
;
311 if (!ssl_info
.signed_certificate_timestamps
.empty())
312 flags
|= RESPONSE_INFO_HAS_SIGNED_CERTIFICATE_TIMESTAMPS
;
314 pickle
->WriteInt(flags
);
315 pickle
->WriteInt64(request_time
.ToInternalValue());
316 pickle
->WriteInt64(response_time
.ToInternalValue());
318 net::HttpResponseHeaders::PersistOptions persist_options
=
319 net::HttpResponseHeaders::PERSIST_RAW
;
321 if (skip_transient_headers
) {
323 net::HttpResponseHeaders::PERSIST_SANS_COOKIES
|
324 net::HttpResponseHeaders::PERSIST_SANS_CHALLENGES
|
325 net::HttpResponseHeaders::PERSIST_SANS_HOP_BY_HOP
|
326 net::HttpResponseHeaders::PERSIST_SANS_NON_CACHEABLE
|
327 net::HttpResponseHeaders::PERSIST_SANS_RANGES
|
328 net::HttpResponseHeaders::PERSIST_SANS_SECURITY_STATE
;
331 headers
->Persist(pickle
, persist_options
);
333 if (ssl_info
.is_valid()) {
334 ssl_info
.cert
->Persist(pickle
);
335 pickle
->WriteUInt32(ssl_info
.cert_status
);
336 if (ssl_info
.security_bits
!= -1)
337 pickle
->WriteInt(ssl_info
.security_bits
);
338 if (ssl_info
.connection_status
!= 0)
339 pickle
->WriteInt(ssl_info
.connection_status
);
340 if (!ssl_info
.signed_certificate_timestamps
.empty()) {
341 pickle
->WriteInt(ssl_info
.signed_certificate_timestamps
.size());
342 for (SignedCertificateTimestampAndStatusList::const_iterator it
=
343 ssl_info
.signed_certificate_timestamps
.begin(); it
!=
344 ssl_info
.signed_certificate_timestamps
.end(); ++it
) {
345 it
->sct
->Persist(pickle
);
346 pickle
->WriteUInt16(it
->status
);
351 if (vary_data
.is_valid())
352 vary_data
.Persist(pickle
);
354 pickle
->WriteString(socket_address
.host());
355 pickle
->WriteUInt16(socket_address
.port());
357 if (was_npn_negotiated
)
358 pickle
->WriteString(npn_negotiated_protocol
);
360 if (connection_info
!= CONNECTION_INFO_UNKNOWN
)
361 pickle
->WriteInt(static_cast<int>(connection_info
));
364 HttpResponseInfo::ConnectionInfo
HttpResponseInfo::ConnectionInfoFromNextProto(
365 NextProto next_proto
) {
366 switch (next_proto
) {
367 case kProtoDeprecatedSPDY2
:
368 return CONNECTION_INFO_DEPRECATED_SPDY2
;
371 return CONNECTION_INFO_SPDY3
;
373 return CONNECTION_INFO_SPDY4
;
374 case kProtoQUIC1SPDY3
:
375 return CONNECTION_INFO_QUIC1_SPDY3
;
383 return CONNECTION_INFO_UNKNOWN
;
387 std::string
HttpResponseInfo::ConnectionInfoToString(
388 ConnectionInfo connection_info
) {
389 switch (connection_info
) {
390 case CONNECTION_INFO_UNKNOWN
:
392 case CONNECTION_INFO_HTTP1
:
394 case CONNECTION_INFO_DEPRECATED_SPDY2
:
396 case CONNECTION_INFO_SPDY3
:
398 case CONNECTION_INFO_SPDY4
:
399 // This is the HTTP/2 draft 13 identifier. For internal
400 // consistency, HTTP/2 is named SPDY4 within Chromium.
402 case CONNECTION_INFO_QUIC1_SPDY3
:
403 return "quic/1+spdy/3";
404 case NUM_OF_CONNECTION_INFOS
: