search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Probably broke Win7 Tests (dbg)(6). http://build.chromium.org/p/chromium.win/builders...
[chromium-blink-merge.git] / net / http / http_network_transaction.cc
blobf4df073b4bba5ad905631653d2cba46820c0daa7
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/http_network_transaction.h"
6
7 #include <set>
8 #include <vector>
9
10 #include "base/bind.h"
11 #include "base/bind_helpers.h"
12 #include "base/compiler_specific.h"
13 #include "base/format_macros.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "base/metrics/field_trial.h"
16 #include "base/metrics/histogram.h"
17 #include "base/metrics/stats_counters.h"
18 #include "base/stl_util.h"
19 #include "base/strings/string_number_conversions.h"
20 #include "base/strings/string_util.h"
21 #include "base/strings/stringprintf.h"
22 #include "base/time/time.h"
23 #include "base/values.h"
24 #include "build/build_config.h"
25 #include "net/base/auth.h"
26 #include "net/base/host_port_pair.h"
27 #include "net/base/io_buffer.h"
28 #include "net/base/load_flags.h"
29 #include "net/base/load_timing_info.h"
30 #include "net/base/net_errors.h"
31 #include "net/base/net_util.h"
32 #include "net/base/upload_data_stream.h"
33 #include "net/http/http_auth.h"
34 #include "net/http/http_auth_handler.h"
35 #include "net/http/http_auth_handler_factory.h"
36 #include "net/http/http_basic_stream.h"
37 #include "net/http/http_chunked_decoder.h"
38 #include "net/http/http_network_session.h"
39 #include "net/http/http_proxy_client_socket.h"
40 #include "net/http/http_proxy_client_socket_pool.h"
41 #include "net/http/http_request_headers.h"
42 #include "net/http/http_request_info.h"
43 #include "net/http/http_response_headers.h"
44 #include "net/http/http_response_info.h"
45 #include "net/http/http_server_properties.h"
46 #include "net/http/http_status_code.h"
47 #include "net/http/http_stream_base.h"
48 #include "net/http/http_stream_factory.h"
49 #include "net/http/http_util.h"
50 #include "net/http/transport_security_state.h"
51 #include "net/http/url_security_manager.h"
52 #include "net/socket/client_socket_factory.h"
53 #include "net/socket/socks_client_socket_pool.h"
54 #include "net/socket/ssl_client_socket.h"
55 #include "net/socket/ssl_client_socket_pool.h"
56 #include "net/socket/transport_client_socket_pool.h"
57 #include "net/spdy/hpack_huffman_aggregator.h"
58 #include "net/spdy/spdy_http_stream.h"
59 #include "net/spdy/spdy_session.h"
60 #include "net/spdy/spdy_session_pool.h"
61 #include "net/ssl/ssl_cert_request_info.h"
62 #include "net/ssl/ssl_connection_status_flags.h"
63 #include "url/gurl.h"
64
65 #if defined(SPDY_PROXY_AUTH_ORIGIN)
66 #include <algorithm>
67 #include "net/proxy/proxy_server.h"
68 #endif
69
70
71 using base::Time;
72 using base::TimeDelta;
73
74 namespace net {
75
76 namespace {
77
78 void ProcessAlternateProtocol(
79 HttpNetworkSession* session,
80 const HttpResponseHeaders& headers,
81 const HostPortPair& http_host_port_pair) {
82 if (!headers.HasHeader(kAlternateProtocolHeader))
83 return;
84
85 std::vector<std::string> alternate_protocol_values;
86 void* iter = NULL;
87 std::string alternate_protocol_str;
88 while (headers.EnumerateHeader(&iter, kAlternateProtocolHeader,
89 &alternate_protocol_str)) {
90 alternate_protocol_values.push_back(alternate_protocol_str);
91 }
92
93 session->http_stream_factory()->ProcessAlternateProtocol(
94 session->http_server_properties(),
95 alternate_protocol_values,
96 http_host_port_pair,
97 *session);
98 }
99
100 // Returns true if |error| is a client certificate authentication error.
101 bool IsClientCertificateError(int error) {
102 switch (error) {
103 case ERR_BAD_SSL_CLIENT_AUTH_CERT:
104 case ERR_SSL_CLIENT_AUTH_PRIVATE_KEY_ACCESS_DENIED:
105 case ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY:
106 case ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED:
107 return true;
108 default:
109 return false;
110 }
111 }
112
113 base::Value* NetLogSSLVersionFallbackCallback(
114 const GURL* url,
115 int net_error,
116 uint16 version_before,
117 uint16 version_after,
118 NetLog::LogLevel /* log_level */) {
119 base::DictionaryValue* dict = new base::DictionaryValue();
120 dict->SetString("host_and_port", GetHostAndPort(*url));
121 dict->SetInteger("net_error", net_error);
122 dict->SetInteger("version_before", version_before);
123 dict->SetInteger("version_after", version_after);
124 return dict;
125 }
126
127 } // namespace
128
129 //-----------------------------------------------------------------------------
130
131 HttpNetworkTransaction::HttpNetworkTransaction(RequestPriority priority,
132 HttpNetworkSession* session)
133 : pending_auth_target_(HttpAuth::AUTH_NONE),
134 io_callback_(base::Bind(&HttpNetworkTransaction::OnIOComplete,
135 base::Unretained(this))),
136 session_(session),
137 request_(NULL),
138 priority_(priority),
139 headers_valid_(false),
140 logged_response_time_(false),
141 fallback_error_code_(ERR_SSL_INAPPROPRIATE_FALLBACK),
142 request_headers_(),
143 read_buf_len_(0),
144 total_received_bytes_(0),
145 next_state_(STATE_NONE),
146 establishing_tunnel_(false),
147 websocket_handshake_stream_base_create_helper_(NULL) {
148 session->ssl_config_service()->GetSSLConfig(&server_ssl_config_);
149 session->GetNextProtos(&server_ssl_config_.next_protos);
150 proxy_ssl_config_ = server_ssl_config_;
151 }
152
153 HttpNetworkTransaction::~HttpNetworkTransaction() {
154 if (stream_.get()) {
155 HttpResponseHeaders* headers = GetResponseHeaders();
156 // TODO(mbelshe): The stream_ should be able to compute whether or not the
157 // stream should be kept alive. No reason to compute here
158 // and pass it in.
159 bool try_to_keep_alive =
160 next_state_ == STATE_NONE &&
161 stream_->CanFindEndOfResponse() &&
162 (!headers || headers->IsKeepAlive());
163 if (!try_to_keep_alive) {
164 stream_->Close(true /* not reusable */);
165 } else {
166 if (stream_->IsResponseBodyComplete()) {
167 // If the response body is complete, we can just reuse the socket.
168 stream_->Close(false /* reusable */);
169 } else if (stream_->IsSpdyHttpStream()) {
170 // Doesn't really matter for SpdyHttpStream. Just close it.
171 stream_->Close(true /* not reusable */);
172 } else {
173 // Otherwise, we try to drain the response body.
174 HttpStreamBase* stream = stream_.release();
175 stream->Drain(session_);
176 }
177 }
178 }
179
180 if (request_ && request_->upload_data_stream)
181 request_->upload_data_stream->Reset(); // Invalidate pending callbacks.
182 }
183
184 int HttpNetworkTransaction::Start(const HttpRequestInfo* request_info,
185 const CompletionCallback& callback,
186 const BoundNetLog& net_log) {
187 SIMPLE_STATS_COUNTER("HttpNetworkTransaction.Count");
188
189 net_log_ = net_log;
190 request_ = request_info;
191 start_time_ = base::Time::Now();
192
193 if (request_->load_flags & LOAD_DISABLE_CERT_REVOCATION_CHECKING) {
194 server_ssl_config_.rev_checking_enabled = false;
195 proxy_ssl_config_.rev_checking_enabled = false;
196 }
197
198 // Channel ID is disabled if privacy mode is enabled for this request.
199 if (request_->privacy_mode == PRIVACY_MODE_ENABLED)
200 server_ssl_config_.channel_id_enabled = false;
201
202 next_state_ = STATE_NOTIFY_BEFORE_CREATE_STREAM;
203 int rv = DoLoop(OK);
204 if (rv == ERR_IO_PENDING)
205 callback_ = callback;
206 return rv;
207 }
208
209 int HttpNetworkTransaction::RestartIgnoringLastError(
210 const CompletionCallback& callback) {
211 DCHECK(!stream_.get());
212 DCHECK(!stream_request_.get());
213 DCHECK_EQ(STATE_NONE, next_state_);
214
215 next_state_ = STATE_CREATE_STREAM;
216
217 int rv = DoLoop(OK);
218 if (rv == ERR_IO_PENDING)
219 callback_ = callback;
220 return rv;
221 }
222
223 int HttpNetworkTransaction::RestartWithCertificate(
224 X509Certificate* client_cert, const CompletionCallback& callback) {
225 // In HandleCertificateRequest(), we always tear down existing stream
226 // requests to force a new connection. So we shouldn't have one here.
227 DCHECK(!stream_request_.get());
228 DCHECK(!stream_.get());
229 DCHECK_EQ(STATE_NONE, next_state_);
230
231 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ?
232 &proxy_ssl_config_ : &server_ssl_config_;
233 ssl_config->send_client_cert = true;
234 ssl_config->client_cert = client_cert;
235 session_->ssl_client_auth_cache()->Add(
236 response_.cert_request_info->host_and_port, client_cert);
237 // Reset the other member variables.
238 // Note: this is necessary only with SSL renegotiation.
239 ResetStateForRestart();
240 next_state_ = STATE_CREATE_STREAM;
241 int rv = DoLoop(OK);
242 if (rv == ERR_IO_PENDING)
243 callback_ = callback;
244 return rv;
245 }
246
247 int HttpNetworkTransaction::RestartWithAuth(
248 const AuthCredentials& credentials, const CompletionCallback& callback) {
249 HttpAuth::Target target = pending_auth_target_;
250 if (target == HttpAuth::AUTH_NONE) {
251 NOTREACHED();
252 return ERR_UNEXPECTED;
253 }
254 pending_auth_target_ = HttpAuth::AUTH_NONE;
255
256 auth_controllers_[target]->ResetAuth(credentials);
257
258 DCHECK(callback_.is_null());
259
260 int rv = OK;
261 if (target == HttpAuth::AUTH_PROXY && establishing_tunnel_) {
262 // In this case, we've gathered credentials for use with proxy
263 // authentication of a tunnel.
264 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
265 DCHECK(stream_request_ != NULL);
266 auth_controllers_[target] = NULL;
267 ResetStateForRestart();
268 rv = stream_request_->RestartTunnelWithProxyAuth(credentials);
269 } else {
270 // In this case, we've gathered credentials for the server or the proxy
271 // but it is not during the tunneling phase.
272 DCHECK(stream_request_ == NULL);
273 PrepareForAuthRestart(target);
274 rv = DoLoop(OK);
275 }
276
277 if (rv == ERR_IO_PENDING)
278 callback_ = callback;
279 return rv;
280 }
281
282 void HttpNetworkTransaction::PrepareForAuthRestart(HttpAuth::Target target) {
283 DCHECK(HaveAuth(target));
284 DCHECK(!stream_request_.get());
285
286 bool keep_alive = false;
287 // Even if the server says the connection is keep-alive, we have to be
288 // able to find the end of each response in order to reuse the connection.
289 if (GetResponseHeaders()->IsKeepAlive() &&
290 stream_->CanFindEndOfResponse()) {
291 // If the response body hasn't been completely read, we need to drain
292 // it first.
293 if (!stream_->IsResponseBodyComplete()) {
294 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART;
295 read_buf_ = new IOBuffer(kDrainBodyBufferSize); // A bit bucket.
296 read_buf_len_ = kDrainBodyBufferSize;
297 return;
298 }
299 keep_alive = true;
300 }
301
302 // We don't need to drain the response body, so we act as if we had drained
303 // the response body.
304 DidDrainBodyForAuthRestart(keep_alive);
305 }
306
307 void HttpNetworkTransaction::DidDrainBodyForAuthRestart(bool keep_alive) {
308 DCHECK(!stream_request_.get());
309
310 if (stream_.get()) {
311 total_received_bytes_ += stream_->GetTotalReceivedBytes();
312 HttpStream* new_stream = NULL;
313 if (keep_alive && stream_->IsConnectionReusable()) {
314 // We should call connection_->set_idle_time(), but this doesn't occur
315 // often enough to be worth the trouble.
316 stream_->SetConnectionReused();
317 new_stream =
318 static_cast<HttpStream*>(stream_.get())->RenewStreamForAuth();
319 }
320
321 if (!new_stream) {
322 // Close the stream and mark it as not_reusable. Even in the
323 // keep_alive case, we've determined that the stream_ is not
324 // reusable if new_stream is NULL.
325 stream_->Close(true);
326 next_state_ = STATE_CREATE_STREAM;
327 } else {
328 // Renewed streams shouldn't carry over received bytes.
329 DCHECK_EQ(0, new_stream->GetTotalReceivedBytes());
330 next_state_ = STATE_INIT_STREAM;
331 }
332 stream_.reset(new_stream);
333 }
334
335 // Reset the other member variables.
336 ResetStateForAuthRestart();
337 }
338
339 bool HttpNetworkTransaction::IsReadyToRestartForAuth() {
340 return pending_auth_target_ != HttpAuth::AUTH_NONE &&
341 HaveAuth(pending_auth_target_);
342 }
343
344 int HttpNetworkTransaction::Read(IOBuffer* buf, int buf_len,
345 const CompletionCallback& callback) {
346 DCHECK(buf);
347 DCHECK_LT(0, buf_len);
348
349 State next_state = STATE_NONE;
350
351 scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders());
352 if (headers_valid_ && headers.get() && stream_request_.get()) {
353 // We're trying to read the body of the response but we're still trying
354 // to establish an SSL tunnel through an HTTP proxy. We can't read these
355 // bytes when establishing a tunnel because they might be controlled by
356 // an active network attacker. We don't worry about this for HTTP
357 // because an active network attacker can already control HTTP sessions.
358 // We reach this case when the user cancels a 407 proxy auth prompt. We
359 // also don't worry about this for an HTTPS Proxy, because the
360 // communication with the proxy is secure.
361 // See http://crbug.com/8473.
362 DCHECK(proxy_info_.is_http() || proxy_info_.is_https());
363 DCHECK_EQ(headers->response_code(), HTTP_PROXY_AUTHENTICATION_REQUIRED);
364 LOG(WARNING) << "Blocked proxy response with status "
365 << headers->response_code() << " to CONNECT request for "
366 << GetHostAndPort(request_->url) << ".";
367 return ERR_TUNNEL_CONNECTION_FAILED;
368 }
369
370 // Are we using SPDY or HTTP?
371 next_state = STATE_READ_BODY;
372
373 read_buf_ = buf;
374 read_buf_len_ = buf_len;
375
376 next_state_ = next_state;
377 int rv = DoLoop(OK);
378 if (rv == ERR_IO_PENDING)
379 callback_ = callback;
380 return rv;
381 }
382
383 void HttpNetworkTransaction::StopCaching() {}
384
385 bool HttpNetworkTransaction::GetFullRequestHeaders(
386 HttpRequestHeaders* headers) const {
387 // TODO(ttuttle): Make sure we've populated request_headers_.
388 *headers = request_headers_;
389 return true;
390 }
391
392 int64 HttpNetworkTransaction::GetTotalReceivedBytes() const {
393 int64 total_received_bytes = total_received_bytes_;
394 if (stream_)
395 total_received_bytes += stream_->GetTotalReceivedBytes();
396 return total_received_bytes;
397 }
398
399 void HttpNetworkTransaction::DoneReading() {}
400
401 const HttpResponseInfo* HttpNetworkTransaction::GetResponseInfo() const {
402 return ((headers_valid_ && response_.headers.get()) ||
403 response_.ssl_info.cert.get() || response_.cert_request_info.get())
404 ? &response_
405 : NULL;
406 }
407
408 LoadState HttpNetworkTransaction::GetLoadState() const {
409 // TODO(wtc): Define a new LoadState value for the
410 // STATE_INIT_CONNECTION_COMPLETE state, which delays the HTTP request.
411 switch (next_state_) {
412 case STATE_CREATE_STREAM:
413 return LOAD_STATE_WAITING_FOR_DELEGATE;
414 case STATE_CREATE_STREAM_COMPLETE:
415 return stream_request_->GetLoadState();
416 case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE:
417 case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE:
418 case STATE_SEND_REQUEST_COMPLETE:
419 return LOAD_STATE_SENDING_REQUEST;
420 case STATE_READ_HEADERS_COMPLETE:
421 return LOAD_STATE_WAITING_FOR_RESPONSE;
422 case STATE_READ_BODY_COMPLETE:
423 return LOAD_STATE_READING_RESPONSE;
424 default:
425 return LOAD_STATE_IDLE;
426 }
427 }
428
429 UploadProgress HttpNetworkTransaction::GetUploadProgress() const {
430 if (!stream_.get())
431 return UploadProgress();
432
433 // TODO(bashi): This cast is temporary. Remove later.
434 return static_cast<HttpStream*>(stream_.get())->GetUploadProgress();
435 }
436
437 void HttpNetworkTransaction::SetQuicServerInfo(
438 QuicServerInfo* quic_server_info) {}
439
440 bool HttpNetworkTransaction::GetLoadTimingInfo(
441 LoadTimingInfo* load_timing_info) const {
442 if (!stream_ || !stream_->GetLoadTimingInfo(load_timing_info))
443 return false;
444
445 load_timing_info->proxy_resolve_start =
446 proxy_info_.proxy_resolve_start_time();
447 load_timing_info->proxy_resolve_end = proxy_info_.proxy_resolve_end_time();
448 load_timing_info->send_start = send_start_time_;
449 load_timing_info->send_end = send_end_time_;
450 return true;
451 }
452
453 void HttpNetworkTransaction::SetPriority(RequestPriority priority) {
454 priority_ = priority;
455 if (stream_request_)
456 stream_request_->SetPriority(priority);
457 if (stream_)
458 stream_->SetPriority(priority);
459 }
460
461 void HttpNetworkTransaction::SetWebSocketHandshakeStreamCreateHelper(
462 WebSocketHandshakeStreamBase::CreateHelper* create_helper) {
463 websocket_handshake_stream_base_create_helper_ = create_helper;
464 }
465
466 void HttpNetworkTransaction::SetBeforeNetworkStartCallback(
467 const BeforeNetworkStartCallback& callback) {
468 before_network_start_callback_ = callback;
469 }
470
471 void HttpNetworkTransaction::SetBeforeProxyHeadersSentCallback(
472 const BeforeProxyHeadersSentCallback& callback) {
473 before_proxy_headers_sent_callback_ = callback;
474 }
475
476 int HttpNetworkTransaction::ResumeNetworkStart() {
477 DCHECK_EQ(next_state_, STATE_CREATE_STREAM);
478 return DoLoop(OK);
479 }
480
481 void HttpNetworkTransaction::OnStreamReady(const SSLConfig& used_ssl_config,
482 const ProxyInfo& used_proxy_info,
483 HttpStreamBase* stream) {
484 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
485 DCHECK(stream_request_.get());
486
487 if (stream_)
488 total_received_bytes_ += stream_->GetTotalReceivedBytes();
489 stream_.reset(stream);
490 server_ssl_config_ = used_ssl_config;
491 proxy_info_ = used_proxy_info;
492 response_.was_npn_negotiated = stream_request_->was_npn_negotiated();
493 response_.npn_negotiated_protocol = SSLClientSocket::NextProtoToString(
494 stream_request_->protocol_negotiated());
495 response_.was_fetched_via_spdy = stream_request_->using_spdy();
496 response_.was_fetched_via_proxy = !proxy_info_.is_direct();
497 if (response_.was_fetched_via_proxy && !proxy_info_.is_empty())
498 response_.proxy_server = proxy_info_.proxy_server().host_port_pair();
499 OnIOComplete(OK);
500 }
501
502 void HttpNetworkTransaction::OnWebSocketHandshakeStreamReady(
503 const SSLConfig& used_ssl_config,
504 const ProxyInfo& used_proxy_info,
505 WebSocketHandshakeStreamBase* stream) {
506 OnStreamReady(used_ssl_config, used_proxy_info, stream);
507 }
508
509 void HttpNetworkTransaction::OnStreamFailed(int result,
510 const SSLConfig& used_ssl_config) {
511 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
512 DCHECK_NE(OK, result);
513 DCHECK(stream_request_.get());
514 DCHECK(!stream_.get());
515 server_ssl_config_ = used_ssl_config;
516
517 OnIOComplete(result);
518 }
519
520 void HttpNetworkTransaction::OnCertificateError(
521 int result,
522 const SSLConfig& used_ssl_config,
523 const SSLInfo& ssl_info) {
524 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
525 DCHECK_NE(OK, result);
526 DCHECK(stream_request_.get());
527 DCHECK(!stream_.get());
528
529 response_.ssl_info = ssl_info;
530 server_ssl_config_ = used_ssl_config;
531
532 // TODO(mbelshe): For now, we're going to pass the error through, and that
533 // will close the stream_request in all cases. This means that we're always
534 // going to restart an entire STATE_CREATE_STREAM, even if the connection is
535 // good and the user chooses to ignore the error. This is not ideal, but not
536 // the end of the world either.
537
538 OnIOComplete(result);
539 }
540
541 void HttpNetworkTransaction::OnNeedsProxyAuth(
542 const HttpResponseInfo& proxy_response,
543 const SSLConfig& used_ssl_config,
544 const ProxyInfo& used_proxy_info,
545 HttpAuthController* auth_controller) {
546 DCHECK(stream_request_.get());
547 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
548
549 establishing_tunnel_ = true;
550 response_.headers = proxy_response.headers;
551 response_.auth_challenge = proxy_response.auth_challenge;
552 headers_valid_ = true;
553 server_ssl_config_ = used_ssl_config;
554 proxy_info_ = used_proxy_info;
555
556 auth_controllers_[HttpAuth::AUTH_PROXY] = auth_controller;
557 pending_auth_target_ = HttpAuth::AUTH_PROXY;
558
559 DoCallback(OK);
560 }
561
562 void HttpNetworkTransaction::OnNeedsClientAuth(
563 const SSLConfig& used_ssl_config,
564 SSLCertRequestInfo* cert_info) {
565 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
566
567 server_ssl_config_ = used_ssl_config;
568 response_.cert_request_info = cert_info;
569 OnIOComplete(ERR_SSL_CLIENT_AUTH_CERT_NEEDED);
570 }
571
572 void HttpNetworkTransaction::OnHttpsProxyTunnelResponse(
573 const HttpResponseInfo& response_info,
574 const SSLConfig& used_ssl_config,
575 const ProxyInfo& used_proxy_info,
576 HttpStreamBase* stream) {
577 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
578
579 headers_valid_ = true;
580 response_ = response_info;
581 server_ssl_config_ = used_ssl_config;
582 proxy_info_ = used_proxy_info;
583 if (stream_)
584 total_received_bytes_ += stream_->GetTotalReceivedBytes();
585 stream_.reset(stream);
586 stream_request_.reset(); // we're done with the stream request
587 OnIOComplete(ERR_HTTPS_PROXY_TUNNEL_RESPONSE);
588 }
589
590 bool HttpNetworkTransaction::is_https_request() const {
591 return request_->url.SchemeIs("https");
592 }
593
594 void HttpNetworkTransaction::DoCallback(int rv) {
595 DCHECK_NE(rv, ERR_IO_PENDING);
596 DCHECK(!callback_.is_null());
597
598 // Since Run may result in Read being called, clear user_callback_ up front.
599 CompletionCallback c = callback_;
600 callback_.Reset();
601 c.Run(rv);
602 }
603
604 void HttpNetworkTransaction::OnIOComplete(int result) {
605 int rv = DoLoop(result);
606 if (rv != ERR_IO_PENDING)
607 DoCallback(rv);
608 }
609
610 int HttpNetworkTransaction::DoLoop(int result) {
611 DCHECK(next_state_ != STATE_NONE);
612
613 int rv = result;
614 do {
615 State state = next_state_;
616 next_state_ = STATE_NONE;
617 switch (state) {
618 case STATE_NOTIFY_BEFORE_CREATE_STREAM:
619 DCHECK_EQ(OK, rv);
620 rv = DoNotifyBeforeCreateStream();
621 break;
622 case STATE_CREATE_STREAM:
623 DCHECK_EQ(OK, rv);
624 rv = DoCreateStream();
625 break;
626 case STATE_CREATE_STREAM_COMPLETE:
627 rv = DoCreateStreamComplete(rv);
628 break;
629 case STATE_INIT_STREAM:
630 DCHECK_EQ(OK, rv);
631 rv = DoInitStream();
632 break;
633 case STATE_INIT_STREAM_COMPLETE:
634 rv = DoInitStreamComplete(rv);
635 break;
636 case STATE_GENERATE_PROXY_AUTH_TOKEN:
637 DCHECK_EQ(OK, rv);
638 rv = DoGenerateProxyAuthToken();
639 break;
640 case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE:
641 rv = DoGenerateProxyAuthTokenComplete(rv);
642 break;
643 case STATE_GENERATE_SERVER_AUTH_TOKEN:
644 DCHECK_EQ(OK, rv);
645 rv = DoGenerateServerAuthToken();
646 break;
647 case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE:
648 rv = DoGenerateServerAuthTokenComplete(rv);
649 break;
650 case STATE_INIT_REQUEST_BODY:
651 DCHECK_EQ(OK, rv);
652 rv = DoInitRequestBody();
653 break;
654 case STATE_INIT_REQUEST_BODY_COMPLETE:
655 rv = DoInitRequestBodyComplete(rv);
656 break;
657 case STATE_BUILD_REQUEST:
658 DCHECK_EQ(OK, rv);
659 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST);
660 rv = DoBuildRequest();
661 break;
662 case STATE_BUILD_REQUEST_COMPLETE:
663 rv = DoBuildRequestComplete(rv);
664 break;
665 case STATE_SEND_REQUEST:
666 DCHECK_EQ(OK, rv);
667 rv = DoSendRequest();
668 break;
669 case STATE_SEND_REQUEST_COMPLETE:
670 rv = DoSendRequestComplete(rv);
671 net_log_.EndEventWithNetErrorCode(
672 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST, rv);
673 break;
674 case STATE_READ_HEADERS:
675 DCHECK_EQ(OK, rv);
676 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_READ_HEADERS);
677 rv = DoReadHeaders();
678 break;
679 case STATE_READ_HEADERS_COMPLETE:
680 rv = DoReadHeadersComplete(rv);
681 net_log_.EndEventWithNetErrorCode(
682 NetLog::TYPE_HTTP_TRANSACTION_READ_HEADERS, rv);
683 break;
684 case STATE_READ_BODY:
685 DCHECK_EQ(OK, rv);
686 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_READ_BODY);
687 rv = DoReadBody();
688 break;
689 case STATE_READ_BODY_COMPLETE:
690 rv = DoReadBodyComplete(rv);
691 net_log_.EndEventWithNetErrorCode(
692 NetLog::TYPE_HTTP_TRANSACTION_READ_BODY, rv);
693 break;
694 case STATE_DRAIN_BODY_FOR_AUTH_RESTART:
695 DCHECK_EQ(OK, rv);
696 net_log_.BeginEvent(
697 NetLog::TYPE_HTTP_TRANSACTION_DRAIN_BODY_FOR_AUTH_RESTART);
698 rv = DoDrainBodyForAuthRestart();
699 break;
700 case STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE:
701 rv = DoDrainBodyForAuthRestartComplete(rv);
702 net_log_.EndEventWithNetErrorCode(
703 NetLog::TYPE_HTTP_TRANSACTION_DRAIN_BODY_FOR_AUTH_RESTART, rv);
704 break;
705 default:
706 NOTREACHED() << "bad state";
707 rv = ERR_FAILED;
708 break;
709 }
710 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE);
711
712 return rv;
713 }
714
715 int HttpNetworkTransaction::DoNotifyBeforeCreateStream() {
716 next_state_ = STATE_CREATE_STREAM;
717 bool defer = false;
718 if (!before_network_start_callback_.is_null())
719 before_network_start_callback_.Run(&defer);
720 if (!defer)
721 return OK;
722 return ERR_IO_PENDING;
723 }
724
725 int HttpNetworkTransaction::DoCreateStream() {
726 next_state_ = STATE_CREATE_STREAM_COMPLETE;
727 if (ForWebSocketHandshake()) {
728 stream_request_.reset(
729 session_->http_stream_factory_for_websocket()
730 ->RequestWebSocketHandshakeStream(
731 *request_,
732 priority_,
733 server_ssl_config_,
734 proxy_ssl_config_,
735 this,
736 websocket_handshake_stream_base_create_helper_,
737 net_log_));
738 } else {
739 stream_request_.reset(
740 session_->http_stream_factory()->RequestStream(
741 *request_,
742 priority_,
743 server_ssl_config_,
744 proxy_ssl_config_,
745 this,
746 net_log_));
747 }
748 DCHECK(stream_request_.get());
749 return ERR_IO_PENDING;
750 }
751
752 int HttpNetworkTransaction::DoCreateStreamComplete(int result) {
753 if (result == OK) {
754 next_state_ = STATE_INIT_STREAM;
755 DCHECK(stream_.get());
756 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
757 result = HandleCertificateRequest(result);
758 } else if (result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) {
759 // Return OK and let the caller read the proxy's error page
760 next_state_ = STATE_NONE;
761 return OK;
762 }
763
764 // Handle possible handshake errors that may have occurred if the stream
765 // used SSL for one or more of the layers.
766 result = HandleSSLHandshakeError(result);
767
768 // At this point we are done with the stream_request_.
769 stream_request_.reset();
770 return result;
771 }
772
773 int HttpNetworkTransaction::DoInitStream() {
774 DCHECK(stream_.get());
775 next_state_ = STATE_INIT_STREAM_COMPLETE;
776 return stream_->InitializeStream(request_, priority_, net_log_, io_callback_);
777 }
778
779 int HttpNetworkTransaction::DoInitStreamComplete(int result) {
780 if (result == OK) {
781 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN;
782 } else {
783 if (result < 0)
784 result = HandleIOError(result);
785
786 // The stream initialization failed, so this stream will never be useful.
787 if (stream_)
788 total_received_bytes_ += stream_->GetTotalReceivedBytes();
789 stream_.reset();
790 }
791
792 return result;
793 }
794
795 int HttpNetworkTransaction::DoGenerateProxyAuthToken() {
796 next_state_ = STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE;
797 if (!ShouldApplyProxyAuth())
798 return OK;
799 HttpAuth::Target target = HttpAuth::AUTH_PROXY;
800 if (!auth_controllers_[target].get())
801 auth_controllers_[target] =
802 new HttpAuthController(target,
803 AuthURL(target),
804 session_->http_auth_cache(),
805 session_->http_auth_handler_factory());
806 return auth_controllers_[target]->MaybeGenerateAuthToken(request_,
807 io_callback_,
808 net_log_);
809 }
810
811 int HttpNetworkTransaction::DoGenerateProxyAuthTokenComplete(int rv) {
812 DCHECK_NE(ERR_IO_PENDING, rv);
813 if (rv == OK)
814 next_state_ = STATE_GENERATE_SERVER_AUTH_TOKEN;
815 return rv;
816 }
817
818 int HttpNetworkTransaction::DoGenerateServerAuthToken() {
819 next_state_ = STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE;
820 HttpAuth::Target target = HttpAuth::AUTH_SERVER;
821 if (!auth_controllers_[target].get()) {
822 auth_controllers_[target] =
823 new HttpAuthController(target,
824 AuthURL(target),
825 session_->http_auth_cache(),
826 session_->http_auth_handler_factory());
827 if (request_->load_flags & LOAD_DO_NOT_USE_EMBEDDED_IDENTITY)
828 auth_controllers_[target]->DisableEmbeddedIdentity();
829 }
830 if (!ShouldApplyServerAuth())
831 return OK;
832 return auth_controllers_[target]->MaybeGenerateAuthToken(request_,
833 io_callback_,
834 net_log_);
835 }
836
837 int HttpNetworkTransaction::DoGenerateServerAuthTokenComplete(int rv) {
838 DCHECK_NE(ERR_IO_PENDING, rv);
839 if (rv == OK)
840 next_state_ = STATE_INIT_REQUEST_BODY;
841 return rv;
842 }
843
844 void HttpNetworkTransaction::BuildRequestHeaders(bool using_proxy) {
845 request_headers_.SetHeader(HttpRequestHeaders::kHost,
846 GetHostAndOptionalPort(request_->url));
847
848 // For compat with HTTP/1.0 servers and proxies:
849 if (using_proxy) {
850 request_headers_.SetHeader(HttpRequestHeaders::kProxyConnection,
851 "keep-alive");
852 } else {
853 request_headers_.SetHeader(HttpRequestHeaders::kConnection, "keep-alive");
854 }
855
856 // Add a content length header?
857 if (request_->upload_data_stream) {
858 if (request_->upload_data_stream->is_chunked()) {
859 request_headers_.SetHeader(
860 HttpRequestHeaders::kTransferEncoding, "chunked");
861 } else {
862 request_headers_.SetHeader(
863 HttpRequestHeaders::kContentLength,
864 base::Uint64ToString(request_->upload_data_stream->size()));
865 }
866 } else if (request_->method == "POST" || request_->method == "PUT" ||
867 request_->method == "HEAD") {
868 // An empty POST/PUT request still needs a content length. As for HEAD,
869 // IE and Safari also add a content length header. Presumably it is to
870 // support sending a HEAD request to an URL that only expects to be sent a
871 // POST or some other method that normally would have a message body.
872 request_headers_.SetHeader(HttpRequestHeaders::kContentLength, "0");
873 }
874
875 // Honor load flags that impact proxy caches.
876 if (request_->load_flags & LOAD_BYPASS_CACHE) {
877 request_headers_.SetHeader(HttpRequestHeaders::kPragma, "no-cache");
878 request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "no-cache");
879 } else if (request_->load_flags & LOAD_VALIDATE_CACHE) {
880 request_headers_.SetHeader(HttpRequestHeaders::kCacheControl, "max-age=0");
881 }
882
883 if (ShouldApplyProxyAuth() && HaveAuth(HttpAuth::AUTH_PROXY))
884 auth_controllers_[HttpAuth::AUTH_PROXY]->AddAuthorizationHeader(
885 &request_headers_);
886 if (ShouldApplyServerAuth() && HaveAuth(HttpAuth::AUTH_SERVER))
887 auth_controllers_[HttpAuth::AUTH_SERVER]->AddAuthorizationHeader(
888 &request_headers_);
889
890 request_headers_.MergeFrom(request_->extra_headers);
891
892 if (using_proxy && !before_proxy_headers_sent_callback_.is_null())
893 before_proxy_headers_sent_callback_.Run(proxy_info_, &request_headers_);
894
895 response_.did_use_http_auth =
896 request_headers_.HasHeader(HttpRequestHeaders::kAuthorization) ||
897 request_headers_.HasHeader(HttpRequestHeaders::kProxyAuthorization);
898 }
899
900 int HttpNetworkTransaction::DoInitRequestBody() {
901 next_state_ = STATE_INIT_REQUEST_BODY_COMPLETE;
902 int rv = OK;
903 if (request_->upload_data_stream)
904 rv = request_->upload_data_stream->Init(io_callback_);
905 return rv;
906 }
907
908 int HttpNetworkTransaction::DoInitRequestBodyComplete(int result) {
909 if (result == OK)
910 next_state_ = STATE_BUILD_REQUEST;
911 return result;
912 }
913
914 int HttpNetworkTransaction::DoBuildRequest() {
915 next_state_ = STATE_BUILD_REQUEST_COMPLETE;
916 headers_valid_ = false;
917
918 // This is constructed lazily (instead of within our Start method), so that
919 // we have proxy info available.
920 if (request_headers_.IsEmpty()) {
921 bool using_proxy = (proxy_info_.is_http() || proxy_info_.is_https()) &&
922 !is_https_request();
923 BuildRequestHeaders(using_proxy);
924 }
925
926 return OK;
927 }
928
929 int HttpNetworkTransaction::DoBuildRequestComplete(int result) {
930 if (result == OK)
931 next_state_ = STATE_SEND_REQUEST;
932 return result;
933 }
934
935 int HttpNetworkTransaction::DoSendRequest() {
936 send_start_time_ = base::TimeTicks::Now();
937 next_state_ = STATE_SEND_REQUEST_COMPLETE;
938
939 return stream_->SendRequest(request_headers_, &response_, io_callback_);
940 }
941
942 int HttpNetworkTransaction::DoSendRequestComplete(int result) {
943 send_end_time_ = base::TimeTicks::Now();
944 if (result < 0)
945 return HandleIOError(result);
946 response_.network_accessed = true;
947 next_state_ = STATE_READ_HEADERS;
948 return OK;
949 }
950
951 int HttpNetworkTransaction::DoReadHeaders() {
952 next_state_ = STATE_READ_HEADERS_COMPLETE;
953 return stream_->ReadResponseHeaders(io_callback_);
954 }
955
956 int HttpNetworkTransaction::DoReadHeadersComplete(int result) {
957 // We can get a certificate error or ERR_SSL_CLIENT_AUTH_CERT_NEEDED here
958 // due to SSL renegotiation.
959 if (IsCertificateError(result)) {
960 // We don't handle a certificate error during SSL renegotiation, so we
961 // have to return an error that's not in the certificate error range
962 // (-2xx).
963 LOG(ERROR) << "Got a server certificate with error " << result
964 << " during SSL renegotiation";
965 result = ERR_CERT_ERROR_IN_SSL_RENEGOTIATION;
966 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
967 // TODO(wtc): Need a test case for this code path!
968 DCHECK(stream_.get());
969 DCHECK(is_https_request());
970 response_.cert_request_info = new SSLCertRequestInfo;
971 stream_->GetSSLCertRequestInfo(response_.cert_request_info.get());
972 result = HandleCertificateRequest(result);
973 if (result == OK)
974 return result;
975 }
976
977 if (result == ERR_QUIC_HANDSHAKE_FAILED) {
978 ResetConnectionAndRequestForResend();
979 return OK;
980 }
981
982 // After we call RestartWithAuth a new response_time will be recorded, and
983 // we need to be cautious about incorrectly logging the duration across the
984 // authentication activity.
985 if (result == OK)
986 LogTransactionConnectedMetrics();
987
988 // ERR_CONNECTION_CLOSED is treated differently at this point; if partial
989 // response headers were received, we do the best we can to make sense of it
990 // and send it back up the stack.
991 //
992 // TODO(davidben): Consider moving this to HttpBasicStream, It's a little
993 // bizarre for SPDY. Assuming this logic is useful at all.
994 // TODO(davidben): Bubble the error code up so we do not cache?
995 if (result == ERR_CONNECTION_CLOSED && response_.headers.get())
996 result = OK;
997
998 if (result < 0)
999 return HandleIOError(result);
1000
1001 DCHECK(response_.headers.get());
1002
1003 // On a 408 response from the server ("Request Timeout") on a stale socket,
1004 // retry the request.
1005 // Headers can be NULL because of http://crbug.com/384554.
1006 if (response_.headers.get() && response_.headers->response_code() == 408 &&
1007 stream_->IsConnectionReused()) {
1008 net_log_.AddEventWithNetErrorCode(
1009 NetLog::TYPE_HTTP_TRANSACTION_RESTART_AFTER_ERROR,
1010 response_.headers->response_code());
1011 // This will close the socket - it would be weird to try and reuse it, even
1012 // if the server doesn't actually close it.
1013 ResetConnectionAndRequestForResend();
1014 return OK;
1015 }
1016
1017 // Like Net.HttpResponseCode, but only for MAIN_FRAME loads.
1018 if (request_->load_flags & LOAD_MAIN_FRAME) {
1019 const int response_code = response_.headers->response_code();
1020 UMA_HISTOGRAM_ENUMERATION(
1021 "Net.HttpResponseCode_Nxx_MainFrame", response_code/100, 10);
1022 }
1023
1024 net_log_.AddEvent(
1025 NetLog::TYPE_HTTP_TRANSACTION_READ_RESPONSE_HEADERS,
1026 base::Bind(&HttpResponseHeaders::NetLogCallback, response_.headers));
1027
1028 if (response_.headers->GetParsedHttpVersion() < HttpVersion(1, 0)) {
1029 // HTTP/0.9 doesn't support the PUT method, so lack of response headers
1030 // indicates a buggy server. See:
1031 // https://bugzilla.mozilla.org/show_bug.cgi?id=193921
1032 if (request_->method == "PUT")
1033 return ERR_METHOD_NOT_SUPPORTED;
1034 }
1035
1036 // Check for an intermediate 100 Continue response. An origin server is
1037 // allowed to send this response even if we didn't ask for it, so we just
1038 // need to skip over it.
1039 // We treat any other 1xx in this same way (although in practice getting
1040 // a 1xx that isn't a 100 is rare).
1041 // Unless this is a WebSocket request, in which case we pass it on up.
1042 if (response_.headers->response_code() / 100 == 1 &&
1043 !ForWebSocketHandshake()) {
1044 response_.headers = new HttpResponseHeaders(std::string());
1045 next_state_ = STATE_READ_HEADERS;
1046 return OK;
1047 }
1048
1049 HostPortPair endpoint = HostPortPair(request_->url.HostNoBrackets(),
1050 request_->url.EffectiveIntPort());
1051 ProcessAlternateProtocol(session_,
1052 *response_.headers.get(),
1053 endpoint);
1054
1055 int rv = HandleAuthChallenge();
1056 if (rv != OK)
1057 return rv;
1058
1059 if (is_https_request())
1060 stream_->GetSSLInfo(&response_.ssl_info);
1061
1062 headers_valid_ = true;
1063
1064 if (session_->huffman_aggregator()) {
1065 session_->huffman_aggregator()->AggregateTransactionCharacterCounts(
1066 *request_,
1067 request_headers_,
1068 proxy_info_.proxy_server(),
1069 *response_.headers);
1070 }
1071 return OK;
1072 }
1073
1074 int HttpNetworkTransaction::DoReadBody() {
1075 DCHECK(read_buf_.get());
1076 DCHECK_GT(read_buf_len_, 0);
1077 DCHECK(stream_ != NULL);
1078
1079 next_state_ = STATE_READ_BODY_COMPLETE;
1080 return stream_->ReadResponseBody(
1081 read_buf_.get(), read_buf_len_, io_callback_);
1082 }
1083
1084 int HttpNetworkTransaction::DoReadBodyComplete(int result) {
1085 // We are done with the Read call.
1086 bool done = false;
1087 if (result <= 0) {
1088 DCHECK_NE(ERR_IO_PENDING, result);
1089 done = true;
1090 }
1091
1092 bool keep_alive = false;
1093 if (stream_->IsResponseBodyComplete()) {
1094 // Note: Just because IsResponseBodyComplete is true, we're not
1095 // necessarily "done". We're only "done" when it is the last
1096 // read on this HttpNetworkTransaction, which will be signified
1097 // by a zero-length read.
1098 // TODO(mbelshe): The keepalive property is really a property of
1099 // the stream. No need to compute it here just to pass back
1100 // to the stream's Close function.
1101 // TODO(rtenneti): CanFindEndOfResponse should return false if there are no
1102 // ResponseHeaders.
1103 if (stream_->CanFindEndOfResponse()) {
1104 HttpResponseHeaders* headers = GetResponseHeaders();
1105 if (headers)
1106 keep_alive = headers->IsKeepAlive();
1107 }
1108 }
1109
1110 // Clean up connection if we are done.
1111 if (done) {
1112 LogTransactionMetrics();
1113 stream_->Close(!keep_alive);
1114 // Note: we don't reset the stream here. We've closed it, but we still
1115 // need it around so that callers can call methods such as
1116 // GetUploadProgress() and have them be meaningful.
1117 // TODO(mbelshe): This means we closed the stream here, and we close it
1118 // again in ~HttpNetworkTransaction. Clean that up.
1119
1120 // The next Read call will return 0 (EOF).
1121 }
1122
1123 // Clear these to avoid leaving around old state.
1124 read_buf_ = NULL;
1125 read_buf_len_ = 0;
1126
1127 return result;
1128 }
1129
1130 int HttpNetworkTransaction::DoDrainBodyForAuthRestart() {
1131 // This method differs from DoReadBody only in the next_state_. So we just
1132 // call DoReadBody and override the next_state_. Perhaps there is a more
1133 // elegant way for these two methods to share code.
1134 int rv = DoReadBody();
1135 DCHECK(next_state_ == STATE_READ_BODY_COMPLETE);
1136 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE;
1137 return rv;
1138 }
1139
1140 // TODO(wtc): This method and the DoReadBodyComplete method are almost
1141 // the same. Figure out a good way for these two methods to share code.
1142 int HttpNetworkTransaction::DoDrainBodyForAuthRestartComplete(int result) {
1143 // keep_alive defaults to true because the very reason we're draining the
1144 // response body is to reuse the connection for auth restart.
1145 bool done = false, keep_alive = true;
1146 if (result < 0) {
1147 // Error or closed connection while reading the socket.
1148 done = true;
1149 keep_alive = false;
1150 } else if (stream_->IsResponseBodyComplete()) {
1151 done = true;
1152 }
1153
1154 if (done) {
1155 DidDrainBodyForAuthRestart(keep_alive);
1156 } else {
1157 // Keep draining.
1158 next_state_ = STATE_DRAIN_BODY_FOR_AUTH_RESTART;
1159 }
1160
1161 return OK;
1162 }
1163
1164 void HttpNetworkTransaction::LogTransactionConnectedMetrics() {
1165 if (logged_response_time_)
1166 return;
1167
1168 logged_response_time_ = true;
1169
1170 base::TimeDelta total_duration = response_.response_time - start_time_;
1171
1172 UMA_HISTOGRAM_CUSTOM_TIMES(
1173 "Net.Transaction_Connected",
1174 total_duration,
1175 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10),
1176 100);
1177
1178 bool reused_socket = stream_->IsConnectionReused();
1179 if (!reused_socket) {
1180 UMA_HISTOGRAM_CUSTOM_TIMES(
1181 "Net.Transaction_Connected_New_b",
1182 total_duration,
1183 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10),
1184 100);
1185 }
1186
1187 // Currently, non-HIGHEST priority requests are frame or sub-frame resource
1188 // types. This will change when we also prioritize certain subresources like
1189 // css, js, etc.
1190 if (priority_ != HIGHEST) {
1191 UMA_HISTOGRAM_CUSTOM_TIMES(
1192 "Net.Priority_High_Latency_b",
1193 total_duration,
1194 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10),
1195 100);
1196 } else {
1197 UMA_HISTOGRAM_CUSTOM_TIMES(
1198 "Net.Priority_Low_Latency_b",
1199 total_duration,
1200 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10),
1201 100);
1202 }
1203 }
1204
1205 void HttpNetworkTransaction::LogTransactionMetrics() const {
1206 base::TimeDelta duration = base::Time::Now() -
1207 response_.request_time;
1208 if (60 < duration.InMinutes())
1209 return;
1210
1211 base::TimeDelta total_duration = base::Time::Now() - start_time_;
1212
1213 UMA_HISTOGRAM_CUSTOM_TIMES("Net.Transaction_Latency_b", duration,
1214 base::TimeDelta::FromMilliseconds(1),
1215 base::TimeDelta::FromMinutes(10),
1216 100);
1217 UMA_HISTOGRAM_CUSTOM_TIMES("Net.Transaction_Latency_Total",
1218 total_duration,
1219 base::TimeDelta::FromMilliseconds(1),
1220 base::TimeDelta::FromMinutes(10), 100);
1221
1222 if (!stream_->IsConnectionReused()) {
1223 UMA_HISTOGRAM_CUSTOM_TIMES(
1224 "Net.Transaction_Latency_Total_New_Connection",
1225 total_duration, base::TimeDelta::FromMilliseconds(1),
1226 base::TimeDelta::FromMinutes(10), 100);
1227 }
1228 }
1229
1230 int HttpNetworkTransaction::HandleCertificateRequest(int error) {
1231 // There are two paths through which the server can request a certificate
1232 // from us. The first is during the initial handshake, the second is
1233 // during SSL renegotiation.
1234 //
1235 // In both cases, we want to close the connection before proceeding.
1236 // We do this for two reasons:
1237 // First, we don't want to keep the connection to the server hung for a
1238 // long time while the user selects a certificate.
1239 // Second, even if we did keep the connection open, NSS has a bug where
1240 // restarting the handshake for ClientAuth is currently broken.
1241 DCHECK_EQ(error, ERR_SSL_CLIENT_AUTH_CERT_NEEDED);
1242
1243 if (stream_.get()) {
1244 // Since we already have a stream, we're being called as part of SSL
1245 // renegotiation.
1246 DCHECK(!stream_request_.get());
1247 total_received_bytes_ += stream_->GetTotalReceivedBytes();
1248 stream_->Close(true);
1249 stream_.reset();
1250 }
1251
1252 // The server is asking for a client certificate during the initial
1253 // handshake.
1254 stream_request_.reset();
1255
1256 // If the user selected one of the certificates in client_certs or declined
1257 // to provide one for this server before, use the past decision
1258 // automatically.
1259 scoped_refptr<X509Certificate> client_cert;
1260 bool found_cached_cert = session_->ssl_client_auth_cache()->Lookup(
1261 response_.cert_request_info->host_and_port, &client_cert);
1262 if (!found_cached_cert)
1263 return error;
1264
1265 // Check that the certificate selected is still a certificate the server
1266 // is likely to accept, based on the criteria supplied in the
1267 // CertificateRequest message.
1268 if (client_cert.get()) {
1269 const std::vector<std::string>& cert_authorities =
1270 response_.cert_request_info->cert_authorities;
1271
1272 bool cert_still_valid = cert_authorities.empty() ||
1273 client_cert->IsIssuedByEncoded(cert_authorities);
1274 if (!cert_still_valid)
1275 return error;
1276 }
1277
1278 // TODO(davidben): Add a unit test which covers this path; we need to be
1279 // able to send a legitimate certificate and also bypass/clear the
1280 // SSL session cache.
1281 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ?
1282 &proxy_ssl_config_ : &server_ssl_config_;
1283 ssl_config->send_client_cert = true;
1284 ssl_config->client_cert = client_cert;
1285 next_state_ = STATE_CREATE_STREAM;
1286 // Reset the other member variables.
1287 // Note: this is necessary only with SSL renegotiation.
1288 ResetStateForRestart();
1289 return OK;
1290 }
1291
1292 void HttpNetworkTransaction::HandleClientAuthError(int error) {
1293 if (server_ssl_config_.send_client_cert &&
1294 (error == ERR_SSL_PROTOCOL_ERROR || IsClientCertificateError(error))) {
1295 session_->ssl_client_auth_cache()->Remove(
1296 HostPortPair::FromURL(request_->url));
1297 }
1298 }
1299
1300 // TODO(rch): This does not correctly handle errors when an SSL proxy is
1301 // being used, as all of the errors are handled as if they were generated
1302 // by the endpoint host, request_->url, rather than considering if they were
1303 // generated by the SSL proxy. http://crbug.com/69329
1304 int HttpNetworkTransaction::HandleSSLHandshakeError(int error) {
1305 DCHECK(request_);
1306 HandleClientAuthError(error);
1307
1308 bool should_fallback = false;
1309 uint16 version_max = server_ssl_config_.version_max;
1310
1311 switch (error) {
1312 case ERR_CONNECTION_CLOSED:
1313 case ERR_SSL_PROTOCOL_ERROR:
1314 case ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
1315 if (version_max >= SSL_PROTOCOL_VERSION_TLS1 &&
1316 version_max > server_ssl_config_.version_min) {
1317 // This could be a TLS-intolerant server or a server that chose a
1318 // cipher suite defined only for higher protocol versions (such as
1319 // an SSL 3.0 server that chose a TLS-only cipher suite). Fall
1320 // back to the next lower version and retry.
1321 // NOTE: if the SSLClientSocket class doesn't support TLS 1.1,
1322 // specifying TLS 1.1 in version_max will result in a TLS 1.0
1323 // handshake, so falling back from TLS 1.1 to TLS 1.0 will simply
1324 // repeat the TLS 1.0 handshake. To avoid this problem, the default
1325 // version_max should match the maximum protocol version supported
1326 // by the SSLClientSocket class.
1327 version_max--;
1328
1329 // Fallback to the lower SSL version.
1330 // While SSL 3.0 fallback should be eliminated because of security
1331 // reasons, there is a high risk of breaking the servers if this is
1332 // done in general.
1333 should_fallback = true;
1334 }
1335 break;
1336 case ERR_CONNECTION_RESET:
1337 if (version_max >= SSL_PROTOCOL_VERSION_TLS1_1 &&
1338 version_max > server_ssl_config_.version_min) {
1339 // Some network devices that inspect application-layer packets seem to
1340 // inject TCP reset packets to break the connections when they see TLS
1341 // 1.1 in ClientHello or ServerHello. See http://crbug.com/130293.
1342 //
1343 // Only allow ERR_CONNECTION_RESET to trigger a fallback from TLS 1.1 or
1344 // 1.2. We don't lose much in this fallback because the explicit IV for
1345 // CBC mode in TLS 1.1 is approximated by record splitting in TLS
1346 // 1.0. The fallback will be more painful for TLS 1.2 when we have GCM
1347 // support.
1348 //
1349 // ERR_CONNECTION_RESET is a common network error, so we don't want it
1350 // to trigger a version fallback in general, especially the TLS 1.0 ->
1351 // SSL 3.0 fallback, which would drop TLS extensions.
1352 version_max--;
1353 should_fallback = true;
1354 }
1355 break;
1356 case ERR_SSL_BAD_RECORD_MAC_ALERT:
1357 if (version_max >= SSL_PROTOCOL_VERSION_TLS1_1 &&
1358 version_max > server_ssl_config_.version_min) {
1359 // Some broken SSL devices negotiate TLS 1.0 when sent a TLS 1.1 or
1360 // 1.2 ClientHello, but then return a bad_record_mac alert. See
1361 // crbug.com/260358. In order to make the fallback as minimal as
1362 // possible, this fallback is only triggered for >= TLS 1.1.
1363 version_max--;
1364 should_fallback = true;
1365 }
1366 break;
1367 case ERR_SSL_INAPPROPRIATE_FALLBACK:
1368 // The server told us that we should not have fallen back. A buggy server
1369 // could trigger ERR_SSL_INAPPROPRIATE_FALLBACK with the initial
1370 // connection. |fallback_error_code_| is initialised to
1371 // ERR_SSL_INAPPROPRIATE_FALLBACK to catch this case.
1372 error = fallback_error_code_;
1373 break;
1374 }
1375
1376 if (should_fallback) {
1377 net_log_.AddEvent(
1378 NetLog::TYPE_SSL_VERSION_FALLBACK,
1379 base::Bind(&NetLogSSLVersionFallbackCallback,
1380 &request_->url, error, server_ssl_config_.version_max,
1381 version_max));
1382 fallback_error_code_ = error;
1383 server_ssl_config_.version_max = version_max;
1384 server_ssl_config_.version_fallback = true;
1385 ResetConnectionAndRequestForResend();
1386 error = OK;
1387 }
1388
1389 return error;
1390 }
1391
1392 // This method determines whether it is safe to resend the request after an
1393 // IO error. It can only be called in response to request header or body
1394 // write errors or response header read errors. It should not be used in
1395 // other cases, such as a Connect error.
1396 int HttpNetworkTransaction::HandleIOError(int error) {
1397 // Because the peer may request renegotiation with client authentication at
1398 // any time, check and handle client authentication errors.
1399 HandleClientAuthError(error);
1400
1401 switch (error) {
1402 // If we try to reuse a connection that the server is in the process of
1403 // closing, we may end up successfully writing out our request (or a
1404 // portion of our request) only to find a connection error when we try to
1405 // read from (or finish writing to) the socket.
1406 case ERR_CONNECTION_RESET:
1407 case ERR_CONNECTION_CLOSED:
1408 case ERR_CONNECTION_ABORTED:
1409 // There can be a race between the socket pool checking checking whether a
1410 // socket is still connected, receiving the FIN, and sending/reading data
1411 // on a reused socket. If we receive the FIN between the connectedness
1412 // check and writing/reading from the socket, we may first learn the socket
1413 // is disconnected when we get a ERR_SOCKET_NOT_CONNECTED. This will most
1414 // likely happen when trying to retrieve its IP address.
1415 // See http://crbug.com/105824 for more details.
1416 case ERR_SOCKET_NOT_CONNECTED:
1417 // If a socket is closed on its initial request, HttpStreamParser returns
1418 // ERR_EMPTY_RESPONSE. This may still be close/reuse race if the socket was
1419 // preconnected but failed to be used before the server timed it out.
1420 case ERR_EMPTY_RESPONSE:
1421 if (ShouldResendRequest()) {
1422 net_log_.AddEventWithNetErrorCode(
1423 NetLog::TYPE_HTTP_TRANSACTION_RESTART_AFTER_ERROR, error);
1424 ResetConnectionAndRequestForResend();
1425 error = OK;
1426 }
1427 break;
1428 case ERR_SPDY_PING_FAILED:
1429 case ERR_SPDY_SERVER_REFUSED_STREAM:
1430 case ERR_QUIC_HANDSHAKE_FAILED:
1431 net_log_.AddEventWithNetErrorCode(
1432 NetLog::TYPE_HTTP_TRANSACTION_RESTART_AFTER_ERROR, error);
1433 ResetConnectionAndRequestForResend();
1434 error = OK;
1435 break;
1436 }
1437 return error;
1438 }
1439
1440 void HttpNetworkTransaction::ResetStateForRestart() {
1441 ResetStateForAuthRestart();
1442 if (stream_)
1443 total_received_bytes_ += stream_->GetTotalReceivedBytes();
1444 stream_.reset();
1445 }
1446
1447 void HttpNetworkTransaction::ResetStateForAuthRestart() {
1448 send_start_time_ = base::TimeTicks();
1449 send_end_time_ = base::TimeTicks();
1450
1451 pending_auth_target_ = HttpAuth::AUTH_NONE;
1452 read_buf_ = NULL;
1453 read_buf_len_ = 0;
1454 headers_valid_ = false;
1455 request_headers_.Clear();
1456 response_ = HttpResponseInfo();
1457 establishing_tunnel_ = false;
1458 }
1459
1460 HttpResponseHeaders* HttpNetworkTransaction::GetResponseHeaders() const {
1461 return response_.headers.get();
1462 }
1463
1464 bool HttpNetworkTransaction::ShouldResendRequest() const {
1465 bool connection_is_proven = stream_->IsConnectionReused();
1466 bool has_received_headers = GetResponseHeaders() != NULL;
1467
1468 // NOTE: we resend a request only if we reused a keep-alive connection.
1469 // This automatically prevents an infinite resend loop because we'll run
1470 // out of the cached keep-alive connections eventually.
1471 if (connection_is_proven && !has_received_headers)
1472 return true;
1473 return false;
1474 }
1475
1476 void HttpNetworkTransaction::ResetConnectionAndRequestForResend() {
1477 if (stream_.get()) {
1478 stream_->Close(true);
1479 stream_.reset();
1480 }
1481
1482 // We need to clear request_headers_ because it contains the real request
1483 // headers, but we may need to resend the CONNECT request first to recreate
1484 // the SSL tunnel.
1485 request_headers_.Clear();
1486 next_state_ = STATE_CREATE_STREAM; // Resend the request.
1487 }
1488
1489 bool HttpNetworkTransaction::ShouldApplyProxyAuth() const {
1490 return !is_https_request() &&
1491 (proxy_info_.is_https() || proxy_info_.is_http());
1492 }
1493
1494 bool HttpNetworkTransaction::ShouldApplyServerAuth() const {
1495 return !(request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA);
1496 }
1497
1498 int HttpNetworkTransaction::HandleAuthChallenge() {
1499 scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders());
1500 DCHECK(headers.get());
1501
1502 int status = headers->response_code();
1503 if (status != HTTP_UNAUTHORIZED &&
1504 status != HTTP_PROXY_AUTHENTICATION_REQUIRED)
1505 return OK;
1506 HttpAuth::Target target = status == HTTP_PROXY_AUTHENTICATION_REQUIRED ?
1507 HttpAuth::AUTH_PROXY : HttpAuth::AUTH_SERVER;
1508 if (target == HttpAuth::AUTH_PROXY && proxy_info_.is_direct())
1509 return ERR_UNEXPECTED_PROXY_AUTH;
1510
1511 // This case can trigger when an HTTPS server responds with a "Proxy
1512 // authentication required" status code through a non-authenticating
1513 // proxy.
1514 if (!auth_controllers_[target].get())
1515 return ERR_UNEXPECTED_PROXY_AUTH;
1516
1517 int rv = auth_controllers_[target]->HandleAuthChallenge(
1518 headers, (request_->load_flags & LOAD_DO_NOT_SEND_AUTH_DATA) != 0, false,
1519 net_log_);
1520 if (auth_controllers_[target]->HaveAuthHandler())
1521 pending_auth_target_ = target;
1522
1523 scoped_refptr<AuthChallengeInfo> auth_info =
1524 auth_controllers_[target]->auth_info();
1525 if (auth_info.get())
1526 response_.auth_challenge = auth_info;
1527
1528 return rv;
1529 }
1530
1531 bool HttpNetworkTransaction::HaveAuth(HttpAuth::Target target) const {
1532 return auth_controllers_[target].get() &&
1533 auth_controllers_[target]->HaveAuth();
1534 }
1535
1536 GURL HttpNetworkTransaction::AuthURL(HttpAuth::Target target) const {
1537 switch (target) {
1538 case HttpAuth::AUTH_PROXY: {
1539 if (!proxy_info_.proxy_server().is_valid() ||
1540 proxy_info_.proxy_server().is_direct()) {
1541 return GURL(); // There is no proxy server.
1542 }
1543 const char* scheme = proxy_info_.is_https() ? "https://" : "http://";
1544 return GURL(scheme +
1545 proxy_info_.proxy_server().host_port_pair().ToString());
1546 }
1547 case HttpAuth::AUTH_SERVER:
1548 return request_->url;
1549 default:
1550 return GURL();
1551 }
1552 }
1553
1554 bool HttpNetworkTransaction::ForWebSocketHandshake() const {
1555 return websocket_handshake_stream_base_create_helper_ &&
1556 request_->url.SchemeIsWSOrWSS();
1557 }
1558
1559 #define STATE_CASE(s) \
1560 case s: \
1561 description = base::StringPrintf("%s (0x%08X)", #s, s); \
1562 break
1563
1564 std::string HttpNetworkTransaction::DescribeState(State state) {
1565 std::string description;
1566 switch (state) {
1567 STATE_CASE(STATE_NOTIFY_BEFORE_CREATE_STREAM);
1568 STATE_CASE(STATE_CREATE_STREAM);
1569 STATE_CASE(STATE_CREATE_STREAM_COMPLETE);
1570 STATE_CASE(STATE_INIT_REQUEST_BODY);
1571 STATE_CASE(STATE_INIT_REQUEST_BODY_COMPLETE);
1572 STATE_CASE(STATE_BUILD_REQUEST);
1573 STATE_CASE(STATE_BUILD_REQUEST_COMPLETE);
1574 STATE_CASE(STATE_SEND_REQUEST);
1575 STATE_CASE(STATE_SEND_REQUEST_COMPLETE);
1576 STATE_CASE(STATE_READ_HEADERS);
1577 STATE_CASE(STATE_READ_HEADERS_COMPLETE);
1578 STATE_CASE(STATE_READ_BODY);
1579 STATE_CASE(STATE_READ_BODY_COMPLETE);
1580 STATE_CASE(STATE_DRAIN_BODY_FOR_AUTH_RESTART);
1581 STATE_CASE(STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE);
1582 STATE_CASE(STATE_NONE);
1583 default:
1584 description = base::StringPrintf("Unknown state 0x%08X (%u)", state,
1585 state);
1586 break;
1587 }
1588 return description;
1589 }
1590
1591 #undef STATE_CASE
1592
1593 } // namespace net