1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/http/http_stream_factory_impl_job.h"
10 #include "base/bind.h"
11 #include "base/bind_helpers.h"
12 #include "base/location.h"
13 #include "base/logging.h"
14 #include "base/metrics/histogram_macros.h"
15 #include "base/profiler/scoped_tracker.h"
16 #include "base/single_thread_task_runner.h"
17 #include "base/stl_util.h"
18 #include "base/strings/string_number_conversions.h"
19 #include "base/strings/string_util.h"
20 #include "base/strings/stringprintf.h"
21 #include "base/thread_task_runner_handle.h"
22 #include "base/values.h"
23 #include "build/build_config.h"
24 #include "net/base/connection_type_histograms.h"
25 #include "net/base/net_util.h"
26 #include "net/base/port_util.h"
27 #include "net/cert/cert_verifier.h"
28 #include "net/http/http_basic_stream.h"
29 #include "net/http/http_network_session.h"
30 #include "net/http/http_proxy_client_socket.h"
31 #include "net/http/http_proxy_client_socket_pool.h"
32 #include "net/http/http_request_info.h"
33 #include "net/http/http_server_properties.h"
34 #include "net/http/http_stream_factory.h"
35 #include "net/http/http_stream_factory_impl_request.h"
36 #include "net/log/net_log.h"
37 #include "net/quic/quic_http_stream.h"
38 #include "net/socket/client_socket_handle.h"
39 #include "net/socket/client_socket_pool.h"
40 #include "net/socket/client_socket_pool_manager.h"
41 #include "net/socket/socks_client_socket_pool.h"
42 #include "net/socket/ssl_client_socket.h"
43 #include "net/socket/ssl_client_socket_pool.h"
44 #include "net/spdy/spdy_http_stream.h"
45 #include "net/spdy/spdy_session.h"
46 #include "net/spdy/spdy_session_pool.h"
47 #include "net/ssl/ssl_cert_request_info.h"
48 #include "net/ssl/ssl_failure_state.h"
52 // Returns parameters associated with the start of a HTTP stream job.
53 scoped_ptr
<base::Value
> NetLogHttpStreamJobCallback(
54 const NetLog::Source
& source
,
55 const GURL
* original_url
,
57 const AlternativeService
* alternative_service
,
58 RequestPriority priority
,
59 NetLogCaptureMode
/* capture_mode */) {
60 scoped_ptr
<base::DictionaryValue
> dict(new base::DictionaryValue());
62 source
.AddToEventParameters(dict
.get());
63 dict
->SetString("original_url", original_url
->GetOrigin().spec());
64 dict
->SetString("url", url
->GetOrigin().spec());
65 dict
->SetString("alternative_service", alternative_service
->ToString());
66 dict
->SetString("priority", RequestPriorityToString(priority
));
70 // Returns parameters associated with the Proto (with NPN negotiation) of a HTTP
72 scoped_ptr
<base::Value
> NetLogHttpStreamProtoCallback(
73 const SSLClientSocket::NextProtoStatus status
,
74 const std::string
* proto
,
75 NetLogCaptureMode
/* capture_mode */) {
76 scoped_ptr
<base::DictionaryValue
> dict(new base::DictionaryValue());
78 dict
->SetString("next_proto_status",
79 SSLClientSocket::NextProtoStatusToString(status
));
80 dict
->SetString("proto", *proto
);
84 HttpStreamFactoryImpl::Job::Job(HttpStreamFactoryImpl
* stream_factory
,
85 HttpNetworkSession
* session
,
86 const HttpRequestInfo
& request_info
,
87 RequestPriority priority
,
88 const SSLConfig
& server_ssl_config
,
89 const SSLConfig
& proxy_ssl_config
,
101 HttpStreamFactoryImpl::Job::Job(HttpStreamFactoryImpl
* stream_factory
,
102 HttpNetworkSession
* session
,
103 const HttpRequestInfo
& request_info
,
104 RequestPriority priority
,
105 const SSLConfig
& server_ssl_config
,
106 const SSLConfig
& proxy_ssl_config
,
107 AlternativeService alternative_service
,
110 request_info_(request_info
),
112 server_ssl_config_(server_ssl_config
),
113 proxy_ssl_config_(proxy_ssl_config
),
114 net_log_(BoundNetLog::Make(net_log
, NetLog::SOURCE_HTTP_STREAM_JOB
)),
115 io_callback_(base::Bind(&Job::OnIOComplete
, base::Unretained(this))),
116 connection_(new ClientSocketHandle
),
118 stream_factory_(stream_factory
),
119 next_state_(STATE_NONE
),
121 alternative_service_(alternative_service
),
127 quic_request_(session_
->quic_stream_factory()),
128 using_existing_quic_session_(false),
129 spdy_certificate_error_(OK
),
130 establishing_tunnel_(false),
131 was_npn_negotiated_(false),
132 protocol_negotiated_(kProtoUnknown
),
134 spdy_session_direct_(false),
135 job_status_(STATUS_RUNNING
),
136 other_job_status_(STATUS_RUNNING
),
138 DCHECK(stream_factory
);
140 if (IsQuicAlternative()) {
141 DCHECK(session_
->params().enable_quic
);
146 HttpStreamFactoryImpl::Job::~Job() {
147 net_log_
.EndEvent(NetLog::TYPE_HTTP_STREAM_JOB
);
149 // When we're in a partially constructed state, waiting for the user to
150 // provide certificate handling information or authentication, we can't reuse
151 // this stream at all.
152 if (next_state_
== STATE_WAITING_USER_ACTION
) {
153 connection_
->socket()->Disconnect();
158 session_
->proxy_service()->CancelPacRequest(pac_request_
);
160 // The stream could be in a partial state. It is not reusable.
161 if (stream_
.get() && next_state_
!= STATE_DONE
)
162 stream_
->Close(true /* not reusable */);
165 void HttpStreamFactoryImpl::Job::Start(Request
* request
) {
171 int HttpStreamFactoryImpl::Job::Preconnect(int num_streams
) {
172 DCHECK_GT(num_streams
, 0);
173 base::WeakPtr
<HttpServerProperties
> http_server_properties
=
174 session_
->http_server_properties();
175 if (http_server_properties
&&
176 http_server_properties
->SupportsRequestPriority(
177 HostPortPair::FromURL(request_info_
.url
))) {
180 num_streams_
= num_streams
;
182 return StartInternal();
185 int HttpStreamFactoryImpl::Job::RestartTunnelWithProxyAuth(
186 const AuthCredentials
& credentials
) {
187 DCHECK(establishing_tunnel_
);
188 next_state_
= STATE_RESTART_TUNNEL_AUTH
;
193 LoadState
HttpStreamFactoryImpl::Job::GetLoadState() const {
194 switch (next_state_
) {
195 case STATE_RESOLVE_PROXY_COMPLETE
:
196 return session_
->proxy_service()->GetLoadState(pac_request_
);
197 case STATE_INIT_CONNECTION_COMPLETE
:
198 case STATE_CREATE_STREAM_COMPLETE
:
199 return using_quic_
? LOAD_STATE_CONNECTING
: connection_
->GetLoadState();
201 return LOAD_STATE_IDLE
;
205 void HttpStreamFactoryImpl::Job::WaitFor(Job
* job
) {
206 DCHECK_EQ(STATE_NONE
, next_state_
);
207 DCHECK_EQ(STATE_NONE
, job
->next_state_
);
208 DCHECK(!blocking_job_
);
209 DCHECK(!job
->waiting_job_
);
211 // Never share connection with other jobs for FTP requests.
212 DCHECK(!request_info_
.url
.SchemeIs("ftp"));
215 job
->waiting_job_
= this;
218 void HttpStreamFactoryImpl::Job::Resume(Job
* job
) {
219 DCHECK_EQ(blocking_job_
, job
);
220 blocking_job_
= NULL
;
222 // We know we're blocked if the next_state_ is STATE_WAIT_FOR_JOB_COMPLETE.
224 if (next_state_
== STATE_WAIT_FOR_JOB_COMPLETE
) {
225 base::ThreadTaskRunnerHandle::Get()->PostTask(
226 FROM_HERE
, base::Bind(&HttpStreamFactoryImpl::Job::OnIOComplete
,
227 ptr_factory_
.GetWeakPtr(), OK
));
231 void HttpStreamFactoryImpl::Job::Orphan(const Request
* request
) {
232 DCHECK_EQ(request_
, request
);
234 net_log_
.AddEvent(NetLog::TYPE_HTTP_STREAM_JOB_ORPHANED
);
236 // We've been orphaned, but there's a job we're blocked on. Don't bother
237 // racing, just cancel ourself.
238 DCHECK(blocking_job_
->waiting_job_
);
239 blocking_job_
->waiting_job_
= NULL
;
240 blocking_job_
= NULL
;
241 if (stream_factory_
->for_websockets_
&&
242 connection_
&& connection_
->socket()) {
243 connection_
->socket()->Disconnect();
245 stream_factory_
->OnOrphanedJobComplete(this);
246 } else if (stream_factory_
->for_websockets_
) {
247 // We cancel this job because a WebSocketHandshakeStream can't be created
248 // without a WebSocketHandshakeStreamBase::CreateHelper which is stored in
249 // the Request class and isn't accessible from this job.
250 if (connection_
&& connection_
->socket()) {
251 connection_
->socket()->Disconnect();
253 stream_factory_
->OnOrphanedJobComplete(this);
257 void HttpStreamFactoryImpl::Job::SetPriority(RequestPriority priority
) {
258 priority_
= priority
;
259 // TODO(akalin): Propagate this to |connection_| and maybe the
263 bool HttpStreamFactoryImpl::Job::was_npn_negotiated() const {
264 return was_npn_negotiated_
;
267 NextProto
HttpStreamFactoryImpl::Job::protocol_negotiated() const {
268 return protocol_negotiated_
;
271 bool HttpStreamFactoryImpl::Job::using_spdy() const {
275 const SSLConfig
& HttpStreamFactoryImpl::Job::server_ssl_config() const {
276 return server_ssl_config_
;
279 const SSLConfig
& HttpStreamFactoryImpl::Job::proxy_ssl_config() const {
280 return proxy_ssl_config_
;
283 const ProxyInfo
& HttpStreamFactoryImpl::Job::proxy_info() const {
287 void HttpStreamFactoryImpl::Job::GetSSLInfo() {
289 DCHECK(!establishing_tunnel_
);
290 DCHECK(connection_
.get() && connection_
->socket());
291 SSLClientSocket
* ssl_socket
=
292 static_cast<SSLClientSocket
*>(connection_
->socket());
293 ssl_socket
->GetSSLInfo(&ssl_info_
);
296 SpdySessionKey
HttpStreamFactoryImpl::Job::GetSpdySessionKey() const {
297 // In the case that we're using an HTTPS proxy for an HTTP url,
298 // we look for a SPDY session *to* the proxy, instead of to the
300 if (IsHttpsProxyAndHttpUrl()) {
301 return SpdySessionKey(proxy_info_
.proxy_server().host_port_pair(),
302 ProxyServer::Direct(), PRIVACY_MODE_DISABLED
);
304 return SpdySessionKey(server_
, proxy_info_
.proxy_server(),
305 request_info_
.privacy_mode
);
308 bool HttpStreamFactoryImpl::Job::CanUseExistingSpdySession() const {
309 // We need to make sure that if a spdy session was created for
310 // https://somehost/ that we don't use that session for http://somehost:443/.
311 // The only time we can use an existing session is if the request URL is
312 // https (the normal case) or if we're connection to a SPDY proxy.
313 // https://crbug.com/133176
314 // TODO(ricea): Add "wss" back to this list when SPDY WebSocket support is
316 return origin_url_
.SchemeIs("https") ||
317 proxy_info_
.proxy_server().is_https() || IsSpdyAlternative();
320 void HttpStreamFactoryImpl::Job::OnStreamReadyCallback() {
321 DCHECK(stream_
.get());
322 DCHECK(!IsPreconnecting());
323 DCHECK(!stream_factory_
->for_websockets_
);
325 MaybeCopyConnectionAttemptsFromSocketOrHandle();
328 stream_factory_
->OnOrphanedJobComplete(this);
330 request_
->Complete(was_npn_negotiated(), protocol_negotiated(),
332 request_
->OnStreamReady(this, server_ssl_config_
, proxy_info_
,
335 // |this| may be deleted after this call.
338 void HttpStreamFactoryImpl::Job::OnWebSocketHandshakeStreamReadyCallback() {
339 DCHECK(websocket_stream_
);
340 DCHECK(!IsPreconnecting());
341 DCHECK(stream_factory_
->for_websockets_
);
342 // An orphaned WebSocket job will be closed immediately and
344 DCHECK(!IsOrphaned());
346 MaybeCopyConnectionAttemptsFromSocketOrHandle();
348 request_
->Complete(was_npn_negotiated(), protocol_negotiated(), using_spdy());
349 request_
->OnWebSocketHandshakeStreamReady(this,
352 websocket_stream_
.release());
353 // |this| may be deleted after this call.
356 void HttpStreamFactoryImpl::Job::OnNewSpdySessionReadyCallback() {
357 DCHECK(stream_
.get());
358 DCHECK(!IsPreconnecting());
359 DCHECK(using_spdy());
360 // Note: an event loop iteration has passed, so |new_spdy_session_| may be
361 // NULL at this point if the SpdySession closed immediately after creation.
362 base::WeakPtr
<SpdySession
> spdy_session
= new_spdy_session_
;
363 new_spdy_session_
.reset();
365 MaybeCopyConnectionAttemptsFromSocketOrHandle();
367 // TODO(jgraettinger): Notify the factory, and let that notify |request_|,
368 // rather than notifying |request_| directly.
371 stream_factory_
->OnNewSpdySessionReady(
372 spdy_session
, spdy_session_direct_
, server_ssl_config_
, proxy_info_
,
373 was_npn_negotiated(), protocol_negotiated(), using_spdy(), net_log_
);
375 stream_factory_
->OnOrphanedJobComplete(this);
377 request_
->OnNewSpdySessionReady(
378 this, stream_
.Pass(), spdy_session
, spdy_session_direct_
);
380 // |this| may be deleted after this call.
383 void HttpStreamFactoryImpl::Job::OnStreamFailedCallback(int result
) {
384 DCHECK(!IsPreconnecting());
386 MaybeCopyConnectionAttemptsFromSocketOrHandle();
389 stream_factory_
->OnOrphanedJobComplete(this);
391 SSLFailureState ssl_failure_state
=
392 connection_
? connection_
->ssl_failure_state() : SSL_FAILURE_NONE
;
393 request_
->OnStreamFailed(this, result
, server_ssl_config_
,
396 // |this| may be deleted after this call.
399 void HttpStreamFactoryImpl::Job::OnCertificateErrorCallback(
400 int result
, const SSLInfo
& ssl_info
) {
401 DCHECK(!IsPreconnecting());
403 MaybeCopyConnectionAttemptsFromSocketOrHandle();
406 stream_factory_
->OnOrphanedJobComplete(this);
408 request_
->OnCertificateError(this, result
, server_ssl_config_
, ssl_info
);
409 // |this| may be deleted after this call.
412 void HttpStreamFactoryImpl::Job::OnNeedsProxyAuthCallback(
413 const HttpResponseInfo
& response
,
414 HttpAuthController
* auth_controller
) {
415 DCHECK(!IsPreconnecting());
417 stream_factory_
->OnOrphanedJobComplete(this);
419 request_
->OnNeedsProxyAuth(
420 this, response
, server_ssl_config_
, proxy_info_
, auth_controller
);
421 // |this| may be deleted after this call.
424 void HttpStreamFactoryImpl::Job::OnNeedsClientAuthCallback(
425 SSLCertRequestInfo
* cert_info
) {
426 DCHECK(!IsPreconnecting());
428 stream_factory_
->OnOrphanedJobComplete(this);
430 request_
->OnNeedsClientAuth(this, server_ssl_config_
, cert_info
);
431 // |this| may be deleted after this call.
434 void HttpStreamFactoryImpl::Job::OnHttpsProxyTunnelResponseCallback(
435 const HttpResponseInfo
& response_info
,
436 HttpStream
* stream
) {
437 DCHECK(!IsPreconnecting());
439 stream_factory_
->OnOrphanedJobComplete(this);
441 request_
->OnHttpsProxyTunnelResponse(
442 this, response_info
, server_ssl_config_
, proxy_info_
, stream
);
443 // |this| may be deleted after this call.
446 void HttpStreamFactoryImpl::Job::OnPreconnectsComplete() {
448 if (new_spdy_session_
.get()) {
449 stream_factory_
->OnNewSpdySessionReady(new_spdy_session_
,
450 spdy_session_direct_
,
453 was_npn_negotiated(),
454 protocol_negotiated(),
458 stream_factory_
->OnPreconnectsComplete(this);
459 // |this| may be deleted after this call.
463 int HttpStreamFactoryImpl::Job::OnHostResolution(
464 SpdySessionPool
* spdy_session_pool
,
465 const SpdySessionKey
& spdy_session_key
,
466 const AddressList
& addresses
,
467 const BoundNetLog
& net_log
) {
468 // It is OK to dereference spdy_session_pool, because the
469 // ClientSocketPoolManager will be destroyed in the same callback that
470 // destroys the SpdySessionPool.
472 spdy_session_pool
->FindAvailableSession(spdy_session_key
, net_log
) ?
473 ERR_SPDY_SESSION_ALREADY_EXISTS
: OK
;
476 void HttpStreamFactoryImpl::Job::OnIOComplete(int result
) {
480 int HttpStreamFactoryImpl::Job::RunLoop(int result
) {
481 result
= DoLoop(result
);
483 if (result
== ERR_IO_PENDING
)
486 // If there was an error, we should have already resumed the |waiting_job_|,
488 DCHECK(result
== OK
|| waiting_job_
== NULL
);
490 if (IsPreconnecting()) {
491 base::ThreadTaskRunnerHandle::Get()->PostTask(
493 base::Bind(&HttpStreamFactoryImpl::Job::OnPreconnectsComplete
,
494 ptr_factory_
.GetWeakPtr()));
495 return ERR_IO_PENDING
;
498 if (IsCertificateError(result
)) {
499 // Retrieve SSL information from the socket.
502 next_state_
= STATE_WAITING_USER_ACTION
;
503 base::ThreadTaskRunnerHandle::Get()->PostTask(
505 base::Bind(&HttpStreamFactoryImpl::Job::OnCertificateErrorCallback
,
506 ptr_factory_
.GetWeakPtr(), result
, ssl_info_
));
507 return ERR_IO_PENDING
;
511 case ERR_PROXY_AUTH_REQUESTED
: {
512 UMA_HISTOGRAM_BOOLEAN("Net.ProxyAuthRequested.HasConnection",
513 connection_
.get() != NULL
);
514 if (!connection_
.get())
515 return ERR_PROXY_AUTH_REQUESTED_WITH_NO_CONNECTION
;
516 CHECK(connection_
->socket());
517 CHECK(establishing_tunnel_
);
519 next_state_
= STATE_WAITING_USER_ACTION
;
520 ProxyClientSocket
* proxy_socket
=
521 static_cast<ProxyClientSocket
*>(connection_
->socket());
522 base::ThreadTaskRunnerHandle::Get()->PostTask(
524 base::Bind(&Job::OnNeedsProxyAuthCallback
, ptr_factory_
.GetWeakPtr(),
525 *proxy_socket
->GetConnectResponseInfo(),
526 proxy_socket
->GetAuthController()));
527 return ERR_IO_PENDING
;
530 case ERR_SSL_CLIENT_AUTH_CERT_NEEDED
:
531 base::ThreadTaskRunnerHandle::Get()->PostTask(
533 base::Bind(&Job::OnNeedsClientAuthCallback
, ptr_factory_
.GetWeakPtr(),
534 connection_
->ssl_error_response_info().cert_request_info
));
535 return ERR_IO_PENDING
;
537 case ERR_HTTPS_PROXY_TUNNEL_RESPONSE
: {
538 DCHECK(connection_
.get());
539 DCHECK(connection_
->socket());
540 DCHECK(establishing_tunnel_
);
542 ProxyClientSocket
* proxy_socket
=
543 static_cast<ProxyClientSocket
*>(connection_
->socket());
544 base::ThreadTaskRunnerHandle::Get()->PostTask(
545 FROM_HERE
, base::Bind(&Job::OnHttpsProxyTunnelResponseCallback
,
546 ptr_factory_
.GetWeakPtr(),
547 *proxy_socket
->GetConnectResponseInfo(),
548 proxy_socket
->CreateConnectResponseStream()));
549 return ERR_IO_PENDING
;
553 job_status_
= STATUS_SUCCEEDED
;
554 MaybeMarkAlternativeServiceBroken();
555 next_state_
= STATE_DONE
;
556 if (new_spdy_session_
.get()) {
557 base::ThreadTaskRunnerHandle::Get()->PostTask(
558 FROM_HERE
, base::Bind(&Job::OnNewSpdySessionReadyCallback
,
559 ptr_factory_
.GetWeakPtr()));
560 } else if (stream_factory_
->for_websockets_
) {
561 DCHECK(websocket_stream_
);
562 base::ThreadTaskRunnerHandle::Get()->PostTask(
563 FROM_HERE
, base::Bind(&Job::OnWebSocketHandshakeStreamReadyCallback
,
564 ptr_factory_
.GetWeakPtr()));
566 DCHECK(stream_
.get());
567 base::ThreadTaskRunnerHandle::Get()->PostTask(
569 base::Bind(&Job::OnStreamReadyCallback
, ptr_factory_
.GetWeakPtr()));
571 return ERR_IO_PENDING
;
574 DCHECK(result
!= ERR_ALTERNATIVE_CERT_NOT_VALID_FOR_ORIGIN
||
575 IsSpdyAlternative() || IsQuicAlternative());
576 if (job_status_
!= STATUS_BROKEN
) {
577 DCHECK_EQ(STATUS_RUNNING
, job_status_
);
578 job_status_
= STATUS_FAILED
;
579 // TODO(bnc): If (result == ERR_ALTERNATIVE_CERT_NOT_VALID_FOR_ORIGIN),
580 // then instead of marking alternative service broken, mark (origin,
581 // alternative service) couple as invalid.
582 MaybeMarkAlternativeServiceBroken();
584 base::ThreadTaskRunnerHandle::Get()->PostTask(
585 FROM_HERE
, base::Bind(&Job::OnStreamFailedCallback
,
586 ptr_factory_
.GetWeakPtr(), result
));
587 return ERR_IO_PENDING
;
591 int HttpStreamFactoryImpl::Job::DoLoop(int result
) {
592 DCHECK_NE(next_state_
, STATE_NONE
);
595 State state
= next_state_
;
596 next_state_
= STATE_NONE
;
602 case STATE_RESOLVE_PROXY
:
604 rv
= DoResolveProxy();
606 case STATE_RESOLVE_PROXY_COMPLETE
:
607 rv
= DoResolveProxyComplete(rv
);
609 case STATE_WAIT_FOR_JOB
:
613 case STATE_WAIT_FOR_JOB_COMPLETE
:
614 rv
= DoWaitForJobComplete(rv
);
616 case STATE_INIT_CONNECTION
:
618 rv
= DoInitConnection();
620 case STATE_INIT_CONNECTION_COMPLETE
:
621 rv
= DoInitConnectionComplete(rv
);
623 case STATE_WAITING_USER_ACTION
:
624 rv
= DoWaitingUserAction(rv
);
626 case STATE_RESTART_TUNNEL_AUTH
:
628 rv
= DoRestartTunnelAuth();
630 case STATE_RESTART_TUNNEL_AUTH_COMPLETE
:
631 rv
= DoRestartTunnelAuthComplete(rv
);
633 case STATE_CREATE_STREAM
:
635 rv
= DoCreateStream();
637 case STATE_CREATE_STREAM_COMPLETE
:
638 rv
= DoCreateStreamComplete(rv
);
641 NOTREACHED() << "bad state";
645 } while (rv
!= ERR_IO_PENDING
&& next_state_
!= STATE_NONE
);
649 int HttpStreamFactoryImpl::Job::StartInternal() {
650 CHECK_EQ(STATE_NONE
, next_state_
);
651 next_state_
= STATE_START
;
652 int rv
= RunLoop(OK
);
653 DCHECK_EQ(ERR_IO_PENDING
, rv
);
657 int HttpStreamFactoryImpl::Job::DoStart() {
658 if (IsSpdyAlternative() || IsQuicAlternative()) {
659 server_
= alternative_service_
.host_port_pair();
661 server_
= HostPortPair::FromURL(request_info_
.url
);
664 stream_factory_
->ApplyHostMappingRules(request_info_
.url
, &server_
);
665 valid_spdy_session_pool_
.reset(new ValidSpdySessionPool(
666 session_
->spdy_session_pool(), origin_url_
, IsSpdyAlternative()));
669 NetLog::TYPE_HTTP_STREAM_JOB
,
670 base::Bind(&NetLogHttpStreamJobCallback
,
671 request_
? request_
->net_log().source() : NetLog::Source(),
672 &request_info_
.url
, &origin_url_
, &alternative_service_
,
675 request_
->net_log().AddEvent(NetLog::TYPE_HTTP_STREAM_REQUEST_STARTED_JOB
,
676 net_log_
.source().ToEventParametersCallback());
679 // Don't connect to restricted ports.
680 if (!IsPortAllowedForScheme(server_
.port(), request_info_
.url
.scheme())) {
682 waiting_job_
->Resume(this);
685 return ERR_UNSAFE_PORT
;
688 next_state_
= STATE_RESOLVE_PROXY
;
692 int HttpStreamFactoryImpl::Job::DoResolveProxy() {
693 DCHECK(!pac_request_
);
696 next_state_
= STATE_RESOLVE_PROXY_COMPLETE
;
698 if (request_info_
.load_flags
& LOAD_BYPASS_PROXY
) {
699 proxy_info_
.UseDirect();
703 // TODO(rch): remove this code since Alt-Svc seems to prohibit it.
704 GURL url_for_proxy
= origin_url_
;
705 // For SPDY via Alt-Svc, set |alternative_service_url_| to
706 // https://<alternative host>:<alternative port>/...
707 // so the proxy resolution works with the actual destination, and so
708 // that the correct socket pool is used.
709 if (IsSpdyAlternative()) {
710 // TODO(rch): Figure out how to make QUIC iteract with PAC
711 // scripts. By not re-writing the URL, we will query the PAC script
712 // for the proxy to use to reach the original URL via TCP. But
713 // the alternate request will be going via UDP to a different port.
714 GURL::Replacements replacements
;
715 // new_port needs to be in scope here because GURL::Replacements references
716 // the memory contained by it directly.
717 const std::string new_port
= base::UintToString(alternative_service_
.port
);
718 replacements
.SetSchemeStr("https");
719 replacements
.SetPortStr(new_port
);
720 url_for_proxy
= url_for_proxy
.ReplaceComponents(replacements
);
723 return session_
->proxy_service()->ResolveProxy(
724 url_for_proxy
, request_info_
.load_flags
, &proxy_info_
, io_callback_
,
725 &pac_request_
, session_
->network_delegate(), net_log_
);
728 int HttpStreamFactoryImpl::Job::DoResolveProxyComplete(int result
) {
732 // Remove unsupported proxies from the list.
733 int supported_proxies
=
734 ProxyServer::SCHEME_DIRECT
| ProxyServer::SCHEME_HTTP
|
735 ProxyServer::SCHEME_HTTPS
| ProxyServer::SCHEME_SOCKS4
|
736 ProxyServer::SCHEME_SOCKS5
;
738 if (session_
->params().enable_quic_for_proxies
)
739 supported_proxies
|= ProxyServer::SCHEME_QUIC
;
741 proxy_info_
.RemoveProxiesWithoutScheme(supported_proxies
);
743 if (proxy_info_
.is_empty()) {
744 // No proxies/direct to choose from. This happens when we don't support
745 // any of the proxies in the returned list.
746 result
= ERR_NO_SUPPORTED_PROXIES
;
747 } else if (using_quic_
&&
748 (!proxy_info_
.is_quic() && !proxy_info_
.is_direct())) {
749 // QUIC can not be spoken to non-QUIC proxies. This error should not be
750 // user visible, because the non-alternative Job should be resumed.
751 result
= ERR_NO_SUPPORTED_PROXIES
;
757 waiting_job_
->Resume(this);
764 next_state_
= STATE_WAIT_FOR_JOB
;
766 next_state_
= STATE_INIT_CONNECTION
;
770 bool HttpStreamFactoryImpl::Job::ShouldForceQuic() const {
771 return session_
->params().enable_quic
&&
772 session_
->params().origin_to_force_quic_on
.Equals(server_
) &&
773 proxy_info_
.is_direct();
776 int HttpStreamFactoryImpl::Job::DoWaitForJob() {
777 DCHECK(blocking_job_
);
778 next_state_
= STATE_WAIT_FOR_JOB_COMPLETE
;
779 return ERR_IO_PENDING
;
782 int HttpStreamFactoryImpl::Job::DoWaitForJobComplete(int result
) {
783 DCHECK(!blocking_job_
);
784 DCHECK_EQ(OK
, result
);
785 next_state_
= STATE_INIT_CONNECTION
;
789 int HttpStreamFactoryImpl::Job::DoInitConnection() {
790 // TODO(pkasting): Remove ScopedTracker below once crbug.com/462812 is fixed.
791 tracked_objects::ScopedTracker
tracking_profile(
792 FROM_HERE_WITH_EXPLICIT_FUNCTION(
793 "462812 HttpStreamFactoryImpl::Job::DoInitConnection"));
794 DCHECK(!blocking_job_
);
795 DCHECK(!connection_
->is_initialized());
796 DCHECK(proxy_info_
.proxy_server().is_valid());
797 next_state_
= STATE_INIT_CONNECTION_COMPLETE
;
799 using_ssl_
= origin_url_
.SchemeIs("https") || origin_url_
.SchemeIs("wss") ||
803 if (ShouldForceQuic())
806 DCHECK(!using_quic_
|| session_
->params().enable_quic
);
808 if (proxy_info_
.is_quic()) {
810 DCHECK(session_
->params().enable_quic_for_proxies
);
813 if (proxy_info_
.is_https() || proxy_info_
.is_quic()) {
814 InitSSLConfig(proxy_info_
.proxy_server().host_port_pair(),
815 &proxy_ssl_config_
, /*is_proxy=*/true);
816 // Disable revocation checking for HTTPS proxies since the revocation
817 // requests are probably going to need to go through the proxy too.
818 proxy_ssl_config_
.rev_checking_enabled
= false;
821 InitSSLConfig(server_
, &server_ssl_config_
, /*is_proxy=*/false);
825 if (proxy_info_
.is_quic() && !request_info_
.url
.SchemeIs("http")) {
827 // TODO(rch): support QUIC proxies for HTTPS urls.
828 return ERR_NOT_IMPLEMENTED
;
830 HostPortPair destination
;
831 std::string origin_host
;
833 SSLConfig
* ssl_config
;
834 if (proxy_info_
.is_quic()) {
835 // A proxy's certificate is expected to be valid for the proxy hostname.
836 destination
= proxy_info_
.proxy_server().host_port_pair();
837 origin_host
= destination
.host();
839 ssl_config
= &proxy_ssl_config_
;
841 // If QUIC is disabled on the destination port, return error.
842 if (session_
->quic_stream_factory()->IsQuicDisabled(destination
.port()))
843 return ERR_QUIC_PROTOCOL_ERROR
;
845 // The certificate of a QUIC alternative server is expected to be valid
846 // for the origin of the request (in addition to being valid for the
848 destination
= server_
;
849 origin_host
= origin_url_
.host();
850 secure_quic
= using_ssl_
;
851 ssl_config
= &server_ssl_config_
;
853 int rv
= quic_request_
.Request(
854 destination
, secure_quic
, request_info_
.privacy_mode
,
855 ssl_config
->GetCertVerifyFlags(), origin_host
, request_info_
.method
,
856 net_log_
, io_callback_
);
858 using_existing_quic_session_
= true;
860 // OK, there's no available QUIC session. Let |waiting_job_| resume
863 waiting_job_
->Resume(this);
870 SpdySessionKey spdy_session_key
= GetSpdySessionKey();
872 // Check first if we have a spdy session for this group. If so, then go
873 // straight to using that.
874 if (CanUseExistingSpdySession()) {
875 base::WeakPtr
<SpdySession
> spdy_session
;
876 int result
= valid_spdy_session_pool_
->FindAvailableSession(
877 spdy_session_key
, net_log_
, &spdy_session
);
881 // If we're preconnecting, but we already have a SpdySession, we don't
882 // actually need to preconnect any sockets, so we're done.
883 if (IsPreconnecting())
886 next_state_
= STATE_CREATE_STREAM
;
887 existing_spdy_session_
= spdy_session
;
891 if (request_
&& !request_
->HasSpdySessionKey() && using_ssl_
) {
892 // Update the spdy session key for the request that launched this job.
893 request_
->SetSpdySessionKey(spdy_session_key
);
896 // OK, there's no available SPDY session. Let |waiting_job_| resume if it's
899 waiting_job_
->Resume(this);
903 if (proxy_info_
.is_http() || proxy_info_
.is_https())
904 establishing_tunnel_
= using_ssl_
;
906 const bool expect_spdy
= IsSpdyAlternative();
908 base::WeakPtr
<HttpServerProperties
> http_server_properties
=
909 session_
->http_server_properties();
910 if (http_server_properties
) {
911 http_server_properties
->MaybeForceHTTP11(server_
, &server_ssl_config_
);
912 if (proxy_info_
.is_http() || proxy_info_
.is_https()) {
913 http_server_properties
->MaybeForceHTTP11(
914 proxy_info_
.proxy_server().host_port_pair(), &proxy_ssl_config_
);
918 if (IsPreconnecting()) {
919 DCHECK(!stream_factory_
->for_websockets_
);
920 return PreconnectSocketsForHttpRequest(
921 GetSocketGroup(), server_
, request_info_
.extra_headers
,
922 request_info_
.load_flags
, priority_
, session_
, proxy_info_
, expect_spdy
,
923 server_ssl_config_
, proxy_ssl_config_
, request_info_
.privacy_mode
,
924 net_log_
, num_streams_
);
927 // If we can't use a SPDY session, don't bother checking for one after
928 // the hostname is resolved.
929 OnHostResolutionCallback resolution_callback
=
930 CanUseExistingSpdySession()
931 ? base::Bind(&Job::OnHostResolution
, session_
->spdy_session_pool(),
933 : OnHostResolutionCallback();
934 if (stream_factory_
->for_websockets_
) {
935 // TODO(ricea): Re-enable NPN when WebSockets over SPDY is supported.
936 SSLConfig websocket_server_ssl_config
= server_ssl_config_
;
937 websocket_server_ssl_config
.next_protos
.clear();
938 return InitSocketHandleForWebSocketRequest(
939 GetSocketGroup(), server_
, request_info_
.extra_headers
,
940 request_info_
.load_flags
, priority_
, session_
, proxy_info_
, expect_spdy
,
941 websocket_server_ssl_config
, proxy_ssl_config_
,
942 request_info_
.privacy_mode
, net_log_
, connection_
.get(),
943 resolution_callback
, io_callback_
);
946 return InitSocketHandleForHttpRequest(
947 GetSocketGroup(), server_
, request_info_
.extra_headers
,
948 request_info_
.load_flags
, priority_
, session_
, proxy_info_
, expect_spdy
,
949 server_ssl_config_
, proxy_ssl_config_
, request_info_
.privacy_mode
,
950 net_log_
, connection_
.get(), resolution_callback
, io_callback_
);
953 int HttpStreamFactoryImpl::Job::DoInitConnectionComplete(int result
) {
954 if (IsPreconnecting()) {
957 DCHECK_EQ(OK
, result
);
961 if (result
== ERR_SPDY_SESSION_ALREADY_EXISTS
) {
962 // We found a SPDY connection after resolving the host. This is
963 // probably an IP pooled connection.
964 SpdySessionKey spdy_session_key
= GetSpdySessionKey();
965 existing_spdy_session_
=
966 session_
->spdy_session_pool()->FindAvailableSession(
967 spdy_session_key
, net_log_
);
968 if (existing_spdy_session_
) {
970 next_state_
= STATE_CREATE_STREAM
;
972 // It is possible that the spdy session no longer exists.
973 ReturnToStateInitConnection(true /* close connection */);
978 if (proxy_info_
.is_quic() && using_quic_
) {
979 if (result
== ERR_QUIC_PROTOCOL_ERROR
||
980 result
== ERR_QUIC_HANDSHAKE_FAILED
) {
982 return ReconsiderProxyAfterError(result
);
984 // Mark QUIC proxy as bad if QUIC got disabled on the destination port.
985 // Underlying QUIC layer would have closed the connection.
986 HostPortPair destination
= proxy_info_
.proxy_server().host_port_pair();
987 if (session_
->quic_stream_factory()->IsQuicDisabled(destination
.port())) {
989 return ReconsiderProxyAfterError(ERR_QUIC_PROTOCOL_ERROR
);
993 // TODO(willchan): Make this a bit more exact. Maybe there are recoverable
994 // errors, such as ignoring certificate errors for Alternate-Protocol.
995 if (result
< 0 && waiting_job_
) {
996 waiting_job_
->Resume(this);
1000 // |result| may be the result of any of the stacked pools. The following
1001 // logic is used when determining how to interpret an error.
1003 // and connection_->socket() != NULL, then the SSL handshake ran and it
1004 // is a potentially recoverable error.
1005 // and connection_->socket == NULL and connection_->is_ssl_error() is true,
1006 // then the SSL handshake ran with an unrecoverable error.
1007 // otherwise, the error came from one of the other pools.
1008 bool ssl_started
= using_ssl_
&& (result
== OK
|| connection_
->socket() ||
1009 connection_
->is_ssl_error());
1011 if (ssl_started
&& (result
== OK
|| IsCertificateError(result
))) {
1012 if (using_quic_
&& result
== OK
) {
1013 was_npn_negotiated_
= true;
1014 protocol_negotiated_
=
1015 SSLClientSocket::NextProtoFromString("quic/1+spdy/3");
1017 SSLClientSocket
* ssl_socket
=
1018 static_cast<SSLClientSocket
*>(connection_
->socket());
1019 if (ssl_socket
->WasNpnNegotiated()) {
1020 was_npn_negotiated_
= true;
1022 SSLClientSocket::NextProtoStatus status
=
1023 ssl_socket
->GetNextProto(&proto
);
1024 protocol_negotiated_
= SSLClientSocket::NextProtoFromString(proto
);
1026 NetLog::TYPE_HTTP_STREAM_REQUEST_PROTO
,
1027 base::Bind(&NetLogHttpStreamProtoCallback
,
1029 if (NextProtoIsSPDY(protocol_negotiated_
))
1033 } else if (proxy_info_
.is_https() && connection_
->socket() &&
1035 ProxyClientSocket
* proxy_socket
=
1036 static_cast<ProxyClientSocket
*>(connection_
->socket());
1037 if (proxy_socket
->IsUsingSpdy()) {
1038 was_npn_negotiated_
= true;
1039 protocol_negotiated_
= proxy_socket
->GetProtocolNegotiated();
1044 if (result
== ERR_PROXY_AUTH_REQUESTED
||
1045 result
== ERR_HTTPS_PROXY_TUNNEL_RESPONSE
) {
1046 DCHECK(!ssl_started
);
1047 // Other state (i.e. |using_ssl_|) suggests that |connection_| will have an
1048 // SSL socket, but there was an error before that could happen. This
1049 // puts the in progress HttpProxy socket into |connection_| in order to
1050 // complete the auth (or read the response body). The tunnel restart code
1051 // is careful to remove it before returning control to the rest of this
1053 connection_
.reset(connection_
->release_pending_http_proxy_connection());
1057 if (IsSpdyAlternative() && !using_spdy_
) {
1058 job_status_
= STATUS_BROKEN
;
1059 MaybeMarkAlternativeServiceBroken();
1060 return ERR_NPN_NEGOTIATION_FAILED
;
1063 if (!ssl_started
&& result
< 0 &&
1064 (IsSpdyAlternative() || IsQuicAlternative())) {
1065 job_status_
= STATUS_BROKEN
;
1066 // TODO(bnc): if (result == ERR_ALTERNATIVE_CERT_NOT_VALID_FOR_ORIGIN), then
1067 // instead of marking alternative service broken, mark (origin, alternative
1068 // service) couple as invalid.
1069 MaybeMarkAlternativeServiceBroken();
1075 job_status_
= STATUS_BROKEN
;
1076 MaybeMarkAlternativeServiceBroken();
1079 stream_
= quic_request_
.ReleaseStream();
1080 next_state_
= STATE_NONE
;
1084 if (result
< 0 && !ssl_started
)
1085 return ReconsiderProxyAfterError(result
);
1086 establishing_tunnel_
= false;
1088 if (connection_
->socket()) {
1089 // We officially have a new connection. Record the type.
1090 if (!connection_
->is_reused()) {
1091 ConnectionType type
= using_spdy_
? CONNECTION_SPDY
: CONNECTION_HTTP
;
1092 UpdateConnectionTypeHistograms(type
);
1096 // Handle SSL errors below.
1098 DCHECK(ssl_started
);
1099 if (IsCertificateError(result
)) {
1100 if (IsSpdyAlternative() && origin_url_
.SchemeIs("http")) {
1101 // We ignore certificate errors for http over spdy.
1102 spdy_certificate_error_
= result
;
1105 result
= HandleCertificateError(result
);
1106 if (result
== OK
&& !connection_
->socket()->IsConnectedAndIdle()) {
1107 ReturnToStateInitConnection(true /* close connection */);
1116 next_state_
= STATE_CREATE_STREAM
;
1120 int HttpStreamFactoryImpl::Job::DoWaitingUserAction(int result
) {
1121 // This state indicates that the stream request is in a partially
1122 // completed state, and we've called back to the delegate for more
1125 // We're always waiting here for the delegate to call us back.
1126 return ERR_IO_PENDING
;
1129 int HttpStreamFactoryImpl::Job::SetSpdyHttpStream(
1130 base::WeakPtr
<SpdySession
> session
, bool direct
) {
1131 // TODO(ricea): Restore the code for WebSockets over SPDY once it's
1133 if (stream_factory_
->for_websockets_
)
1134 return ERR_NOT_IMPLEMENTED
;
1136 // TODO(willchan): Delete this code, because eventually, the
1137 // HttpStreamFactoryImpl will be creating all the SpdyHttpStreams, since it
1138 // will know when SpdySessions become available.
1140 bool use_relative_url
= direct
|| request_info_
.url
.SchemeIs("https");
1141 stream_
.reset(new SpdyHttpStream(session
, use_relative_url
));
1145 int HttpStreamFactoryImpl::Job::DoCreateStream() {
1146 // TODO(pkasting): Remove ScopedTracker below once crbug.com/462811 is fixed.
1147 tracked_objects::ScopedTracker
tracking_profile(
1148 FROM_HERE_WITH_EXPLICIT_FUNCTION(
1149 "462811 HttpStreamFactoryImpl::Job::DoCreateStream"));
1150 DCHECK(connection_
->socket() || existing_spdy_session_
.get() || using_quic_
);
1151 DCHECK(!IsQuicAlternative());
1153 next_state_
= STATE_CREATE_STREAM_COMPLETE
;
1155 // We only set the socket motivation if we're the first to use
1156 // this socket. Is there a race for two SPDY requests? We really
1157 // need to plumb this through to the connect level.
1158 if (connection_
->socket() && !connection_
->is_reused())
1159 SetSocketMotivation();
1162 DCHECK(!IsSpdyAlternative());
1163 // We may get ftp scheme when fetching ftp resources through proxy.
1164 bool using_proxy
= (proxy_info_
.is_http() || proxy_info_
.is_https()) &&
1165 (request_info_
.url
.SchemeIs("http") ||
1166 request_info_
.url
.SchemeIs("ftp"));
1167 if (stream_factory_
->for_websockets_
) {
1169 DCHECK(request_
->websocket_handshake_stream_create_helper());
1170 websocket_stream_
.reset(
1171 request_
->websocket_handshake_stream_create_helper()
1172 ->CreateBasicStream(connection_
.Pass(), using_proxy
));
1174 stream_
.reset(new HttpBasicStream(connection_
.release(), using_proxy
));
1179 CHECK(!stream_
.get());
1181 bool direct
= !IsHttpsProxyAndHttpUrl();
1182 if (existing_spdy_session_
.get()) {
1183 // We picked up an existing session, so we don't need our socket.
1184 if (connection_
->socket())
1185 connection_
->socket()->Disconnect();
1186 connection_
->Reset();
1188 int set_result
= SetSpdyHttpStream(existing_spdy_session_
, direct
);
1189 existing_spdy_session_
.reset();
1193 SpdySessionKey spdy_session_key
= GetSpdySessionKey();
1194 base::WeakPtr
<SpdySession
> spdy_session
;
1195 int result
= valid_spdy_session_pool_
->FindAvailableSession(
1196 spdy_session_key
, net_log_
, &spdy_session
);
1201 return SetSpdyHttpStream(spdy_session
, direct
);
1204 result
= valid_spdy_session_pool_
->CreateAvailableSessionFromSocket(
1205 spdy_session_key
, connection_
.Pass(), net_log_
, spdy_certificate_error_
,
1206 using_ssl_
, &spdy_session
);
1211 if (!spdy_session
->HasAcceptableTransportSecurity()) {
1212 spdy_session
->CloseSessionOnError(
1213 ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY
, "");
1214 return ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY
;
1217 new_spdy_session_
= spdy_session
;
1218 spdy_session_direct_
= direct
;
1219 const HostPortPair
& host_port_pair
= spdy_session_key
.host_port_pair();
1220 base::WeakPtr
<HttpServerProperties
> http_server_properties
=
1221 session_
->http_server_properties();
1222 if (http_server_properties
)
1223 http_server_properties
->SetSupportsSpdy(host_port_pair
, true);
1225 // Create a SpdyHttpStream attached to the session;
1226 // OnNewSpdySessionReadyCallback is not called until an event loop
1227 // iteration later, so if the SpdySession is closed between then, allow
1228 // reuse state from the underlying socket, sampled by SpdyHttpStream,
1229 // bubble up to the request.
1230 return SetSpdyHttpStream(new_spdy_session_
, spdy_session_direct_
);
1233 int HttpStreamFactoryImpl::Job::DoCreateStreamComplete(int result
) {
1237 session_
->proxy_service()->ReportSuccess(proxy_info_
,
1238 session_
->network_delegate());
1239 next_state_
= STATE_NONE
;
1243 int HttpStreamFactoryImpl::Job::DoRestartTunnelAuth() {
1244 next_state_
= STATE_RESTART_TUNNEL_AUTH_COMPLETE
;
1245 ProxyClientSocket
* proxy_socket
=
1246 static_cast<ProxyClientSocket
*>(connection_
->socket());
1247 return proxy_socket
->RestartWithAuth(io_callback_
);
1250 int HttpStreamFactoryImpl::Job::DoRestartTunnelAuthComplete(int result
) {
1251 if (result
== ERR_PROXY_AUTH_REQUESTED
)
1255 // Now that we've got the HttpProxyClientSocket connected. We have
1256 // to release it as an idle socket into the pool and start the connection
1257 // process from the beginning. Trying to pass it in with the
1258 // SSLSocketParams might cause a deadlock since params are dispatched
1259 // interchangeably. This request won't necessarily get this http proxy
1260 // socket, but there will be forward progress.
1261 establishing_tunnel_
= false;
1262 ReturnToStateInitConnection(false /* do not close connection */);
1266 if (result
== ERR_CONNECTION_CLOSED
|| result
== ERR_CONNECTION_RESET
||
1267 result
== ERR_SOCKET_NOT_CONNECTED
) {
1268 // The server may have closed the connection while waiting for auth data.
1269 // Automatically try to use a new connection.
1270 establishing_tunnel_
= false;
1271 ReturnToStateInitConnection(true /* close connection */);
1275 return ReconsiderProxyAfterError(result
);
1278 void HttpStreamFactoryImpl::Job::ReturnToStateInitConnection(
1279 bool close_connection
) {
1280 if (close_connection
&& connection_
->socket())
1281 connection_
->socket()->Disconnect();
1282 connection_
->Reset();
1285 request_
->RemoveRequestFromSpdySessionRequestMap();
1287 next_state_
= STATE_INIT_CONNECTION
;
1290 void HttpStreamFactoryImpl::Job::SetSocketMotivation() {
1291 if (request_info_
.motivation
== HttpRequestInfo::PRECONNECT_MOTIVATED
)
1292 connection_
->socket()->SetSubresourceSpeculation();
1293 else if (request_info_
.motivation
== HttpRequestInfo::OMNIBOX_MOTIVATED
)
1294 connection_
->socket()->SetOmniboxSpeculation();
1295 // TODO(mbelshe): Add other motivations (like EARLY_LOAD_MOTIVATED).
1298 bool HttpStreamFactoryImpl::Job::IsHttpsProxyAndHttpUrl() const {
1299 if (!proxy_info_
.is_https())
1301 if (IsSpdyAlternative() || IsQuicAlternative()) {
1302 // We currently only support Alternate-Protocol where the original scheme
1304 DCHECK(origin_url_
.SchemeIs("http"));
1305 return origin_url_
.SchemeIs("http");
1307 return request_info_
.url
.SchemeIs("http");
1310 bool HttpStreamFactoryImpl::Job::IsSpdyAlternative() const {
1311 return alternative_service_
.protocol
>= NPN_SPDY_MINIMUM_VERSION
&&
1312 alternative_service_
.protocol
<= NPN_SPDY_MAXIMUM_VERSION
;
1315 bool HttpStreamFactoryImpl::Job::IsQuicAlternative() const {
1316 return alternative_service_
.protocol
== QUIC
;
1319 void HttpStreamFactoryImpl::Job::InitSSLConfig(const HostPortPair
& server
,
1320 SSLConfig
* ssl_config
,
1321 bool is_proxy
) const {
1323 // Prior to HTTP/2 and SPDY, some servers use TLS renegotiation to request
1324 // TLS client authentication after the HTTP request was sent. Allow
1325 // renegotiation for only those connections.
1327 // Note that this does NOT implement the provision in
1328 // https://http2.github.io/http2-spec/#rfc.section.9.2.1 which allows the
1329 // server to request a renegotiation immediately before sending the
1330 // connection preface as waiting for the preface would cost the round trip
1331 // that False Start otherwise saves.
1332 ssl_config
->renego_allowed_default
= true;
1333 ssl_config
->renego_allowed_for_protos
.push_back(kProtoHTTP11
);
1336 if (proxy_info_
.is_https() && ssl_config
->send_client_cert
) {
1337 // When connecting through an HTTPS proxy, disable TLS False Start so
1338 // that client authentication errors can be distinguished between those
1339 // originating from the proxy server (ERR_PROXY_CONNECTION_FAILED) and
1340 // those originating from the endpoint (ERR_SSL_PROTOCOL_ERROR /
1341 // ERR_BAD_SSL_CLIENT_AUTH_CERT).
1343 // This assumes the proxy will only request certificates on the initial
1344 // handshake; renegotiation on the proxy connection is unsupported.
1345 ssl_config
->false_start_enabled
= false;
1348 if (request_info_
.load_flags
& LOAD_VERIFY_EV_CERT
)
1349 ssl_config
->verify_ev_cert
= true;
1351 // Disable Channel ID if privacy mode is enabled.
1352 if (request_info_
.privacy_mode
== PRIVACY_MODE_ENABLED
)
1353 ssl_config
->channel_id_enabled
= false;
1357 int HttpStreamFactoryImpl::Job::ReconsiderProxyAfterError(int error
) {
1358 DCHECK(!pac_request_
);
1361 // A failure to resolve the hostname or any error related to establishing a
1362 // TCP connection could be grounds for trying a new proxy configuration.
1364 // Why do this when a hostname cannot be resolved? Some URLs only make sense
1365 // to proxy servers. The hostname in those URLs might fail to resolve if we
1366 // are still using a non-proxy config. We need to check if a proxy config
1367 // now exists that corresponds to a proxy server that could load the URL.
1370 case ERR_PROXY_CONNECTION_FAILED
:
1371 case ERR_NAME_NOT_RESOLVED
:
1372 case ERR_INTERNET_DISCONNECTED
:
1373 case ERR_ADDRESS_UNREACHABLE
:
1374 case ERR_CONNECTION_CLOSED
:
1375 case ERR_CONNECTION_TIMED_OUT
:
1376 case ERR_CONNECTION_RESET
:
1377 case ERR_CONNECTION_REFUSED
:
1378 case ERR_CONNECTION_ABORTED
:
1380 case ERR_TUNNEL_CONNECTION_FAILED
:
1381 case ERR_SOCKS_CONNECTION_FAILED
:
1382 // This can happen in the case of trying to talk to a proxy using SSL, and
1383 // ending up talking to a captive portal that supports SSL instead.
1384 case ERR_PROXY_CERTIFICATE_INVALID
:
1385 // This can happen when trying to talk SSL to a non-SSL server (Like a
1387 case ERR_QUIC_PROTOCOL_ERROR
:
1388 case ERR_QUIC_HANDSHAKE_FAILED
:
1389 case ERR_SSL_PROTOCOL_ERROR
:
1391 case ERR_SOCKS_CONNECTION_HOST_UNREACHABLE
:
1392 // Remap the SOCKS-specific "host unreachable" error to a more
1393 // generic error code (this way consumers like the link doctor
1394 // know to substitute their error page).
1396 // Note that if the host resolving was done by the SOCKS5 proxy, we can't
1397 // differentiate between a proxy-side "host not found" versus a proxy-side
1398 // "address unreachable" error, and will report both of these failures as
1399 // ERR_ADDRESS_UNREACHABLE.
1400 return ERR_ADDRESS_UNREACHABLE
;
1405 if (request_info_
.load_flags
& LOAD_BYPASS_PROXY
) {
1409 if (proxy_info_
.is_https() && proxy_ssl_config_
.send_client_cert
) {
1410 session_
->ssl_client_auth_cache()->Remove(
1411 proxy_info_
.proxy_server().host_port_pair());
1414 int rv
= session_
->proxy_service()->ReconsiderProxyAfterError(
1415 request_info_
.url
, request_info_
.load_flags
, error
, &proxy_info_
,
1416 io_callback_
, &pac_request_
, session_
->network_delegate(), net_log_
);
1417 if (rv
== OK
|| rv
== ERR_IO_PENDING
) {
1418 // If the error was during connection setup, there is no socket to
1420 if (connection_
->socket())
1421 connection_
->socket()->Disconnect();
1422 connection_
->Reset();
1424 request_
->RemoveRequestFromSpdySessionRequestMap();
1425 next_state_
= STATE_RESOLVE_PROXY_COMPLETE
;
1427 // If ReconsiderProxyAfterError() failed synchronously, it means
1428 // there was nothing left to fall-back to, so fail the transaction
1429 // with the last connection error we got.
1430 // TODO(eroman): This is a confusing contract, make it more obvious.
1437 int HttpStreamFactoryImpl::Job::HandleCertificateError(int error
) {
1439 DCHECK(IsCertificateError(error
));
1441 SSLClientSocket
* ssl_socket
=
1442 static_cast<SSLClientSocket
*>(connection_
->socket());
1443 ssl_socket
->GetSSLInfo(&ssl_info_
);
1445 // Add the bad certificate to the set of allowed certificates in the
1446 // SSL config object. This data structure will be consulted after calling
1447 // RestartIgnoringLastError(). And the user will be asked interactively
1448 // before RestartIgnoringLastError() is ever called.
1449 SSLConfig::CertAndStatus bad_cert
;
1451 // |ssl_info_.cert| may be NULL if we failed to create
1452 // X509Certificate for whatever reason, but normally it shouldn't
1453 // happen, unless this code is used inside sandbox.
1454 if (ssl_info_
.cert
.get() == NULL
||
1455 !X509Certificate::GetDEREncoded(ssl_info_
.cert
->os_cert_handle(),
1456 &bad_cert
.der_cert
)) {
1459 bad_cert
.cert_status
= ssl_info_
.cert_status
;
1460 server_ssl_config_
.allowed_bad_certs
.push_back(bad_cert
);
1462 int load_flags
= request_info_
.load_flags
;
1463 if (session_
->params().ignore_certificate_errors
)
1464 load_flags
|= LOAD_IGNORE_ALL_CERT_ERRORS
;
1465 if (ssl_socket
->IgnoreCertError(error
, load_flags
))
1470 void HttpStreamFactoryImpl::Job::SwitchToSpdyMode() {
1471 if (HttpStreamFactory::spdy_enabled())
1475 bool HttpStreamFactoryImpl::Job::IsPreconnecting() const {
1476 DCHECK_GE(num_streams_
, 0);
1477 return num_streams_
> 0;
1480 bool HttpStreamFactoryImpl::Job::IsOrphaned() const {
1481 return !IsPreconnecting() && !request_
;
1484 void HttpStreamFactoryImpl::Job::ReportJobSucceededForRequest() {
1485 if (using_existing_quic_session_
) {
1486 // If an existing session was used, then no TCP connection was
1488 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_NO_RACE
);
1489 } else if (IsSpdyAlternative() || IsQuicAlternative()) {
1490 // This Job was the alternative Job, and hence won the race.
1491 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_WON_RACE
);
1493 // This Job was the normal Job, and hence the alternative Job lost the race.
1494 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_LOST_RACE
);
1498 void HttpStreamFactoryImpl::Job::MarkOtherJobComplete(const Job
& job
) {
1499 DCHECK_EQ(STATUS_RUNNING
, other_job_status_
);
1500 other_job_status_
= job
.job_status_
;
1501 other_job_alternative_service_
= job
.alternative_service_
;
1502 MaybeMarkAlternativeServiceBroken();
1505 void HttpStreamFactoryImpl::Job::MaybeMarkAlternativeServiceBroken() {
1506 if (job_status_
== STATUS_RUNNING
|| other_job_status_
== STATUS_RUNNING
)
1509 if (IsSpdyAlternative() || IsQuicAlternative()) {
1510 if (job_status_
== STATUS_BROKEN
&& other_job_status_
== STATUS_SUCCEEDED
) {
1511 HistogramBrokenAlternateProtocolLocation(
1512 BROKEN_ALTERNATE_PROTOCOL_LOCATION_HTTP_STREAM_FACTORY_IMPL_JOB_ALT
);
1513 session_
->http_server_properties()->MarkAlternativeServiceBroken(
1514 alternative_service_
);
1519 if (job_status_
== STATUS_SUCCEEDED
&& other_job_status_
== STATUS_BROKEN
) {
1520 HistogramBrokenAlternateProtocolLocation(
1521 BROKEN_ALTERNATE_PROTOCOL_LOCATION_HTTP_STREAM_FACTORY_IMPL_JOB_MAIN
);
1522 session_
->http_server_properties()->MarkAlternativeServiceBroken(
1523 other_job_alternative_service_
);
1527 HttpStreamFactoryImpl::Job::ValidSpdySessionPool::ValidSpdySessionPool(
1528 SpdySessionPool
* spdy_session_pool
,
1530 bool is_spdy_alternative
)
1531 : spdy_session_pool_(spdy_session_pool
),
1532 origin_url_(origin_url
),
1533 is_spdy_alternative_(is_spdy_alternative
) {
1536 int HttpStreamFactoryImpl::Job::ValidSpdySessionPool::FindAvailableSession(
1537 const SpdySessionKey
& key
,
1538 const BoundNetLog
& net_log
,
1539 base::WeakPtr
<SpdySession
>* spdy_session
) {
1540 *spdy_session
= spdy_session_pool_
->FindAvailableSession(key
, net_log
);
1541 return CheckAlternativeServiceValidityForOrigin(*spdy_session
);
1544 int HttpStreamFactoryImpl::Job::ValidSpdySessionPool::
1545 CreateAvailableSessionFromSocket(const SpdySessionKey
& key
,
1546 scoped_ptr
<ClientSocketHandle
> connection
,
1547 const BoundNetLog
& net_log
,
1548 int certificate_error_code
,
1550 base::WeakPtr
<SpdySession
>* spdy_session
) {
1551 *spdy_session
= spdy_session_pool_
->CreateAvailableSessionFromSocket(
1552 key
, connection
.Pass(), net_log
, certificate_error_code
, is_secure
);
1553 return CheckAlternativeServiceValidityForOrigin(*spdy_session
);
1556 int HttpStreamFactoryImpl::Job::ValidSpdySessionPool::
1557 CheckAlternativeServiceValidityForOrigin(
1558 base::WeakPtr
<SpdySession
> spdy_session
) {
1559 // For an alternative Job, server_.host() might be different than
1560 // origin_url_.host(), therefore it needs to be verified that the former
1561 // provides a certificate that is valid for the latter.
1562 if (!is_spdy_alternative_
|| !spdy_session
||
1563 spdy_session
->VerifyDomainAuthentication(origin_url_
.host())) {
1566 return ERR_ALTERNATIVE_CERT_NOT_VALID_FOR_ORIGIN
;
1569 ClientSocketPoolManager::SocketGroupType
1570 HttpStreamFactoryImpl::Job::GetSocketGroup() const {
1571 std::string scheme
= origin_url_
.scheme();
1572 if (scheme
== "https" || scheme
== "wss" || IsSpdyAlternative())
1573 return ClientSocketPoolManager::SSL_GROUP
;
1575 if (scheme
== "ftp")
1576 return ClientSocketPoolManager::FTP_GROUP
;
1578 return ClientSocketPoolManager::NORMAL_GROUP
;
1581 // If the connection succeeds, failed connection attempts leading up to the
1582 // success will be returned via the successfully connected socket. If the
1583 // connection fails, failed connection attempts will be returned via the
1584 // ClientSocketHandle. Check whether a socket was returned and copy the
1585 // connection attempts from the proper place.
1586 void HttpStreamFactoryImpl::Job::
1587 MaybeCopyConnectionAttemptsFromSocketOrHandle() {
1588 if (IsOrphaned() || !connection_
)
1591 if (connection_
->socket()) {
1592 ConnectionAttempts socket_attempts
;
1593 connection_
->socket()->GetConnectionAttempts(&socket_attempts
);
1594 request_
->AddConnectionAttempts(socket_attempts
);
1596 request_
->AddConnectionAttempts(connection_
->connection_attempts());