1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/spdy/spdy_proxy_client_socket.h"
7 #include <algorithm> // min
10 #include "base/bind_helpers.h"
11 #include "base/callback_helpers.h"
12 #include "base/logging.h"
13 #include "base/strings/string_util.h"
14 #include "base/values.h"
15 #include "net/base/auth.h"
16 #include "net/base/io_buffer.h"
17 #include "net/base/net_util.h"
18 #include "net/http/http_auth_cache.h"
19 #include "net/http/http_auth_handler_factory.h"
20 #include "net/http/http_response_headers.h"
21 #include "net/http/proxy_connect_redirect_http_stream.h"
22 #include "net/spdy/spdy_http_utils.h"
27 SpdyProxyClientSocket::SpdyProxyClientSocket(
28 const base::WeakPtr
<SpdyStream
>& spdy_stream
,
29 const std::string
& user_agent
,
30 const HostPortPair
& endpoint
,
32 const HostPortPair
& proxy_server
,
33 const BoundNetLog
& source_net_log
,
34 HttpAuthCache
* auth_cache
,
35 HttpAuthHandlerFactory
* auth_handler_factory
)
36 : next_state_(STATE_DISCONNECTED
),
37 spdy_stream_(spdy_stream
),
39 auth_(new HttpAuthController(HttpAuth::AUTH_PROXY
,
40 GURL("https://" + proxy_server
.ToString()),
42 auth_handler_factory
)),
45 was_ever_used_(false),
46 redirect_has_load_timing_info_(false),
47 net_log_(BoundNetLog::Make(spdy_stream
->net_log().net_log(),
48 NetLog::SOURCE_PROXY_CLIENT_SOCKET
)),
50 write_callback_weak_factory_(this) {
51 request_
.method
= "CONNECT";
53 if (!user_agent
.empty())
54 request_
.extra_headers
.SetHeader(HttpRequestHeaders::kUserAgent
,
57 net_log_
.BeginEvent(NetLog::TYPE_SOCKET_ALIVE
,
58 source_net_log
.source().ToEventParametersCallback());
60 NetLog::TYPE_HTTP2_PROXY_CLIENT_SESSION
,
61 spdy_stream
->net_log().source().ToEventParametersCallback());
63 spdy_stream_
->SetDelegate(this);
64 was_ever_used_
= spdy_stream_
->WasEverUsed();
67 SpdyProxyClientSocket::~SpdyProxyClientSocket() {
69 net_log_
.EndEvent(NetLog::TYPE_SOCKET_ALIVE
);
72 const HttpResponseInfo
* SpdyProxyClientSocket::GetConnectResponseInfo() const {
73 return response_
.headers
.get() ? &response_
: NULL
;
76 const scoped_refptr
<HttpAuthController
>&
77 SpdyProxyClientSocket::GetAuthController() const {
81 int SpdyProxyClientSocket::RestartWithAuth(const CompletionCallback
& callback
) {
82 // A SPDY Stream can only handle a single request, so the underlying
83 // stream may not be reused and a new SpdyProxyClientSocket must be
84 // created (possibly on top of the same SPDY Session).
85 next_state_
= STATE_DISCONNECTED
;
89 bool SpdyProxyClientSocket::IsUsingSpdy() const {
93 NextProto
SpdyProxyClientSocket::GetProtocolNegotiated() const {
94 // Save the negotiated protocol
96 bool was_npn_negotiated
;
97 NextProto protocol_negotiated
;
98 spdy_stream_
->GetSSLInfo(&ssl_info
, &was_npn_negotiated
,
99 &protocol_negotiated
);
100 return protocol_negotiated
;
103 HttpStream
* SpdyProxyClientSocket::CreateConnectResponseStream() {
104 return new ProxyConnectRedirectHttpStream(
105 redirect_has_load_timing_info_
? &redirect_load_timing_info_
: NULL
);
108 // Sends a SYN_STREAM frame to the proxy with a CONNECT request
109 // for the specified endpoint. Waits for the server to send back
110 // a SYN_REPLY frame. OK will be returned if the status is 200.
111 // ERR_TUNNEL_CONNECTION_FAILED will be returned for any other status.
112 // In any of these cases, Read() may be called to retrieve the HTTP
113 // response body. Any other return values should be considered fatal.
114 // TODO(rch): handle 407 proxy auth requested correctly, perhaps
115 // by creating a new stream for the subsequent request.
116 // TODO(rch): create a more appropriate error code to disambiguate
117 // the HTTPS Proxy tunnel failure from an HTTP Proxy tunnel failure.
118 int SpdyProxyClientSocket::Connect(const CompletionCallback
& callback
) {
119 DCHECK(read_callback_
.is_null());
120 if (next_state_
== STATE_OPEN
)
123 DCHECK_EQ(STATE_DISCONNECTED
, next_state_
);
124 next_state_
= STATE_GENERATE_AUTH_TOKEN
;
127 if (rv
== ERR_IO_PENDING
)
128 read_callback_
= callback
;
132 void SpdyProxyClientSocket::Disconnect() {
133 read_buffer_queue_
.Clear();
135 user_buffer_len_
= 0;
136 read_callback_
.Reset();
138 write_buffer_len_
= 0;
139 write_callback_
.Reset();
140 write_callback_weak_factory_
.InvalidateWeakPtrs();
142 next_state_
= STATE_DISCONNECTED
;
144 if (spdy_stream_
.get()) {
145 // This will cause OnClose to be invoked, which takes care of
146 // cleaning up all the internal state.
147 spdy_stream_
->Cancel();
148 DCHECK(!spdy_stream_
.get());
152 bool SpdyProxyClientSocket::IsConnected() const {
153 return next_state_
== STATE_OPEN
;
156 bool SpdyProxyClientSocket::IsConnectedAndIdle() const {
157 return IsConnected() && read_buffer_queue_
.IsEmpty() &&
158 spdy_stream_
->IsOpen();
161 const BoundNetLog
& SpdyProxyClientSocket::NetLog() const {
165 void SpdyProxyClientSocket::SetSubresourceSpeculation() {
166 // TODO(rch): what should this implementation be?
169 void SpdyProxyClientSocket::SetOmniboxSpeculation() {
170 // TODO(rch): what should this implementation be?
173 bool SpdyProxyClientSocket::WasEverUsed() const {
174 return was_ever_used_
|| (spdy_stream_
.get() && spdy_stream_
->WasEverUsed());
177 bool SpdyProxyClientSocket::UsingTCPFastOpen() const {
181 bool SpdyProxyClientSocket::WasNpnNegotiated() const {
185 NextProto
SpdyProxyClientSocket::GetNegotiatedProtocol() const {
186 return kProtoUnknown
;
189 bool SpdyProxyClientSocket::GetSSLInfo(SSLInfo
* ssl_info
) {
190 bool was_npn_negotiated
;
191 NextProto protocol_negotiated
;
192 return spdy_stream_
->GetSSLInfo(ssl_info
, &was_npn_negotiated
,
193 &protocol_negotiated
);
196 int SpdyProxyClientSocket::Read(IOBuffer
* buf
, int buf_len
,
197 const CompletionCallback
& callback
) {
198 DCHECK(read_callback_
.is_null());
199 DCHECK(!user_buffer_
.get());
201 if (next_state_
== STATE_DISCONNECTED
)
202 return ERR_SOCKET_NOT_CONNECTED
;
204 if (next_state_
== STATE_CLOSED
&& read_buffer_queue_
.IsEmpty()) {
208 DCHECK(next_state_
== STATE_OPEN
|| next_state_
== STATE_CLOSED
);
210 size_t result
= PopulateUserReadBuffer(buf
->data(), buf_len
);
213 user_buffer_len_
= static_cast<size_t>(buf_len
);
214 DCHECK(!callback
.is_null());
215 read_callback_
= callback
;
216 return ERR_IO_PENDING
;
222 size_t SpdyProxyClientSocket::PopulateUserReadBuffer(char* data
, size_t len
) {
223 return read_buffer_queue_
.Dequeue(data
, len
);
226 int SpdyProxyClientSocket::Write(IOBuffer
* buf
, int buf_len
,
227 const CompletionCallback
& callback
) {
228 DCHECK(write_callback_
.is_null());
229 if (next_state_
!= STATE_OPEN
)
230 return ERR_SOCKET_NOT_CONNECTED
;
232 DCHECK(spdy_stream_
.get());
233 spdy_stream_
->SendData(buf
, buf_len
, MORE_DATA_TO_SEND
);
234 net_log_
.AddByteTransferEvent(NetLog::TYPE_SOCKET_BYTES_SENT
,
235 buf_len
, buf
->data());
236 write_callback_
= callback
;
237 write_buffer_len_
= buf_len
;
238 return ERR_IO_PENDING
;
241 int SpdyProxyClientSocket::SetReceiveBufferSize(int32 size
) {
242 // Since this StreamSocket sits on top of a shared SpdySession, it
243 // is not safe for callers to change this underlying socket.
244 return ERR_NOT_IMPLEMENTED
;
247 int SpdyProxyClientSocket::SetSendBufferSize(int32 size
) {
248 // Since this StreamSocket sits on top of a shared SpdySession, it
249 // is not safe for callers to change this underlying socket.
250 return ERR_NOT_IMPLEMENTED
;
253 int SpdyProxyClientSocket::GetPeerAddress(IPEndPoint
* address
) const {
255 return ERR_SOCKET_NOT_CONNECTED
;
256 return spdy_stream_
->GetPeerAddress(address
);
259 int SpdyProxyClientSocket::GetLocalAddress(IPEndPoint
* address
) const {
261 return ERR_SOCKET_NOT_CONNECTED
;
262 return spdy_stream_
->GetLocalAddress(address
);
265 void SpdyProxyClientSocket::LogBlockedTunnelResponse() const {
266 ProxyClientSocket::LogBlockedTunnelResponse(
267 response_
.headers
->response_code(),
268 /* is_https_proxy = */ true);
271 void SpdyProxyClientSocket::RunCallback(const CompletionCallback
& callback
,
273 callback
.Run(result
);
276 void SpdyProxyClientSocket::OnIOComplete(int result
) {
277 DCHECK_NE(STATE_DISCONNECTED
, next_state_
);
278 int rv
= DoLoop(result
);
279 if (rv
!= ERR_IO_PENDING
) {
280 CompletionCallback c
= read_callback_
;
281 read_callback_
.Reset();
286 int SpdyProxyClientSocket::DoLoop(int last_io_result
) {
287 DCHECK_NE(next_state_
, STATE_DISCONNECTED
);
288 int rv
= last_io_result
;
290 State state
= next_state_
;
291 next_state_
= STATE_DISCONNECTED
;
293 case STATE_GENERATE_AUTH_TOKEN
:
295 rv
= DoGenerateAuthToken();
297 case STATE_GENERATE_AUTH_TOKEN_COMPLETE
:
298 rv
= DoGenerateAuthTokenComplete(rv
);
300 case STATE_SEND_REQUEST
:
302 net_log_
.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_TUNNEL_SEND_REQUEST
);
303 rv
= DoSendRequest();
305 case STATE_SEND_REQUEST_COMPLETE
:
306 net_log_
.EndEventWithNetErrorCode(
307 NetLog::TYPE_HTTP_TRANSACTION_TUNNEL_SEND_REQUEST
, rv
);
308 rv
= DoSendRequestComplete(rv
);
309 if (rv
>= 0 || rv
== ERR_IO_PENDING
) {
310 // Emit extra event so can use the same events as
311 // HttpProxyClientSocket.
313 NetLog::TYPE_HTTP_TRANSACTION_TUNNEL_READ_HEADERS
);
316 case STATE_READ_REPLY_COMPLETE
:
317 rv
= DoReadReplyComplete(rv
);
318 net_log_
.EndEventWithNetErrorCode(
319 NetLog::TYPE_HTTP_TRANSACTION_TUNNEL_READ_HEADERS
, rv
);
322 NOTREACHED() << "bad state";
326 } while (rv
!= ERR_IO_PENDING
&& next_state_
!= STATE_DISCONNECTED
&&
327 next_state_
!= STATE_OPEN
);
331 int SpdyProxyClientSocket::DoGenerateAuthToken() {
332 next_state_
= STATE_GENERATE_AUTH_TOKEN_COMPLETE
;
333 return auth_
->MaybeGenerateAuthToken(
335 base::Bind(&SpdyProxyClientSocket::OnIOComplete
,
336 weak_factory_
.GetWeakPtr()),
340 int SpdyProxyClientSocket::DoGenerateAuthTokenComplete(int result
) {
341 DCHECK_NE(ERR_IO_PENDING
, result
);
343 next_state_
= STATE_SEND_REQUEST
;
347 int SpdyProxyClientSocket::DoSendRequest() {
348 next_state_
= STATE_SEND_REQUEST_COMPLETE
;
350 // Add Proxy-Authentication header if necessary.
351 HttpRequestHeaders authorization_headers
;
352 if (auth_
->HaveAuth()) {
353 auth_
->AddAuthorizationHeader(&authorization_headers
);
356 std::string user_agent
;
357 if (!request_
.extra_headers
.GetHeader(HttpRequestHeaders::kUserAgent
,
361 std::string request_line
;
362 HttpRequestHeaders request_headers
;
363 BuildTunnelRequest(endpoint_
, authorization_headers
, user_agent
,
364 &request_line
, &request_headers
);
367 NetLog::TYPE_HTTP_TRANSACTION_SEND_TUNNEL_HEADERS
,
368 base::Bind(&HttpRequestHeaders::NetLogCallback
,
369 base::Unretained(&request_headers
),
372 request_
.extra_headers
.MergeFrom(request_headers
);
373 scoped_ptr
<SpdyHeaderBlock
> headers(new SpdyHeaderBlock());
374 CreateSpdyHeadersFromHttpRequest(request_
, request_headers
,
375 spdy_stream_
->GetProtocolVersion(), true,
377 // Reset the URL to be the endpoint of the connection
378 if (spdy_stream_
->GetProtocolVersion() > 2) {
379 (*headers
)[":path"] = endpoint_
.ToString();
380 headers
->erase(":scheme");
382 (*headers
)["url"] = endpoint_
.ToString();
383 headers
->erase("scheme");
386 return spdy_stream_
->SendRequestHeaders(headers
.Pass(), MORE_DATA_TO_SEND
);
389 int SpdyProxyClientSocket::DoSendRequestComplete(int result
) {
393 // Wait for SYN_REPLY frame from the server
394 next_state_
= STATE_READ_REPLY_COMPLETE
;
395 return ERR_IO_PENDING
;
398 int SpdyProxyClientSocket::DoReadReplyComplete(int result
) {
399 // We enter this method directly from DoSendRequestComplete, since
400 // we are notified by a callback when the SYN_REPLY frame arrives
405 // Require the "HTTP/1.x" status line for SSL CONNECT.
406 if (response_
.headers
->GetParsedHttpVersion() < HttpVersion(1, 0))
407 return ERR_TUNNEL_CONNECTION_FAILED
;
410 NetLog::TYPE_HTTP_TRANSACTION_READ_TUNNEL_RESPONSE_HEADERS
,
411 base::Bind(&HttpResponseHeaders::NetLogCallback
, response_
.headers
));
413 switch (response_
.headers
->response_code()) {
415 next_state_
= STATE_OPEN
;
418 case 302: // Found / Moved Temporarily
419 // Try to return a sanitized response so we can follow auth redirects.
420 // If we can't, fail the tunnel connection.
421 if (!SanitizeProxyRedirect(&response_
)) {
422 LogBlockedTunnelResponse();
423 return ERR_TUNNEL_CONNECTION_FAILED
;
426 redirect_has_load_timing_info_
=
427 spdy_stream_
->GetLoadTimingInfo(&redirect_load_timing_info_
);
428 // Note that this triggers a RST_STREAM_CANCEL.
429 spdy_stream_
->DetachDelegate();
430 next_state_
= STATE_DISCONNECTED
;
431 return ERR_HTTPS_PROXY_TUNNEL_RESPONSE
;
433 case 407: // Proxy Authentication Required
434 next_state_
= STATE_OPEN
;
435 if (!SanitizeProxyAuth(&response_
)) {
436 LogBlockedTunnelResponse();
437 return ERR_TUNNEL_CONNECTION_FAILED
;
439 return HandleProxyAuthChallenge(auth_
.get(), &response_
, net_log_
);
442 // Ignore response to avoid letting the proxy impersonate the target
443 // server. (See http://crbug.com/137891.)
444 LogBlockedTunnelResponse();
445 return ERR_TUNNEL_CONNECTION_FAILED
;
449 // SpdyStream::Delegate methods:
450 // Called when SYN frame has been sent.
451 // Returns true if no more data to be sent after SYN frame.
452 void SpdyProxyClientSocket::OnRequestHeadersSent() {
453 DCHECK_EQ(next_state_
, STATE_SEND_REQUEST_COMPLETE
);
458 SpdyResponseHeadersStatus
SpdyProxyClientSocket::OnResponseHeadersUpdated(
459 const SpdyHeaderBlock
& response_headers
) {
460 // If we've already received the reply, existing headers are too late.
461 // TODO(mbelshe): figure out a way to make HEADERS frames useful after the
463 if (next_state_
!= STATE_READ_REPLY_COMPLETE
)
464 return RESPONSE_HEADERS_ARE_COMPLETE
;
467 if (!SpdyHeadersToHttpResponse(
468 response_headers
, spdy_stream_
->GetProtocolVersion(), &response_
))
469 return RESPONSE_HEADERS_ARE_INCOMPLETE
;
472 return RESPONSE_HEADERS_ARE_COMPLETE
;
475 // Called when data is received or on EOF (if |buffer| is NULL).
476 void SpdyProxyClientSocket::OnDataReceived(scoped_ptr
<SpdyBuffer
> buffer
) {
478 net_log_
.AddByteTransferEvent(NetLog::TYPE_SOCKET_BYTES_RECEIVED
,
479 buffer
->GetRemainingSize(),
480 buffer
->GetRemainingData());
481 read_buffer_queue_
.Enqueue(buffer
.Pass());
483 net_log_
.AddByteTransferEvent(NetLog::TYPE_SOCKET_BYTES_RECEIVED
, 0, NULL
);
486 if (!read_callback_
.is_null()) {
487 int rv
= PopulateUserReadBuffer(user_buffer_
->data(), user_buffer_len_
);
488 CompletionCallback c
= read_callback_
;
489 read_callback_
.Reset();
491 user_buffer_len_
= 0;
496 void SpdyProxyClientSocket::OnDataSent() {
497 DCHECK(!write_callback_
.is_null());
499 int rv
= write_buffer_len_
;
500 write_buffer_len_
= 0;
502 // Proxy write callbacks result in deep callback chains. Post to allow the
503 // stream's write callback chain to unwind (see crbug.com/355511).
504 base::MessageLoop::current()->PostTask(
506 base::Bind(&SpdyProxyClientSocket::RunCallback
,
507 write_callback_weak_factory_
.GetWeakPtr(),
508 ResetAndReturn(&write_callback_
),
512 void SpdyProxyClientSocket::OnClose(int status
) {
513 was_ever_used_
= spdy_stream_
->WasEverUsed();
514 spdy_stream_
.reset();
516 bool connecting
= next_state_
!= STATE_DISCONNECTED
&&
517 next_state_
< STATE_OPEN
;
518 if (next_state_
== STATE_OPEN
)
519 next_state_
= STATE_CLOSED
;
521 next_state_
= STATE_DISCONNECTED
;
523 base::WeakPtr
<SpdyProxyClientSocket
> weak_ptr
= weak_factory_
.GetWeakPtr();
524 CompletionCallback write_callback
= write_callback_
;
525 write_callback_
.Reset();
526 write_buffer_len_
= 0;
528 // If we're in the middle of connecting, we need to make sure
529 // we invoke the connect callback.
531 DCHECK(!read_callback_
.is_null());
532 CompletionCallback read_callback
= read_callback_
;
533 read_callback_
.Reset();
534 read_callback
.Run(status
);
535 } else if (!read_callback_
.is_null()) {
536 // If we have a read_callback_, the we need to make sure we call it back.
537 OnDataReceived(scoped_ptr
<SpdyBuffer
>());
539 // This may have been deleted by read_callback_, so check first.
540 if (weak_ptr
.get() && !write_callback
.is_null())
541 write_callback
.Run(ERR_CONNECTION_CLOSED
);