search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Don't add an aura tooltip to bubble close buttons on Windows.
[chromium-blink-merge.git] / net / http / http_stream_factory_impl_job.cc
blob54e837914b04d3ac0c4622cb89b11a1902b39a1b
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/http_stream_factory_impl_job.h"
6
7 #include <algorithm>
8 #include <string>
9
10 #include "base/bind.h"
11 #include "base/bind_helpers.h"
12 #include "base/logging.h"
13 #include "base/metrics/histogram_macros.h"
14 #include "base/profiler/scoped_tracker.h"
15 #include "base/stl_util.h"
16 #include "base/strings/string_number_conversions.h"
17 #include "base/strings/string_util.h"
18 #include "base/strings/stringprintf.h"
19 #include "base/values.h"
20 #include "build/build_config.h"
21 #include "net/base/connection_type_histograms.h"
22 #include "net/base/net_util.h"
23 #include "net/http/http_basic_stream.h"
24 #include "net/http/http_network_session.h"
25 #include "net/http/http_proxy_client_socket.h"
26 #include "net/http/http_proxy_client_socket_pool.h"
27 #include "net/http/http_request_info.h"
28 #include "net/http/http_server_properties.h"
29 #include "net/http/http_stream_factory.h"
30 #include "net/http/http_stream_factory_impl_request.h"
31 #include "net/log/net_log.h"
32 #include "net/quic/quic_http_stream.h"
33 #include "net/socket/client_socket_handle.h"
34 #include "net/socket/client_socket_pool.h"
35 #include "net/socket/client_socket_pool_manager.h"
36 #include "net/socket/socks_client_socket_pool.h"
37 #include "net/socket/ssl_client_socket.h"
38 #include "net/socket/ssl_client_socket_pool.h"
39 #include "net/spdy/spdy_http_stream.h"
40 #include "net/spdy/spdy_session.h"
41 #include "net/spdy/spdy_session_pool.h"
42 #include "net/ssl/ssl_cert_request_info.h"
43
44 namespace net {
45
46 // Returns parameters associated with the start of a HTTP stream job.
47 base::Value* NetLogHttpStreamJobCallback(const GURL* original_url,
48 const GURL* url,
49 const GURL* alternate_url,
50 RequestPriority priority,
51 NetLog::LogLevel /* log_level */) {
52 base::DictionaryValue* dict = new base::DictionaryValue();
53 dict->SetString("original_url", original_url->GetOrigin().spec());
54 dict->SetString("url", url->GetOrigin().spec());
55 dict->SetString("alternate_service_url", alternate_url->GetOrigin().spec());
56 dict->SetString("priority", RequestPriorityToString(priority));
57 return dict;
58 }
59
60 // Returns parameters associated with the Proto (with NPN negotiation) of a HTTP
61 // stream.
62 base::Value* NetLogHttpStreamProtoCallback(
63 const SSLClientSocket::NextProtoStatus status,
64 const std::string* proto,
65 NetLog::LogLevel /* log_level */) {
66 base::DictionaryValue* dict = new base::DictionaryValue();
67
68 dict->SetString("next_proto_status",
69 SSLClientSocket::NextProtoStatusToString(status));
70 dict->SetString("proto", *proto);
71 return dict;
72 }
73
74 HttpStreamFactoryImpl::Job::Job(HttpStreamFactoryImpl* stream_factory,
75 HttpNetworkSession* session,
76 const HttpRequestInfo& request_info,
77 RequestPriority priority,
78 const SSLConfig& server_ssl_config,
79 const SSLConfig& proxy_ssl_config,
80 NetLog* net_log)
81 : request_(NULL),
82 request_info_(request_info),
83 priority_(priority),
84 server_ssl_config_(server_ssl_config),
85 proxy_ssl_config_(proxy_ssl_config),
86 net_log_(BoundNetLog::Make(net_log, NetLog::SOURCE_HTTP_STREAM_JOB)),
87 io_callback_(base::Bind(&Job::OnIOComplete, base::Unretained(this))),
88 connection_(new ClientSocketHandle),
89 session_(session),
90 stream_factory_(stream_factory),
91 next_state_(STATE_NONE),
92 pac_request_(NULL),
93 blocking_job_(NULL),
94 waiting_job_(NULL),
95 using_ssl_(false),
96 using_spdy_(false),
97 using_quic_(false),
98 quic_request_(session_->quic_stream_factory()),
99 using_existing_quic_session_(false),
100 spdy_certificate_error_(OK),
101 establishing_tunnel_(false),
102 was_npn_negotiated_(false),
103 protocol_negotiated_(kProtoUnknown),
104 num_streams_(0),
105 spdy_session_direct_(false),
106 job_status_(STATUS_RUNNING),
107 other_job_status_(STATUS_RUNNING),
108 ptr_factory_(this) {
109 DCHECK(stream_factory);
110 DCHECK(session);
111 }
112
113 HttpStreamFactoryImpl::Job::~Job() {
114 net_log_.EndEvent(NetLog::TYPE_HTTP_STREAM_JOB);
115
116 // When we're in a partially constructed state, waiting for the user to
117 // provide certificate handling information or authentication, we can't reuse
118 // this stream at all.
119 if (next_state_ == STATE_WAITING_USER_ACTION) {
120 connection_->socket()->Disconnect();
121 connection_.reset();
122 }
123
124 if (pac_request_)
125 session_->proxy_service()->CancelPacRequest(pac_request_);
126
127 // The stream could be in a partial state. It is not reusable.
128 if (stream_.get() && next_state_ != STATE_DONE)
129 stream_->Close(true /* not reusable */);
130 }
131
132 void HttpStreamFactoryImpl::Job::Start(Request* request) {
133 DCHECK(request);
134 request_ = request;
135 StartInternal();
136 }
137
138 int HttpStreamFactoryImpl::Job::Preconnect(int num_streams) {
139 DCHECK_GT(num_streams, 0);
140 base::WeakPtr<HttpServerProperties> http_server_properties =
141 session_->http_server_properties();
142 if (http_server_properties &&
143 http_server_properties->SupportsRequestPriority(
144 HostPortPair::FromURL(request_info_.url))) {
145 num_streams_ = 1;
146 } else {
147 num_streams_ = num_streams;
148 }
149 return StartInternal();
150 }
151
152 int HttpStreamFactoryImpl::Job::RestartTunnelWithProxyAuth(
153 const AuthCredentials& credentials) {
154 DCHECK(establishing_tunnel_);
155 next_state_ = STATE_RESTART_TUNNEL_AUTH;
156 stream_.reset();
157 return RunLoop(OK);
158 }
159
160 LoadState HttpStreamFactoryImpl::Job::GetLoadState() const {
161 switch (next_state_) {
162 case STATE_RESOLVE_PROXY_COMPLETE:
163 return session_->proxy_service()->GetLoadState(pac_request_);
164 case STATE_INIT_CONNECTION_COMPLETE:
165 case STATE_CREATE_STREAM_COMPLETE:
166 return using_quic_ ? LOAD_STATE_CONNECTING : connection_->GetLoadState();
167 default:
168 return LOAD_STATE_IDLE;
169 }
170 }
171
172 void HttpStreamFactoryImpl::Job::MarkAsAlternate(
173 AlternativeService alternative_service) {
174 DCHECK(!IsAlternate());
175 alternative_service_ = alternative_service;
176 if (alternative_service.protocol == QUIC) {
177 DCHECK(session_->params().enable_quic);
178 using_quic_ = true;
179 }
180 }
181
182 void HttpStreamFactoryImpl::Job::WaitFor(Job* job) {
183 DCHECK_EQ(STATE_NONE, next_state_);
184 DCHECK_EQ(STATE_NONE, job->next_state_);
185 DCHECK(!blocking_job_);
186 DCHECK(!job->waiting_job_);
187 blocking_job_ = job;
188 job->waiting_job_ = this;
189 }
190
191 void HttpStreamFactoryImpl::Job::Resume(Job* job) {
192 DCHECK_EQ(blocking_job_, job);
193 blocking_job_ = NULL;
194
195 // We know we're blocked if the next_state_ is STATE_WAIT_FOR_JOB_COMPLETE.
196 // Unblock |this|.
197 if (next_state_ == STATE_WAIT_FOR_JOB_COMPLETE) {
198 base::MessageLoop::current()->PostTask(
199 FROM_HERE,
200 base::Bind(&HttpStreamFactoryImpl::Job::OnIOComplete,
201 ptr_factory_.GetWeakPtr(), OK));
202 }
203 }
204
205 void HttpStreamFactoryImpl::Job::Orphan(const Request* request) {
206 DCHECK_EQ(request_, request);
207 request_ = NULL;
208 if (blocking_job_) {
209 // We've been orphaned, but there's a job we're blocked on. Don't bother
210 // racing, just cancel ourself.
211 DCHECK(blocking_job_->waiting_job_);
212 blocking_job_->waiting_job_ = NULL;
213 blocking_job_ = NULL;
214 if (stream_factory_->for_websockets_ &&
215 connection_ && connection_->socket()) {
216 connection_->socket()->Disconnect();
217 }
218 stream_factory_->OnOrphanedJobComplete(this);
219 } else if (stream_factory_->for_websockets_) {
220 // We cancel this job because a WebSocketHandshakeStream can't be created
221 // without a WebSocketHandshakeStreamBase::CreateHelper which is stored in
222 // the Request class and isn't accessible from this job.
223 if (connection_ && connection_->socket()) {
224 connection_->socket()->Disconnect();
225 }
226 stream_factory_->OnOrphanedJobComplete(this);
227 }
228 }
229
230 void HttpStreamFactoryImpl::Job::SetPriority(RequestPriority priority) {
231 priority_ = priority;
232 // TODO(akalin): Propagate this to |connection_| and maybe the
233 // preconnect state.
234 }
235
236 bool HttpStreamFactoryImpl::Job::was_npn_negotiated() const {
237 return was_npn_negotiated_;
238 }
239
240 NextProto HttpStreamFactoryImpl::Job::protocol_negotiated() const {
241 return protocol_negotiated_;
242 }
243
244 bool HttpStreamFactoryImpl::Job::using_spdy() const {
245 return using_spdy_;
246 }
247
248 const SSLConfig& HttpStreamFactoryImpl::Job::server_ssl_config() const {
249 return server_ssl_config_;
250 }
251
252 const SSLConfig& HttpStreamFactoryImpl::Job::proxy_ssl_config() const {
253 return proxy_ssl_config_;
254 }
255
256 const ProxyInfo& HttpStreamFactoryImpl::Job::proxy_info() const {
257 return proxy_info_;
258 }
259
260 void HttpStreamFactoryImpl::Job::GetSSLInfo() {
261 DCHECK(using_ssl_);
262 DCHECK(!establishing_tunnel_);
263 DCHECK(connection_.get() && connection_->socket());
264 SSLClientSocket* ssl_socket =
265 static_cast<SSLClientSocket*>(connection_->socket());
266 ssl_socket->GetSSLInfo(&ssl_info_);
267 }
268
269 SpdySessionKey HttpStreamFactoryImpl::Job::GetSpdySessionKey() const {
270 // In the case that we're using an HTTPS proxy for an HTTP url,
271 // we look for a SPDY session *to* the proxy, instead of to the
272 // origin server.
273 PrivacyMode privacy_mode = request_info_.privacy_mode;
274 if (IsHttpsProxyAndHttpUrl()) {
275 return SpdySessionKey(proxy_info_.proxy_server().host_port_pair(),
276 ProxyServer::Direct(),
277 privacy_mode);
278 }
279 return SpdySessionKey(server_, proxy_info_.proxy_server(), privacy_mode);
280 }
281
282 bool HttpStreamFactoryImpl::Job::CanUseExistingSpdySession() const {
283 // We need to make sure that if a spdy session was created for
284 // https://somehost/ that we don't use that session for http://somehost:443/.
285 // The only time we can use an existing session is if the request URL is
286 // https (the normal case) or if we're connection to a SPDY proxy, or
287 // if we're running with force_spdy_always_. crbug.com/133176
288 // TODO(ricea): Add "wss" back to this list when SPDY WebSocket support is
289 // working.
290 return alternative_service_url_.SchemeIs("https") ||
291 proxy_info_.proxy_server().is_https() ||
292 session_->params().force_spdy_always;
293 }
294
295 void HttpStreamFactoryImpl::Job::OnStreamReadyCallback() {
296 DCHECK(stream_.get());
297 DCHECK(!IsPreconnecting());
298 DCHECK(!stream_factory_->for_websockets_);
299 if (IsOrphaned()) {
300 stream_factory_->OnOrphanedJobComplete(this);
301 } else {
302 request_->Complete(was_npn_negotiated(),
303 protocol_negotiated(),
304 using_spdy(),
305 net_log_);
306 request_->OnStreamReady(this, server_ssl_config_, proxy_info_,
307 stream_.release());
308 }
309 // |this| may be deleted after this call.
310 }
311
312 void HttpStreamFactoryImpl::Job::OnWebSocketHandshakeStreamReadyCallback() {
313 DCHECK(websocket_stream_);
314 DCHECK(!IsPreconnecting());
315 DCHECK(stream_factory_->for_websockets_);
316 // An orphaned WebSocket job will be closed immediately and
317 // never be ready.
318 DCHECK(!IsOrphaned());
319 request_->Complete(was_npn_negotiated(),
320 protocol_negotiated(),
321 using_spdy(),
322 net_log_);
323 request_->OnWebSocketHandshakeStreamReady(this,
324 server_ssl_config_,
325 proxy_info_,
326 websocket_stream_.release());
327 // |this| may be deleted after this call.
328 }
329
330 void HttpStreamFactoryImpl::Job::OnNewSpdySessionReadyCallback() {
331 DCHECK(stream_.get());
332 DCHECK(!IsPreconnecting());
333 DCHECK(using_spdy());
334 // Note: an event loop iteration has passed, so |new_spdy_session_| may be
335 // NULL at this point if the SpdySession closed immediately after creation.
336 base::WeakPtr<SpdySession> spdy_session = new_spdy_session_;
337 new_spdy_session_.reset();
338
339 // TODO(jgraettinger): Notify the factory, and let that notify |request_|,
340 // rather than notifying |request_| directly.
341 if (IsOrphaned()) {
342 if (spdy_session) {
343 stream_factory_->OnNewSpdySessionReady(
344 spdy_session, spdy_session_direct_, server_ssl_config_, proxy_info_,
345 was_npn_negotiated(), protocol_negotiated(), using_spdy(), net_log_);
346 }
347 stream_factory_->OnOrphanedJobComplete(this);
348 } else {
349 request_->OnNewSpdySessionReady(
350 this, stream_.Pass(), spdy_session, spdy_session_direct_);
351 }
352 // |this| may be deleted after this call.
353 }
354
355 void HttpStreamFactoryImpl::Job::OnStreamFailedCallback(int result) {
356 DCHECK(!IsPreconnecting());
357 if (IsOrphaned())
358 stream_factory_->OnOrphanedJobComplete(this);
359 else
360 request_->OnStreamFailed(this, result, server_ssl_config_);
361 // |this| may be deleted after this call.
362 }
363
364 void HttpStreamFactoryImpl::Job::OnCertificateErrorCallback(
365 int result, const SSLInfo& ssl_info) {
366 DCHECK(!IsPreconnecting());
367 if (IsOrphaned())
368 stream_factory_->OnOrphanedJobComplete(this);
369 else
370 request_->OnCertificateError(this, result, server_ssl_config_, ssl_info);
371 // |this| may be deleted after this call.
372 }
373
374 void HttpStreamFactoryImpl::Job::OnNeedsProxyAuthCallback(
375 const HttpResponseInfo& response,
376 HttpAuthController* auth_controller) {
377 DCHECK(!IsPreconnecting());
378 if (IsOrphaned())
379 stream_factory_->OnOrphanedJobComplete(this);
380 else
381 request_->OnNeedsProxyAuth(
382 this, response, server_ssl_config_, proxy_info_, auth_controller);
383 // |this| may be deleted after this call.
384 }
385
386 void HttpStreamFactoryImpl::Job::OnNeedsClientAuthCallback(
387 SSLCertRequestInfo* cert_info) {
388 DCHECK(!IsPreconnecting());
389 if (IsOrphaned())
390 stream_factory_->OnOrphanedJobComplete(this);
391 else
392 request_->OnNeedsClientAuth(this, server_ssl_config_, cert_info);
393 // |this| may be deleted after this call.
394 }
395
396 void HttpStreamFactoryImpl::Job::OnHttpsProxyTunnelResponseCallback(
397 const HttpResponseInfo& response_info,
398 HttpStream* stream) {
399 DCHECK(!IsPreconnecting());
400 if (IsOrphaned())
401 stream_factory_->OnOrphanedJobComplete(this);
402 else
403 request_->OnHttpsProxyTunnelResponse(
404 this, response_info, server_ssl_config_, proxy_info_, stream);
405 // |this| may be deleted after this call.
406 }
407
408 void HttpStreamFactoryImpl::Job::OnPreconnectsComplete() {
409 DCHECK(!request_);
410 if (new_spdy_session_.get()) {
411 stream_factory_->OnNewSpdySessionReady(new_spdy_session_,
412 spdy_session_direct_,
413 server_ssl_config_,
414 proxy_info_,
415 was_npn_negotiated(),
416 protocol_negotiated(),
417 using_spdy(),
418 net_log_);
419 }
420 stream_factory_->OnPreconnectsComplete(this);
421 // |this| may be deleted after this call.
422 }
423
424 // static
425 int HttpStreamFactoryImpl::Job::OnHostResolution(
426 SpdySessionPool* spdy_session_pool,
427 const SpdySessionKey& spdy_session_key,
428 const AddressList& addresses,
429 const BoundNetLog& net_log) {
430 // It is OK to dereference spdy_session_pool, because the
431 // ClientSocketPoolManager will be destroyed in the same callback that
432 // destroys the SpdySessionPool.
433 return
434 spdy_session_pool->FindAvailableSession(spdy_session_key, net_log) ?
435 ERR_SPDY_SESSION_ALREADY_EXISTS : OK;
436 }
437
438 void HttpStreamFactoryImpl::Job::OnIOComplete(int result) {
439 RunLoop(result);
440 }
441
442 int HttpStreamFactoryImpl::Job::RunLoop(int result) {
443 result = DoLoop(result);
444
445 if (result == ERR_IO_PENDING)
446 return result;
447
448 // If there was an error, we should have already resumed the |waiting_job_|,
449 // if there was one.
450 DCHECK(result == OK || waiting_job_ == NULL);
451
452 if (IsPreconnecting()) {
453 base::MessageLoop::current()->PostTask(
454 FROM_HERE,
455 base::Bind(&HttpStreamFactoryImpl::Job::OnPreconnectsComplete,
456 ptr_factory_.GetWeakPtr()));
457 return ERR_IO_PENDING;
458 }
459
460 if (IsCertificateError(result)) {
461 // Retrieve SSL information from the socket.
462 GetSSLInfo();
463
464 next_state_ = STATE_WAITING_USER_ACTION;
465 base::MessageLoop::current()->PostTask(
466 FROM_HERE,
467 base::Bind(&HttpStreamFactoryImpl::Job::OnCertificateErrorCallback,
468 ptr_factory_.GetWeakPtr(), result, ssl_info_));
469 return ERR_IO_PENDING;
470 }
471
472 switch (result) {
473 case ERR_PROXY_AUTH_REQUESTED: {
474 UMA_HISTOGRAM_BOOLEAN("Net.ProxyAuthRequested.HasConnection",
475 connection_.get() != NULL);
476 if (!connection_.get())
477 return ERR_PROXY_AUTH_REQUESTED_WITH_NO_CONNECTION;
478 CHECK(connection_->socket());
479 CHECK(establishing_tunnel_);
480
481 next_state_ = STATE_WAITING_USER_ACTION;
482 ProxyClientSocket* proxy_socket =
483 static_cast<ProxyClientSocket*>(connection_->socket());
484 base::MessageLoop::current()->PostTask(
485 FROM_HERE,
486 base::Bind(&Job::OnNeedsProxyAuthCallback, ptr_factory_.GetWeakPtr(),
487 *proxy_socket->GetConnectResponseInfo(),
488 proxy_socket->GetAuthController()));
489 return ERR_IO_PENDING;
490 }
491
492 case ERR_SSL_CLIENT_AUTH_CERT_NEEDED:
493 base::MessageLoop::current()->PostTask(
494 FROM_HERE,
495 base::Bind(&Job::OnNeedsClientAuthCallback, ptr_factory_.GetWeakPtr(),
496 connection_->ssl_error_response_info().cert_request_info));
497 return ERR_IO_PENDING;
498
499 case ERR_HTTPS_PROXY_TUNNEL_RESPONSE: {
500 DCHECK(connection_.get());
501 DCHECK(connection_->socket());
502 DCHECK(establishing_tunnel_);
503
504 ProxyClientSocket* proxy_socket =
505 static_cast<ProxyClientSocket*>(connection_->socket());
506 base::MessageLoop::current()->PostTask(
507 FROM_HERE,
508 base::Bind(&Job::OnHttpsProxyTunnelResponseCallback,
509 ptr_factory_.GetWeakPtr(),
510 *proxy_socket->GetConnectResponseInfo(),
511 proxy_socket->CreateConnectResponseStream()));
512 return ERR_IO_PENDING;
513 }
514
515 case OK:
516 job_status_ = STATUS_SUCCEEDED;
517 MaybeMarkAlternativeServiceBroken();
518 next_state_ = STATE_DONE;
519 if (new_spdy_session_.get()) {
520 base::MessageLoop::current()->PostTask(
521 FROM_HERE,
522 base::Bind(&Job::OnNewSpdySessionReadyCallback,
523 ptr_factory_.GetWeakPtr()));
524 } else if (stream_factory_->for_websockets_) {
525 DCHECK(websocket_stream_);
526 base::MessageLoop::current()->PostTask(
527 FROM_HERE,
528 base::Bind(&Job::OnWebSocketHandshakeStreamReadyCallback,
529 ptr_factory_.GetWeakPtr()));
530 } else {
531 DCHECK(stream_.get());
532 base::MessageLoop::current()->PostTask(
533 FROM_HERE,
534 base::Bind(&Job::OnStreamReadyCallback, ptr_factory_.GetWeakPtr()));
535 }
536 return ERR_IO_PENDING;
537
538 default:
539 if (job_status_ != STATUS_BROKEN) {
540 DCHECK_EQ(STATUS_RUNNING, job_status_);
541 job_status_ = STATUS_FAILED;
542 MaybeMarkAlternativeServiceBroken();
543 }
544 base::MessageLoop::current()->PostTask(
545 FROM_HERE,
546 base::Bind(&Job::OnStreamFailedCallback, ptr_factory_.GetWeakPtr(),
547 result));
548 return ERR_IO_PENDING;
549 }
550 }
551
552 int HttpStreamFactoryImpl::Job::DoLoop(int result) {
553 DCHECK_NE(next_state_, STATE_NONE);
554 int rv = result;
555 do {
556 State state = next_state_;
557 next_state_ = STATE_NONE;
558 switch (state) {
559 case STATE_START:
560 DCHECK_EQ(OK, rv);
561 rv = DoStart();
562 break;
563 case STATE_RESOLVE_PROXY:
564 DCHECK_EQ(OK, rv);
565 rv = DoResolveProxy();
566 break;
567 case STATE_RESOLVE_PROXY_COMPLETE:
568 rv = DoResolveProxyComplete(rv);
569 break;
570 case STATE_WAIT_FOR_JOB:
571 DCHECK_EQ(OK, rv);
572 rv = DoWaitForJob();
573 break;
574 case STATE_WAIT_FOR_JOB_COMPLETE:
575 rv = DoWaitForJobComplete(rv);
576 break;
577 case STATE_INIT_CONNECTION:
578 DCHECK_EQ(OK, rv);
579 rv = DoInitConnection();
580 break;
581 case STATE_INIT_CONNECTION_COMPLETE:
582 rv = DoInitConnectionComplete(rv);
583 break;
584 case STATE_WAITING_USER_ACTION:
585 rv = DoWaitingUserAction(rv);
586 break;
587 case STATE_RESTART_TUNNEL_AUTH:
588 DCHECK_EQ(OK, rv);
589 rv = DoRestartTunnelAuth();
590 break;
591 case STATE_RESTART_TUNNEL_AUTH_COMPLETE:
592 rv = DoRestartTunnelAuthComplete(rv);
593 break;
594 case STATE_CREATE_STREAM:
595 DCHECK_EQ(OK, rv);
596 rv = DoCreateStream();
597 break;
598 case STATE_CREATE_STREAM_COMPLETE:
599 rv = DoCreateStreamComplete(rv);
600 break;
601 default:
602 NOTREACHED() << "bad state";
603 rv = ERR_FAILED;
604 break;
605 }
606 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE);
607 return rv;
608 }
609
610 int HttpStreamFactoryImpl::Job::StartInternal() {
611 CHECK_EQ(STATE_NONE, next_state_);
612 next_state_ = STATE_START;
613 int rv = RunLoop(OK);
614 DCHECK_EQ(ERR_IO_PENDING, rv);
615 return rv;
616 }
617
618 int HttpStreamFactoryImpl::Job::DoStart() {
619 if (IsAlternate()) {
620 server_ = alternative_service_.host_port_pair();
621 } else {
622 server_ = HostPortPair::FromURL(request_info_.url);
623 }
624 origin_url_ =
625 stream_factory_->ApplyHostMappingRules(request_info_.url, &server_);
626 alternative_service_url_ = origin_url_;
627 // For SPDY via Alt-Svc, set |alternative_service_url_| to
628 // https://<alternative host>:<alternative port>/...
629 // so the proxy resolution works with the actual destination, and so
630 // that the correct socket pool is used.
631 // TODO(rch): change the socket pool API to not require a full URL.
632 if (alternative_service_.protocol >= NPN_SPDY_MINIMUM_VERSION &&
633 alternative_service_.protocol <= NPN_SPDY_MAXIMUM_VERSION) {
634 // TODO(rch): Figure out how to make QUIC iteract with PAC
635 // scripts. By not re-writing the URL, we will query the PAC script
636 // for the proxy to use to reach the original URL via TCP. But
637 // the alternate request will be going via UDP to a different port.
638 GURL::Replacements replacements;
639 // new_port needs to be in scope here because GURL::Replacements references
640 // the memory contained by it directly.
641 const std::string new_port = base::IntToString(alternative_service_.port);
642 replacements.SetSchemeStr("https");
643 replacements.SetPortStr(new_port);
644 alternative_service_url_ =
645 alternative_service_url_.ReplaceComponents(replacements);
646 }
647
648 net_log_.BeginEvent(
649 NetLog::TYPE_HTTP_STREAM_JOB,
650 base::Bind(&NetLogHttpStreamJobCallback, &request_info_.url, &origin_url_,
651 &alternative_service_url_, priority_));
652
653 // Don't connect to restricted ports.
654 bool is_port_allowed = IsPortAllowedByDefault(server_.port());
655 if (request_info_.url.SchemeIs("ftp")) {
656 // Never share connection with other jobs for FTP requests.
657 DCHECK(!waiting_job_);
658
659 is_port_allowed = IsPortAllowedByFtp(server_.port());
660 }
661 if (!is_port_allowed && !IsPortAllowedByOverride(server_.port())) {
662 if (waiting_job_) {
663 waiting_job_->Resume(this);
664 waiting_job_ = NULL;
665 }
666 return ERR_UNSAFE_PORT;
667 }
668
669 next_state_ = STATE_RESOLVE_PROXY;
670 return OK;
671 }
672
673 int HttpStreamFactoryImpl::Job::DoResolveProxy() {
674 DCHECK(!pac_request_);
675 DCHECK(session_);
676
677 next_state_ = STATE_RESOLVE_PROXY_COMPLETE;
678
679 if (request_info_.load_flags & LOAD_BYPASS_PROXY) {
680 proxy_info_.UseDirect();
681 return OK;
682 }
683
684 return session_->proxy_service()->ResolveProxy(
685 alternative_service_url_, request_info_.load_flags, &proxy_info_,
686 io_callback_, &pac_request_, session_->network_delegate(), net_log_);
687 }
688
689 int HttpStreamFactoryImpl::Job::DoResolveProxyComplete(int result) {
690 pac_request_ = NULL;
691
692 if (result == OK) {
693 // Remove unsupported proxies from the list.
694 int supported_proxies =
695 ProxyServer::SCHEME_DIRECT | ProxyServer::SCHEME_HTTP |
696 ProxyServer::SCHEME_HTTPS | ProxyServer::SCHEME_SOCKS4 |
697 ProxyServer::SCHEME_SOCKS5;
698
699 if (session_->params().enable_quic_for_proxies)
700 supported_proxies |= ProxyServer::SCHEME_QUIC;
701
702 proxy_info_.RemoveProxiesWithoutScheme(supported_proxies);
703
704 if (proxy_info_.is_empty()) {
705 // No proxies/direct to choose from. This happens when we don't support
706 // any of the proxies in the returned list.
707 result = ERR_NO_SUPPORTED_PROXIES;
708 } else if (using_quic_ &&
709 (!proxy_info_.is_quic() && !proxy_info_.is_direct())) {
710 // QUIC can not be spoken to non-QUIC proxies. This error should not be
711 // user visible, because the non-alternate job should be resumed.
712 result = ERR_NO_SUPPORTED_PROXIES;
713 }
714 }
715
716 if (result != OK) {
717 if (waiting_job_) {
718 waiting_job_->Resume(this);
719 waiting_job_ = NULL;
720 }
721 return result;
722 }
723
724 if (blocking_job_)
725 next_state_ = STATE_WAIT_FOR_JOB;
726 else
727 next_state_ = STATE_INIT_CONNECTION;
728 return OK;
729 }
730
731 bool HttpStreamFactoryImpl::Job::ShouldForceSpdySSL() const {
732 bool rv = session_->params().force_spdy_always &&
733 session_->params().force_spdy_over_ssl;
734 return rv && !session_->HasSpdyExclusion(server_);
735 }
736
737 bool HttpStreamFactoryImpl::Job::ShouldForceSpdyWithoutSSL() const {
738 bool rv = session_->params().force_spdy_always &&
739 !session_->params().force_spdy_over_ssl;
740 return rv && !session_->HasSpdyExclusion(server_);
741 }
742
743 bool HttpStreamFactoryImpl::Job::ShouldForceQuic() const {
744 return session_->params().enable_quic &&
745 session_->params().origin_to_force_quic_on.Equals(server_) &&
746 proxy_info_.is_direct();
747 }
748
749 int HttpStreamFactoryImpl::Job::DoWaitForJob() {
750 DCHECK(blocking_job_);
751 next_state_ = STATE_WAIT_FOR_JOB_COMPLETE;
752 return ERR_IO_PENDING;
753 }
754
755 int HttpStreamFactoryImpl::Job::DoWaitForJobComplete(int result) {
756 DCHECK(!blocking_job_);
757 DCHECK_EQ(OK, result);
758 next_state_ = STATE_INIT_CONNECTION;
759 return OK;
760 }
761
762 int HttpStreamFactoryImpl::Job::DoInitConnection() {
763 // TODO(pkasting): Remove ScopedTracker below once crbug.com/462812 is fixed.
764 tracked_objects::ScopedTracker tracking_profile(
765 FROM_HERE_WITH_EXPLICIT_FUNCTION(
766 "462812 HttpStreamFactoryImpl::Job::DoInitConnection"));
767 DCHECK(!blocking_job_);
768 DCHECK(!connection_->is_initialized());
769 DCHECK(proxy_info_.proxy_server().is_valid());
770 next_state_ = STATE_INIT_CONNECTION_COMPLETE;
771
772 using_ssl_ = alternative_service_url_.SchemeIs("https") ||
773 alternative_service_url_.SchemeIs("wss") || ShouldForceSpdySSL();
774 using_spdy_ = false;
775
776 if (ShouldForceQuic())
777 using_quic_ = true;
778
779 DCHECK(!using_quic_ || session_->params().enable_quic);
780
781 if (proxy_info_.is_quic()) {
782 using_quic_ = true;
783 DCHECK(session_->params().enable_quic_for_proxies);
784 }
785
786 if (using_quic_) {
787 if (proxy_info_.is_quic() && !request_info_.url.SchemeIs("http")) {
788 NOTREACHED();
789 // TODO(rch): support QUIC proxies for HTTPS urls.
790 return ERR_NOT_IMPLEMENTED;
791 }
792 HostPortPair destination = proxy_info_.is_quic()
793 ? proxy_info_.proxy_server().host_port_pair()
794 : server_;
795 next_state_ = STATE_INIT_CONNECTION_COMPLETE;
796 bool secure_quic = using_ssl_ || proxy_info_.is_quic();
797 int rv = quic_request_.Request(
798 destination, secure_quic, request_info_.privacy_mode,
799 request_info_.method, net_log_, io_callback_);
800 if (rv == OK) {
801 using_existing_quic_session_ = true;
802 } else {
803 // OK, there's no available QUIC session. Let |waiting_job_| resume
804 // if it's paused.
805 if (waiting_job_) {
806 waiting_job_->Resume(this);
807 waiting_job_ = NULL;
808 }
809 }
810 return rv;
811 }
812
813 // Check first if we have a spdy session for this group. If so, then go
814 // straight to using that.
815 SpdySessionKey spdy_session_key = GetSpdySessionKey();
816 base::WeakPtr<SpdySession> spdy_session =
817 session_->spdy_session_pool()->FindAvailableSession(
818 spdy_session_key, net_log_);
819 if (spdy_session && CanUseExistingSpdySession()) {
820 // If we're preconnecting, but we already have a SpdySession, we don't
821 // actually need to preconnect any sockets, so we're done.
822 if (IsPreconnecting())
823 return OK;
824 using_spdy_ = true;
825 next_state_ = STATE_CREATE_STREAM;
826 existing_spdy_session_ = spdy_session;
827 return OK;
828 } else if (request_ && !request_->HasSpdySessionKey() &&
829 (using_ssl_ || ShouldForceSpdyWithoutSSL())) {
830 // Update the spdy session key for the request that launched this job.
831 request_->SetSpdySessionKey(spdy_session_key);
832 }
833
834 // OK, there's no available SPDY session. Let |waiting_job_| resume if it's
835 // paused.
836
837 if (waiting_job_) {
838 waiting_job_->Resume(this);
839 waiting_job_ = NULL;
840 }
841
842 if (proxy_info_.is_http() || proxy_info_.is_https())
843 establishing_tunnel_ = using_ssl_;
844
845 // TODO(bnc): s/want_spdy_over_npn/expect_spdy_over_npn/
846 bool want_spdy_over_npn = IsAlternate();
847
848 if (proxy_info_.is_https()) {
849 InitSSLConfig(proxy_info_.proxy_server().host_port_pair(),
850 &proxy_ssl_config_,
851 true /* is a proxy server */);
852 // Disable revocation checking for HTTPS proxies since the revocation
853 // requests are probably going to need to go through the proxy too.
854 proxy_ssl_config_.rev_checking_enabled = false;
855 }
856 if (using_ssl_) {
857 InitSSLConfig(server_, &server_ssl_config_, false /* not a proxy server */);
858 }
859
860 base::WeakPtr<HttpServerProperties> http_server_properties =
861 session_->http_server_properties();
862 if (http_server_properties) {
863 http_server_properties->MaybeForceHTTP11(server_, &server_ssl_config_);
864 if (proxy_info_.is_http() || proxy_info_.is_https()) {
865 http_server_properties->MaybeForceHTTP11(
866 proxy_info_.proxy_server().host_port_pair(), &proxy_ssl_config_);
867 }
868 }
869
870 if (IsPreconnecting()) {
871 DCHECK(!stream_factory_->for_websockets_);
872 return PreconnectSocketsForHttpRequest(
873 alternative_service_url_, request_info_.extra_headers,
874 request_info_.load_flags, priority_, session_, proxy_info_,
875 ShouldForceSpdySSL(), want_spdy_over_npn, server_ssl_config_,
876 proxy_ssl_config_, request_info_.privacy_mode, net_log_, num_streams_);
877 }
878
879 // If we can't use a SPDY session, don't bother checking for one after
880 // the hostname is resolved.
881 OnHostResolutionCallback resolution_callback = CanUseExistingSpdySession() ?
882 base::Bind(&Job::OnHostResolution, session_->spdy_session_pool(),
883 GetSpdySessionKey()) :
884 OnHostResolutionCallback();
885 if (stream_factory_->for_websockets_) {
886 // TODO(ricea): Re-enable NPN when WebSockets over SPDY is supported.
887 SSLConfig websocket_server_ssl_config = server_ssl_config_;
888 websocket_server_ssl_config.next_protos.clear();
889 return InitSocketHandleForWebSocketRequest(
890 origin_url_, request_info_.extra_headers, request_info_.load_flags,
891 priority_, session_, proxy_info_, ShouldForceSpdySSL(),
892 want_spdy_over_npn, websocket_server_ssl_config, proxy_ssl_config_,
893 request_info_.privacy_mode, net_log_,
894 connection_.get(), resolution_callback, io_callback_);
895 }
896
897 return InitSocketHandleForHttpRequest(
898 alternative_service_url_, request_info_.extra_headers,
899 request_info_.load_flags, priority_, session_, proxy_info_,
900 ShouldForceSpdySSL(), want_spdy_over_npn, server_ssl_config_,
901 proxy_ssl_config_, request_info_.privacy_mode, net_log_,
902 connection_.get(), resolution_callback, io_callback_);
903 }
904
905 int HttpStreamFactoryImpl::Job::DoInitConnectionComplete(int result) {
906 if (IsPreconnecting()) {
907 if (using_quic_)
908 return result;
909 DCHECK_EQ(OK, result);
910 return OK;
911 }
912
913 if (result == ERR_SPDY_SESSION_ALREADY_EXISTS) {
914 // We found a SPDY connection after resolving the host. This is
915 // probably an IP pooled connection.
916 SpdySessionKey spdy_session_key = GetSpdySessionKey();
917 existing_spdy_session_ =
918 session_->spdy_session_pool()->FindAvailableSession(
919 spdy_session_key, net_log_);
920 if (existing_spdy_session_) {
921 using_spdy_ = true;
922 next_state_ = STATE_CREATE_STREAM;
923 } else {
924 // It is possible that the spdy session no longer exists.
925 ReturnToStateInitConnection(true /* close connection */);
926 }
927 return OK;
928 }
929
930 if (proxy_info_.is_quic() && using_quic_ &&
931 (result == ERR_QUIC_PROTOCOL_ERROR ||
932 result == ERR_QUIC_HANDSHAKE_FAILED)) {
933 using_quic_ = false;
934 return ReconsiderProxyAfterError(result);
935 }
936
937 // TODO(willchan): Make this a bit more exact. Maybe there are recoverable
938 // errors, such as ignoring certificate errors for Alternate-Protocol.
939 if (result < 0 && waiting_job_) {
940 waiting_job_->Resume(this);
941 waiting_job_ = NULL;
942 }
943
944 // |result| may be the result of any of the stacked pools. The following
945 // logic is used when determining how to interpret an error.
946 // If |result| < 0:
947 // and connection_->socket() != NULL, then the SSL handshake ran and it
948 // is a potentially recoverable error.
949 // and connection_->socket == NULL and connection_->is_ssl_error() is true,
950 // then the SSL handshake ran with an unrecoverable error.
951 // otherwise, the error came from one of the other pools.
952 bool ssl_started = using_ssl_ && (result == OK || connection_->socket() ||
953 connection_->is_ssl_error());
954
955 if (ssl_started && (result == OK || IsCertificateError(result))) {
956 if (using_quic_ && result == OK) {
957 was_npn_negotiated_ = true;
958 NextProto protocol_negotiated =
959 SSLClientSocket::NextProtoFromString("quic/1+spdy/3");
960 protocol_negotiated_ = protocol_negotiated;
961 } else {
962 SSLClientSocket* ssl_socket =
963 static_cast<SSLClientSocket*>(connection_->socket());
964 if (ssl_socket->WasNpnNegotiated()) {
965 was_npn_negotiated_ = true;
966 std::string proto;
967 SSLClientSocket::NextProtoStatus status =
968 ssl_socket->GetNextProto(&proto);
969 NextProto protocol_negotiated =
970 SSLClientSocket::NextProtoFromString(proto);
971 protocol_negotiated_ = protocol_negotiated;
972 net_log_.AddEvent(
973 NetLog::TYPE_HTTP_STREAM_REQUEST_PROTO,
974 base::Bind(&NetLogHttpStreamProtoCallback,
975 status, &proto));
976 if (ssl_socket->was_spdy_negotiated())
977 SwitchToSpdyMode();
978 }
979 if (ShouldForceSpdySSL())
980 SwitchToSpdyMode();
981 }
982 } else if (proxy_info_.is_https() && connection_->socket() &&
983 result == OK) {
984 ProxyClientSocket* proxy_socket =
985 static_cast<ProxyClientSocket*>(connection_->socket());
986 if (proxy_socket->IsUsingSpdy()) {
987 was_npn_negotiated_ = true;
988 protocol_negotiated_ = proxy_socket->GetProtocolNegotiated();
989 SwitchToSpdyMode();
990 }
991 }
992
993 // We may be using spdy without SSL
994 if (ShouldForceSpdyWithoutSSL())
995 SwitchToSpdyMode();
996
997 if (result == ERR_PROXY_AUTH_REQUESTED ||
998 result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) {
999 DCHECK(!ssl_started);
1000 // Other state (i.e. |using_ssl_|) suggests that |connection_| will have an
1001 // SSL socket, but there was an error before that could happen. This
1002 // puts the in progress HttpProxy socket into |connection_| in order to
1003 // complete the auth (or read the response body). The tunnel restart code
1004 // is careful to remove it before returning control to the rest of this
1005 // class.
1006 connection_.reset(connection_->release_pending_http_proxy_connection());
1007 return result;
1008 }
1009
1010 if (!ssl_started && result < 0 && IsAlternate()) {
1011 job_status_ = STATUS_BROKEN;
1012 MaybeMarkAlternativeServiceBroken();
1013 return result;
1014 }
1015
1016 if (using_quic_) {
1017 if (result < 0) {
1018 job_status_ = STATUS_BROKEN;
1019 MaybeMarkAlternativeServiceBroken();
1020 return result;
1021 }
1022 stream_ = quic_request_.ReleaseStream();
1023 next_state_ = STATE_NONE;
1024 return OK;
1025 }
1026
1027 if (result < 0 && !ssl_started)
1028 return ReconsiderProxyAfterError(result);
1029 establishing_tunnel_ = false;
1030
1031 if (connection_->socket()) {
1032 // We officially have a new connection. Record the type.
1033 if (!connection_->is_reused()) {
1034 ConnectionType type = using_spdy_ ? CONNECTION_SPDY : CONNECTION_HTTP;
1035 UpdateConnectionTypeHistograms(type);
1036 }
1037 }
1038
1039 // Handle SSL errors below.
1040 if (using_ssl_) {
1041 DCHECK(ssl_started);
1042 if (IsCertificateError(result)) {
1043 if (using_spdy_ && IsAlternate() && origin_url_.SchemeIs("http")) {
1044 // We ignore certificate errors for http over spdy.
1045 spdy_certificate_error_ = result;
1046 result = OK;
1047 } else {
1048 result = HandleCertificateError(result);
1049 if (result == OK && !connection_->socket()->IsConnectedAndIdle()) {
1050 ReturnToStateInitConnection(true /* close connection */);
1051 return result;
1052 }
1053 }
1054 }
1055 if (result < 0)
1056 return result;
1057 }
1058
1059 next_state_ = STATE_CREATE_STREAM;
1060 return OK;
1061 }
1062
1063 int HttpStreamFactoryImpl::Job::DoWaitingUserAction(int result) {
1064 // This state indicates that the stream request is in a partially
1065 // completed state, and we've called back to the delegate for more
1066 // information.
1067
1068 // We're always waiting here for the delegate to call us back.
1069 return ERR_IO_PENDING;
1070 }
1071
1072 int HttpStreamFactoryImpl::Job::SetSpdyHttpStream(
1073 base::WeakPtr<SpdySession> session, bool direct) {
1074 // TODO(ricea): Restore the code for WebSockets over SPDY once it's
1075 // implemented.
1076 if (stream_factory_->for_websockets_)
1077 return ERR_NOT_IMPLEMENTED;
1078
1079 // TODO(willchan): Delete this code, because eventually, the
1080 // HttpStreamFactoryImpl will be creating all the SpdyHttpStreams, since it
1081 // will know when SpdySessions become available.
1082
1083 bool use_relative_url = direct || request_info_.url.SchemeIs("https");
1084 stream_.reset(new SpdyHttpStream(session, use_relative_url));
1085 return OK;
1086 }
1087
1088 int HttpStreamFactoryImpl::Job::DoCreateStream() {
1089 // TODO(pkasting): Remove ScopedTracker below once crbug.com/462811 is fixed.
1090 tracked_objects::ScopedTracker tracking_profile(
1091 FROM_HERE_WITH_EXPLICIT_FUNCTION(
1092 "462811 HttpStreamFactoryImpl::Job::DoCreateStream"));
1093 DCHECK(connection_->socket() || existing_spdy_session_.get() || using_quic_);
1094
1095 next_state_ = STATE_CREATE_STREAM_COMPLETE;
1096
1097 // We only set the socket motivation if we're the first to use
1098 // this socket. Is there a race for two SPDY requests? We really
1099 // need to plumb this through to the connect level.
1100 if (connection_->socket() && !connection_->is_reused())
1101 SetSocketMotivation();
1102
1103 if (!using_spdy_) {
1104 // We may get ftp scheme when fetching ftp resources through proxy.
1105 bool using_proxy = (proxy_info_.is_http() || proxy_info_.is_https()) &&
1106 (request_info_.url.SchemeIs("http") ||
1107 request_info_.url.SchemeIs("ftp"));
1108 if (stream_factory_->for_websockets_) {
1109 DCHECK(request_);
1110 DCHECK(request_->websocket_handshake_stream_create_helper());
1111 websocket_stream_.reset(
1112 request_->websocket_handshake_stream_create_helper()
1113 ->CreateBasicStream(connection_.Pass(), using_proxy));
1114 } else {
1115 stream_.reset(new HttpBasicStream(connection_.release(), using_proxy));
1116 }
1117 return OK;
1118 }
1119
1120 CHECK(!stream_.get());
1121
1122 bool direct = true;
1123 const ProxyServer& proxy_server = proxy_info_.proxy_server();
1124 PrivacyMode privacy_mode = request_info_.privacy_mode;
1125 if (IsHttpsProxyAndHttpUrl())
1126 direct = false;
1127
1128 if (existing_spdy_session_.get()) {
1129 // We picked up an existing session, so we don't need our socket.
1130 if (connection_->socket())
1131 connection_->socket()->Disconnect();
1132 connection_->Reset();
1133
1134 int set_result = SetSpdyHttpStream(existing_spdy_session_, direct);
1135 existing_spdy_session_.reset();
1136 return set_result;
1137 }
1138
1139 SpdySessionKey spdy_session_key(server_, proxy_server, privacy_mode);
1140 if (IsHttpsProxyAndHttpUrl()) {
1141 // If we don't have a direct SPDY session, and we're using an HTTPS
1142 // proxy, then we might have a SPDY session to the proxy.
1143 // We never use privacy mode for connection to proxy server.
1144 spdy_session_key = SpdySessionKey(proxy_server.host_port_pair(),
1145 ProxyServer::Direct(),
1146 PRIVACY_MODE_DISABLED);
1147 }
1148
1149 SpdySessionPool* spdy_pool = session_->spdy_session_pool();
1150 base::WeakPtr<SpdySession> spdy_session =
1151 spdy_pool->FindAvailableSession(spdy_session_key, net_log_);
1152
1153 if (spdy_session) {
1154 return SetSpdyHttpStream(spdy_session, direct);
1155 }
1156
1157 spdy_session =
1158 spdy_pool->CreateAvailableSessionFromSocket(spdy_session_key,
1159 connection_.Pass(),
1160 net_log_,
1161 spdy_certificate_error_,
1162 using_ssl_);
1163 if (!spdy_session->HasAcceptableTransportSecurity()) {
1164 spdy_session->CloseSessionOnError(
1165 ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY, "");
1166 return ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY;
1167 }
1168
1169 new_spdy_session_ = spdy_session;
1170 spdy_session_direct_ = direct;
1171 const HostPortPair& host_port_pair = spdy_session_key.host_port_pair();
1172 base::WeakPtr<HttpServerProperties> http_server_properties =
1173 session_->http_server_properties();
1174 if (http_server_properties)
1175 http_server_properties->SetSupportsSpdy(host_port_pair, true);
1176
1177 // Create a SpdyHttpStream attached to the session;
1178 // OnNewSpdySessionReadyCallback is not called until an event loop
1179 // iteration later, so if the SpdySession is closed between then, allow
1180 // reuse state from the underlying socket, sampled by SpdyHttpStream,
1181 // bubble up to the request.
1182 return SetSpdyHttpStream(new_spdy_session_, spdy_session_direct_);
1183 }
1184
1185 int HttpStreamFactoryImpl::Job::DoCreateStreamComplete(int result) {
1186 if (result < 0)
1187 return result;
1188
1189 session_->proxy_service()->ReportSuccess(proxy_info_,
1190 session_->network_delegate());
1191 next_state_ = STATE_NONE;
1192 return OK;
1193 }
1194
1195 int HttpStreamFactoryImpl::Job::DoRestartTunnelAuth() {
1196 next_state_ = STATE_RESTART_TUNNEL_AUTH_COMPLETE;
1197 ProxyClientSocket* proxy_socket =
1198 static_cast<ProxyClientSocket*>(connection_->socket());
1199 return proxy_socket->RestartWithAuth(io_callback_);
1200 }
1201
1202 int HttpStreamFactoryImpl::Job::DoRestartTunnelAuthComplete(int result) {
1203 if (result == ERR_PROXY_AUTH_REQUESTED)
1204 return result;
1205
1206 if (result == OK) {
1207 // Now that we've got the HttpProxyClientSocket connected. We have
1208 // to release it as an idle socket into the pool and start the connection
1209 // process from the beginning. Trying to pass it in with the
1210 // SSLSocketParams might cause a deadlock since params are dispatched
1211 // interchangeably. This request won't necessarily get this http proxy
1212 // socket, but there will be forward progress.
1213 establishing_tunnel_ = false;
1214 ReturnToStateInitConnection(false /* do not close connection */);
1215 return OK;
1216 }
1217
1218 return ReconsiderProxyAfterError(result);
1219 }
1220
1221 void HttpStreamFactoryImpl::Job::ReturnToStateInitConnection(
1222 bool close_connection) {
1223 if (close_connection && connection_->socket())
1224 connection_->socket()->Disconnect();
1225 connection_->Reset();
1226
1227 if (request_)
1228 request_->RemoveRequestFromSpdySessionRequestMap();
1229
1230 next_state_ = STATE_INIT_CONNECTION;
1231 }
1232
1233 void HttpStreamFactoryImpl::Job::SetSocketMotivation() {
1234 if (request_info_.motivation == HttpRequestInfo::PRECONNECT_MOTIVATED)
1235 connection_->socket()->SetSubresourceSpeculation();
1236 else if (request_info_.motivation == HttpRequestInfo::OMNIBOX_MOTIVATED)
1237 connection_->socket()->SetOmniboxSpeculation();
1238 // TODO(mbelshe): Add other motivations (like EARLY_LOAD_MOTIVATED).
1239 }
1240
1241 bool HttpStreamFactoryImpl::Job::IsHttpsProxyAndHttpUrl() const {
1242 if (!proxy_info_.is_https())
1243 return false;
1244 if (IsAlternate()) {
1245 // We currently only support Alternate-Protocol where the original scheme
1246 // is http.
1247 DCHECK(origin_url_.SchemeIs("http"));
1248 return origin_url_.SchemeIs("http");
1249 }
1250 return request_info_.url.SchemeIs("http");
1251 }
1252
1253 bool HttpStreamFactoryImpl::Job::IsAlternate() const {
1254 return alternative_service_.protocol != UNINITIALIZED_ALTERNATE_PROTOCOL;
1255 }
1256
1257 void HttpStreamFactoryImpl::Job::InitSSLConfig(const HostPortPair& server,
1258 SSLConfig* ssl_config,
1259 bool is_proxy) const {
1260 if (proxy_info_.is_https() && ssl_config->send_client_cert) {
1261 // When connecting through an HTTPS proxy, disable TLS False Start so
1262 // that client authentication errors can be distinguished between those
1263 // originating from the proxy server (ERR_PROXY_CONNECTION_FAILED) and
1264 // those originating from the endpoint (ERR_SSL_PROTOCOL_ERROR /
1265 // ERR_BAD_SSL_CLIENT_AUTH_CERT).
1266 // TODO(rch): This assumes that the HTTPS proxy will only request a
1267 // client certificate during the initial handshake.
1268 // http://crbug.com/59292
1269 ssl_config->false_start_enabled = false;
1270 }
1271
1272 enum {
1273 FALLBACK_NONE = 0, // SSL version fallback did not occur.
1274 FALLBACK_SSL3 = 1, // Fell back to SSL 3.0.
1275 FALLBACK_TLS1 = 2, // Fell back to TLS 1.0.
1276 FALLBACK_TLS1_1 = 3, // Fell back to TLS 1.1.
1277 FALLBACK_MAX
1278 };
1279
1280 int fallback = FALLBACK_NONE;
1281 if (ssl_config->version_fallback) {
1282 switch (ssl_config->version_max) {
1283 case SSL_PROTOCOL_VERSION_SSL3:
1284 fallback = FALLBACK_SSL3;
1285 break;
1286 case SSL_PROTOCOL_VERSION_TLS1:
1287 fallback = FALLBACK_TLS1;
1288 break;
1289 case SSL_PROTOCOL_VERSION_TLS1_1:
1290 fallback = FALLBACK_TLS1_1;
1291 break;
1292 }
1293 }
1294 UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLVersionFallback",
1295 fallback, FALLBACK_MAX);
1296
1297 UMA_HISTOGRAM_BOOLEAN("Net.ConnectionUsedSSLDeprecatedCipherFallback",
1298 ssl_config->enable_deprecated_cipher_suites);
1299
1300 // We also wish to measure the amount of fallback connections for a host that
1301 // we know implements TLS up to 1.2. Ideally there would be no fallback here
1302 // but high numbers of SSLv3 would suggest that SSLv3 fallback is being
1303 // caused by network middleware rather than buggy HTTPS servers.
1304 const std::string& host = server.host();
1305 if (!is_proxy &&
1306 host.size() >= 10 &&
1307 host.compare(host.size() - 10, 10, "google.com") == 0 &&
1308 (host.size() == 10 || host[host.size()-11] == '.')) {
1309 UMA_HISTOGRAM_ENUMERATION("Net.GoogleConnectionUsedSSLVersionFallback",
1310 fallback, FALLBACK_MAX);
1311 }
1312
1313 if (request_info_.load_flags & LOAD_VERIFY_EV_CERT)
1314 ssl_config->verify_ev_cert = true;
1315
1316 // Disable Channel ID if privacy mode is enabled.
1317 if (request_info_.privacy_mode == PRIVACY_MODE_ENABLED)
1318 ssl_config->channel_id_enabled = false;
1319 }
1320
1321
1322 int HttpStreamFactoryImpl::Job::ReconsiderProxyAfterError(int error) {
1323 DCHECK(!pac_request_);
1324 DCHECK(session_);
1325
1326 // A failure to resolve the hostname or any error related to establishing a
1327 // TCP connection could be grounds for trying a new proxy configuration.
1328 //
1329 // Why do this when a hostname cannot be resolved? Some URLs only make sense
1330 // to proxy servers. The hostname in those URLs might fail to resolve if we
1331 // are still using a non-proxy config. We need to check if a proxy config
1332 // now exists that corresponds to a proxy server that could load the URL.
1333 //
1334 switch (error) {
1335 case ERR_PROXY_CONNECTION_FAILED:
1336 case ERR_NAME_NOT_RESOLVED:
1337 case ERR_INTERNET_DISCONNECTED:
1338 case ERR_ADDRESS_UNREACHABLE:
1339 case ERR_CONNECTION_CLOSED:
1340 case ERR_CONNECTION_TIMED_OUT:
1341 case ERR_CONNECTION_RESET:
1342 case ERR_CONNECTION_REFUSED:
1343 case ERR_CONNECTION_ABORTED:
1344 case ERR_TIMED_OUT:
1345 case ERR_TUNNEL_CONNECTION_FAILED:
1346 case ERR_SOCKS_CONNECTION_FAILED:
1347 // This can happen in the case of trying to talk to a proxy using SSL, and
1348 // ending up talking to a captive portal that supports SSL instead.
1349 case ERR_PROXY_CERTIFICATE_INVALID:
1350 // This can happen when trying to talk SSL to a non-SSL server (Like a
1351 // captive portal).
1352 case ERR_QUIC_PROTOCOL_ERROR:
1353 case ERR_QUIC_HANDSHAKE_FAILED:
1354 case ERR_SSL_PROTOCOL_ERROR:
1355 break;
1356 case ERR_SOCKS_CONNECTION_HOST_UNREACHABLE:
1357 // Remap the SOCKS-specific "host unreachable" error to a more
1358 // generic error code (this way consumers like the link doctor
1359 // know to substitute their error page).
1360 //
1361 // Note that if the host resolving was done by the SOCKS5 proxy, we can't
1362 // differentiate between a proxy-side "host not found" versus a proxy-side
1363 // "address unreachable" error, and will report both of these failures as
1364 // ERR_ADDRESS_UNREACHABLE.
1365 return ERR_ADDRESS_UNREACHABLE;
1366 default:
1367 return error;
1368 }
1369
1370 if (request_info_.load_flags & LOAD_BYPASS_PROXY) {
1371 return error;
1372 }
1373
1374 if (proxy_info_.is_https() && proxy_ssl_config_.send_client_cert) {
1375 session_->ssl_client_auth_cache()->Remove(
1376 proxy_info_.proxy_server().host_port_pair());
1377 }
1378
1379 int rv = session_->proxy_service()->ReconsiderProxyAfterError(
1380 request_info_.url, request_info_.load_flags, error, &proxy_info_,
1381 io_callback_, &pac_request_, session_->network_delegate(), net_log_);
1382 if (rv == OK || rv == ERR_IO_PENDING) {
1383 // If the error was during connection setup, there is no socket to
1384 // disconnect.
1385 if (connection_->socket())
1386 connection_->socket()->Disconnect();
1387 connection_->Reset();
1388 if (request_)
1389 request_->RemoveRequestFromSpdySessionRequestMap();
1390 next_state_ = STATE_RESOLVE_PROXY_COMPLETE;
1391 } else {
1392 // If ReconsiderProxyAfterError() failed synchronously, it means
1393 // there was nothing left to fall-back to, so fail the transaction
1394 // with the last connection error we got.
1395 // TODO(eroman): This is a confusing contract, make it more obvious.
1396 rv = error;
1397 }
1398
1399 return rv;
1400 }
1401
1402 int HttpStreamFactoryImpl::Job::HandleCertificateError(int error) {
1403 DCHECK(using_ssl_);
1404 DCHECK(IsCertificateError(error));
1405
1406 SSLClientSocket* ssl_socket =
1407 static_cast<SSLClientSocket*>(connection_->socket());
1408 ssl_socket->GetSSLInfo(&ssl_info_);
1409
1410 // Add the bad certificate to the set of allowed certificates in the
1411 // SSL config object. This data structure will be consulted after calling
1412 // RestartIgnoringLastError(). And the user will be asked interactively
1413 // before RestartIgnoringLastError() is ever called.
1414 SSLConfig::CertAndStatus bad_cert;
1415
1416 // |ssl_info_.cert| may be NULL if we failed to create
1417 // X509Certificate for whatever reason, but normally it shouldn't
1418 // happen, unless this code is used inside sandbox.
1419 if (ssl_info_.cert.get() == NULL ||
1420 !X509Certificate::GetDEREncoded(ssl_info_.cert->os_cert_handle(),
1421 &bad_cert.der_cert)) {
1422 return error;
1423 }
1424 bad_cert.cert_status = ssl_info_.cert_status;
1425 server_ssl_config_.allowed_bad_certs.push_back(bad_cert);
1426
1427 int load_flags = request_info_.load_flags;
1428 if (session_->params().ignore_certificate_errors)
1429 load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS;
1430 if (ssl_socket->IgnoreCertError(error, load_flags))
1431 return OK;
1432 return error;
1433 }
1434
1435 void HttpStreamFactoryImpl::Job::SwitchToSpdyMode() {
1436 if (HttpStreamFactory::spdy_enabled())
1437 using_spdy_ = true;
1438 }
1439
1440 bool HttpStreamFactoryImpl::Job::IsPreconnecting() const {
1441 DCHECK_GE(num_streams_, 0);
1442 return num_streams_ > 0;
1443 }
1444
1445 bool HttpStreamFactoryImpl::Job::IsOrphaned() const {
1446 return !IsPreconnecting() && !request_;
1447 }
1448
1449 void HttpStreamFactoryImpl::Job::ReportJobSucceededForRequest() {
1450 if (using_existing_quic_session_) {
1451 // If an existing session was used, then no TCP connection was
1452 // started.
1453 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_NO_RACE);
1454 } else if (IsAlternate()) {
1455 // This job was the alternate protocol job, and hence won the race.
1456 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_WON_RACE);
1457 } else {
1458 // This job was the normal job, and hence the alternate protocol job lost
1459 // the race.
1460 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_LOST_RACE);
1461 }
1462 }
1463
1464 void HttpStreamFactoryImpl::Job::MarkOtherJobComplete(const Job& job) {
1465 DCHECK_EQ(STATUS_RUNNING, other_job_status_);
1466 other_job_status_ = job.job_status_;
1467 other_job_alternative_service_ = job.alternative_service_;
1468 MaybeMarkAlternativeServiceBroken();
1469 }
1470
1471 void HttpStreamFactoryImpl::Job::MaybeMarkAlternativeServiceBroken() {
1472 if (job_status_ == STATUS_RUNNING || other_job_status_ == STATUS_RUNNING)
1473 return;
1474
1475 if (IsAlternate()) {
1476 if (job_status_ == STATUS_BROKEN && other_job_status_ == STATUS_SUCCEEDED) {
1477 HistogramBrokenAlternateProtocolLocation(
1478 BROKEN_ALTERNATE_PROTOCOL_LOCATION_HTTP_STREAM_FACTORY_IMPL_JOB_ALT);
1479 session_->http_server_properties()->MarkAlternativeServiceBroken(
1480 alternative_service_);
1481 }
1482 return;
1483 }
1484
1485 if (job_status_ == STATUS_SUCCEEDED && other_job_status_ == STATUS_BROKEN) {
1486 HistogramBrokenAlternateProtocolLocation(
1487 BROKEN_ALTERNATE_PROTOCOL_LOCATION_HTTP_STREAM_FACTORY_IMPL_JOB_MAIN);
1488 session_->http_server_properties()->MarkAlternativeServiceBroken(
1489 other_job_alternative_service_);
1490 }
1491 }
1492
1493 } // namespace net