search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update V8 to version 4.7.47.
[chromium-blink-merge.git] / net / http / http_stream_factory_impl_job.cc
blobdaa5e0572bce308f13bcd35287502e312e493357
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/http_stream_factory_impl_job.h"
6
7 #include <algorithm>
8 #include <string>
9
10 #include "base/bind.h"
11 #include "base/bind_helpers.h"
12 #include "base/location.h"
13 #include "base/logging.h"
14 #include "base/metrics/histogram_macros.h"
15 #include "base/profiler/scoped_tracker.h"
16 #include "base/single_thread_task_runner.h"
17 #include "base/stl_util.h"
18 #include "base/strings/string_number_conversions.h"
19 #include "base/strings/string_util.h"
20 #include "base/strings/stringprintf.h"
21 #include "base/thread_task_runner_handle.h"
22 #include "base/values.h"
23 #include "build/build_config.h"
24 #include "net/base/connection_type_histograms.h"
25 #include "net/base/net_util.h"
26 #include "net/base/port_util.h"
27 #include "net/cert/cert_verifier.h"
28 #include "net/http/http_basic_stream.h"
29 #include "net/http/http_network_session.h"
30 #include "net/http/http_proxy_client_socket.h"
31 #include "net/http/http_proxy_client_socket_pool.h"
32 #include "net/http/http_request_info.h"
33 #include "net/http/http_server_properties.h"
34 #include "net/http/http_stream_factory.h"
35 #include "net/http/http_stream_factory_impl_request.h"
36 #include "net/log/net_log.h"
37 #include "net/quic/quic_http_stream.h"
38 #include "net/socket/client_socket_handle.h"
39 #include "net/socket/client_socket_pool.h"
40 #include "net/socket/client_socket_pool_manager.h"
41 #include "net/socket/socks_client_socket_pool.h"
42 #include "net/socket/ssl_client_socket.h"
43 #include "net/socket/ssl_client_socket_pool.h"
44 #include "net/spdy/spdy_http_stream.h"
45 #include "net/spdy/spdy_session.h"
46 #include "net/spdy/spdy_session_pool.h"
47 #include "net/ssl/ssl_cert_request_info.h"
48 #include "net/ssl/ssl_failure_state.h"
49
50 namespace net {
51
52 // Returns parameters associated with the start of a HTTP stream job.
53 scoped_ptr<base::Value> NetLogHttpStreamJobCallback(
54 const NetLog::Source& source,
55 const GURL* original_url,
56 const GURL* url,
57 const AlternativeService* alternative_service,
58 RequestPriority priority,
59 NetLogCaptureMode /* capture_mode */) {
60 scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
61 if (source.IsValid())
62 source.AddToEventParameters(dict.get());
63 dict->SetString("original_url", original_url->GetOrigin().spec());
64 dict->SetString("url", url->GetOrigin().spec());
65 dict->SetString("alternative_service", alternative_service->ToString());
66 dict->SetString("priority", RequestPriorityToString(priority));
67 return dict.Pass();
68 }
69
70 // Returns parameters associated with the Proto (with NPN negotiation) of a HTTP
71 // stream.
72 scoped_ptr<base::Value> NetLogHttpStreamProtoCallback(
73 const SSLClientSocket::NextProtoStatus status,
74 const std::string* proto,
75 NetLogCaptureMode /* capture_mode */) {
76 scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
77
78 dict->SetString("next_proto_status",
79 SSLClientSocket::NextProtoStatusToString(status));
80 dict->SetString("proto", *proto);
81 return dict.Pass();
82 }
83
84 HttpStreamFactoryImpl::Job::Job(HttpStreamFactoryImpl* stream_factory,
85 HttpNetworkSession* session,
86 const HttpRequestInfo& request_info,
87 RequestPriority priority,
88 const SSLConfig& server_ssl_config,
89 const SSLConfig& proxy_ssl_config,
90 NetLog* net_log)
91 : Job(stream_factory,
92 session,
93 request_info,
94 priority,
95 server_ssl_config,
96 proxy_ssl_config,
97 AlternativeService(),
98 net_log) {
99 }
100
101 HttpStreamFactoryImpl::Job::Job(HttpStreamFactoryImpl* stream_factory,
102 HttpNetworkSession* session,
103 const HttpRequestInfo& request_info,
104 RequestPriority priority,
105 const SSLConfig& server_ssl_config,
106 const SSLConfig& proxy_ssl_config,
107 AlternativeService alternative_service,
108 NetLog* net_log)
109 : request_(NULL),
110 request_info_(request_info),
111 priority_(priority),
112 server_ssl_config_(server_ssl_config),
113 proxy_ssl_config_(proxy_ssl_config),
114 net_log_(BoundNetLog::Make(net_log, NetLog::SOURCE_HTTP_STREAM_JOB)),
115 io_callback_(base::Bind(&Job::OnIOComplete, base::Unretained(this))),
116 connection_(new ClientSocketHandle),
117 session_(session),
118 stream_factory_(stream_factory),
119 next_state_(STATE_NONE),
120 pac_request_(NULL),
121 alternative_service_(alternative_service),
122 blocking_job_(NULL),
123 waiting_job_(NULL),
124 using_ssl_(false),
125 using_spdy_(false),
126 using_quic_(false),
127 quic_request_(session_->quic_stream_factory()),
128 using_existing_quic_session_(false),
129 spdy_certificate_error_(OK),
130 establishing_tunnel_(false),
131 was_npn_negotiated_(false),
132 protocol_negotiated_(kProtoUnknown),
133 num_streams_(0),
134 spdy_session_direct_(false),
135 job_status_(STATUS_RUNNING),
136 other_job_status_(STATUS_RUNNING),
137 ptr_factory_(this) {
138 DCHECK(stream_factory);
139 DCHECK(session);
140 if (IsQuicAlternative()) {
141 DCHECK(session_->params().enable_quic);
142 using_quic_ = true;
143 }
144 }
145
146 HttpStreamFactoryImpl::Job::~Job() {
147 net_log_.EndEvent(NetLog::TYPE_HTTP_STREAM_JOB);
148
149 // When we're in a partially constructed state, waiting for the user to
150 // provide certificate handling information or authentication, we can't reuse
151 // this stream at all.
152 if (next_state_ == STATE_WAITING_USER_ACTION) {
153 connection_->socket()->Disconnect();
154 connection_.reset();
155 }
156
157 if (pac_request_)
158 session_->proxy_service()->CancelPacRequest(pac_request_);
159
160 // The stream could be in a partial state. It is not reusable.
161 if (stream_.get() && next_state_ != STATE_DONE)
162 stream_->Close(true /* not reusable */);
163 }
164
165 void HttpStreamFactoryImpl::Job::Start(Request* request) {
166 DCHECK(request);
167 request_ = request;
168 StartInternal();
169 }
170
171 int HttpStreamFactoryImpl::Job::Preconnect(int num_streams) {
172 DCHECK_GT(num_streams, 0);
173 base::WeakPtr<HttpServerProperties> http_server_properties =
174 session_->http_server_properties();
175 if (http_server_properties &&
176 http_server_properties->SupportsRequestPriority(
177 HostPortPair::FromURL(request_info_.url))) {
178 num_streams_ = 1;
179 } else {
180 num_streams_ = num_streams;
181 }
182 return StartInternal();
183 }
184
185 int HttpStreamFactoryImpl::Job::RestartTunnelWithProxyAuth(
186 const AuthCredentials& credentials) {
187 DCHECK(establishing_tunnel_);
188 next_state_ = STATE_RESTART_TUNNEL_AUTH;
189 stream_.reset();
190 return RunLoop(OK);
191 }
192
193 LoadState HttpStreamFactoryImpl::Job::GetLoadState() const {
194 switch (next_state_) {
195 case STATE_RESOLVE_PROXY_COMPLETE:
196 return session_->proxy_service()->GetLoadState(pac_request_);
197 case STATE_INIT_CONNECTION_COMPLETE:
198 case STATE_CREATE_STREAM_COMPLETE:
199 return using_quic_ ? LOAD_STATE_CONNECTING : connection_->GetLoadState();
200 default:
201 return LOAD_STATE_IDLE;
202 }
203 }
204
205 void HttpStreamFactoryImpl::Job::WaitFor(Job* job) {
206 DCHECK_EQ(STATE_NONE, next_state_);
207 DCHECK_EQ(STATE_NONE, job->next_state_);
208 DCHECK(!blocking_job_);
209 DCHECK(!job->waiting_job_);
210
211 // Never share connection with other jobs for FTP requests.
212 DCHECK(!request_info_.url.SchemeIs("ftp"));
213
214 blocking_job_ = job;
215 job->waiting_job_ = this;
216 }
217
218 void HttpStreamFactoryImpl::Job::Resume(Job* job) {
219 DCHECK_EQ(blocking_job_, job);
220 blocking_job_ = NULL;
221
222 // We know we're blocked if the next_state_ is STATE_WAIT_FOR_JOB_COMPLETE.
223 // Unblock |this|.
224 if (next_state_ == STATE_WAIT_FOR_JOB_COMPLETE) {
225 base::ThreadTaskRunnerHandle::Get()->PostTask(
226 FROM_HERE, base::Bind(&HttpStreamFactoryImpl::Job::OnIOComplete,
227 ptr_factory_.GetWeakPtr(), OK));
228 }
229 }
230
231 void HttpStreamFactoryImpl::Job::Orphan(const Request* request) {
232 DCHECK_EQ(request_, request);
233 request_ = NULL;
234 net_log_.AddEvent(NetLog::TYPE_HTTP_STREAM_JOB_ORPHANED);
235 if (blocking_job_) {
236 // We've been orphaned, but there's a job we're blocked on. Don't bother
237 // racing, just cancel ourself.
238 DCHECK(blocking_job_->waiting_job_);
239 blocking_job_->waiting_job_ = NULL;
240 blocking_job_ = NULL;
241 if (stream_factory_->for_websockets_ &&
242 connection_ && connection_->socket()) {
243 connection_->socket()->Disconnect();
244 }
245 stream_factory_->OnOrphanedJobComplete(this);
246 } else if (stream_factory_->for_websockets_) {
247 // We cancel this job because a WebSocketHandshakeStream can't be created
248 // without a WebSocketHandshakeStreamBase::CreateHelper which is stored in
249 // the Request class and isn't accessible from this job.
250 if (connection_ && connection_->socket()) {
251 connection_->socket()->Disconnect();
252 }
253 stream_factory_->OnOrphanedJobComplete(this);
254 }
255 }
256
257 void HttpStreamFactoryImpl::Job::SetPriority(RequestPriority priority) {
258 priority_ = priority;
259 // TODO(akalin): Propagate this to |connection_| and maybe the
260 // preconnect state.
261 }
262
263 bool HttpStreamFactoryImpl::Job::was_npn_negotiated() const {
264 return was_npn_negotiated_;
265 }
266
267 NextProto HttpStreamFactoryImpl::Job::protocol_negotiated() const {
268 return protocol_negotiated_;
269 }
270
271 bool HttpStreamFactoryImpl::Job::using_spdy() const {
272 return using_spdy_;
273 }
274
275 const SSLConfig& HttpStreamFactoryImpl::Job::server_ssl_config() const {
276 return server_ssl_config_;
277 }
278
279 const SSLConfig& HttpStreamFactoryImpl::Job::proxy_ssl_config() const {
280 return proxy_ssl_config_;
281 }
282
283 const ProxyInfo& HttpStreamFactoryImpl::Job::proxy_info() const {
284 return proxy_info_;
285 }
286
287 void HttpStreamFactoryImpl::Job::GetSSLInfo() {
288 DCHECK(using_ssl_);
289 DCHECK(!establishing_tunnel_);
290 DCHECK(connection_.get() && connection_->socket());
291 SSLClientSocket* ssl_socket =
292 static_cast<SSLClientSocket*>(connection_->socket());
293 ssl_socket->GetSSLInfo(&ssl_info_);
294 }
295
296 SpdySessionKey HttpStreamFactoryImpl::Job::GetSpdySessionKey() const {
297 // In the case that we're using an HTTPS proxy for an HTTP url,
298 // we look for a SPDY session *to* the proxy, instead of to the
299 // origin server.
300 if (IsHttpsProxyAndHttpUrl()) {
301 return SpdySessionKey(proxy_info_.proxy_server().host_port_pair(),
302 ProxyServer::Direct(), PRIVACY_MODE_DISABLED);
303 }
304 return SpdySessionKey(server_, proxy_info_.proxy_server(),
305 request_info_.privacy_mode);
306 }
307
308 bool HttpStreamFactoryImpl::Job::CanUseExistingSpdySession() const {
309 // We need to make sure that if a spdy session was created for
310 // https://somehost/ that we don't use that session for http://somehost:443/.
311 // The only time we can use an existing session is if the request URL is
312 // https (the normal case) or if we're connection to a SPDY proxy.
313 // https://crbug.com/133176
314 // TODO(ricea): Add "wss" back to this list when SPDY WebSocket support is
315 // working.
316 return origin_url_.SchemeIs("https") ||
317 proxy_info_.proxy_server().is_https() || IsSpdyAlternative();
318 }
319
320 void HttpStreamFactoryImpl::Job::OnStreamReadyCallback() {
321 DCHECK(stream_.get());
322 DCHECK(!IsPreconnecting());
323 DCHECK(!stream_factory_->for_websockets_);
324
325 MaybeCopyConnectionAttemptsFromSocketOrHandle();
326
327 if (IsOrphaned()) {
328 stream_factory_->OnOrphanedJobComplete(this);
329 } else {
330 request_->Complete(was_npn_negotiated(), protocol_negotiated(),
331 using_spdy());
332 request_->OnStreamReady(this, server_ssl_config_, proxy_info_,
333 stream_.release());
334 }
335 // |this| may be deleted after this call.
336 }
337
338 void HttpStreamFactoryImpl::Job::OnWebSocketHandshakeStreamReadyCallback() {
339 DCHECK(websocket_stream_);
340 DCHECK(!IsPreconnecting());
341 DCHECK(stream_factory_->for_websockets_);
342 // An orphaned WebSocket job will be closed immediately and
343 // never be ready.
344 DCHECK(!IsOrphaned());
345
346 MaybeCopyConnectionAttemptsFromSocketOrHandle();
347
348 request_->Complete(was_npn_negotiated(), protocol_negotiated(), using_spdy());
349 request_->OnWebSocketHandshakeStreamReady(this,
350 server_ssl_config_,
351 proxy_info_,
352 websocket_stream_.release());
353 // |this| may be deleted after this call.
354 }
355
356 void HttpStreamFactoryImpl::Job::OnNewSpdySessionReadyCallback() {
357 DCHECK(stream_.get());
358 DCHECK(!IsPreconnecting());
359 DCHECK(using_spdy());
360 // Note: an event loop iteration has passed, so |new_spdy_session_| may be
361 // NULL at this point if the SpdySession closed immediately after creation.
362 base::WeakPtr<SpdySession> spdy_session = new_spdy_session_;
363 new_spdy_session_.reset();
364
365 MaybeCopyConnectionAttemptsFromSocketOrHandle();
366
367 // TODO(jgraettinger): Notify the factory, and let that notify |request_|,
368 // rather than notifying |request_| directly.
369 if (IsOrphaned()) {
370 if (spdy_session) {
371 stream_factory_->OnNewSpdySessionReady(
372 spdy_session, spdy_session_direct_, server_ssl_config_, proxy_info_,
373 was_npn_negotiated(), protocol_negotiated(), using_spdy(), net_log_);
374 }
375 stream_factory_->OnOrphanedJobComplete(this);
376 } else {
377 request_->OnNewSpdySessionReady(
378 this, stream_.Pass(), spdy_session, spdy_session_direct_);
379 }
380 // |this| may be deleted after this call.
381 }
382
383 void HttpStreamFactoryImpl::Job::OnStreamFailedCallback(int result) {
384 DCHECK(!IsPreconnecting());
385
386 MaybeCopyConnectionAttemptsFromSocketOrHandle();
387
388 if (IsOrphaned()) {
389 stream_factory_->OnOrphanedJobComplete(this);
390 } else {
391 SSLFailureState ssl_failure_state =
392 connection_ ? connection_->ssl_failure_state() : SSL_FAILURE_NONE;
393 request_->OnStreamFailed(this, result, server_ssl_config_,
394 ssl_failure_state);
395 }
396 // |this| may be deleted after this call.
397 }
398
399 void HttpStreamFactoryImpl::Job::OnCertificateErrorCallback(
400 int result, const SSLInfo& ssl_info) {
401 DCHECK(!IsPreconnecting());
402
403 MaybeCopyConnectionAttemptsFromSocketOrHandle();
404
405 if (IsOrphaned())
406 stream_factory_->OnOrphanedJobComplete(this);
407 else
408 request_->OnCertificateError(this, result, server_ssl_config_, ssl_info);
409 // |this| may be deleted after this call.
410 }
411
412 void HttpStreamFactoryImpl::Job::OnNeedsProxyAuthCallback(
413 const HttpResponseInfo& response,
414 HttpAuthController* auth_controller) {
415 DCHECK(!IsPreconnecting());
416 if (IsOrphaned())
417 stream_factory_->OnOrphanedJobComplete(this);
418 else
419 request_->OnNeedsProxyAuth(
420 this, response, server_ssl_config_, proxy_info_, auth_controller);
421 // |this| may be deleted after this call.
422 }
423
424 void HttpStreamFactoryImpl::Job::OnNeedsClientAuthCallback(
425 SSLCertRequestInfo* cert_info) {
426 DCHECK(!IsPreconnecting());
427 if (IsOrphaned())
428 stream_factory_->OnOrphanedJobComplete(this);
429 else
430 request_->OnNeedsClientAuth(this, server_ssl_config_, cert_info);
431 // |this| may be deleted after this call.
432 }
433
434 void HttpStreamFactoryImpl::Job::OnHttpsProxyTunnelResponseCallback(
435 const HttpResponseInfo& response_info,
436 HttpStream* stream) {
437 DCHECK(!IsPreconnecting());
438 if (IsOrphaned())
439 stream_factory_->OnOrphanedJobComplete(this);
440 else
441 request_->OnHttpsProxyTunnelResponse(
442 this, response_info, server_ssl_config_, proxy_info_, stream);
443 // |this| may be deleted after this call.
444 }
445
446 void HttpStreamFactoryImpl::Job::OnPreconnectsComplete() {
447 DCHECK(!request_);
448 if (new_spdy_session_.get()) {
449 stream_factory_->OnNewSpdySessionReady(new_spdy_session_,
450 spdy_session_direct_,
451 server_ssl_config_,
452 proxy_info_,
453 was_npn_negotiated(),
454 protocol_negotiated(),
455 using_spdy(),
456 net_log_);
457 }
458 stream_factory_->OnPreconnectsComplete(this);
459 // |this| may be deleted after this call.
460 }
461
462 // static
463 int HttpStreamFactoryImpl::Job::OnHostResolution(
464 SpdySessionPool* spdy_session_pool,
465 const SpdySessionKey& spdy_session_key,
466 const AddressList& addresses,
467 const BoundNetLog& net_log) {
468 // It is OK to dereference spdy_session_pool, because the
469 // ClientSocketPoolManager will be destroyed in the same callback that
470 // destroys the SpdySessionPool.
471 return
472 spdy_session_pool->FindAvailableSession(spdy_session_key, net_log) ?
473 ERR_SPDY_SESSION_ALREADY_EXISTS : OK;
474 }
475
476 void HttpStreamFactoryImpl::Job::OnIOComplete(int result) {
477 RunLoop(result);
478 }
479
480 int HttpStreamFactoryImpl::Job::RunLoop(int result) {
481 result = DoLoop(result);
482
483 if (result == ERR_IO_PENDING)
484 return result;
485
486 // If there was an error, we should have already resumed the |waiting_job_|,
487 // if there was one.
488 DCHECK(result == OK || waiting_job_ == NULL);
489
490 if (IsPreconnecting()) {
491 base::ThreadTaskRunnerHandle::Get()->PostTask(
492 FROM_HERE,
493 base::Bind(&HttpStreamFactoryImpl::Job::OnPreconnectsComplete,
494 ptr_factory_.GetWeakPtr()));
495 return ERR_IO_PENDING;
496 }
497
498 if (IsCertificateError(result)) {
499 // Retrieve SSL information from the socket.
500 GetSSLInfo();
501
502 next_state_ = STATE_WAITING_USER_ACTION;
503 base::ThreadTaskRunnerHandle::Get()->PostTask(
504 FROM_HERE,
505 base::Bind(&HttpStreamFactoryImpl::Job::OnCertificateErrorCallback,
506 ptr_factory_.GetWeakPtr(), result, ssl_info_));
507 return ERR_IO_PENDING;
508 }
509
510 switch (result) {
511 case ERR_PROXY_AUTH_REQUESTED: {
512 UMA_HISTOGRAM_BOOLEAN("Net.ProxyAuthRequested.HasConnection",
513 connection_.get() != NULL);
514 if (!connection_.get())
515 return ERR_PROXY_AUTH_REQUESTED_WITH_NO_CONNECTION;
516 CHECK(connection_->socket());
517 CHECK(establishing_tunnel_);
518
519 next_state_ = STATE_WAITING_USER_ACTION;
520 ProxyClientSocket* proxy_socket =
521 static_cast<ProxyClientSocket*>(connection_->socket());
522 base::ThreadTaskRunnerHandle::Get()->PostTask(
523 FROM_HERE,
524 base::Bind(&Job::OnNeedsProxyAuthCallback, ptr_factory_.GetWeakPtr(),
525 *proxy_socket->GetConnectResponseInfo(),
526 proxy_socket->GetAuthController()));
527 return ERR_IO_PENDING;
528 }
529
530 case ERR_SSL_CLIENT_AUTH_CERT_NEEDED:
531 base::ThreadTaskRunnerHandle::Get()->PostTask(
532 FROM_HERE,
533 base::Bind(&Job::OnNeedsClientAuthCallback, ptr_factory_.GetWeakPtr(),
534 connection_->ssl_error_response_info().cert_request_info));
535 return ERR_IO_PENDING;
536
537 case ERR_HTTPS_PROXY_TUNNEL_RESPONSE: {
538 DCHECK(connection_.get());
539 DCHECK(connection_->socket());
540 DCHECK(establishing_tunnel_);
541
542 ProxyClientSocket* proxy_socket =
543 static_cast<ProxyClientSocket*>(connection_->socket());
544 base::ThreadTaskRunnerHandle::Get()->PostTask(
545 FROM_HERE, base::Bind(&Job::OnHttpsProxyTunnelResponseCallback,
546 ptr_factory_.GetWeakPtr(),
547 *proxy_socket->GetConnectResponseInfo(),
548 proxy_socket->CreateConnectResponseStream()));
549 return ERR_IO_PENDING;
550 }
551
552 case OK:
553 job_status_ = STATUS_SUCCEEDED;
554 MaybeMarkAlternativeServiceBroken();
555 next_state_ = STATE_DONE;
556 if (new_spdy_session_.get()) {
557 base::ThreadTaskRunnerHandle::Get()->PostTask(
558 FROM_HERE, base::Bind(&Job::OnNewSpdySessionReadyCallback,
559 ptr_factory_.GetWeakPtr()));
560 } else if (stream_factory_->for_websockets_) {
561 DCHECK(websocket_stream_);
562 base::ThreadTaskRunnerHandle::Get()->PostTask(
563 FROM_HERE, base::Bind(&Job::OnWebSocketHandshakeStreamReadyCallback,
564 ptr_factory_.GetWeakPtr()));
565 } else {
566 DCHECK(stream_.get());
567 base::ThreadTaskRunnerHandle::Get()->PostTask(
568 FROM_HERE,
569 base::Bind(&Job::OnStreamReadyCallback, ptr_factory_.GetWeakPtr()));
570 }
571 return ERR_IO_PENDING;
572
573 default:
574 DCHECK(result != ERR_ALTERNATIVE_CERT_NOT_VALID_FOR_ORIGIN ||
575 IsSpdyAlternative() || IsQuicAlternative());
576 if (job_status_ != STATUS_BROKEN) {
577 DCHECK_EQ(STATUS_RUNNING, job_status_);
578 job_status_ = STATUS_FAILED;
579 // TODO(bnc): If (result == ERR_ALTERNATIVE_CERT_NOT_VALID_FOR_ORIGIN),
580 // then instead of marking alternative service broken, mark (origin,
581 // alternative service) couple as invalid.
582 MaybeMarkAlternativeServiceBroken();
583 }
584 base::ThreadTaskRunnerHandle::Get()->PostTask(
585 FROM_HERE, base::Bind(&Job::OnStreamFailedCallback,
586 ptr_factory_.GetWeakPtr(), result));
587 return ERR_IO_PENDING;
588 }
589 }
590
591 int HttpStreamFactoryImpl::Job::DoLoop(int result) {
592 DCHECK_NE(next_state_, STATE_NONE);
593 int rv = result;
594 do {
595 State state = next_state_;
596 next_state_ = STATE_NONE;
597 switch (state) {
598 case STATE_START:
599 DCHECK_EQ(OK, rv);
600 rv = DoStart();
601 break;
602 case STATE_RESOLVE_PROXY:
603 DCHECK_EQ(OK, rv);
604 rv = DoResolveProxy();
605 break;
606 case STATE_RESOLVE_PROXY_COMPLETE:
607 rv = DoResolveProxyComplete(rv);
608 break;
609 case STATE_WAIT_FOR_JOB:
610 DCHECK_EQ(OK, rv);
611 rv = DoWaitForJob();
612 break;
613 case STATE_WAIT_FOR_JOB_COMPLETE:
614 rv = DoWaitForJobComplete(rv);
615 break;
616 case STATE_INIT_CONNECTION:
617 DCHECK_EQ(OK, rv);
618 rv = DoInitConnection();
619 break;
620 case STATE_INIT_CONNECTION_COMPLETE:
621 rv = DoInitConnectionComplete(rv);
622 break;
623 case STATE_WAITING_USER_ACTION:
624 rv = DoWaitingUserAction(rv);
625 break;
626 case STATE_RESTART_TUNNEL_AUTH:
627 DCHECK_EQ(OK, rv);
628 rv = DoRestartTunnelAuth();
629 break;
630 case STATE_RESTART_TUNNEL_AUTH_COMPLETE:
631 rv = DoRestartTunnelAuthComplete(rv);
632 break;
633 case STATE_CREATE_STREAM:
634 DCHECK_EQ(OK, rv);
635 rv = DoCreateStream();
636 break;
637 case STATE_CREATE_STREAM_COMPLETE:
638 rv = DoCreateStreamComplete(rv);
639 break;
640 default:
641 NOTREACHED() << "bad state";
642 rv = ERR_FAILED;
643 break;
644 }
645 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE);
646 return rv;
647 }
648
649 int HttpStreamFactoryImpl::Job::StartInternal() {
650 CHECK_EQ(STATE_NONE, next_state_);
651 next_state_ = STATE_START;
652 int rv = RunLoop(OK);
653 DCHECK_EQ(ERR_IO_PENDING, rv);
654 return rv;
655 }
656
657 int HttpStreamFactoryImpl::Job::DoStart() {
658 if (IsSpdyAlternative() || IsQuicAlternative()) {
659 server_ = alternative_service_.host_port_pair();
660 } else {
661 server_ = HostPortPair::FromURL(request_info_.url);
662 }
663 origin_url_ =
664 stream_factory_->ApplyHostMappingRules(request_info_.url, &server_);
665 valid_spdy_session_pool_.reset(new ValidSpdySessionPool(
666 session_->spdy_session_pool(), origin_url_, IsSpdyAlternative()));
667
668 net_log_.BeginEvent(
669 NetLog::TYPE_HTTP_STREAM_JOB,
670 base::Bind(&NetLogHttpStreamJobCallback,
671 request_ ? request_->net_log().source() : NetLog::Source(),
672 &request_info_.url, &origin_url_, &alternative_service_,
673 priority_));
674 if (request_) {
675 request_->net_log().AddEvent(NetLog::TYPE_HTTP_STREAM_REQUEST_STARTED_JOB,
676 net_log_.source().ToEventParametersCallback());
677 }
678
679 // Don't connect to restricted ports.
680 if (!IsPortAllowedForScheme(server_.port(), request_info_.url.scheme())) {
681 if (waiting_job_) {
682 waiting_job_->Resume(this);
683 waiting_job_ = NULL;
684 }
685 return ERR_UNSAFE_PORT;
686 }
687
688 next_state_ = STATE_RESOLVE_PROXY;
689 return OK;
690 }
691
692 int HttpStreamFactoryImpl::Job::DoResolveProxy() {
693 DCHECK(!pac_request_);
694 DCHECK(session_);
695
696 next_state_ = STATE_RESOLVE_PROXY_COMPLETE;
697
698 if (request_info_.load_flags & LOAD_BYPASS_PROXY) {
699 proxy_info_.UseDirect();
700 return OK;
701 }
702
703 // TODO(rch): remove this code since Alt-Svc seems to prohibit it.
704 GURL url_for_proxy = origin_url_;
705 // For SPDY via Alt-Svc, set |alternative_service_url_| to
706 // https://<alternative host>:<alternative port>/...
707 // so the proxy resolution works with the actual destination, and so
708 // that the correct socket pool is used.
709 if (IsSpdyAlternative()) {
710 // TODO(rch): Figure out how to make QUIC iteract with PAC
711 // scripts. By not re-writing the URL, we will query the PAC script
712 // for the proxy to use to reach the original URL via TCP. But
713 // the alternate request will be going via UDP to a different port.
714 GURL::Replacements replacements;
715 // new_port needs to be in scope here because GURL::Replacements references
716 // the memory contained by it directly.
717 const std::string new_port = base::UintToString(alternative_service_.port);
718 replacements.SetSchemeStr("https");
719 replacements.SetPortStr(new_port);
720 url_for_proxy = url_for_proxy.ReplaceComponents(replacements);
721 }
722
723 return session_->proxy_service()->ResolveProxy(
724 url_for_proxy, request_info_.load_flags, &proxy_info_, io_callback_,
725 &pac_request_, session_->network_delegate(), net_log_);
726 }
727
728 int HttpStreamFactoryImpl::Job::DoResolveProxyComplete(int result) {
729 pac_request_ = NULL;
730
731 if (result == OK) {
732 // Remove unsupported proxies from the list.
733 int supported_proxies =
734 ProxyServer::SCHEME_DIRECT | ProxyServer::SCHEME_HTTP |
735 ProxyServer::SCHEME_HTTPS | ProxyServer::SCHEME_SOCKS4 |
736 ProxyServer::SCHEME_SOCKS5;
737
738 if (session_->params().enable_quic_for_proxies)
739 supported_proxies |= ProxyServer::SCHEME_QUIC;
740
741 proxy_info_.RemoveProxiesWithoutScheme(supported_proxies);
742
743 if (proxy_info_.is_empty()) {
744 // No proxies/direct to choose from. This happens when we don't support
745 // any of the proxies in the returned list.
746 result = ERR_NO_SUPPORTED_PROXIES;
747 } else if (using_quic_ &&
748 (!proxy_info_.is_quic() && !proxy_info_.is_direct())) {
749 // QUIC can not be spoken to non-QUIC proxies. This error should not be
750 // user visible, because the non-alternative Job should be resumed.
751 result = ERR_NO_SUPPORTED_PROXIES;
752 }
753 }
754
755 if (result != OK) {
756 if (waiting_job_) {
757 waiting_job_->Resume(this);
758 waiting_job_ = NULL;
759 }
760 return result;
761 }
762
763 if (blocking_job_)
764 next_state_ = STATE_WAIT_FOR_JOB;
765 else
766 next_state_ = STATE_INIT_CONNECTION;
767 return OK;
768 }
769
770 bool HttpStreamFactoryImpl::Job::ShouldForceQuic() const {
771 return session_->params().enable_quic &&
772 session_->params().origin_to_force_quic_on.Equals(server_) &&
773 proxy_info_.is_direct();
774 }
775
776 int HttpStreamFactoryImpl::Job::DoWaitForJob() {
777 DCHECK(blocking_job_);
778 next_state_ = STATE_WAIT_FOR_JOB_COMPLETE;
779 return ERR_IO_PENDING;
780 }
781
782 int HttpStreamFactoryImpl::Job::DoWaitForJobComplete(int result) {
783 DCHECK(!blocking_job_);
784 DCHECK_EQ(OK, result);
785 next_state_ = STATE_INIT_CONNECTION;
786 return OK;
787 }
788
789 int HttpStreamFactoryImpl::Job::DoInitConnection() {
790 // TODO(pkasting): Remove ScopedTracker below once crbug.com/462812 is fixed.
791 tracked_objects::ScopedTracker tracking_profile(
792 FROM_HERE_WITH_EXPLICIT_FUNCTION(
793 "462812 HttpStreamFactoryImpl::Job::DoInitConnection"));
794 DCHECK(!blocking_job_);
795 DCHECK(!connection_->is_initialized());
796 DCHECK(proxy_info_.proxy_server().is_valid());
797 next_state_ = STATE_INIT_CONNECTION_COMPLETE;
798
799 using_ssl_ = origin_url_.SchemeIs("https") || origin_url_.SchemeIs("wss") ||
800 IsSpdyAlternative();
801 using_spdy_ = false;
802
803 if (ShouldForceQuic())
804 using_quic_ = true;
805
806 DCHECK(!using_quic_ || session_->params().enable_quic);
807
808 if (proxy_info_.is_quic()) {
809 using_quic_ = true;
810 DCHECK(session_->params().enable_quic_for_proxies);
811 }
812
813 if (proxy_info_.is_https() || proxy_info_.is_quic()) {
814 InitSSLConfig(proxy_info_.proxy_server().host_port_pair(),
815 &proxy_ssl_config_, /*is_proxy=*/true);
816 // Disable revocation checking for HTTPS proxies since the revocation
817 // requests are probably going to need to go through the proxy too.
818 proxy_ssl_config_.rev_checking_enabled = false;
819 }
820 if (using_ssl_) {
821 InitSSLConfig(server_, &server_ssl_config_, /*is_proxy=*/false);
822 }
823
824 if (using_quic_) {
825 if (proxy_info_.is_quic() && !request_info_.url.SchemeIs("http")) {
826 NOTREACHED();
827 // TODO(rch): support QUIC proxies for HTTPS urls.
828 return ERR_NOT_IMPLEMENTED;
829 }
830 HostPortPair destination;
831 std::string origin_host;
832 bool secure_quic;
833 SSLConfig* ssl_config;
834 if (proxy_info_.is_quic()) {
835 // A proxy's certificate is expected to be valid for the proxy hostname.
836 destination = proxy_info_.proxy_server().host_port_pair();
837 origin_host = destination.host();
838 secure_quic = true;
839 ssl_config = &proxy_ssl_config_;
840
841 // If QUIC is disabled on the destination port, return error.
842 if (session_->quic_stream_factory()->IsQuicDisabled(destination.port()))
843 return ERR_QUIC_PROTOCOL_ERROR;
844 } else {
845 // The certificate of a QUIC alternative server is expected to be valid
846 // for the origin of the request (in addition to being valid for the
847 // server itself).
848 destination = server_;
849 origin_host = origin_url_.host();
850 secure_quic = using_ssl_;
851 ssl_config = &server_ssl_config_;
852 }
853 int rv = quic_request_.Request(
854 destination, secure_quic, request_info_.privacy_mode,
855 ssl_config->GetCertVerifyFlags(), origin_host, request_info_.method,
856 net_log_, io_callback_);
857 if (rv == OK) {
858 using_existing_quic_session_ = true;
859 } else {
860 // OK, there's no available QUIC session. Let |waiting_job_| resume
861 // if it's paused.
862 if (waiting_job_) {
863 waiting_job_->Resume(this);
864 waiting_job_ = NULL;
865 }
866 }
867 return rv;
868 }
869
870 SpdySessionKey spdy_session_key = GetSpdySessionKey();
871
872 // Check first if we have a spdy session for this group. If so, then go
873 // straight to using that.
874 if (CanUseExistingSpdySession()) {
875 base::WeakPtr<SpdySession> spdy_session;
876 int result = valid_spdy_session_pool_->FindAvailableSession(
877 spdy_session_key, net_log_, &spdy_session);
878 if (result != OK)
879 return result;
880 if (spdy_session) {
881 // If we're preconnecting, but we already have a SpdySession, we don't
882 // actually need to preconnect any sockets, so we're done.
883 if (IsPreconnecting())
884 return OK;
885 using_spdy_ = true;
886 next_state_ = STATE_CREATE_STREAM;
887 existing_spdy_session_ = spdy_session;
888 return OK;
889 }
890 }
891 if (request_ && !request_->HasSpdySessionKey() && using_ssl_) {
892 // Update the spdy session key for the request that launched this job.
893 request_->SetSpdySessionKey(spdy_session_key);
894 }
895
896 // OK, there's no available SPDY session. Let |waiting_job_| resume if it's
897 // paused.
898 if (waiting_job_) {
899 waiting_job_->Resume(this);
900 waiting_job_ = NULL;
901 }
902
903 if (proxy_info_.is_http() || proxy_info_.is_https())
904 establishing_tunnel_ = using_ssl_;
905
906 const bool expect_spdy = IsSpdyAlternative();
907
908 base::WeakPtr<HttpServerProperties> http_server_properties =
909 session_->http_server_properties();
910 if (http_server_properties) {
911 http_server_properties->MaybeForceHTTP11(server_, &server_ssl_config_);
912 if (proxy_info_.is_http() || proxy_info_.is_https()) {
913 http_server_properties->MaybeForceHTTP11(
914 proxy_info_.proxy_server().host_port_pair(), &proxy_ssl_config_);
915 }
916 }
917
918 if (IsPreconnecting()) {
919 DCHECK(!stream_factory_->for_websockets_);
920 return PreconnectSocketsForHttpRequest(
921 GetSocketGroup(), server_, request_info_.extra_headers,
922 request_info_.load_flags, priority_, session_, proxy_info_, expect_spdy,
923 server_ssl_config_, proxy_ssl_config_, request_info_.privacy_mode,
924 net_log_, num_streams_);
925 }
926
927 // If we can't use a SPDY session, don't bother checking for one after
928 // the hostname is resolved.
929 OnHostResolutionCallback resolution_callback =
930 CanUseExistingSpdySession()
931 ? base::Bind(&Job::OnHostResolution, session_->spdy_session_pool(),
932 spdy_session_key)
933 : OnHostResolutionCallback();
934 if (stream_factory_->for_websockets_) {
935 // TODO(ricea): Re-enable NPN when WebSockets over SPDY is supported.
936 SSLConfig websocket_server_ssl_config = server_ssl_config_;
937 websocket_server_ssl_config.next_protos.clear();
938 return InitSocketHandleForWebSocketRequest(
939 GetSocketGroup(), server_, request_info_.extra_headers,
940 request_info_.load_flags, priority_, session_, proxy_info_, expect_spdy,
941 websocket_server_ssl_config, proxy_ssl_config_,
942 request_info_.privacy_mode, net_log_, connection_.get(),
943 resolution_callback, io_callback_);
944 }
945
946 return InitSocketHandleForHttpRequest(
947 GetSocketGroup(), server_, request_info_.extra_headers,
948 request_info_.load_flags, priority_, session_, proxy_info_, expect_spdy,
949 server_ssl_config_, proxy_ssl_config_, request_info_.privacy_mode,
950 net_log_, connection_.get(), resolution_callback, io_callback_);
951 }
952
953 int HttpStreamFactoryImpl::Job::DoInitConnectionComplete(int result) {
954 if (IsPreconnecting()) {
955 if (using_quic_)
956 return result;
957 DCHECK_EQ(OK, result);
958 return OK;
959 }
960
961 if (result == ERR_SPDY_SESSION_ALREADY_EXISTS) {
962 // We found a SPDY connection after resolving the host. This is
963 // probably an IP pooled connection.
964 SpdySessionKey spdy_session_key = GetSpdySessionKey();
965 existing_spdy_session_ =
966 session_->spdy_session_pool()->FindAvailableSession(
967 spdy_session_key, net_log_);
968 if (existing_spdy_session_) {
969 using_spdy_ = true;
970 next_state_ = STATE_CREATE_STREAM;
971 } else {
972 // It is possible that the spdy session no longer exists.
973 ReturnToStateInitConnection(true /* close connection */);
974 }
975 return OK;
976 }
977
978 if (proxy_info_.is_quic() && using_quic_) {
979 if (result == ERR_QUIC_PROTOCOL_ERROR ||
980 result == ERR_QUIC_HANDSHAKE_FAILED || result == ERR_MSG_TOO_BIG) {
981 using_quic_ = false;
982 return ReconsiderProxyAfterError(result);
983 }
984 // Mark QUIC proxy as bad if QUIC got disabled on the destination port.
985 // Underlying QUIC layer would have closed the connection.
986 HostPortPair destination = proxy_info_.proxy_server().host_port_pair();
987 if (session_->quic_stream_factory()->IsQuicDisabled(destination.port())) {
988 using_quic_ = false;
989 return ReconsiderProxyAfterError(ERR_QUIC_PROTOCOL_ERROR);
990 }
991 }
992
993 // TODO(willchan): Make this a bit more exact. Maybe there are recoverable
994 // errors, such as ignoring certificate errors for Alternate-Protocol.
995 if (result < 0 && waiting_job_) {
996 waiting_job_->Resume(this);
997 waiting_job_ = NULL;
998 }
999
1000 // |result| may be the result of any of the stacked pools. The following
1001 // logic is used when determining how to interpret an error.
1002 // If |result| < 0:
1003 // and connection_->socket() != NULL, then the SSL handshake ran and it
1004 // is a potentially recoverable error.
1005 // and connection_->socket == NULL and connection_->is_ssl_error() is true,
1006 // then the SSL handshake ran with an unrecoverable error.
1007 // otherwise, the error came from one of the other pools.
1008 bool ssl_started = using_ssl_ && (result == OK || connection_->socket() ||
1009 connection_->is_ssl_error());
1010
1011 if (ssl_started && (result == OK || IsCertificateError(result))) {
1012 if (using_quic_ && result == OK) {
1013 was_npn_negotiated_ = true;
1014 protocol_negotiated_ =
1015 SSLClientSocket::NextProtoFromString("quic/1+spdy/3");
1016 } else {
1017 SSLClientSocket* ssl_socket =
1018 static_cast<SSLClientSocket*>(connection_->socket());
1019 if (ssl_socket->WasNpnNegotiated()) {
1020 was_npn_negotiated_ = true;
1021 std::string proto;
1022 SSLClientSocket::NextProtoStatus status =
1023 ssl_socket->GetNextProto(&proto);
1024 protocol_negotiated_ = SSLClientSocket::NextProtoFromString(proto);
1025 net_log_.AddEvent(
1026 NetLog::TYPE_HTTP_STREAM_REQUEST_PROTO,
1027 base::Bind(&NetLogHttpStreamProtoCallback,
1028 status, &proto));
1029 if (NextProtoIsSPDY(protocol_negotiated_))
1030 SwitchToSpdyMode();
1031 }
1032 }
1033 } else if (proxy_info_.is_https() && connection_->socket() &&
1034 result == OK) {
1035 ProxyClientSocket* proxy_socket =
1036 static_cast<ProxyClientSocket*>(connection_->socket());
1037 if (proxy_socket->IsUsingSpdy()) {
1038 was_npn_negotiated_ = true;
1039 protocol_negotiated_ = proxy_socket->GetProtocolNegotiated();
1040 SwitchToSpdyMode();
1041 }
1042 }
1043
1044 if (result == ERR_PROXY_AUTH_REQUESTED ||
1045 result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) {
1046 DCHECK(!ssl_started);
1047 // Other state (i.e. |using_ssl_|) suggests that |connection_| will have an
1048 // SSL socket, but there was an error before that could happen. This
1049 // puts the in progress HttpProxy socket into |connection_| in order to
1050 // complete the auth (or read the response body). The tunnel restart code
1051 // is careful to remove it before returning control to the rest of this
1052 // class.
1053 connection_.reset(connection_->release_pending_http_proxy_connection());
1054 return result;
1055 }
1056
1057 if (IsSpdyAlternative() && !using_spdy_) {
1058 job_status_ = STATUS_BROKEN;
1059 MaybeMarkAlternativeServiceBroken();
1060 return ERR_NPN_NEGOTIATION_FAILED;
1061 }
1062
1063 if (!ssl_started && result < 0 &&
1064 (IsSpdyAlternative() || IsQuicAlternative())) {
1065 job_status_ = STATUS_BROKEN;
1066 // TODO(bnc): if (result == ERR_ALTERNATIVE_CERT_NOT_VALID_FOR_ORIGIN), then
1067 // instead of marking alternative service broken, mark (origin, alternative
1068 // service) couple as invalid.
1069 MaybeMarkAlternativeServiceBroken();
1070 return result;
1071 }
1072
1073 if (using_quic_) {
1074 if (result < 0) {
1075 job_status_ = STATUS_BROKEN;
1076 MaybeMarkAlternativeServiceBroken();
1077 return result;
1078 }
1079 stream_ = quic_request_.ReleaseStream();
1080 next_state_ = STATE_NONE;
1081 return OK;
1082 }
1083
1084 if (result < 0 && !ssl_started)
1085 return ReconsiderProxyAfterError(result);
1086 establishing_tunnel_ = false;
1087
1088 if (connection_->socket()) {
1089 // We officially have a new connection. Record the type.
1090 if (!connection_->is_reused()) {
1091 ConnectionType type = using_spdy_ ? CONNECTION_SPDY : CONNECTION_HTTP;
1092 UpdateConnectionTypeHistograms(type);
1093 }
1094 }
1095
1096 // Handle SSL errors below.
1097 if (using_ssl_) {
1098 DCHECK(ssl_started);
1099 if (IsCertificateError(result)) {
1100 if (IsSpdyAlternative() && origin_url_.SchemeIs("http")) {
1101 // We ignore certificate errors for http over spdy.
1102 spdy_certificate_error_ = result;
1103 result = OK;
1104 } else {
1105 result = HandleCertificateError(result);
1106 if (result == OK && !connection_->socket()->IsConnectedAndIdle()) {
1107 ReturnToStateInitConnection(true /* close connection */);
1108 return result;
1109 }
1110 }
1111 }
1112 if (result < 0)
1113 return result;
1114 }
1115
1116 next_state_ = STATE_CREATE_STREAM;
1117 return OK;
1118 }
1119
1120 int HttpStreamFactoryImpl::Job::DoWaitingUserAction(int result) {
1121 // This state indicates that the stream request is in a partially
1122 // completed state, and we've called back to the delegate for more
1123 // information.
1124
1125 // We're always waiting here for the delegate to call us back.
1126 return ERR_IO_PENDING;
1127 }
1128
1129 int HttpStreamFactoryImpl::Job::SetSpdyHttpStream(
1130 base::WeakPtr<SpdySession> session, bool direct) {
1131 // TODO(ricea): Restore the code for WebSockets over SPDY once it's
1132 // implemented.
1133 if (stream_factory_->for_websockets_)
1134 return ERR_NOT_IMPLEMENTED;
1135
1136 // TODO(willchan): Delete this code, because eventually, the
1137 // HttpStreamFactoryImpl will be creating all the SpdyHttpStreams, since it
1138 // will know when SpdySessions become available.
1139
1140 bool use_relative_url = direct || request_info_.url.SchemeIs("https");
1141 stream_.reset(new SpdyHttpStream(session, use_relative_url));
1142 return OK;
1143 }
1144
1145 int HttpStreamFactoryImpl::Job::DoCreateStream() {
1146 // TODO(pkasting): Remove ScopedTracker below once crbug.com/462811 is fixed.
1147 tracked_objects::ScopedTracker tracking_profile(
1148 FROM_HERE_WITH_EXPLICIT_FUNCTION(
1149 "462811 HttpStreamFactoryImpl::Job::DoCreateStream"));
1150 DCHECK(connection_->socket() || existing_spdy_session_.get() || using_quic_);
1151 DCHECK(!IsQuicAlternative());
1152
1153 next_state_ = STATE_CREATE_STREAM_COMPLETE;
1154
1155 // We only set the socket motivation if we're the first to use
1156 // this socket. Is there a race for two SPDY requests? We really
1157 // need to plumb this through to the connect level.
1158 if (connection_->socket() && !connection_->is_reused())
1159 SetSocketMotivation();
1160
1161 if (!using_spdy_) {
1162 DCHECK(!IsSpdyAlternative());
1163 // We may get ftp scheme when fetching ftp resources through proxy.
1164 bool using_proxy = (proxy_info_.is_http() || proxy_info_.is_https()) &&
1165 (request_info_.url.SchemeIs("http") ||
1166 request_info_.url.SchemeIs("ftp"));
1167 if (stream_factory_->for_websockets_) {
1168 DCHECK(request_);
1169 DCHECK(request_->websocket_handshake_stream_create_helper());
1170 websocket_stream_.reset(
1171 request_->websocket_handshake_stream_create_helper()
1172 ->CreateBasicStream(connection_.Pass(), using_proxy));
1173 } else {
1174 stream_.reset(new HttpBasicStream(connection_.release(), using_proxy));
1175 }
1176 return OK;
1177 }
1178
1179 CHECK(!stream_.get());
1180
1181 bool direct = !IsHttpsProxyAndHttpUrl();
1182 if (existing_spdy_session_.get()) {
1183 // We picked up an existing session, so we don't need our socket.
1184 if (connection_->socket())
1185 connection_->socket()->Disconnect();
1186 connection_->Reset();
1187
1188 int set_result = SetSpdyHttpStream(existing_spdy_session_, direct);
1189 existing_spdy_session_.reset();
1190 return set_result;
1191 }
1192
1193 SpdySessionKey spdy_session_key = GetSpdySessionKey();
1194 base::WeakPtr<SpdySession> spdy_session;
1195 int result = valid_spdy_session_pool_->FindAvailableSession(
1196 spdy_session_key, net_log_, &spdy_session);
1197 if (result != OK) {
1198 return result;
1199 }
1200 if (spdy_session) {
1201 return SetSpdyHttpStream(spdy_session, direct);
1202 }
1203
1204 result = valid_spdy_session_pool_->CreateAvailableSessionFromSocket(
1205 spdy_session_key, connection_.Pass(), net_log_, spdy_certificate_error_,
1206 using_ssl_, &spdy_session);
1207 if (result != OK) {
1208 return result;
1209 }
1210
1211 if (!spdy_session->HasAcceptableTransportSecurity()) {
1212 spdy_session->CloseSessionOnError(
1213 ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY, "");
1214 return ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY;
1215 }
1216
1217 new_spdy_session_ = spdy_session;
1218 spdy_session_direct_ = direct;
1219 const HostPortPair& host_port_pair = spdy_session_key.host_port_pair();
1220 base::WeakPtr<HttpServerProperties> http_server_properties =
1221 session_->http_server_properties();
1222 if (http_server_properties)
1223 http_server_properties->SetSupportsSpdy(host_port_pair, true);
1224
1225 // Create a SpdyHttpStream attached to the session;
1226 // OnNewSpdySessionReadyCallback is not called until an event loop
1227 // iteration later, so if the SpdySession is closed between then, allow
1228 // reuse state from the underlying socket, sampled by SpdyHttpStream,
1229 // bubble up to the request.
1230 return SetSpdyHttpStream(new_spdy_session_, spdy_session_direct_);
1231 }
1232
1233 int HttpStreamFactoryImpl::Job::DoCreateStreamComplete(int result) {
1234 if (result < 0)
1235 return result;
1236
1237 session_->proxy_service()->ReportSuccess(proxy_info_,
1238 session_->network_delegate());
1239 next_state_ = STATE_NONE;
1240 return OK;
1241 }
1242
1243 int HttpStreamFactoryImpl::Job::DoRestartTunnelAuth() {
1244 next_state_ = STATE_RESTART_TUNNEL_AUTH_COMPLETE;
1245 ProxyClientSocket* proxy_socket =
1246 static_cast<ProxyClientSocket*>(connection_->socket());
1247 return proxy_socket->RestartWithAuth(io_callback_);
1248 }
1249
1250 int HttpStreamFactoryImpl::Job::DoRestartTunnelAuthComplete(int result) {
1251 if (result == ERR_PROXY_AUTH_REQUESTED)
1252 return result;
1253
1254 if (result == OK) {
1255 // Now that we've got the HttpProxyClientSocket connected. We have
1256 // to release it as an idle socket into the pool and start the connection
1257 // process from the beginning. Trying to pass it in with the
1258 // SSLSocketParams might cause a deadlock since params are dispatched
1259 // interchangeably. This request won't necessarily get this http proxy
1260 // socket, but there will be forward progress.
1261 establishing_tunnel_ = false;
1262 ReturnToStateInitConnection(false /* do not close connection */);
1263 return OK;
1264 }
1265
1266 if (result == ERR_CONNECTION_CLOSED || result == ERR_CONNECTION_RESET ||
1267 result == ERR_SOCKET_NOT_CONNECTED) {
1268 // The server may have closed the connection while waiting for auth data.
1269 // Automatically try to use a new connection.
1270 establishing_tunnel_ = false;
1271 ReturnToStateInitConnection(true /* close connection */);
1272 return OK;
1273 }
1274
1275 return ReconsiderProxyAfterError(result);
1276 }
1277
1278 void HttpStreamFactoryImpl::Job::ReturnToStateInitConnection(
1279 bool close_connection) {
1280 if (close_connection && connection_->socket())
1281 connection_->socket()->Disconnect();
1282 connection_->Reset();
1283
1284 if (request_)
1285 request_->RemoveRequestFromSpdySessionRequestMap();
1286
1287 next_state_ = STATE_INIT_CONNECTION;
1288 }
1289
1290 void HttpStreamFactoryImpl::Job::SetSocketMotivation() {
1291 if (request_info_.motivation == HttpRequestInfo::PRECONNECT_MOTIVATED)
1292 connection_->socket()->SetSubresourceSpeculation();
1293 else if (request_info_.motivation == HttpRequestInfo::OMNIBOX_MOTIVATED)
1294 connection_->socket()->SetOmniboxSpeculation();
1295 // TODO(mbelshe): Add other motivations (like EARLY_LOAD_MOTIVATED).
1296 }
1297
1298 bool HttpStreamFactoryImpl::Job::IsHttpsProxyAndHttpUrl() const {
1299 if (!proxy_info_.is_https())
1300 return false;
1301 if (IsSpdyAlternative() || IsQuicAlternative()) {
1302 // We currently only support Alternate-Protocol where the original scheme
1303 // is http.
1304 DCHECK(origin_url_.SchemeIs("http"));
1305 return origin_url_.SchemeIs("http");
1306 }
1307 return request_info_.url.SchemeIs("http");
1308 }
1309
1310 bool HttpStreamFactoryImpl::Job::IsSpdyAlternative() const {
1311 return alternative_service_.protocol >= NPN_SPDY_MINIMUM_VERSION &&
1312 alternative_service_.protocol <= NPN_SPDY_MAXIMUM_VERSION;
1313 }
1314
1315 bool HttpStreamFactoryImpl::Job::IsQuicAlternative() const {
1316 return alternative_service_.protocol == QUIC;
1317 }
1318
1319 void HttpStreamFactoryImpl::Job::InitSSLConfig(const HostPortPair& server,
1320 SSLConfig* ssl_config,
1321 bool is_proxy) const {
1322 if (!is_proxy) {
1323 // Prior to HTTP/2 and SPDY, some servers use TLS renegotiation to request
1324 // TLS client authentication after the HTTP request was sent. Allow
1325 // renegotiation for only those connections.
1326 //
1327 // Note that this does NOT implement the provision in
1328 // https://http2.github.io/http2-spec/#rfc.section.9.2.1 which allows the
1329 // server to request a renegotiation immediately before sending the
1330 // connection preface as waiting for the preface would cost the round trip
1331 // that False Start otherwise saves.
1332 ssl_config->renego_allowed_default = true;
1333 ssl_config->renego_allowed_for_protos.push_back(kProtoHTTP11);
1334 }
1335
1336 if (proxy_info_.is_https() && ssl_config->send_client_cert) {
1337 // When connecting through an HTTPS proxy, disable TLS False Start so
1338 // that client authentication errors can be distinguished between those
1339 // originating from the proxy server (ERR_PROXY_CONNECTION_FAILED) and
1340 // those originating from the endpoint (ERR_SSL_PROTOCOL_ERROR /
1341 // ERR_BAD_SSL_CLIENT_AUTH_CERT).
1342 //
1343 // This assumes the proxy will only request certificates on the initial
1344 // handshake; renegotiation on the proxy connection is unsupported.
1345 ssl_config->false_start_enabled = false;
1346 }
1347
1348 if (request_info_.load_flags & LOAD_VERIFY_EV_CERT)
1349 ssl_config->verify_ev_cert = true;
1350
1351 // Disable Channel ID if privacy mode is enabled.
1352 if (request_info_.privacy_mode == PRIVACY_MODE_ENABLED)
1353 ssl_config->channel_id_enabled = false;
1354 }
1355
1356
1357 int HttpStreamFactoryImpl::Job::ReconsiderProxyAfterError(int error) {
1358 DCHECK(!pac_request_);
1359 DCHECK(session_);
1360
1361 // A failure to resolve the hostname or any error related to establishing a
1362 // TCP connection could be grounds for trying a new proxy configuration.
1363 //
1364 // Why do this when a hostname cannot be resolved? Some URLs only make sense
1365 // to proxy servers. The hostname in those URLs might fail to resolve if we
1366 // are still using a non-proxy config. We need to check if a proxy config
1367 // now exists that corresponds to a proxy server that could load the URL.
1368 //
1369 switch (error) {
1370 case ERR_PROXY_CONNECTION_FAILED:
1371 case ERR_NAME_NOT_RESOLVED:
1372 case ERR_INTERNET_DISCONNECTED:
1373 case ERR_ADDRESS_UNREACHABLE:
1374 case ERR_CONNECTION_CLOSED:
1375 case ERR_CONNECTION_TIMED_OUT:
1376 case ERR_CONNECTION_RESET:
1377 case ERR_CONNECTION_REFUSED:
1378 case ERR_CONNECTION_ABORTED:
1379 case ERR_TIMED_OUT:
1380 case ERR_TUNNEL_CONNECTION_FAILED:
1381 case ERR_SOCKS_CONNECTION_FAILED:
1382 // This can happen in the case of trying to talk to a proxy using SSL, and
1383 // ending up talking to a captive portal that supports SSL instead.
1384 case ERR_PROXY_CERTIFICATE_INVALID:
1385 // This can happen when trying to talk SSL to a non-SSL server (Like a
1386 // captive portal).
1387 case ERR_QUIC_PROTOCOL_ERROR:
1388 case ERR_QUIC_HANDSHAKE_FAILED:
1389 case ERR_MSG_TOO_BIG:
1390 case ERR_SSL_PROTOCOL_ERROR:
1391 break;
1392 case ERR_SOCKS_CONNECTION_HOST_UNREACHABLE:
1393 // Remap the SOCKS-specific "host unreachable" error to a more
1394 // generic error code (this way consumers like the link doctor
1395 // know to substitute their error page).
1396 //
1397 // Note that if the host resolving was done by the SOCKS5 proxy, we can't
1398 // differentiate between a proxy-side "host not found" versus a proxy-side
1399 // "address unreachable" error, and will report both of these failures as
1400 // ERR_ADDRESS_UNREACHABLE.
1401 return ERR_ADDRESS_UNREACHABLE;
1402 default:
1403 return error;
1404 }
1405
1406 // Do not bypass non-QUIC proxy on ERR_MSG_TOO_BIG.
1407 if (!proxy_info_.is_quic() && error == ERR_MSG_TOO_BIG)
1408 return error;
1409
1410 if (request_info_.load_flags & LOAD_BYPASS_PROXY)
1411 return error;
1412
1413 if (proxy_info_.is_https() && proxy_ssl_config_.send_client_cert) {
1414 session_->ssl_client_auth_cache()->Remove(
1415 proxy_info_.proxy_server().host_port_pair());
1416 }
1417
1418 int rv = session_->proxy_service()->ReconsiderProxyAfterError(
1419 request_info_.url, request_info_.load_flags, error, &proxy_info_,
1420 io_callback_, &pac_request_, session_->network_delegate(), net_log_);
1421 if (rv == OK || rv == ERR_IO_PENDING) {
1422 // If the error was during connection setup, there is no socket to
1423 // disconnect.
1424 if (connection_->socket())
1425 connection_->socket()->Disconnect();
1426 connection_->Reset();
1427 if (request_)
1428 request_->RemoveRequestFromSpdySessionRequestMap();
1429 next_state_ = STATE_RESOLVE_PROXY_COMPLETE;
1430 } else {
1431 // If ReconsiderProxyAfterError() failed synchronously, it means
1432 // there was nothing left to fall-back to, so fail the transaction
1433 // with the last connection error we got.
1434 // TODO(eroman): This is a confusing contract, make it more obvious.
1435 rv = error;
1436 }
1437
1438 return rv;
1439 }
1440
1441 int HttpStreamFactoryImpl::Job::HandleCertificateError(int error) {
1442 DCHECK(using_ssl_);
1443 DCHECK(IsCertificateError(error));
1444
1445 SSLClientSocket* ssl_socket =
1446 static_cast<SSLClientSocket*>(connection_->socket());
1447 ssl_socket->GetSSLInfo(&ssl_info_);
1448
1449 // Add the bad certificate to the set of allowed certificates in the
1450 // SSL config object. This data structure will be consulted after calling
1451 // RestartIgnoringLastError(). And the user will be asked interactively
1452 // before RestartIgnoringLastError() is ever called.
1453 SSLConfig::CertAndStatus bad_cert;
1454
1455 // |ssl_info_.cert| may be NULL if we failed to create
1456 // X509Certificate for whatever reason, but normally it shouldn't
1457 // happen, unless this code is used inside sandbox.
1458 if (ssl_info_.cert.get() == NULL ||
1459 !X509Certificate::GetDEREncoded(ssl_info_.cert->os_cert_handle(),
1460 &bad_cert.der_cert)) {
1461 return error;
1462 }
1463 bad_cert.cert_status = ssl_info_.cert_status;
1464 server_ssl_config_.allowed_bad_certs.push_back(bad_cert);
1465
1466 int load_flags = request_info_.load_flags;
1467 if (session_->params().ignore_certificate_errors)
1468 load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS;
1469 if (ssl_socket->IgnoreCertError(error, load_flags))
1470 return OK;
1471 return error;
1472 }
1473
1474 void HttpStreamFactoryImpl::Job::SwitchToSpdyMode() {
1475 if (HttpStreamFactory::spdy_enabled())
1476 using_spdy_ = true;
1477 }
1478
1479 bool HttpStreamFactoryImpl::Job::IsPreconnecting() const {
1480 DCHECK_GE(num_streams_, 0);
1481 return num_streams_ > 0;
1482 }
1483
1484 bool HttpStreamFactoryImpl::Job::IsOrphaned() const {
1485 return !IsPreconnecting() && !request_;
1486 }
1487
1488 void HttpStreamFactoryImpl::Job::ReportJobSucceededForRequest() {
1489 if (using_existing_quic_session_) {
1490 // If an existing session was used, then no TCP connection was
1491 // started.
1492 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_NO_RACE);
1493 } else if (IsSpdyAlternative() || IsQuicAlternative()) {
1494 // This Job was the alternative Job, and hence won the race.
1495 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_WON_RACE);
1496 } else {
1497 // This Job was the normal Job, and hence the alternative Job lost the race.
1498 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_LOST_RACE);
1499 }
1500 }
1501
1502 void HttpStreamFactoryImpl::Job::MarkOtherJobComplete(const Job& job) {
1503 DCHECK_EQ(STATUS_RUNNING, other_job_status_);
1504 other_job_status_ = job.job_status_;
1505 other_job_alternative_service_ = job.alternative_service_;
1506 MaybeMarkAlternativeServiceBroken();
1507 }
1508
1509 void HttpStreamFactoryImpl::Job::MaybeMarkAlternativeServiceBroken() {
1510 if (job_status_ == STATUS_RUNNING || other_job_status_ == STATUS_RUNNING)
1511 return;
1512
1513 if (IsSpdyAlternative() || IsQuicAlternative()) {
1514 if (job_status_ == STATUS_BROKEN && other_job_status_ == STATUS_SUCCEEDED) {
1515 HistogramBrokenAlternateProtocolLocation(
1516 BROKEN_ALTERNATE_PROTOCOL_LOCATION_HTTP_STREAM_FACTORY_IMPL_JOB_ALT);
1517 session_->http_server_properties()->MarkAlternativeServiceBroken(
1518 alternative_service_);
1519 }
1520 return;
1521 }
1522
1523 if (job_status_ == STATUS_SUCCEEDED && other_job_status_ == STATUS_BROKEN) {
1524 HistogramBrokenAlternateProtocolLocation(
1525 BROKEN_ALTERNATE_PROTOCOL_LOCATION_HTTP_STREAM_FACTORY_IMPL_JOB_MAIN);
1526 session_->http_server_properties()->MarkAlternativeServiceBroken(
1527 other_job_alternative_service_);
1528 }
1529 }
1530
1531 HttpStreamFactoryImpl::Job::ValidSpdySessionPool::ValidSpdySessionPool(
1532 SpdySessionPool* spdy_session_pool,
1533 GURL& origin_url,
1534 bool is_spdy_alternative)
1535 : spdy_session_pool_(spdy_session_pool),
1536 origin_url_(origin_url),
1537 is_spdy_alternative_(is_spdy_alternative) {
1538 }
1539
1540 int HttpStreamFactoryImpl::Job::ValidSpdySessionPool::FindAvailableSession(
1541 const SpdySessionKey& key,
1542 const BoundNetLog& net_log,
1543 base::WeakPtr<SpdySession>* spdy_session) {
1544 *spdy_session = spdy_session_pool_->FindAvailableSession(key, net_log);
1545 return CheckAlternativeServiceValidityForOrigin(*spdy_session);
1546 }
1547
1548 int HttpStreamFactoryImpl::Job::ValidSpdySessionPool::
1549 CreateAvailableSessionFromSocket(const SpdySessionKey& key,
1550 scoped_ptr<ClientSocketHandle> connection,
1551 const BoundNetLog& net_log,
1552 int certificate_error_code,
1553 bool is_secure,
1554 base::WeakPtr<SpdySession>* spdy_session) {
1555 *spdy_session = spdy_session_pool_->CreateAvailableSessionFromSocket(
1556 key, connection.Pass(), net_log, certificate_error_code, is_secure);
1557 return CheckAlternativeServiceValidityForOrigin(*spdy_session);
1558 }
1559
1560 int HttpStreamFactoryImpl::Job::ValidSpdySessionPool::
1561 CheckAlternativeServiceValidityForOrigin(
1562 base::WeakPtr<SpdySession> spdy_session) {
1563 // For an alternative Job, server_.host() might be different than
1564 // origin_url_.host(), therefore it needs to be verified that the former
1565 // provides a certificate that is valid for the latter.
1566 if (!is_spdy_alternative_ || !spdy_session ||
1567 spdy_session->VerifyDomainAuthentication(origin_url_.host())) {
1568 return OK;
1569 }
1570 return ERR_ALTERNATIVE_CERT_NOT_VALID_FOR_ORIGIN;
1571 }
1572
1573 ClientSocketPoolManager::SocketGroupType
1574 HttpStreamFactoryImpl::Job::GetSocketGroup() const {
1575 std::string scheme = origin_url_.scheme();
1576 if (scheme == "https" || scheme == "wss" || IsSpdyAlternative())
1577 return ClientSocketPoolManager::SSL_GROUP;
1578
1579 if (scheme == "ftp")
1580 return ClientSocketPoolManager::FTP_GROUP;
1581
1582 return ClientSocketPoolManager::NORMAL_GROUP;
1583 }
1584
1585 // If the connection succeeds, failed connection attempts leading up to the
1586 // success will be returned via the successfully connected socket. If the
1587 // connection fails, failed connection attempts will be returned via the
1588 // ClientSocketHandle. Check whether a socket was returned and copy the
1589 // connection attempts from the proper place.
1590 void HttpStreamFactoryImpl::Job::
1591 MaybeCopyConnectionAttemptsFromSocketOrHandle() {
1592 if (IsOrphaned() || !connection_)
1593 return;
1594
1595 if (connection_->socket()) {
1596 ConnectionAttempts socket_attempts;
1597 connection_->socket()->GetConnectionAttempts(&socket_attempts);
1598 request_->AddConnectionAttempts(socket_attempts);
1599 } else {
1600 request_->AddConnectionAttempts(connection_->connection_attempts());
1601 }
1602 }
1603
1604 } // namespace net